POSITIVE HACK DAYS

ORGANIZER

Conference

Download the full program in PDF.

Videos of reports and hands-on-labs (Russian and English).

Keynote

Author: Bruce Schneier

  • Language
  • English

CV

Bruce Schneier is an internationally renowned security technologist and author. Described by The Economist as a "security guru," he is best known as a refreshingly candid and lucid security critic and commentator. When people want to know how security really works, they turn to Schneier.
His first bestseller, Applied Cryptography, explained how the arcane science of secret codes actually works, and was described by Wired as "the book the National Security Agency wanted never to be published." His book on computer and network security, Secrets and Lies, was called by Fortune "[a] jewel box of little surprises you can actually use." Beyond Fear tackles the problems of security from the small to the large: personal safety, crime, corporate security, national security. His current book, Schneier on Security, offers insight into everything from the risk of identity theft (vastly overrated) to the long-range security threat of unchecked presidential power and the surprisingly simple way to tamper-proof elections.
Regularly quoted in the media -- and subject of an Internet meme -- he has testified on security before the United States Congress on several occasions and has written articles and op eds for many major publications, including The New York Times, The Guardian, Forbes, Wired, Nature, The Bulletin of the Atomic Scientists, The Sydney Morning Herald, The Boston Globe, The San Francisco Chronicle, and The Washington Post.
Schneier also publishes a free monthly newsletter, Crypto-Gram, and a blog, Schneier on Security, with a combined 250,000 readers. In more than ten years of regular publication, Crypto-Gram has become one of the most widely read forums for free-wheeling discussions, pointed critiques, and serious debate about security. As head curmudgeon at the table, Schneier explains, debunks, and draws lessons from security stories that make the news.
Schneier is the Chief Security Technology Officer of BT.

Bruce Schneier Bruce Schneier

Enhancing Cybersecurity Readiness Through International Cooperation

Author: Datuk Mohd Noor AMIN

  • Language
  • English

CV

Chairman, Management Board,
IMPACT

As Chairman of the International Multilateral Partnership Against Cyber Threats (IMPACT),     Mr. Mohd Noor Amin leads the first United Nations’ - backed public-private partnership against cyber threats with UN’s International Telecommunication Union (ITU) as its partner, and with 137 countries as members, IMPACT is also recognised as the world’s largest cybersecurity alliance.
Mr. Amin’s role includes strategically guiding IMPACT and its stakeholders - including other international organisations and its 137 member states – to enhance the global community’s capacity to prevent, defend against and respond to cyber threats.
Mr. Amin has been instrumental in converging governments of partner countries, cybersecurity experts, academia, and industry players and leaders onto IMPACT’s politically and commercially neutral platform, to escalate discussions and amplify measures on strengthening cybersecurity.
Mr. Amin is also Chairman of Ascendsys, Southeast Asia’s leading managed security services organisation.  Mr. Amin is also a founding member of the Malaysia-U.S. Friendship Council, which is headquartered in Washington D.C.  It is a body established and sponsored by leading Malaysian companies to provide advice on matters relating to bilateral relationship between the two countries.  Besides these roles, Mr. Amin is also appointed by the President of the Republic of Guatemala to serve as the nation’s honorary envoy to Malaysia.
In previous capacities, Mr. Amin also served as personal legal counsel to two previous Malaysian Prime Ministers and served as general counsel to Malaysia’s ruling party.
Mr. Amin is an English trained barrister and has been admitted to the English Bar at Gray’s Inn and to the Malaysian Bar.  Mr. Amin holds a Masters in Commercial and Corporate Law from King’s College, University of London (U.K.).

Datuk Mohd Noor AMIN Datuk Mohd Noor AMIN

Author: Alexey Andreev

  • Language
  • Russian

CV

Alexey Andreev (also known as Lexa and Mercy Shelley) is a poet, writer and Internet activist. From 1988 to 1993 he was a student of the Mathematics and Mechanics Faculty of Leningrad University. From 1994 to 1996 he was a post graduate student at the University of West Virginia (USA), since that time he has been a participant in various literary projects on the Internet. Since 1996 he has lived in Moscow and St. Petersburg.
As a writer Alexey Andreyev is primarily known for his work in the field of Russian haiku. He became the first Russian author of the haiku, which received worldwide recognition, taking second place in the biggest world competitions: the Shiki Haiku Contest (in 1995) and the Mainichi Haiku Contest (in 1997). His book of haiku was published in 1996 in the U.S.A (in the author's translation) and in 2002 in Japan. The author of several popular articles on haiku, he has been published in the journals "Arion", "New Literary Review" and others, as well as translations of modern haiku from English (including texts of Allen Ginsberg, Jack Kerouac, George Suida) and from French. He has also published two books of poetry (in Russian and English).
Under the pseudonym of Mercy Shelley, Alexey Andreev wrote science fiction novels in the style of Russian cyberpunk ("Web" and "2048"), which introduced his ironic view of the further development of modern society.

Alexey Andreev Alexey Andreev

TBD

Author: Travis Goodspeed

Noise is everywhere in radio, and in digital radio it is more than a nuisance. With the Packet-in-Packet (PIP) technique, noise can turn a benign packet into a malicious one, allowing for remote Layer 1 frame injection without having a radio.  This talk will show how PIP exploits are written, including working examples for IEEE 802.15.4 and the Nordic RF low-power radios.  The exploit consists of a string which, when transmitted at Layer 7, is reliably changed by noise to become a Layer 1 frame. The attacker controls all fields of the injected packet and can trigger the exploit in a remote network without having his own radio. The vulnerability being exploited is in hardware, and no software bugs are needed.

  • Language
  • English

CV

Travis Goodspeed is a neighborly reverse engineer from East Tennessee in Southern Appalachia. He has written key and firmware extraction techniques for several microcontrollers, as well as remote radio exploits for hardware bugs common to most modern digital radio protocols.

Travis Goodspeed  Travis Goodspeed

Password security: past, present, future

Author: Alexander (Solar Designer) Peslyak

The report will address the issues of password protection in an historical perspective, as well as the prospects of authentication technologies in the near future. The developer of John the Ripper, a popular utility to analyse the strength of passwords,  Alexander (Solar Designer) Peslyak will graphically demonstrate how the resistance of the sword and shield develops in the world of computer security.

  • Language
  • Russian

CV

Alexander Peslyak, better known as Solar Designer, has been professionally involved in computer and network security since 1997, and he has been professionally developing software long before that. Alexander is an Open Source software author & team leader at Openwall Project and Openwall GNU/*/Linux, computer security expert, Founder & CTO at Openwall, Inc., information security consultant at DataForce ISP, member of informal and semi-formal computer security communities. Alexander has presented on computer security and Open Source software topics at international conferences (HAL2001, NordU, FOSDEM, CanSecWest), served as the technical reviewer for a novel computer security book (Michal Zalewski's Silence on the Wire) and wrote the foreword for it. He is recognized in the “security community” primarily for the security tools (software) released to the public under liberal Open Source licenses, and for many contributions to other popular Open Source software (primarily Linux and related applications).

