1.12.2011 Results
An international conference, devoted to the technical aspects of information security – ZeroNights 2011 – ended. And now it is time to make some conclusions. It is worth noting that at that day Saint-Petersburg pleased us with a warm weather, but not with usual rain. A lot of people attended the conference – we didn’t expect so many attendees (thank you for that), because a huge amount of people registered during last 2 days before the conference, and therefore there were some problems.
Let’s proceed to the results:
- 1 day
- 2 tracks, with the great amount of the listeners
- 3 prize places from Yandex with a prize fund of 10.000 $.
- 4 sponsors (ESET, Gazinformservice, Group-IB, MASKOM)
- 2 companies, which assisted during the organization
- 1 company – technical partner (Yota)
- 7 international independent experts in the program comittee
- 10 hours of hacker atmosphere and pleasant chat
- 11 technical competitions
- 25 informational partners
- 28 technical reports (14 – in the main program and 14 in the FastTrack)
- 508 visitors
- Visitors from all corners of our country
- About 10 foreign guests
- Russian and foreign reporters (Germany, France, Singapore, Taiwan, USA)
- Many interesting aquaintances
- Coffee/tea/sandwiches
- Angry blue cyber matrioshka
- Hacked hotel server (by whom?)
- Afterparty until 6 a.m.
Frankly speaking the reports’ atmosphere is hard to put into words, and it is not so necessary – it was needed to be there. The main aim of our first conference was a high quality of technical reports and we suppose that we made it. Reports were really interesting and actual, and the reporters presented the material emotionally.
Let's proceed to the winners:
1) Competition "Yandex’s Month of Security Bugs"
First place - Vladimir Vorontsov (ONsec) = 5.000 $
Second place - Alexey Sintsov (ERPScan) = 3.000$
Third place - Eldar Zaitov = 2.000$
2) Competition "Hack me if you can"
Winner: Destiny (RDOT)
Respect: SNK & zyx2145
3) Competition "Hack SCADA"
Winner: Unknown
4) Competition "Hack SAP"
Winner: Unknown
5) Competition "Free moments in ZeroNights - 2011 style"
Winner: unknown
Status: competition will end at the 5th of December
6) Competition "King of the hill"
Winner: [RDOT]
7) Competition 0-day Hunter
Winner: unknown
Status: competitions is still going on. Task for the competition is here.
8) Competition "Wallpaper ZeroNights"
Winner: IL
9) Competition "Lockpicking Village"
Winner: Anna Breeva
10) Competition "Best hacking t-shirt"
Winner: Denis Baranov
11) Competition "Clever won't go uphill, clever will bypass mountain"
Winner: unknown
And remember, our conference does not belong to a brend or company, everyone can take part in creation of our conference - we are opened for the ideas and suggestions. You can wright about it here - feedback or info@zeronights.org.
28.11.2011 Thanks to all of you!
We want to thank everyone: reporters, visitors, volunteers, sponsors, partners and those who were involved in our conference! Our reporters not just shared actual knowledge in the field of information security and attacks on it, but also did their best during the reports (it is hard to express, it should be seen and heard by yourself). We would like to thank the visitors for their huge amount, active participation in the competitions, discussions, for the live communication and sincere emotions at the reports. It was really important for us. Geography of our guests was really mad: I had an opportunity to talk to people from Moscow, Kaluga, Tumen, Kursk, Nizhniy Novgorod, Barnaul, Kazan, Cherepovets, Krasnodar (one of our banners went to this city). Also foreign guests from Kazakhstan, Ukraine, USA, Italy, and Japan attended the conference! More than 500 people attended the conference according to our estimation. Thanks to our volunteers for two sleepless nights, great help and support. Thanks to our sponsors: ESET, Gasinformservice, Group-IB, MASKOM! You believed in our idea and supported us! Thanks to ERPScan, Yandex, Yota for the help, which is hard to estimate! Thanks to our media partners and especially to “Xakep” magazine for your information support! Thanks to competitions’ organizers ONsec, Esage Lab for bringing action to our event! Everything was really great!
Also several moments:
- 1) All the presentations will be available later.
