An international conference, devoted to the technical aspects of information security – ZeroNights 2011 – ended. And now it is time to make some conclusions. It is worth noting that at that day Saint-Petersburg pleased us with a warm weather, but not with usual rain. A lot of people attended the conference – we didn’t expect so many attendees (thank you for that), because a huge amount of people registered during last 2 days before the conference, and therefore there were some problems.
Let’s proceed to the results:
- 1 day
- 2 tracks, with the great amount of the listeners
- 3 prize places from Yandex with a prize fund of 10.000 $.
- 4 sponsors (ESET, Gazinformservice, Group-IB, MASKOM)
- 2 companies, which assisted during the organization
- 1 company – technical partner (Yota)
- 7 international independent experts in the program comittee
- 10 hours of hacker atmosphere and pleasant chat
- 11 technical competitions
- 25 informational partners
- 28 technical reports (14 – in the main program and 14 in the FastTrack)
- 508 visitors
- Visitors from all corners of our country
- About 10 foreign guests
- Russian and foreign reporters (Germany, France, Singapore, Taiwan, USA)
- Many interesting aquaintances
- Angry blue cyber matrioshka
- Hacked hotel server (by whom?)
- Afterparty until 6 a.m.
Frankly speaking the reports’ atmosphere is hard to put into words, and it is not so necessary – it was needed to be there. The main aim of our first conference was a high quality of technical reports and we suppose that we made it. Reports were really interesting and actual, and the reporters presented the material emotionally.
Let's proceed to the winners:
1) Competition "Yandex’s Month of Security Bugs"
First place - Vladimir Vorontsov (ONsec) = 5.000 $
Second place - Alexey Sintsov (ERPScan) = 3.000$
Third place - Eldar Zaitov = 2.000$
2) Competition "Hack me if you can"
Winner: Destiny (RDOT)
Respect: SNK & zyx2145
3) Competition "Hack SCADA"
4) Competition "Hack SAP"
5) Competition "Free moments in ZeroNights - 2011 style"
Status: competition will end at the 5th of December
6) Competition "King of the hill"
7) Competition 0-day Hunter
Status: competitions is still going on. Task for the competition is here.
8) Competition "Wallpaper ZeroNights"
9) Competition "Lockpicking Village"
Winner: Anna Breeva
10) Competition "Best hacking t-shirt"
Winner: Denis Baranov
11) Competition "Clever won't go uphill, clever will bypass mountain"
And remember, our conference does not belong to a brend or company, everyone can take part in creation of our conference - we are opened for the ideas and suggestions. You can wright about it here - feedback or email@example.com.
28.11.2011 Thanks to all of you!
We want to thank everyone: reporters, visitors, volunteers, sponsors, partners and those who were involved in our conference! Our reporters not just shared actual knowledge in the field of information security and attacks on it, but also did their best during the reports (it is hard to express, it should be seen and heard by yourself). We would like to thank the visitors for their huge amount, active participation in the competitions, discussions, for the live communication and sincere emotions at the reports. It was really important for us. Geography of our guests was really mad: I had an opportunity to talk to people from Moscow, Kaluga, Tumen, Kursk, Nizhniy Novgorod, Barnaul, Kazan, Cherepovets, Krasnodar (one of our banners went to this city). Also foreign guests from Kazakhstan, Ukraine, USA, Italy, and Japan attended the conference! More than 500 people attended the conference according to our estimation. Thanks to our volunteers for two sleepless nights, great help and support. Thanks to our sponsors: ESET, Gasinformservice, Group-IB, MASKOM! You believed in our idea and supported us! Thanks to ERPScan, Yandex, Yota for the help, which is hard to estimate! Thanks to our media partners and especially to “Xakep” magazine for your information support! Thanks to competitions’ organizers ONsec, Esage Lab for bringing action to our event! Everything was really great!
Also several moments:
- 1) All the presentations will be available later.
- 2) Photo report will be available later.
- 3) Our detailed report will be also available later.
- 4) We will accept any photo-, video materials from the conference and conference reviews. Also your impressions/complains/proposals you can send to feedback
- 6) The next Defcon Russia Group #7812 meet will take place in the middle of December – follow the news on www.defcon-russia.ru and take part as the reporters.
P.S. And if there was something wrong from our side, so we are sorry and promise to correct.