Alexander (Solar Designer) Peslyak Alexander (Solar Designer) Peslyak

The secret of Duqu

Author: Alexander Gostev

The report is dedicated to Duqu, a complicated Trojan program, which seems to be developed by the creators of infamous Stuxnet. The program’s main purpose is to act as a backdoor in a system, thus making it easier for attackers to steal private information. That is what makes it different from Stuxnet, which is mainly aimed at sabotaging industrial facilities.
The analysis of the victim enterprises’ activities and the nature of the target information leads to the conclusion that the attacks were aimed at any data on industrial production management systems in various industries, as well as data on commercial relations of certain Iranian organizations.
There are some signs that earlier versions of Duqu could have existed back in 2007–2008 and that Duqu and Stuxnet were based on one common platform. Moreover, the two could have been developed at the same time.

  • Language
  • Russian

CV

Alexander Gostev is the Chief Security Expert at Kaspersky Lab. Born in Dnepropetrovsk, Alexander Gostev founded the Republic of Komi Anti-Virus Centre in 1996 and provided consulting services. Prior to joining the Kaspersky Lab Virus Laboratory in 2003, he worked for Syktyvkar State University, Syktyvkar Mechanical Engineering Factory and Komitex/KomiSat ISP

Alexander Gostev Alexander Gostev

How to hack a telecom and stay alive 2. Owning a billing

Author: Sergey Gordeychik

The main IT value of a telecommunication company is its technological network. Penetrating its perimeter is nothing more than a first stage of penetration testing. What clients need is to comprehend real business risks and get an established connection between their business performance and security flaws detected by the testing. Where to look for the keys to a technological network? How to obtain the billings without interfering with the main business of the company? These questions will be answered in the report by Sergey Gordeychik. Besides, the speaker will share new illustrative and funny cases of penetration testing performed for telecommunication networks.

  • Language
  • Russian

CV

Sergey Gordeychik is the Chief Technical Officer of Positive Technologies. The main areas of his work are the development of the MaxPatrol Compliance and Vulnerability Management System, practical implementation of the GRC concept, and guidance of the largest Russian team of professional ethical hackers.
Sergey Gordeychik has developed a number of training courses, including "Wireless Networks Security," "Analysis and Security Assessment of Web Applications," published several dozens of articles in various titles, and a book called "Wireless Networks Security." He is the Science Editor of the SecurityLab.ru portal, a member of the Web Application Security Consortium (WASC) Board of Directors and the RISSPA Council of Experts. Sergey Gordeychik is Director and Scriptwriter of Positive Hack Days forum. MCSE (starting from NT 4.0), CISSP and MVP in Enterprise Security: R&D.

Sergey Gordeychik Sergey Gordeychik

Analysis of US laws and regulations protecting personal information. What is wrong and how to fix it

Author: Mikhail A. Utin

The reporter will present Rubos, Inc. research on “grass roots” security in the US. Analysis of various information sources shows that government-required compliance with various laws protecting personal information cannot be achieved. Current laws have various gaps and inconsistencies affecting small businesses and basically prohibiting them from improving information security. Finally, the report authors introduce measures to improve the security situation, including changing of current laws, legal measures requiring protection as an end point, and practical cooperation between government and business community on compliance matters.

  • Language
  • Russian

CV

M.S. in Computer Science, Ph.D. in Computer Science. 20 years of experience in IT and 10 years in IT Security. Author of articles on IT Security Management, including presentation at DeepSec 2011, Vienna, Austria security conference. Reviewer of numerous articles for Information Security Journal: A Global Perspective. Certified Information Security Professional/(ISC)2 since 2006. Founder of Rubos, Inc. providing unique research in information security field. The leader of automated Security Program generation project on the portal www.201cmr 1700ma.com. Resides in Sharon, Massachusetts, USA.

Mikhail A. Utin Mikhail A. Utin

To hack an ASP.NET site? It is difficult, but possible!

Author: Vladimir Kochetkov

ASP.NET/MVC web applications security analysis is almost always a challenge for a pentester who quite often has to put an attack scenario together from a few minor mistakes made by developers. The infrastructure of the .NET applications, as opposed to the well-studied LAMP platform, is in fact a blank space on the security developers’ maps. The report covers specific character of the ASP.NET/MVC applications security analysis determined both by the Windows operating system and by the .NET Framework platform. The reporter will present examples of new 0 day attacks (including a brand new type of Code Injection).

  • Language
  • Russian

CV

Vladimir Kochetkov is a security expert with the company Positive Technologies. He specializes in analyzing web applications, source code, investigating security of Microsoft platforms and technologies. Part of the development team for PHDays HQ.

Vladimir Kochetkov Vladimir Kochetkov

PostScript: Danger ahead! Hacking MFPs, PCs and beyond…

Author: Andrei Costin

After the very successful "Hacking printers for fun and profit" series of talks, the reporter have decided to continue the research into PostScript realms — an old, very powerful and nicely designed programming language.
This time he will demonstrate that the PostScript language, given its power, elegance and Turing-completeness, can be used for more than just drawing dots, lines and circles, and to a certain extent it can be a hacker's sweet delight if fully mastered.
The reporter will be presenting a real-life implementation of unusual, security-flawed, PostScript APIs (along with their dissection and reconstructed documentation) that interact with various levels of OS and HW. The implementation have been found in a TOP10 printer vendor product line. The report also includes research on the possibility of a PostScript-based virus creation, the auther of the research will provide a few hints and building blocks in this direction.
Besides this, the reporter will cover some PostScript aspects that can be dangerous for PC and other implementations.
The goal of this report is to show that entire Flexographic Print/printer industry collateral, such as devices, printing software/drivers/subsystems, publishing, and managed services, has to be redesigned security-wise, so that it can face both the current and the future security landscape and threats.
The report includes practical videos.
Status:
Part of the research was presented at 28C3 in Berlin, 2011.

  • Language
  • English

CV

Born and raised in Moldova, Andrei is a Computer Science graduate of the Politechnic University of Bucharest where he did his thesis work in Biometrics and Image Processing. He is the author of the MiFare Classic Universal toolKit (MFCUK), the first publically available (FOSS) card-only key-cracking tool for the MiFare Classic RFID card family.
Since starting out his IT-career in the Computer Games industry, he has worked in the Telecom field and is currently senior developer at a specialized firm producing custom embedded systems utilizing GSM/UMTS/GPS technologies. He is passionate about IT/App/Info security and has spoken at various security conferences.