- 2) Photo report will be available later.
- 3) Our detailed report will be also available later.
- 4) We will accept any photo-, video materials from the conference and conference reviews. Also your impressions/complains/proposals you can send to feedback
- 6) The next Defcon Russia Group #7812 meet will take place in the middle of December – follow the news on www.defcon-russia.ru and take part as the reporters.
P.S. And if there was something wrong from our side, so we are sorry and promise to correct.
24.11.2011 Program changes
Today we have two news for you-good and bad. Letis begin with bad one - to our big regret our super cool reporter (and just great man) Jonathan Brossard wonit be able to take part in the conference. We can ithanki Australian migration service, which notified our reporter in the very last moment that he wonit be able to go to the conference from Australia, for this situation. Unfortunately we could not change the situation. Jonathan offered to conduct a speech via the Internet, but we decided that nothing can substitute a live speech at the conference. And here we can proceed to a good news n report-show from Paul Volobuev and DSecRG employees iPractical demonstration of standard and 0-day attacks on SCADA and PLC-controllersi, which will surely surprise you. In the report a theme of SCADA security, combined with stories from real work of people, who implemented these systems, and also with 0-day vulnerabilities in popular SCADA and industrial controllers of famous manufacturers, will be presented. And in the end of the report a real attack on the real Industrial Control Systems, with bulbs and red buttons, like in the film. Even we didnit see it at the world conferences, although we have been following this theme for a lot of time. But at Zeronights we will have it!
Let us present a part of the report:
"So I think that many of you heard that SCADA systems can be available from the Internet and they can be easily found via search systems like Google or ShodanHQ. And maybe everybody heard about a person with iPr0fi nickname, who made a sensation out of it.
But what is more important is that within our researches of industrial systems we found that PLC devices, which are very simple from the first look, in reality also contain built-in WEB-servers, which as you have guessed, can be available via the Internet.
To prove you that it is not only a theory, we made a request, which detects in the Internet PLC devices of one very popular vendor n WAGO. And it looks like this - inurl:/plc/webvisu.htm
At the checking more than 30 servers via Google and 90 servers via shodanhq were available. We do not know how many of them will be available after the publication. And of course nobody cancelled passwords by default, and they work. For example – admin:wago…..
The given field of researches in DSecRG now is one of the most important due to the high security criticality in the given field all over the world, and boys are ready to share their secret researches.
18.11.2011 Our reporters are on network open spaces
We are glad to announce, that during our conference there will be a free Internet for all our attendees from our technical partner Yota Company. And finally a conference program became available, you can see it here. And there is some time till the conference and now you can get acquainted with our reporters closer. We prepared a selection of reporters’ accounts in twitter and their personal data blogs:
15.11.2010 A final program is formed
Today we are glad to announce that a final program of our conference is formed. As the result we have 28 reports, 14 of which are in the main program, and 14 are in the FastTrack section. This program is more than intense for only one day conference. During only one day you can learn about the latest actual themes in the field of reverse engineering, mobile network security, web applications’ security, secure programming, incident investigations, searching for the vulnerabilities and many other themes, connected with attack and security of modern information technologies. At the same time there will be a hot discussion at the round table, where an urgent theme about information disclosure about vulnerabilities in software will be discussed. During "ZeroNights Time" action 0-day and private 1-day vulnerabilities will be presented, showing that none of software is protected from vulnerabilities. And also competitions on hack: from binary applications to corporate and SCADA systems. And now let’s meet our latest reporters:
1) In the main program Anton Bolshakov (Singapore) will present a new version of distributive for security information security specialists – Pentoo 2012.
2) In the main program Philippe Langlois (France) will demonstrate new technologies of 3G and LTE networks and how to attack and defend.