24.11.2011 Program changes
Today we have two news for you-good and bad. Letis begin with bad one - to our big regret our super cool reporter (and just great man) Jonathan Brossard wonit be able to take part in the conference. We can ithanki Australian migration service, which notified our reporter in the very last moment that he wonit be able to go to the conference from Australia, for this situation. Unfortunately we could not change the situation. Jonathan offered to conduct a speech via the Internet, but we decided that nothing can substitute a live speech at the conference. And here we can proceed to a good news n report-show from Paul Volobuev and DSecRG employees iPractical demonstration of standard and 0-day attacks on SCADA and PLC-controllersi, which will surely surprise you. In the report a theme of SCADA security, combined with stories from real work of people, who implemented these systems, and also with 0-day vulnerabilities in popular SCADA and industrial controllers of famous manufacturers, will be presented. And in the end of the report a real attack on the real Industrial Control Systems, with bulbs and red buttons, like in the film. Even we didnit see it at the world conferences, although we have been following this theme for a lot of time. But at Zeronights we will have it!
Let us present a part of the report:
"So I think that many of you heard that SCADA systems can be available from the Internet and they can be easily found via search systems like Google or ShodanHQ. And maybe everybody heard about a person with iPr0fi nickname, who made a sensation out of it.
But what is more important is that within our researches of industrial systems we found that PLC devices, which are very simple from the first look, in reality also contain built-in WEB-servers, which as you have guessed, can be available via the Internet.
To prove you that it is not only a theory, we made a request, which detects in the Internet PLC devices of one very popular vendor n WAGO. And it looks like this - inurl:/plc/webvisu.htm
At the checking more than 30 servers via Google and 90 servers via shodanhq were available. We do not know how many of them will be available after the publication. And of course nobody cancelled passwords by default, and they work. For example – admin:wago…..
The given field of researches in DSecRG now is one of the most important due to the high security criticality in the given field all over the world, and boys are ready to share their secret researches.
18.11.2011 Our reporters are on network open spaces
We are glad to announce, that during our conference there will be a free Internet for all our attendees from our technical partner Yota Company. And finally a conference program became available, you can see it here. And there is some time till the conference and now you can get acquainted with our reporters closer. We prepared a selection of reporters’ accounts in twitter and their personal
15.11.2010 A final program is formed
Today we are glad to announce that a final program of our conference is formed. As the result we have 28 reports, 14 of which are in the main program, and 14 are in the FastTrack section. This program is more than intense for only one day conference. During only one day you can learn about the latest actual themes in the field of reverse engineering, mobile network security, web applications’ security, secure programming, incident investigations, searching for the vulnerabilities and many other themes, connected with attack and security of modern information technologies. At the same time there will be a hot discussion at the round table, where an urgent theme about information disclosure about vulnerabilities in software will be discussed. During "ZeroNights Time" action 0-day and private 1-day vulnerabilities will be presented, showing that none of software is protected from vulnerabilities. And also competitions on hack: from binary applications to corporate and SCADA systems. And now let’s meet our latest reporters:
1) In the main program Anton Bolshakov (Singapore) will present a new version of distributive for security information security specialists – Pentoo 2012.
2) In the main program Philippe Langlois (France) will demonstrate new technologies of 3G and LTE networks and how to attack and defend.
14.11.2011 HackQuest ZeroNights 2011
For those who can't wait for hack-competitions at ZeroNights or just
interested in checking their level of practical knowledge in information
security, we launched small, but very interesting on-line HackQuest. And
also we advise you to start to prepare all the necessary tools (0-day/1-day
exploits, virtual machines, scripts, hack-tools, RE-tools and so on) for the
competitions "Hack me if you can" from ESET, "King of the Hill" from ONsec
and "0day hunter" from Esage Lab. And there is some time left to win $5000
from Yandex Company within the competition "A month for searching for Yandex
vulnerabilities". In addition now we have two additional competitions from
ERPScan: "Hack SCADA" and "Hach SAP". And for creative people we have
"Wallpaper ZeroNights" (presence at the conference is not obligatory) and
"Best hacking T-shirt" from DefconGroup #7812. And I almost forgot to tell
about "Lockpicking Village" competition. We guarantee lots of fun and
intensity of emotions (and prizes of course). More detailed information
about competitions you can find in the êcompetitions' section.
11.11.2011 Home straight
Only 2 weeks are left till the tremendous event – international conference on newest methods of hack and security – ZeroNights, and we are ready to present you almost full program. Why almost? Because, as usual, we have some surprises.