Andrei Costin Andrei Costin

On secure application of PHP wrappers

Author: Aleksey Moskvin

Vulnerabilities related to PHP wrappers are discussed at length. Links to them are present in the OWASP TOP 10 and WASC TCv2. However, some special features of implementation of encoding data lead to the fact that even applications developed with security in mind may contain vulnerabilities (including critical ones). The report examines the coding algorithm, the use of which will allow the enjoyment of the benefits of PHP wrappers and transmit to the application data not provided by the logic of operation.
This approach can be used to bypass Web Application Firewalls, security filters built into the application and implementation of attacks related to unauthorized access to the file system and execution of arbitrary code. In the course of the report examples of new vulnerabilities (0-day), detected using the proposed methodology in the study, will be presented.

  • Language
  • Russian

CV

Alexey Moskvin is a security expert with the company Positive Technologies. He specializes in issues of static and dynamic analysis of the source code of applications from a security standpoint. Part of the development team for PHDays CTF.

Aleksey Moskvin Aleksey Moskvin

Abusing Calypso phones

Author: Sylvain Munaut

Sylvain Munaut will be presenting "Abusing calypso phones", explaining the process by which it was possible to turn C123 into a platform ideal for security research, more specifically how the researchers gained control of the DSP to do their bidding.

  • Language
  • English

CV

Sylvain Munaut is a Computer Science and Electrical engineer with a lot of interest for free and open source software. He has been involved in a wide range of projects, both hardware and software, such as: porting and maintaining Linux 2.6 to new platforms (MPC5200), image signal processing on FPGA (JPEG2k), embedded systems hardware design and even work on web-applications. A little under 3 years ago he turned his attention to GSM and progressively became involved with projects such as OpenBTS, airprobe, and the various Osmocom subprojects.

Sylvain Munaut Sylvain Munaut

Not all PHP implementations are equally useful

Author: Sergey Scherbel

There are several third-party implementations of PHP, designed to improve the performance of Web applications. Some of them can reduce the run-time scenarios by at least five times! But are they able to consider and adopt all the features of PHP? Are they able to provide stable and reliable work in web applications? How predictable is the behaviour of the application, transferred from the standard PHP to a "PHP performance optimization framework"?
The study found a number of features of such systems because of which the safe web application becomes vulnerable, and the behaviour of some scenarios  becomes unpredictable.
The report will make public identified problems of safety and operational features of Web applications using third-party implementations of PHP, the reporter will give examples of new vulnerabilities (0-day).

  • Language
  • Russian

CV

Sergey Scherbel is a security expert with the company Positive Technologies. Specializes in application security, penetration testing, analysis of web applications and source code. A member of the development team PHDays CTF.

Sergey Scherbel Sergey Scherbel

DNS exfiltration using sqlmap

Author: Miroslav Štampar

In this presentation, current methods of SQL injection exploitation together with the premiere of DNS exfiltration using the sqlmap will be presented. As of current methods, the reporter will shortly cover basic methodology behind boolean/blind, error-based, union/inband, time-based and stacked techniques. As of DNS exfiltration, highly covert and firewall piercing technique, the audience will be briefly introduced to the methodology together with the live (or video) presentation by using sqlmap and testing environment.

  • Language
  • English

CV

Miroslav Štampar is a professional software developer and security researcher, born 1982 in Vukovar, Croatia. Achieved a Master's Degree in Computer Science at the Faculty of Electrical Engineering and Computing (FER) at the University of Zagreb, Croatia in 2005. Currently a PhD student there with majors in security and parallelization. Earned a prestige Microsoft Certified Solution Developer for Microsoft .NET certificate in 2006, and from 2007 he has been working for AVL (www.avl.com), the world's largest privately owned and independent company for the development of powertrain systems with internal combustion engines, as well as instrumentation and test systems. To satisfy his urge toward security related subjects, he is one of the developers at the widely used open source project for automated detection and exploitation of SQL injection flaws called sqlmap (www.sqlmap.org), constantly developing and improving it since December of 2009.

Miroslav Štampar Miroslav Štampar

A lazy way to find out you fellow worker's salary, or SAP HR security

Author: Evgeniya Shumakher

SAP ERP Human Capital Management (HCM) is a software solution helping to manage company’s human resources and to handle payroll processes among other things. Therefore, its architectural flaws and implementation faults allow hackers to inflict considerable financial damage on the business, and sometimes all it takes is to obtain user privileges of an ordinary HR specialist. Attackers can leverage accounting defects that allow paying former or non-existent employees, making unapproved and hand-operated payments, etc. The report covers the most common ways of attacking this business application by exploiting its weaknesses, as well as methods for detecting and fixing such vulnerabilities.

  • Language
  • Russian

CV

Evgeniya Shumakher is an analyst at Positive Technologies. In 2008 she graduated from the Faculty of Instrument Engineering of the South Ural State University specializing in Computing Machines, Complexes, Systems, and Networks. She held the position of the senior software developer at the Chelyabinsk Electrometallurgical Plant from 2007 to 2010. She participated in engineering and developing software products (including HR module as part of implementation of the company's own ERP system). Currently she is engaged in the development of different reporting systems, analysis of business applications functioning, and competitive analysis.

Evgeniya Shumakher Evgeniya Shumakher

Life cycle and detection of bot infections through network traffic analysis

Author: Fyodor Vladimirovich Yarochkin, Vladimir Borisovich Kropotov

In this presentation Fyodor Yarochkin and Vladimir Kropotov will share their experience of analysing network traffic and detecting compromised machines (also known as zombies or botnet nodes) in different networks.
In the presentation, Fyodor and Vladimir use real-life infection examples and will highlight typical infection stages and post-infection activity for different types of bots and botnets. Methods of possible detection and prevention will also be discussed, covering a variety of approaches from analysing raw network traffic to system logs and IDS/IPS events processing.
Finally, the automated zombies detection techniques based on different patterns in the network traffic flows will be discussed.

  • Language
  • Russian

CV

Fyodor Vladimirovich Yarochkin is a Security Analyst at P1 Security (p1security.com) /Academia Sinica (www.sinica.edu.tw).
Vladimir Borisovich Kropotov is an Information Security Analyst at TBInform (TNK-BP Group) (tnk-bp.com).