14.11.2011 HackQuest ZeroNights 2011
For those who can't wait for hack-competitions at ZeroNights or just
interested in checking their level of practical knowledge in information
security, we launched small, but very interesting on-line HackQuest. And
also we advise you to start to prepare all the necessary tools (0-day/1-day
exploits, virtual machines, scripts, hack-tools, RE-tools and so on) for the
competitions "Hack me if you can" from ESET, "King of the Hill" from ONsec
and "0day hunter" from Esage Lab. And there is some time left to win $5000
from Yandex Company within the competition "A month for searching for Yandex
vulnerabilities". In addition now we have two additional competitions from
ERPScan: "Hack SCADA" and "Hach SAP". And for creative people we have
"Wallpaper ZeroNights" (presence at the conference is not obligatory) and
"Best hacking T-shirt" from DefconGroup #7812. And I almost forgot to tell
about "Lockpicking Village" competition. We guarantee lots of fun and
intensity of emotions (and prizes of course). More detailed information
about competitions you can find in the êcompetitions' section.
11.11.2011 Home straight
Only 2 weeks are left till the tremendous event – international conference on newest methods of hack and security – ZeroNights, and we are ready to present you almost full program. Why almost? Because, as usual, we have some surprises.
Firstly we would like to thank Yandex Company, with participation of which conference is being held, our sponsors – ESET, Gazinformservice, Group-IB, ÌÀÑÊÎÌ for their support, and also to our media-partners for their help and assistance during the advertising – XAKEP journal and many others.
Our slogan is “ZeroNights – hack everything” – is confirmed firstly by the reports, which cover almost all the directions of hack and security from deeply leveled methodologies of deobfuscation and exploitation of Memory corruption, kernel pool, Response Splitting vulnerabilities and up to attacks on ERP-systems and RBS. From analysis of cybercrime and specialized Trojans to construction of secure cycle of software processing. Here is almost full list of reporters from the main program:
• Fyodor Yarochkin (Taiwan, Amorize), "Dissecting unlawful Internet activities";
• Ivan Medvedev (USA, Microsoft, "Security Development Lifecycle Tools";
• Jonathon Brossard (Australia, Toucan Systems), "Post Memory Corruption Memory Analysis";
• Marcus Niemietz (Germany), "UI Redressing and Clickjacking: About click fraud and data theft";
• Alexey Lukatsky (Russia, Cisco), "Boston cybercrime Matrix or what is the business model of the modern hacker?";
• Alexey Sintsov (Russia, ERPScan), "Where do the money lie?";
• Aleksandr Matrosov, Evgeny Rodionov (Russia, ESET), "Modern technologies in malware programs’ developing for RBS systems";
• Andrey Beshkov (Russia, Microsoft), "Behind the Window Update Scenes. From vulnerability to patñh.";
• Sergey Gordeychik (Russia, Positive Technologies), "How to hack a telecom and stay alive";
• Vladimir Vorontsov (Russia, ONSEC), "Splitting, smuggling and cache poisoning: come back!";
• Dmitry Schelkunov, Vasily Bukasov (Russia, LETA), "About practical deobfuscation";
• Nikita Tarakanov (Russia, CISS), «Kernel Pool Overflow: îò Windows XP äî Windows 8
Apart from the main program, there will also be FastTrack – section of short, interesting, and sometimes more intriguing reports about live hack examples of internet kiosks and domain routers, and also corporate business applications. Besides, there will be described such progressive methods of vulnerability search, as dynamic binary analysis (DBI) and tracing of network traffic and many others, including reports of famous representatives of Russian information security community with still secret themes.
• Alexander Polyakov (Russia, ERPScan) "Don’t touch it, unless it falls in pieces: business applications hack in extreme conditions";
• Dmitry Chastuhin (Russia, Saint Petersburg State Polytechnic University) "Practical attacks on Internet kiosks and payment" terminals;
• Nikita Abdullin (Russia, Saint Petersburg State Polytechnic University), "Reverse-engineering of embedded MIPS devices. Case Study: DrayTek SOHO-class routers";
• Alexey Krasnov (Gazinformservice), "We all meandered through our schooling haphazardly";
• Artyom Shishkin, "Printing interception via modifying Windows GDI";
• Andrey Labunets (TumSU, DSecRG), "Methods of network traffic tracing for reverse engineering and vulnerability research";
• Denis Baranov (Positive Technologies), "Root via XSS";
• Dmitriy "D1g1" Evdokimov (Russia, Saint Petersburg State Polytechnic University), "DBI:Intro";
• Aleksandr Matrosov, Evgeny Rodionov (Russia, ESET), "Win32/Duqu: involution of Stuxnet";
• Vladimir Kropotov (TBInform), "Drive-By-Download attack evolution before and after vulnerabilities’ publication by the information security analyst eyes.";
• Sukhanov Maxim (Group-IB), "Fraud in RBS systems: problems, occurring during the production of judicial computer and technical expertises";
• Anton “ToXa” Karpov (Yandex) - TBA
• Nikita Kislitsin (XAKEP) - TBA
• Arkanoid – TBA.
