POSITIVE HACK DAYS

ORGANIZER

Sections

Download the full program in PDF.

Videos of reports and hands-on-labs (Russian and English).


Ways to protect money

Moderator: Artyom Sychov

Leading experts from Russia and other countries will consider problems of banking security and offer strategies of their solution within this section.
Areas of discussion: peculiarities of bank fraud and resistance to it in Russia, smart cards security, banking Trojans’ evolution, vulnerabilities of web shopping security systems, core and remote banking security.
Section participants: Artyom Sychov, Deputy Director of the Security Department, the Head of the Information Security Directorate of Russian Agricultural Bank; Dmitry Kuznetsov, Deputy Technical Director of Positive Technologies; Evgeny Tsarev, Head of department at Technoserv; Nikita Shvetsov, Director of Threat Research at Kaspersky Lab; Yury Lysenko, the Head of the Information Security Directorate of the Business Protection Department in Home Credit & Finance Bank; representatives of the leading antivirus vendors Ulrich Fleck (SEC Consult Austria) and Micha Borrmann (SySS GmbH).
At the turning point of the section the participants will be offered to crack a remote banking system of a fictional bank in a real-time mode and withdraw money from it. The system is specially developed for the competition, but contains actual vulnerabilities and mistakes, detected by the specialists of Positive Technologies who have pentested and analyzed implementation of PCI DSS and STO BR (Russian Bank Information Security Standard) requirements.
The second task of the competition will be more complicated – participants will be offered to crack the same remote banking system, but only when its protection system is fixed by the participants of the international information security competition PHDays CTF 2012 held as part of the forum. Specialists from Germany, the Netherlands, Russia, the USA, Tunisia, France and Japan comprise the teams of PHDays CTF 2012. This will allow finding out what country is better prepared for the protection of their banks.

  • Language
  • Russian

Biography

Artyom Sychev is Departmental Deputy Director and Head of Information Security at RoccelkhozBank JSC. He was born in Moscow in 1969 and has over 15 years’ experience in the field of banking systems’ information security. Since 1999 he has held a candidature in technical sciences (with a thesis on firewalls). He took an active part in the development of a set of documents on the standardization of information security for the Bank of Russia. Associate Professor of Bauman Moscow State Technical University, a prize-winner of the professional award of the IS "Silver Dagger." He is a board member of the inter-regional public organization Association of managers of information security services.

Artyom Sychov Artyom Sychov

Seeing once is better...

Moderator: Dmitry Evteev

Based on the best materials of the Positive Hack Days 2012 forum, this presentation will offer participants the cutting edge feats of hacking and the most relevant studies in the Information Security field. Dmitriy Yevteev will demonstrate how to hack into the RFID and SCADA systems, how long it takes to get the passwords of a mobile phone and how to manage a corporate network using the administrator browser.

Contents

  • Mikhail Afanasyev, SCADA security. Web vector.
  • Alexander Zaitsev, RFID security today
  • Alisa Shevchenko, Why antivirus keeps silence when web money disappear.
  • Sylvain Munaut, Listening to mobile network

  • Language
  • Russian

Biography

Dmitry Yevteev started his career in Positive Technologies as an information security specialist. At present, he is Head of Security Assessment Department. Dmitry Evteev supervises dozens of operations of comprehensive penetration testing for various information systems. He takes an active part in developing the information security in Russia by giving educational presentations and professional speeches at the major events and publishing analytical and technical articles on information security. Since 2011, Dmitry has been one of the ideologists and founders of Positive Hack Days, an international information security forum.

Dmitry Evteev Dmitry Evteev

Why state secrets leak to the Internet

Moderator: Andrey Valeryevich Fedichev

Experience shows that the leakage of confidential, secret and official information to the Internet is a rather common problem. Loads of interesting information can be found in an open or relatively open access. Mysterious hackers are rarely guilty. Information most often leaks due to the total change of technologies and society, mistakes in IT systems management, negligence and disregard of official duties. So what is the scale of the problem? And how the problem can be solved?

  • Language
  • Russian

Biography

Andrey Valeryevich Fedichev is deputy head of administration in Federal Service for Technical and Export Control (FSTEK of Russia).

Andrey Valeryevich Fedichev

Telecom vs fraud. Who will win?

Moderator: Evgeny Klimov

This section covers the most relevant and complicated issues on how to respond to unauthorized activities in the sphere of telecom and mobile communications.

  • Language
  • Russian

Biography

Evgeny Klimov is the President of the Russian Information Systems Security Professional Association (RISSPA) and the founder of the Russian branch of the Cloud Security Alliance. Evgeny graduated in Information security management and technology at the Academy of Federal Security Service of the Russian Federation (FSB Academy). Evgeny started working in the information security field in 2002; he worked as a Project Manager and Head of information security departments of large companies. At present, he is a risk manager at PricewaterhouseCoopers. He holds the following certificates: CISSP (Certified Information Systems Security Professional), ISC2;  CISM (Certified Information Security Manager), ISACA; PMP (Project Management Professional), PMI; CCSK Cloud Security Alliance; STO BR IBBS Auditor ABISS. Evgeny Klimov is also a member of the following international professional associations: Information Systems Audit and Control Association (ISACA), Project Management Institute (PMI), International Information Systems Security Certification Consortium (ISC).

Evgeny Klimov Evgeny Klimov

Smart-card technologies in Russia: from payphones to Universal Electronic Card

Moderator: Dmitry Gorelov

The section deals with modern smart card technologies and ways to apply them in various public-sector and commercial projects. Special attention will be given to the Universal Electronic Card as the method for providing state and municipal services to the citizens of Russian Federation.

  • Language
  • Russian

Biography

Dmitry Gorelov is the Commercial Director of Active-Soft CJSC. He has been engaged in information security for more than 20 years. He’s one of the founders of Rutoken, an expert of the nonprofit partnership Developers and Operators of E-Service Systems (ROSEU), Programming Director of the RusCrypto conference.

Dmitry Gorelov Dmitry Gorelov

Human resources. Assembly instruction

In this section, the representatives of higher educational institutions, job oriented training facilities and members of the IS market will discuss the issues of education and advanced training in the sphere of informational security.

  • Language
  • Russian