Fyodor Vladimirovich Yarochkin, Vladimir Borisovich Kropotov Fyodor Vladimirovich Yarochkin, Vladimir Borisovich Kropotov Fyodor Vladimirovich Yarochkin, Vladimir Borisovich Kropotov

To Recover Plaintext Passwords of Windows Users

Author: Benjamin Delpy

Benjamin Delpy, an information security researcher also known as gentilkiwi, has expressed his intention to launch a new version of mimikatz, a tool that helps obtain user authentication data, this time also for Windows 8. The author will introduce his solution at Positive Hack Days 2012. The upgraded utility will be able to exploit a weakness in the LiveSSP provider and will allow viewing Windows Live passwords of the users logged on Windows 8.
For all Windows versions, the mimikatz’s functionality will be expanded with a feature that allows obtaining account data by exploiting vulnerabilities in Kerberos, WDigest and TsPkg providers. At PHDays 2012, Benjamin will present his report and demonstrate mimikatz. The main focus will be on LSASS data exploitation by means of the sekurlsa library. Attendees will learn many interesting details and enjoy tricky questions from experts. Don’t miss it!

  • Language
  • English

CV

Benjamin Delpy, an information security researcher also known as `gentilkiwi`, is a Security Expert somewhere in France. Currently working in a French organization, he is in charge of several security projects. His research are done as an individual to better understand products around him, change mentalities, and for fun.
Security enthusiast, he published some tools and information to make people aware of some products weaknesses and support his theories.
Mimikatz was the first tool on his blog to cross French borders (http://blog.gentilkiwi.com/mimikatz)

Benjamin Delpy Benjamin Delpy

How presidential election in Russia influence information security market, or Trends in regulations

Author: Alexey Lukatsky

Last year was marked with numerous standards that regulate information security issues, such as a new edition of the Law ‘On Personal Data’, the Law ‘On National Payment System’, government regulations on licensure of business in the field of information security.  And greater reinforcement is yet to come, so the outlined tendency of ‘tightening the screw’ in the field will be continued. We are to expect the new laws to be commented and interpreted and the Law ‘On Electronic Signature’ to enter into force and be followed up with subordinate acts. The near future will bring a framework of normative regulations for the electronic inter-governmental interaction system developing, and rigid requirement of the Internet control… Moreover, since the end of 2011, government institutions related to the field of information security – the State Duma and the field-oriented ministries – have been undergoing structural changes. All these trends should be taken into consideration not only when preapring a long-term strategy, but in the day-to-day management of information security processes.

  • Language
  • Russian

CV

Alexey Lukatsky is an information security business consultant at Cisco.
He is in a workgroup ARB/CB on the development of the 4th and 5th Russian Bank versions. He participates in the examination of legal acts in the field of information security and personal data. As an independent expert he is a member of Consulting Center of ARB on the using of 152 federal law “About personal data”.
He is a member of subcommittee #1 “Information Security in credit-financial sphere” of Technical Committee # 122 “Standardization of financial services” in technical management and metrology Federal Agency. He is a member of Subcommittee # 127 “Methods and Means of IT security” of Technical committee 22 “Information technologies” in technical management and metrology Federal Agency (performs ISO/IEC JTC 1/SC 27 functions in Russia). Also he is a member of “Public hearings on the harmonization of legislation concerning protecting subjects of personal data” Organizing Committee. He published more than 600 articles and 5 books on information security. He is the author of many courses on information security, including “Measurement of IS efficiency”, “Threat modeling”, “Management of IS incidents”, “How to connect security and business”, etc.

Alexey Lukatsky Alexey Lukatsky

Why it is impossible to comply with Russian private data protection law

Author: Mikhail Emelyannikov

The law of the Russian Federation on personal data has been applied for five years already and it is obvious that the law’s current wording cannot help to gain its primary objective – to protect the rights and freedoms of citizens when their personal data is processed, including the right to privacy, to personal and family secrets.
The law defines formalities for all operators and along with the Administrative Violations Code provides for equal responsibility both for a company disclosed personal data of million people and for a company avoiding such incidents but ignoring any obligatory formality – either of public policy or of the use of certified information security tools. The law is not applicable to digital world or ecommerce, in everyday life or when performing almost any action for the benefit of third parties (for example, when buying an aircraft ticket for family members or friends, or calling a doctor by phone).
The reporter will analyze the law’s system problems and offer ways of its radical change.

  • Language
  • Russian

CV

Mikhail Emelyannikov was born in Moscow in 1955. In 1977 he graduated from the Technical Department of the Higher School of the KGB (now the Institute of Cryptography, Communication, and Informatics of the FSB Academy) specializing in applied mathematics. From 1977 to 1998 he served in the General Staff of the Armed Forces of the USSR and the Armed Forces of the Russian Federation starting as a department officer over to the deputy head of a separate directorate. He was engaged in, what it is now called, information security, namely, in secrets protection using legal, organizational, and technical measures. Mikhail Emelyannikov was a Board Member of the Training and Methodological Association of Universities in Russia occupied with information security education. He was responsible for information security in Svyazinvest from 1999 to 2006 holding the position of the division head of the management company security department, and then the position of the security deputy director general in Svyazintek, the company’s system integrator. He was a member of steering committees that were occupied with development of integrated billing and ERP systems of the holding. From March 2007 to February 2011 he worked in Informzaschita (business development director is his latest position). He was a chairman of the program committee of the international exhibition and conference Infosecurity Russia in 2005—2009, Infobez Expo in 2010, a chairman of the program committee of the international exhibition and conference Security and Trust when using Infocommunication Networks and Systemsfrom 2005 to 2008. He was the first in Russia who developed such training courses Ias mplementation of the Commercial Secret Mode in a Companyand Personal Data Protection. Now he is a managing partner of a consulting agency named Emelyannikov, Popova and Partners, and an expert in information and business security.

Mikhail Emelyannikov Mikhail Emelyannikov

Smartcard vulnerabilities in modern banking malware

Author: Aleksandr Matrosov, Eugene Rodionov

The past few years have seen a rapid growth of threats targeting the Russian system of RBS (Shiz, Carberp, Hodprot, RDPdoor, Sheldor). Attackers can steal huge amounts of money, estimated at tens of millions monthly. The speaker will describe the study of the most common banking malware, as well as the discovery of interesting vulnerabilities by using two-factor authentication and smart cards. The report also discusses techniques and tricks that are used by hackers to conduct anti-forensics.

  • Language
  • Russian

CV

Aleksandr Matrosov has been working at ESET as Security Intelligence Team Leader since joining the company in October 2009 as a virus researcher, and working remotely from Russia. He has worked as a security researcher since 2003 for major Russian companies. He is also a Lecturer at the Cryptology and Discrete Mathematics department of National Nuclear Research University in Moscow, and co-author of the research papers “Stuxnet Under the Microscope” and “The Evolution of TDL: Conquering x64” and is frequently invited to speak at European (CARO, CONFidence, Ekoparty) and Russian security conferences. Nowadays he specializes in the complete analysis of difficult malicious threats and research into cybercrime activity.