Apart from the main program, in the end the guests are invited to participate in the round table, devoted to the questions of information disclosure about vulnerabilities. Full against particular, against disclosure for money, and also usual hack for the sake of the idea or for fun. Who is right and who is wrong, and what is best for the industry? Experts, supporting different points of view and are on different parts of barricades, will lead hot debates, where each listener can take part. Alexey Sintsov, Alexander Polyakov, Anton Karpov, Fyodor Yarochkin and Ivan Medvedev will be as experts.
And this is not all! In the end of the program there will be conducted a unique event – ZeroNight time”. During 30 minutes in the complete darkness the newest 0-day and 1-day vulnerabilities in the popular software will be demonstrated.
In the preliminary list are the next applications:
• 1C Enterprise;
• Google documents;
• SAP NetWeaver;
• Bitrix CMS;
• VKontakte;
• Microsoft Windows.
Be ready! It will be unforgettable show!
And of course, there will be contests.
First of all, there will be a contest from our partners – Yandex –on the best vulnerability with the prize – 5000$.
Secondly, a contest from ERPScan – “Hack the SCADA”. At the conference there will be presented a real stand of industrial controller with terminals, where it will be necessary to detect vulnerability. Unique prize for this contest – practically SCADA-controlled vehicle, controlled via wifi from IPhone.
Another contest from ERPScan – “Hack SAP”. The contestants will be offered to detect vulnerability in SAP NetWeaver Java engine 7.02 and to demonstrate it. The prize for the best vulnerability is Amazon Kindle 3G.
For those who prefer to work with hands there will be Lockpicking – stand, with many small prizes and the main prize for the fastest hack – racing car, controlled from Iphone or Android.
For the creative people there are following contests:
• Best "Wallpaper ZeroNights" from DefconGroup #7812;
• Best Hacking t-shirt from DefconGroup #7812.
And of course hardcore contests from our partners:
• "Hack me if you can" from ESET;
• "0day hunter" from Esage Labs;
• "King of the hill" from ONSEC.
Hurry up to take part in this unique event and raise Russian information security industry on a qualitatively new level. We will wait for you here: Saint Petersburg, Tukhachevskogo street, 27/2, “Katovsky” club.
Follow the news and do not forget to pay for tickets in advance. Ticket purchasing at the entrance will not be carried out, unfortunately.
10.11.2011 Digital Hardcore
Frankly speaking, we unexpectedly decided to make a little pre-party a day before the conference in GlavClub at the concert legendary Digital Hardcore group “Atari Teenage Riot” (USA/Germany). So if you come earlier and do not know what to do at 24th of November in Saint-Petersburg, so welcome to this concert, where it is possible to chat with the part of Russian Defcon Group and Zeronights reporters freely. To ask for detailed information please use preparty@zeronights.org. Our conference will start approximately at 8.30, then at 9.30 there will be opening speeches from conference sponsors and organizers, and the first reports will start at 10.00. Detailed program will be available a little bit later – follow the news. Hurry up - registration is still open! And about new reporter:
1) In FastTrack section Maksim Sukhanov (Russia) will discuss problems, which occur while the production of judicial computer and technology examinations.