Firstly we would like to thank Yandex Company, with participation of which conference is being held, our sponsors – ESET, Gazinformservice, Group-IB, ÌÀÑÊÎÌ for their support, and also to our media-partners for their help and assistance during the advertising – XAKEP journal and many others.
Our slogan is “ZeroNights – hack everything” – is confirmed firstly by the reports, which cover almost all the directions of hack and security from deeply leveled methodologies of deobfuscation and exploitation of Memory corruption, kernel pool, Response Splitting vulnerabilities and up to attacks on ERP-systems and RBS. From analysis of cybercrime and specialized Trojans to construction of secure cycle of software processing. Here is almost full list of reporters from the main program:
10.11.2011 Digital Hardcore
Frankly speaking, we unexpectedly decided to make a little pre-party a day before the conference in GlavClub at the concert legendary Digital Hardcore group “Atari Teenage Riot” (USA/Germany). So if you come earlier and do not know what to do at 24th of November in Saint-Petersburg, so welcome to this concert, where it is possible to chat with the part of Russian Defcon Group and Zeronights reporters freely. To ask for detailed information please use firstname.lastname@example.org. Our conference will start approximately at 8.30, then at 9.30 there will be opening speeches from conference sponsors and organizers, and the first reports will start at 10.00. Detailed program will be available a little bit later – follow the news. Hurry up - registration is still open! And about new reporter:
1) In FastTrack section Maksim Sukhanov (Russia) will discuss problems, which occur while the production of judicial computer and technology examinations.
9.11.2011 0x10 days are left till the conference
The time goes fast – only recently we started to actively develop our conference, and now it is not so much time left for its beginning, and we have to realize so many ideas and surprises. But Russian Defcon Group puts all its soul in it’s’ creation. And we are sure that we will be able to make a conference, which could be a good competitor to other foreign conferences. And today our conference has got a new silver sponsor – “Maskom” group of companies. And by our established tradition we present you our new reporters:
1) In the main program Ivan Medvedev (USA) will tell about SDL and tell in details about appliances which are necessary to use in the process of development and testing for creation of more secure program products.
2) In the FastTrack section Vladimir Kropotov (Russia) will consider evolution of Drive-By-Download network attack, which affected famous domains in .RU zone.
7.11.2011 Hack for the sake of knowledge, but not knowledge for the
sake of hack.
One of the main target of our conference is to show Russian
scene to the west, so we would like to remind that our Russian Defcon
Group (DCG#7812) as usual conducts monthly
meetings in Saint-Petersburg in different universities. Also now we
started to meet in Moscow too - special thanx to Yandex. Amount of
people attending our meetings, increases: at the first meeting there
were 15 people, and at the next meetings there were from 50 to 80, and
we hope that it is not a limit. Interesting fact is that the meeting
budget didn't exceed 500 rubles. We hope that the amount of such
groups all over the Russia will grow and develop, and we are always
glad to cooperate with technical non commercial events in the field of
information security and are ready to share the experience and help.
And today we can present you two more reporters:
1) In the main program Sergey Gordeychik with his survival lessons in
the huge companies' networks with million IPs during the penetration testing.
2) In FastTrack section Alexander Matrosov will reveal the secrets of
recently sensational Win32/Duqu worm.
1.11.2011 For a unique conference – a unique sponsor
Today we have a wonderful date – 1st of November or 01/11/11, or using a range of not complicated mathematic transformations, 2B67 in hexadecimal, what is also nice. Of course, it is a very interesting date and at the same time it won’t be repeated again, as the possibility to attend the first ZeroNights conference. But in contrast to the calendar dates, you still can register on our first conference, and then tell your friends, and after many years to your grandchildren about it. But it is not main news of this day. The main news is that in the list of our sponsors there is next update, and this time it is Group-IB Company. We are pleased that such a young company, having the same progressive view on the information security world as we have, didn’t stay aside from our event.
28.10.2011 Only the most actual technical reports
We continue to spread themes of reports, which will be presented at the conference. As you can see, all the reports have deep technical nature. Aside from the hack atmosphere, existing at such conferences, an important factor is the possibility to talk to specialists of high level face to face and get answers to interesting for you questions from primary source. So come and talk, be interested. Ask questions and just spend time at our conference. And finishing our weekly marathon on presenting the reporters, let us present two very high-tech reports:
1) In the main program Jonathan Brossard (Australia) will present new exploitation methodology of invalid memory reads and writes, which made a lot of noise all over the world, in Russia.