Eugene Rodionov graduated with honours from the Information Security faculty of the Moscow Engineer-Physics Institute (State University) in 2009. He has been working for the past five years for several companies, performing software development, IT security audit and malware analysis. He currently works at ESET, one of the leading companies in the anti-malware industry, where he performs analysis of complex threats. His interests include kernel-mode programming, anti-rootkit technologies, reverse engineering and cryptology. He is co-author of the research papers “Stuxnet Under the Microscope” and “The Evolution of TDL: Conquering x64?” Eugene Rodionov also holds the position of Lecturer at the National Nuclear Research University MEPhI in Russia.

Aleksandr Matrosov, Eugene Rodionov Aleksandr Matrosov, Eugene Rodionov Aleksandr Matrosov, Eugene Rodionov

Defense of industrial control systems – a factor of survival of mankind

Author: Alexey Lafitsky

The modern civilization unconditionally depends on information systems. Especially in the environment of industrial control systems (ICS). Nuclear and hydroelectric power stations, oil-, gas pipelines, national electric grid networks, global and national level transportation systems – these all are the objects operated by ICS. Protection of ICS of the objects, capable to affect stability of the countries, the people and the continents – this is a super challenge for the IT security experts.
Now Kaspersky Lab is busy to develop security system for the ICS.

  • Language
  • Russian

CV

Alexey  Lafitsky,  System Engineer Kaspersky lab

Alexey  Lafitsky Alexey Lafitsky

Three modern stories about malware bank attacks

Author: Nikita Shvetsov

This report contains information about three most active and high-end malware families for bank attacks. Lurk malware is one of the most hidden in attacking Russian banks. SpyEye in this month was updated with several modules for observing victims actions via web-cam.   Cridex witch was noticed in several mass Spam mailings is the biggest competitor for Zeus and SpyEye in attacking international banks and online banking.

  • Language
  • Russian

CV

Nikita Shvetsov, Director Threat Research, Kaspersky Lab

Nikita Shvetsov Nikita Shvetsov

Fighting Anonymous in Tunisia

Author: Haythem EL MIR

The Tunisian revolution was a favorable environment for the development of groups such as Anonymous. Since their operation of Tunisian in January 2011 to help Tunisian activist to denounce the corrupted regime, Anonymous did not stop to fascinate young Tunisian who saw Anonymous' as a symbol of freedom and openness; Anonymous spirit was considered like the legend of Zorro or that of Robins Wood. The Tunisian Anonymous mushroomed, to reach a stage of being considered as a serious threat.
On the other hand, the Tunisian authorities used to prepare a cyber-defense strategy to face Anonymous threats and waves of attack. The Tunisian Computer Emergency Response Team (tunCERT) and the National Network for Cyberspace Protection used to be the main tools to stop Anonymous. The presentation will give an overview on Anonymous threat and attacks and the tunCERT approach to fight Anonymous.

  • Language
  • English

CV

Haythem EL MIR is a security expert with 10 years of experience. As a Technical Manager of the National Agency for Computer Security of Tunisia for 5 years, and head of the Tunisian incident response team, he was in charge of national information security projects, internet infrastructure protection, national and international coordination for cyberspace protection. As an information security professional; he’s very active in Africa region by assisting many countries to enhance their IT security capabilities and to develop incident response services. Now Haythem employed in Positive Technologies as a Technical Manager (Middle East & Africa). Haythem is a certified information security professional CISSP, with an international reputation as a security trainer and consultant, and he has spoken at various international conferences.

Haythem EL MIR Haythem EL MIR

Naxsi, an open source and positive model based web application firewall

Author: Thibault Koechlin

In 2012, trivial Web vulnerabilities are still threatening poorly developed web applications, and poorly maintained Web Application Firewall (WAF) are still letting the clients think they are on the safe side.
Naxsi is an open source Web Application Firewall module for Nginx, the famous web server and reverse-proxy.
I started the development of naxsi in 2011 for my company needs, with two main objectives : high performance and security.
We ended up with a positive model WAF that does not rely upon signatures to detect and block attacks. It uses a simpler model where, instead of trying to detect "known" attacks, it detects unexpected characters in the HTTP requests/arguments.
To do so, naxsi heavily relies on a "learning mode", which is a well known and major constraint of positive model based web application firewalls.
The naxsi project is still young, but it is already used in production.
Speaker will present the naxsi project itself, its future improvements, and a real life case.
Usage, conception, strength and limitations of naxsi (and the underlying model) will also be discussed so this project can grow.

  • Language
  • English

CV

Thibault Koechlin is working at NBS System since 2006 as a pentester, and is as well head of penetration testing team.

Thibault Koechlin Thibault Koechlin

Hijacking attacks on Android devices

Author: Marcus Niemietz

At the moment Marcus Niemietz is focusing on attacks and countermeasures in the mobile phone field — especially at Android. Most of these attacks are also in the Web browser field, but some of them are at application level. This means that you can click or rather touch the display and by doing this you will touch an application which is under that application (similar to Clickjacking). Thus, it is possible to make phone calls, send SMS, and so on by touching a malicious application, which has actually no right to do that. Marcus Niemietz's report will be full of demonstrations (including 0-day attacks).

  • Language
  • English

CV

Marcus Niemietz works for the "Chair of Network and Data Security" at the Ruhr-University in Bochum. Beside that he is studying IT-Security at the Ruhr-University Bochum and Computer Sciences at the distance teaching University in Hagen. He is the author of, inter alia, the book "Clickjacking und UI-Redressing" and he has more than six years of experience as a freelancer in the fields of QA, ISP and Web application security.

Marcus Niemietz Marcus Niemietz

DDoS Surveillance HowTo. Part 2.

Author: Alexander Lyamin

There are “cookbooks” written solely on how to arrange protection against DDoS. Let’s analyze the most interesting of them thoroughly and find common criteria of whether or not such a protective system is effective. Also, we will evaluate the capabilities of both single and combined response approaches.

  • Language
  • Russian

CV

Alexander Lyamin is the head of the Highload Lab. Previously he has managed projects in the company Astrum Online Entertainment, been engaged in IT-architecture platform of web applications, advised groups of external developers, launched a number of Russian Internet service providers (Comstar, Teleport-TP, Cityline), and worked on the creation of the first Russian multiservice ATM-network at Moscow State University. His research projects include Mirnet, Net Surveyor, testing area for IPv6, RFBR IP QoS research grants, and participating in the development of ReiserFS (DARPA grant).