9.11.2011 0x10 days are left till the conference
The time goes fast – only recently we started to actively develop our conference, and now it is not so much time left for its beginning, and we have to realize so many ideas and surprises. But Russian Defcon Group puts all its soul in it’s’ creation. And we are sure that we will be able to make a conference, which could be a good competitor to other foreign conferences. And today our conference has got a new silver sponsor – “Maskom” group of companies. And by our established tradition we present you our new reporters:
1) In the main program Ivan Medvedev (USA) will tell about SDL and tell in details about appliances which are necessary to use in the process of development and testing for creation of more secure program products.
2) In the FastTrack section Vladimir Kropotov (Russia) will consider evolution of Drive-By-Download network attack, which affected famous domains in .RU zone.
7.11.2011 Hack for the sake of knowledge, but not knowledge for the
sake of hack.
One of the main target of our conference is to show Russian
information security
scene to the west, so we would like to remind that our Russian Defcon
Group (DCG#7812) as usual conducts monthly
meetings in Saint-Petersburg in different universities. Also now we
started to meet in Moscow too - special thanx to Yandex. Amount of
people attending our meetings, increases: at the first meeting there
were 15 people, and at the next meetings there were from 50 to 80, and
we hope that it is not a limit. Interesting fact is that the meeting
budget didn't exceed 500 rubles. We hope that the amount of such
groups all over the Russia will grow and develop, and we are always
glad to cooperate with technical non commercial events in the field of
information security and are ready to share the experience and help.
And today we can present you two more reporters:
1) In the main program Sergey Gordeychik with his survival lessons in
the huge companies' networks with million IPs during the penetration testing.
2) In FastTrack section Alexander Matrosov will reveal the secrets of
recently sensational Win32/Duqu worm.
1.11.2011 For a unique conference – a unique sponsor
Today we have a wonderful date – 1st of November or 01/11/11, or using a range of not complicated mathematic transformations, 2B67 in hexadecimal, what is also nice. Of course, it is a very interesting date and at the same time it won’t be repeated again, as the possibility to attend the first ZeroNights conference. But in contrast to the calendar dates, you still can register on our first conference, and then tell your friends, and after many years to your grandchildren about it. But it is not main news of this day. The main news is that in the list of our sponsors there is next update, and this time it is Group-IB Company. We are pleased that such a young company, having the same progressive view on the information security world as we have, didn’t stay aside from our event.
28.10.2011 Only the most actual technical reports
We continue to spread themes of reports, which will be presented at the conference. As you can see, all the reports have deep technical nature. Aside from the hack atmosphere, existing at such conferences, an important factor is the possibility to talk to specialists of high level face to face and get answers to interesting for you questions from primary source. So come and talk, be interested. Ask questions and just spend time at our conference. And finishing our weekly marathon on presenting the reporters, let us present two very high-tech reports:
1) In the main program Jonathan Brossard (Australia) will present new exploitation methodology of invalid memory reads and writes, which made a lot of noise all over the world, in Russia.
2) In FastTrack section Dmitriy “D1g1” Evdokimov (Russia) will help everyone to understand the DBI (Dynamic Binary Instrumentation).
P.S. The end of this marathon doesn’t mean that there will be no new reporters)
27.10.2011 The strong support
Today we would like to thank ESET, Gasinforservice, ERPScan, Yandex, who supported our idea on cration of international conference on information security. It's great that there are such companies which think of information security future, because one of the main aims of our conference is training of future specialists and exchange of experience between security researchers, programmers, administrators and managers in the information security field. We believe that list of such companies will increase, and our conference will develop. And now it is time to present new reporters:
1) In the main program Andrey Beshkov (Russia), being a employee in Microsoft Company and acquainted with all inner work, will tell how the process of vulnerabilities' elimination inside the company is arranged.
2) In FastTrack section Denis Baranov (Russia) will surpise everyone that via not so serious vulnerability as XSS under certain circumstances it is possible to get full access to the system.