2) In FastTrack section Dmitriy “D1g1” Evdokimov (Russia) will help everyone to understand the DBI (Dynamic Binary Instrumentation).
P.S. The end of this marathon doesn’t mean that there will be no new reporters)
27.10.2011 The strong support
Today we would like to thank ESET, Gasinforservice, ERPScan, Yandex, who supported our idea on cration of international conference on information security. It's great that there are such companies which think of information security future, because one of the main aims of our conference is training of future specialists and exchange of experience between security researchers, programmers, administrators and managers in the information security field. We believe that list of such companies will increase, and our conference will develop. And now it is time to present new reporters:
1) In the main program Andrey Beshkov (Russia), being a employee in Microsoft Company and acquainted with all inner work, will tell how the process of vulnerabilities' elimination inside the company is arranged.
2) In FastTrack section Denis Baranov (Russia) will surpise everyone that via not so serious vulnerability as XSS under certain circumstances it is possible to get full access to the system.
26.10.2011 Next level
Conference registration is at full speed, and we make our conference more deep and interesting. We recommend you pay special attention on our new competition from Yandex company, main prize of which is $5000 and of course respect of information security specialists. The given competition is a unique not only for Russia (Yandex is the first Russian company who made such a thing), but for the whole world, because no one paid such a sum of money for the vulnerability in web project. It is always great to receive fun and profit from work or hobby. It is pleasant for us to be involved in such information security development vector in our country. And we hope that other companies will follow this example in future and will pay more attention to their products’ security. In general, you are obliged to participate and challenge not only to Yandex company but to you personally. And as a conclusion we present you our new reporters:
1) In the main program Marcus Niemietz (Germany) will analyze different attack vectors using UI redressing and Clickjacking and counteractive measures.
2) In FastTrack section Andrey Labunets (Russia) will tell about well known and new methods of network traffic tracing for vulnerability search.
25.10.2011 One month is left for the 0nights conference
Preparation for the conference gathers its pace and we can't wait to tell you our news. We do everything to create a real hacking atmosphere at our conference. As usual we are pro for any interesting offers, it would be enough to send an email to email@example.com. Today we are glad to present you our new reporters:
1) In the main program Nikita Tarakanov (Russia) will share his experience in exploitation of overflows in Kernel Pool in Windows OS, beginning from Windows XP and ending with Windows 8 (it is not a misprint)!
2) In FastTrack section Artem Shishkin (Russia) will present a realization of print interception via Windows GDI modificatio method.
Follow the news - a lot of surprises, interesting contests and unexpected quests are waiting for you.
P.S. Preapare for the contests actively - pizes are waiting for their heroes!
24.10.2011 Rainy weather is coming to Saint-Petersburg step by step, but we have a hot time!
The reports' selection for the conference is completed, comittee conducted a hard selection and we finally are ready to present you the main group of reporters for the main program and for the FastTrack (hurry up - you can still be among them). Now every day you will be shown 2 reports, which will be presented at our conference. So, please, welcome:
1. In the main programm will be Dmitry Schelkunov (Russia) and Vasily Bukasov (Russia), they will tell us about code deobfuscation technologies, namely will tell about virtualisation usage in the context of the given task.
2. In the FastTrack section will be Alexey Krasnov (Russia), he will rise a question about the problems of information security specialists' preparation in Russian Universities.
And note that this is only a beginning! Then it will be hotter! Hurry up to registrate! All hackers will be here! And you?
4.10.2011 ZeroNights is coming: world leading hackers will meet in Saint-Petersburg.
This event was preparing for a long time. Creation of independent IS conference of international level, where last researches in the field of hack and security from researchers with known names and unknown talents would be presented, was the idea fix for most people. Event, which could be called Russian Defcon or BlackHat, purpose of which is not to gather people for advertising their products, but to create an area, on which the researchers from all over the world could share the newest researches and discuss industrial problems in informal conditions, might appear in Russia, is now possible.
We have been visiting international conferences – from local to the largest, from India to America, and we were asked about conference in Russia everywhere, and, unfortunately, we still couldn’t offer something, what surprised international public. Is it possible that a country with such a potential has only “black” hackers and no highly qualified specialists? Surely it has! And soon you will learn about them.