Alexander Lyamin Alexander Lyamin

SAP as viewed by attackers

Author: Alexey Yudin

Despite the fact that SAP offers numerous security solutions, trivial flaws trigger cases when SAP systems are compromised. The report adresses main attack scenarios that attackers primarily use to obtain system access. This includes specific attacks on the level of an application as well as attacks on the level of a system environment. The audience will get acquainted with typical mistakes of system administrators and learn nonstandard ways of using SAP systems.

  • Language
  • Russian

CV

"Alexey Yudin is the Head of Business Applications and Database Security Department of Positive Technologies. He graduated from the Moscow State Forest University (specializing in Applied Mathematics) in 2003. From 2002 to 2005 he held the position of an engineer (Head of the Sector) in the Research Institute of Precision Instruments. He was an analyst at Informzaschita in 2005—2006.
Alexey Yudin’s main area of activity is database and business applications security; he partakes in large-scale auditing and penetration testing, as well as in engineering and implementing security systems."

Alexey Yudin Alexey Yudin

The techniques of putting a spoke in botmasters' wheels: the Kelihos botnet

Author: Maria Garnayeva

As part of "Operation b79", Kaspersky Lab, Kyrus Tech and Microsoft took control over the first Kelihos botnet in September 2011. The second Kelihos botnet, created by the botmasters immediately after the first loss, was taken down by Kaspersky Lab and CrowdStrike in March 2012. Both botnets were based on P2P architecture that had been earlier considered immune to sinkholing.
The reporter will address technical details of the sinkholing technique, describe Kelihos communication protocol and modifications in the new botnet versions, and explain her opinion on why sinkholing is a useful but temporary solution for botnet neutralizing.

  • Language
  • Russian

CV

Maria Garnayeva is a Malware Analyst at Kaspersky Lab.

Maria Garnayeva Maria Garnayeva

How to find an elephant in a haystack

Author: Yuri Gubanov

Investigating Internet-related digital artefacts can reveal so much evidence now that sometimes you do not need anything else. But how to get these artefacts, given that hundreds of IMs and tens of Social Networks, Browsers and Email clients exist? How to deal with the fact that Social Network communication is not stored locally? What about communication in virtual worlds and MMORPG? All these issues will be covered in Yuri Gubanov's speech.

  • Language
  • Russian

CV

Yuri Gubanov graduated with honours from the faculty of mathematics and mechanics of St Petersburg State University, Department of System Programming. He started as an intern to the director of the direction of the company "Lanit-Turk" and then founded the company "Belkasoft", which produces software for digital forensic analysis. The company's products are now used around the world: from the Russian Federal Security Service to the American FBI. Yurii Gubanov is an author of popular blog f-interviews.com, which features interviews with key figures of the market of digital forensics. He teaches at his alma mater, and lives in St. Petersburg (Russia).

Yuri Gubanov Yuri Gubanov

Light and dark side of code instrumentation

Author: Dmirty Evdokimov

Development technologies evolves rapidly — code becomes more complex (virtual function, jit-code etc.) Such code is extremely difficult for static analysis. Various techniques of code instrumentation assist us. Instrumentation libraries (PIN, Valgrind, DynamoRIO, DynInst) are the most up-to-date essential tool in a security researcher’s kit. The most important research cannot be done without code instrumentation nowadays. The reporter will tell about existing methods of instrumentation (Source Code instrumentation, Bytecode Instrumentation, Binary Code Instrumentation), from the simplest to the most complex, and about their pros and cons when the question is about solving various problems of the security researchers.

  • Language
  • Russian

CV

Dmitriy Evdokimov graduated from Saint-Petersburg State Polytechnic University, faculty of computer science. Now he is working at DSecRG research centre and the Digital Security company. He focuses on SAP security, particularly on Kernel, BASIS and ABAP security. He has official acknowledgements from SAP and Oracle for the vulnerabilities found. His interests cover reverse engineering, software verification/program analysis (SMT, DBI, IL), vulnerability research and development of exploits, software for static and dynamic code analysis written in Python. ”Security soft” section editor in the Russian hacker magazine “Xaker”. He is one of the Defcon Russia (DCG #7812) organizers.

Dmirty Evdokimov Dmirty Evdokimov

Attacks against Microsoft network web clients

Author: Vladimir Vorontsov

The report will consider the modern aspects of attacks on Microsoft web client networks. It presents research and demonstrates methods and techniques of attacks that allow complete bypassing of the Same Origin Policy (SOP) protection mechanism, the underlying security of Internet Explorer.
SOP Rules prohibit the active content of one domain to access data from another domain. Thus, passing to site A, the user relies on the fact that his personal data stored on site B will not be available to the owners of site A. However, if vulnerability "cross-site scripting” is presented on the site B, data leakage becomes possible.
The report will consider examples of attacks on Microsoft customer networks, and present algorithms to circumvent SOP for Internet Explorer, which is used as the documented features of the browser itself, and on the characteristics of the network infrastructure and vulnerabilities such as "Hiding HTTP-response." It will be shown that, despite the complexity of such attacks, attackers have such a wide range of methods and techniques that virtually any configuration of a Microsoft network and Internet Explorer can be considered vulnerable.

  • Language
  • Russian

CV

Vladimir Vorontsov is the founder, head and leading expert of the company ONsec. He is engaged in researche in the field of web application security since 2004. The author of many studies in the field of web application security. Awarded by Google for identifying vulnerabilities of their browser Chrome; by the company Yandex for achievements in the competition "Vulnerability Scan Month”; by Trustwave for the achievements in ModSecurity SQLi Challenge, "1C Bitrix" for successful participation in the competition for the circumvention of proactive protection. At the present time he is actively engaged in the development of self-learning systems for detecting attacks on Web applications and heuristic analysis.

Vladimir Vorontsov Vladimir Vorontsov

Fraud prevention the way it is done in Russia

Author: Evgeny Tsarev

The speaker will compare two approaches to combating fraud: Western and Russian. The report will consider particular features of foreign systems of protection against fraud, as well as the reasons for which such systems cannot be effectively applied to domestic realities. The reporter will tell about the methods used by Russian banks to counter fraud, describes the major risks and considers trends and prospects for the development of systems of protection against fraud in Russia.

  • Language
  • Russian

CV

Evgeny Tsarev graduated from Tomsk State University of Control Systems and Radio Electronics, where he conducted research on digital signatures (EDS). He has worked on a number of system integrators in various positions.
Currently he is engaged in the development of several innovative directions of businesses in the area of information security: the protection of personal data, and the introduction of Bank of Russia's security standard. Study program MBA "Innovation and Project Management" at the Academy of National Economy under the RF Government.

Evgeny Tsarev Evgeny Tsarev

Secure password managers and military-grade encryption for smartphone: Huh, really?