26.10.2011 Next level
Conference registration is at full speed, and we make our conference more deep and interesting. We recommend you pay special attention on our new competition from Yandex company, main prize of which is $5000 and of course respect of information security specialists. The given competition is a unique not only for Russia (Yandex is the first Russian company who made such a thing), but for the whole world, because no one paid such a sum of money for the vulnerability in web project. It is always great to receive fun and profit from work or hobby. It is pleasant for us to be involved in such information security development vector in our country. And we hope that other companies will follow this example in future and will pay more attention to their products’ security. In general, you are obliged to participate and challenge not only to Yandex company but to you personally. And as a conclusion we present you our new reporters:
1) In the main program Marcus Niemietz (Germany) will analyze different attack vectors using UI redressing and Clickjacking and counteractive measures.
2) In FastTrack section Andrey Labunets (Russia) will tell about well known and new methods of network traffic tracing for vulnerability search.
25.10.2011 One month is left for the 0nights conference
Preparation for the conference gathers its pace and we can't wait to tell you our news. We do everything to create a real hacking atmosphere at our conference. As usual we are pro for any interesting offers, it would be enough to send an email to info@zeronights.org. Today we are glad to present you our new reporters:
1) In the main program Nikita Tarakanov (Russia) will share his experience in exploitation of overflows in Kernel Pool in Windows OS, beginning from Windows XP and ending with Windows 8 (it is not a misprint)!
2) In FastTrack section Artem Shishkin (Russia) will present a realization of print interception via Windows GDI modificatio method.
Follow the news - a lot of surprises, interesting contests and unexpected quests are waiting for you.
P.S. Preapare for the contests actively - pizes are waiting for their heroes!
24.10.2011 Rainy weather is coming to Saint-Petersburg step by step, but we have a hot time!
The reports' selection for the conference is completed, comittee conducted a hard selection and we finally are ready to present you the main group of reporters for the main program and for the FastTrack (hurry up - you can still be among them). Now every day you will be shown 2 reports, which will be presented at our conference. So, please, welcome:
1. In the main programm will be Dmitry Schelkunov (Russia) and Vasily Bukasov (Russia), they will tell us about code deobfuscation technologies, namely will tell about virtualisation usage in the context of the given task.
2. In the FastTrack section will be Alexey Krasnov (Russia), he will rise a question about the problems of information security specialists' preparation in Russian Universities.
And note that this is only a beginning! Then it will be hotter! Hurry up to registrate! All hackers will be here! And you?
4.10.2011 ZeroNights is coming: world leading hackers will meet in Saint-Petersburg.
This event was preparing for a long time. Creation of independent IS conference of international level, where last researches in the field of hack and security from researchers with known names and unknown talents would be presented, was the idea fix for most people. Event, which could be called Russian Defcon or BlackHat, purpose of which is not to gather people for advertising their products, but to create an area, on which the researchers from all over the world could share the newest researches and discuss industrial problems in informal conditions, might appear in Russia, is now possible.
We have been visiting international conferences – from local to the largest, from India to America, and we were asked about conference in Russia everywhere, and, unfortunately, we still couldn’t offer something, what surprised international public. Is it possible that a country with such a potential has only “black” hackers and no highly qualified specialists? Surely it has! And soon you will learn about them.
In November 25 in the Russian northern capital a significant event will take place – International conference on IS technical aspects - “ZeroNights 2011”.
The conference is organized by DEFCON Russian community, supported by Digital Security, and intended on gathering the best specialists in their area, who will tell about their last researches, 0-day vulnerabilities and methodologies.
Our main target is to present qualitatively new level of reports, both deeply technical and more business oriented. Theme of the conference is oriented on the vulnerabilities, 0-day attacks and practical examples of attacks in real conditions. Here you will not hear the word “theoretically”. Even at the contests hacks of real systems and applications, but not specially tuned unsafe services, will be conducted. Even the organizers won’t know if it is possible to hack these systems, and what the participants will find there.
The reports, presented at the conference, will be carefully selected by the team of independent specialists, and be sure – they will choose only the best. Among the program committee are such experts as Kris Kaspersky (former compatriot and person who doesn’t need any presentation), Dave Aitel (CEO of Immunity, USA), Peter Van Eeckhoutte (CorelanTeam, Belgium), The Grugq (COSEINC, Thailand), Evgeniy Klimov (PWC, Russia), Nikita Kislitsin (Xakep magazine, Russia), Alexander Matrosov (ESET, Russia).
Now there are a lot of requests, and day by day it will be harder to become one of the reporters.
But we didn’t stop at this and during the conference a mini-conference approximately called FastTrack will be held, where the reporters will be given 15 minutes for the research presentation or rising of an important question (theme). This part of the conference will be more informal and aimed at raising unofficial questions for public discussion, and also a possibility for the public to speak out. Requests for participation should be sent to fasttrack@zeronights.org. Participation in FastTrack is a good possibility to tell about the main themes.
Concerning the main program - it will consist of reports’ section, FastTrack section, panel discussion and competitions on real hack.
At the analytic track there will be such fields as:
- Cybercrime, APT;
- Third world war in the Internet;
- Penetrationtest.
Technical track will be devoted to real examples of vulnerabilities in:
- Popular WEB services: Google, Vkontakte;
- Business applications: SAP, 1C,Documentum,Peoplesoft;
- Bankapplications (RBS, ABS) of the largest Russian developers;
- Software and hardware complexes: automated control systems, tokens, payment terminals, internet kiosks, IP-telephones;
- Virtualization platforms;
- Data transfer technologies: 3G, LTE , IP-telephony;
- Web browsers’ extensions and client applications.
Fast-Track section.
Section is devoted to small, but significant researches, and just interesting thoughts, ideas and researches about the situation in our area. Within 15 minutes reporters will tell about urgent problems and solutions, raise the most delicate questions for discussion. Besides, at the end of the track any participant can within 5 minutes present his research or describe a problem or speak on the topic directly at the conference. It will be the most unexpected and exciting track, where you will meet those people, whom did not expect to see.
Panel discussion
At the end of the conference all the visitors will be able to take part in the panel discussion, dedicated at one of the urgent problems. Six experts will answer all the listeners’ questions on the chosen theme and will mark their opinions on for a long time existing question. Panel discussion theme will be announced a month before the conference.
Contests on real hack.
Everyone likes contests, and we decided to conduct them in a special way. Those who wish will be provided with real hardware and software complexes and systems. Everyone will be able to check his abilities in searching for new 0-day vulnerabilities online on real systems. Automated control systems, payment terminal, server with SAP system and many interesting things. Besides, there will be contests from our partners on WAF bypass, search for vulnerabilities, lock picking with locks as the prize.
Results of first applications’ selection and chosen reports:
- Alexey Lukatsky (Cisco) doesn’t need to be presented!
- Report “Boston cybercrime Matrix or what is the business model of the modern hacker?”
- Fyodor Yarochkin (Amorize) – old school hacker, our compatriot, X-Probe author, came from Taiwan.
- Report «Dissecting unlawful Internet activities»
- Saumil Shah (NetSquare) – famous security specialist, the guest of honor at the largest international conferences and a great speaker. He is coming to us from mysterious India.
- Alexey Sintsov (Digital Security) - author of new exploitation methodologies and RBS “killer”. He will present new thriller.
- Report «Where do the money lie?»
- Dmitriy Chastuchin. You don’t know anything of him but he knows everything about you. Author of vulnerabilities in the most popular WEB services will present practical report on the real hack of internet-kiosks and payment terminals, spread all over the world.
- Report “Practical attacks on Internet kiosks and payment terminals”
- Alexander Matrosov (ESET). Virus-Freeman will cure you from new Trojan types.
- Report “Modern technologies in malware programs’ developing for RBS systems”
- Alexander Polyakov (Digital Security). “Give me SAP and I’ll crack it”, will briefly look at other applications’ security in his report:
- Report from FastTrack section «Don’t touch it, unless it falls in pieces: business applications hack in extreme conditions»
The final preselected list of participants will be announced a month before the conference. Follow the news.
Such an event isn’t possible to miss. If you are fed up with permanent dominance of marketing reports at so-called security conferences and want to see unknown earlier threads and attacks, practical researches firsthand, to be on the industry top and to see the first how critical systems will be hacked at the contests – you are just obliged to participate at this conference. Together we will be able to bring Russian IS market and conference format to the qualitatively new level.