Author: Dmitry Sklyarov, Andrey Belenko

With the growing popularity of smartphones and tablets the importance of the problem and ensuring the confidentiality of data on such devices has increased. As a result, there are a host of programs whose principal function is the secure storage of passwords and strong encryption of data. But are they the reliable, "security providing” applications the developers assert? The report will submit results of several passwords security programs to the analysis of passwords and data for the Apple iOS, and show that sometimes it's better not to re-invent the wheel.

  • Language
  • Russian

CV

Dmitry Sklyarov is an analyst with the information security company ElcomSoft Co. Ltd. Associate Professor of information security of MSTU N.E. Bauman. The author of studies in the security of e-books and reliability of methods to ensure the authenticity of digital photos. One of the developers of technology ElcomSoft iOS Forensic Toolkit.

Andrey Belenko is the Chief security researcher and software developer at Elcomsoft. Co-invented Thunder Tables (which are improved rainbow tables) and was first to bring GPU acceleration to password recovery. M. Sc. IT and CISSP.

Dmitry Sklyarov, Andrey Belenko Dmitry Sklyarov, Andrey Belenko Dmitry Sklyarov, Andrey Belenko

From 0-day to APT your favourite framework

Author: Ulrich Fleck, Martin Eiszner

Vulnerability research is a complex process within an information security company, often covered in veil of mystery and without guaranteed outcome.
Security vulnerabilities in software might be identified using different kinds of existing testing methodologies — some vulnerability research sub-processes may be automated, some require tremendous amount of manual labour — would it be reverse engineering or extensive source code reviews.  
As we have seen lately 0-days have become a very important issue for so called APT Attacks. Information security companies implementing vulnerability research facilities within an organization face many challenges — lack of certainty, non-linear resource allocation, increasing costs and many other omnipresent conundrums. Consequently, knowledge and experience must be shared seeking for optimization and improvement of continuous vulnerability research processes within information security organizations. Therefore, discussion must begin during this presentation of next-level vulnerability research processes and methodologies, combinations of different testing methods enabling the acceleration of vulnerability research programs and leading to much greater overall efficiency.
This talk will not only cover the different research approaches security companies take when search for new 0-days but also have a look on the vendor side especially regarding on how customer sees their vendors when vulnerability information on products are frequently popping up. Based on a critical Microsoft ASP.Net vulnerability a typically timeline of a professional coordinated vulnerability disclosure will be shown as well.
Nevertheless, the important role of the Software vendors’ response to APT attacks nowadays will be highlighted as well. As a cream topping, two detailed analyses of the most critical security vulnerabilities in 2011/2012 in web technologies (ASP.net and Struts) will be revealed.

  • Language
  • English

CV

Martin Eiszner is a graduated and certified industry specialist for applied computer science. He is an expert is software development, IT security, vulnerability research, penetration testing, and vulnerability analysis. His security studies involve digital forensics and incident response, technology and risk consulting, software reverse engineering, and secure software development. Martin’s methodical competences are penetration testing, vulnerability research and analysis, and risk assessment.
Martin is the key contributor for the OWASP Project “A guide for building secure web applications.” Among his other works, “Local stack buffer overflows” can be mentioned. Martin is a co-author of the ONR17700 “Technical requirements concerning the security of web applications.” He regularly makes national and international speeches concerning web application security, phishing, and next generation phishing methods.

Ulrich Fleck, Martin Eiszner Ulrich Fleck, Martin Eiszner

Automated vulnerability detection tool

Author: Nikita Tarakanov, Alexander Bazhanyuk

The report will present a means to automatically search for vulnerabilities. The practical result of this system is presented in the analysis of the five drivers of antivirus software vendors. It will also describe all the mechanisms for the implementation of this tool. It has been developed on the basis of the integration of IDA Pro 5.5 [1] (a static analyser of binary files) and BitBlaze [2] — a project that implements the components of data taint analysis. The basic mechanism of the tool uses information distribution technique of data taint propagation. This report covers the theoretical and practical sides of data taint propagation. The approaches use a combination of static and dynamic analysis for the implementation of these new generation tools.

  • Language
  • Russian

CV

Nikita Tarakanov, CTO, CISS

Nikita Tarakanov, Alexander Bazhanyuk Nikita Tarakanov, Alexander Bazhanyuk

Program agent cyberwars. Applying the theory of intelligent agents team-work to form cyberarmies

Author: Igor Kotenko

The report proposes a general approach and its practical application for research and implementation of adaptive and cooperative mechanisms by a team of intelligent software agents on the Internet (for example, autonomous software agents, botnets and distributed systems of protection against botnets and DDoS-attacks). Considered particularly relevant to the work are the proposed approach, architecture, software implementation environment simulation and emulation, as well as experiments on the adaptive cooperative defence mechanisms. Presented aspects of the implementation of software components in the Internet environment are implemented, including projects in cooperation with the United States Air Force Office of Scientific Research, the European Framework Programmes FP6 and FP7 and other projects.

  • Language
  • Russian

CV

Igor V. Kotenko is a Professor, Doctor of Technical Sciences,
and Head of the SPIIRAS Laboratory of Information Security Issues.
He graduated with honours from the A.F. Mozhaisky Military Space Academy and the Military Academy of Communications. He has authored over 120 publications in peer-reviewed publications including 12 books and monographs. He has participated in various projects in developing new computer security technologies. These have included: project management in cooperation with the US Air Force Office of Scientific Research under the mediation of the European Office for Aerospace Research and Development; project management of framework programs of the European FP7 and FP6; projects commissioned by HP, Intel, F-Secure, etc. Within the framework of these projects innovative methods for detecting network intrusions were developed, modelling of network attacks, network security assessment, development of security protocols, verification of security policies, etc. He has spoken at several well-known Russian and international conferences and seminars on information security, in particular the International Symposium on Recent Advances in Intrusion Detection (RAID), Information Security Conference (ISC), International Conference on Security and Cryptography (SECRYPT), IEEE International Conference on Computer Networks and Mobile Computing, International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), NATO Advanced Research Workshop "Security and Embedded Systems", NATO Advanced Study Institute ""Network Security and Intrusion Detection"", IEEE / WIC International Conference on Intelligent Agent Technology, International Conference on Information Fusion, European Conference on Modelling and Simulation, CCD CoE conference on cyber conflict, etc.

Igor Kotenko Igor Kotenko

Lightweight cryptography: resource-undemanding and attack-resistant

Author: Alexey Yevgenievich Zhukov

The report focuses on Lightweight Cryptography, which apart from stability should be more effectively implemented in systems with low computational resources. The demand for such development is defined by the universal application of cryptography, such as phones, smart cards and other very compact devices, where encryption is used for secure communication, authentication, and secure identification.
Encryption algorithms for systems with low computational resources must not only conform to the requirements of stability and performance, but also to implement the requirements of compact and low power consumption. Popular algorithms in such an environment are not very suitable (for example, failure to create the appropriate version of AES). At the same time, the Russian standard GOST 28147-89, as it turns out, can be implemented in a fairly compact form.

  • Language
  • Russian

CV

Alexey Zhukov has a Ph.D. in Physical and Mathematical Sciences, Associate Professor of MSTU Bauman, Chairman of the Board of Directors of the "RusKripto" Association.

Alexey Yevgenievich Zhukov Alexey Yevgenievich Zhukov

What we can (and should) learn from LulzSec

Author: Jerry Gamblin

LulzSec did not invent hacktivism, but its small crew of hackers whose motto is “Laughing at your security since 2011!” merrily sailed the cyber-seas for 50 days of mayhem that became one of the biggest tech stories of 2011. LulzSec caused (and is still causing) sleepless nights for security professionals around the world. Jerry Gamblin will discuss what they did, how they did it, and how we should have been able to stop them.

  • Language
  • English

CV

Jerry Gamblin has been the Network Security Specialist for the Missouri House of Representatives since 2005. He manages the Missouri House of Representatives security program and speaks regularly to security groups around the United States about network security and security awareness issues. Jerry Gamblin was a featured speaker at the CyberCrime 2011 Symposium in New England, and organized a Security B-Sides conference called BSIDESMO which is held at the Missouri Capitol.

Jerry Gamblin Jerry Gamblin

Paying with credit cards in the Internet can result in headache

Author: Micha Borrmann

Some security issues allow the guessing of the card verification value (CVV) on VISA and Mastercards. Micha Borrmann demonstrated this for the first time on a German TV programme in 2007. The procedure could also be successfully reproduced twice in 2011. The talk will describe how this process worked and how it was possible to bypass fraud prevention systems.
During his research, Borrmann detected that a successful payment can be spoofed on some web shops as the design of several payment systems is faulty. This was also successfully tested.
This talk is designed to share important facts for credit card users, for those responsible for Internet shopping sites and of course for web shop designers and developers.
The audience may be shocked by some of the insights but the talk will certainly provide some entertainment for long-time security professionals.

  • Language
  • English

CV

Micha Borrmann studied technical computer science at the University of Cooperative Education (1994—1997). Works in the IT industry since 1994. Consultant for IT security since 1999 and penetration tester since 2002.

Micha Borrmann Micha Borrmann

The truth about the lie. Social engineering for security experts

Author: Vladimir Styran

The report draws attention to the ambiguity of the onlooker’s perception of social engineering as an information security industry, and society as a whole. It outlines the main tenets, goals, principles and methods of social engineering. Attention is paid to the basics of biology, the mind, psychological exposure and the elements of nonverbal communication. It criticises neuro-linguistic programming. It gives examples of the positive use of social engineering techniques in information security and other areas. There are recommendations for further study of the subject of social engineering.

  • Language
  • Russian

CV

Vladimir Stiran graduated in Applied Mathematics and Mechanics (2002). He lives in Kiev (Ukraine). He has been operating in the field of information technology for 11 years, 6 of which have been in the field of information security. He has experience as an engineer-implementer, auditor, manager and consultant. Among his places of work are Infosystems Jet Ukraine (2005—2007), eCall (2007—2009), Astelit (2009—2011), currently he is working for the company BMS Consulting. He is engaged in consulting in the field of information security management (ISMS, vulnerability management, security operations management, etc.) and conducts security audits (vulnerability assessments, penetration tests, good practice, conformance and integrated audits). He maintains a themed blog on Information Security (http://securegalaxy.blogspot.com) and acts as co-author of a podcast Securit13 (http://secuirt13.libsyn.com). He is certified with CISSP, CISA, ISO27001LA, SCSA, CCNA and others.

Vladimir Styran Vladimir Styran

SAP insecurity: the new and the best

Author: Alexander Mikhailovich Polyakov

Over the past few years, interest in SAP security has grown exponentially. There have been many reports on the security of SAP's at top international conferences on security, affected by a variety of topics, ranging from attacks on SAP Routers and WEB-SAP applications ending with low-level vulnerabilities in the kernel of Sap and ABAP code. Currently, SAP has released more than 2,000 notices to close vulnerabilities in their products on the one hand, while very much on the other hand this is only the beginning, as this vast area has not been properly studied.
So, what is vulnerability in SAP systems besides the already hackneyed XSS, SQL injection and buffer overflows? This report will focus on the ten most interesting vulnerabilities and attack vectors on the SAP system from problems with encryption to bypassing authentication, and from the mistakes of fun to sophisticated attack vectors. A large proportion of the vulnerabilities will be presented to the public for the first time.

  • Language
  • Russian

CV

Technical Director of the company Digital Security, a specialist in critical safety for business applications such as ERP, DBMS, ACS TP. Architect of scanner "ERPScan — security scanner SAP". Project Leader of OWASP-EAS (sub-project of the Consortium OWASP, dedicated to business applications), one of the most famous experts in the world of security SAP, he has more than once received a great deal of gratitude for discovered vulnerabilities in products from such manufacturers  as SAP and Oracle. Author of "Oracle Security through the eyes of the auditor: attack and defence." A regular reporter to key international conferences on security in America, Asia and Europe - BlackHat, HITB, Source, Confidence, DeepSEC, Troopers, SecurityByte and others.

Alexander Mikhailovich Polyakov Alexander Mikhailovich Polyakov

Computer security incident investigation: SCADA forensics

Author: Andrey Andreevich Komarov

As part of the report the following aspects will be covered: the problems of collecting digital evidence in a RTOS environment (for example, the RTOS QNX) and telemetry subsystems PCS, memory device, and internal architecture, with practical examples. The speaker will investigate some examples of security incidents in the environment control system of the fuel and energy complex and present the existing regulatory and procedural documents that affect the need for forces and resources for the response and subsequent investigation of security incidents in environment control systems. The topic of economic fraud in industrial automation, along with response mechanisms and ways to combat it will be examined. The audience will become familiar with new solutions to protect information control systems. In addition, the speaker will talk about the formation of new market trends and dynamics of development.

  • Language
  • Russian

CV

Andrei Andreevich Komarov is a Head of department with Audit and Consulting Group-IB. Worked previously in research institutes of  the Federal Technical Committee of the Russian Federation and in the structural units of the Ministry of Industry and Trade of Russia. Author of more than 30 publications in professional journals, "Information Security. Inside", "Information Security", "Hacker”, "IT-Spec", "Open Systems" and "Hackin9". Currently he participates in the development of the Penetration Testing Execution Standard (PTSE).

Andrey Andreevich Komarov Andrey Andreevich Komarov