FastTrack allows to the reporters to have a 15 minutes speech for the research presentation.
Section is in formation. Participation requests are to be sent to fasttrack@zeronights.org. Participation at Fast Track is a good opportunity to tell about important questions. |
||
«Don’t touch it, unless it falls in pieces: business applications hack in extreme conditions» Speaker: Alexander Polyakov Many business applications, which store such important for you data, weren’t developed considering of any requirements of security developing and testing. Of course, vulnerabilities are everywhere, but not these, and it is not so easy to detect them. All the vulnerabilities, presented in this report, were detected within 5 minutes after the program starting, by myself or my colleagues in free of work time, in the airplane, train or hotel, when there is no Internet connection and sweet tools like fuzzers, sniffers,debuggers or even perl interpreter, but there is only a notebook and installed soft. This is a short guide in vulnerability search in extreme conditions on real examples. Who will be a test subject? I think you are familiar with these names: Documentum, 1C, SAP, PeopleSoft, Oracle BI. There is enough time, the list can be extended. |
||
«Practical attacks on Internet kiosks and payment terminals» Speaker: Dmitry Chastuhin Internet kiosks, payment terminals, ticket registration systems, and simply any device with Internet connection, which you can find in the airport, hotel, cafe, train, bus station, railway station, everywhere. How are they protected and how critical is the information, which can be detected? Why is it needed to hack them? Botnets? social networks accounts’ theft ? Payment cards’ data theft? Possibility of further attack on connected sub-networks? In fact, some applications in the airports are connected to the local airport network, and people use kiosks in the hotels and cafes during their trips in order to book tickets or hotels, using payment cards’ data, and real money are stored in the payment terminals, so hack of such systems is not only an entertainment, but also a possible criminal business or terrorist target. This report will contain photos and video of real attacks, listed systems, located in different corners of the world from Russia and Europe to India, Asia and USA. It is enough from theoretical slides! Only real hack and demonstration. |
||
«Reverse-engineering of embedded MIPS devices. Case Study: DrayTek SOHO-class routers» Speaker: Nikita Abdullin Embedded devices have for a long time been proficient in infiltrating many spheres of application, both at the home and at the office. The vendors' motto always stays the same: "Vendor lock-in" and "Security through obscurity", and we find these principles chosen by major brands and minor companies alike. The simplicity of implemeting those measures, and the strong confidence in posessing the know-how are the key factors for the vendors to select them. But from the attacker's viewpoint, these ill-designed security measures can be defeated much easier than proven, industry-standard technologies. To accomplish this, one simply needs to have the basic revese-engineering skills and be aware of the features of a chosen hardware platform. The talk will cover some tips and tricks of embedded MIPS reverse engineering. À case study featuring DrayTek SOHO-class router series will illustrate a disclosure of a master password for more than 30 router models widely deployed over Australia, UK and Germany. |
||
«We all meandered through our schooling haphazardly» Speaker: Alexey Krasnov About a higher education problem in Russia, including in the field of information security, everyone knows, this question constantly rises at many theoretical conferences, and decisions which remain only in the theory are made. One of higher education problems is that in many high schools which prepare experts in information security, the teachers having practical experience in the given field are not enough (and even there are no at all). The aim of the given report isn't working out the higher-level concept of a education development in the field of IS, there is only an offer to raise this question at conference among a great number of practising experts and to take out the vision of the decision on the given problem for general discussion. |
||
«Printing interception via modifying Windows GDI» Speaker: Artyom Shishkin Implementation of a printing interception on Windows isn’t a trivial task because there are no built-in programming interfaces designed for this purpose. Most of well-known methods have different kinds of difficulties both in implementation and usage. The given example of monitoring method can be relatively easily implemented due to the fact that it is a simplified and generalized variation of well-known methods. Windows GDI is pretty noticeable for implementing printing monitoring because it manages both drawing everything we can see on a screen of monitor and printing process as well. Most of times we print stuff that we see on a screen and this fact allows this method to be considered as effective. In this paper we are going to reveal some of little secrets of GDI, spooler and also some basic principles of developing information monitoring systems under Windows OS. |
||
«Methods of network traffic tracing for reverse engineering and vulnerability research» Speaker: Andrey Labunets Providing security of information systems from the penetration tester's and vulnerability researcher's point of view is a complicated task, especially in the case of black-box testing with a very few initial knowledge of the system internals. In this paper we will dive into the problems of network traffic tracing for the purposes of debugging and reverse engineering of programs and network interaction. We will show how to gain advantages of both a code debugger and a protocol analyzer under Windows using well-known methods of protocol debugging as well as new approaches, based on recent improvements in Windows networking subsystem. |
||
«Root via XSS» Speaker: Denis Baranov There are many vulnerabilities that one would rather ignore than deal with, such as low-risk vulnerabilities, vulnerabilities that are hard to exploit, vulnerabilities turned into hands-on experience, and others. However, vulnerabilities will stay vulnerabilities; one never knows when they will be exploited. In the report I will tell how an aggregate of trivial setting and encryption errors in a popular Denwer build can be exploited to gain a full access to the system simply by tricking a user into following a link. The attack is triggered by a trivial XSS on a local web server, whose CVSS Score is so low that makes it absolutely unremarkable. Besides, the report is concerned with techniques that allow creation of effective client-side exploits to be used in attacks against corporate systems via XSS/CSRF/DNS Pinning. Such attacks include bypassing XSS filters of browsers, web reverse-shell that anti-viruses do not detect and gaining full access to OS commands when non-standard web server configurations are used. |
||
«DBI:Intro» Speaker: Dmitriy "D1g1" Evdokimov What is DBI? What is DBI for? What kinds of DBI exist? Advantages and disadvantages of the given technology and how it is possible to use it for information security purposes.
|
||
«Win32/Duqu: involution of Stuxnet» Speakers: Aleksandr Matrosov,Eugene Rodionov In October of this year, the sensational story of Stuxnet worm got a new stage of development. Win32/Duqu - a previously unknown malware - was discovered, which is based on the source code of Stuxnet. In this presentation we will be speaking about interesting findings revealed during analysis of Win32/Duqu. |
||
«Drive-By-Download attack evolution before and after vulnerabilities’ publication by the information security analyst eyes.» Speaker: Vladimir Kropotov In the report development and evolution of Drive-By-Download network attack will be presented, which affected on the well-known domains in the .RU zone, during several months (from July to November 2011), since the appearance and testing of vulnerable software delivery technologies and up to the moment when web sites with attendance of more than 200 000 users per day were used for the distribution of different types of vulnerable software. |
||
«Fraud in remote banking systems: problems in computer forensic investigations» Speaker: Maxim Suhanov What problems (technical and procedural) occur when investigators perform a forensic examination of digital evidence connected to an incident in remote banking system? How to solve them? The speaker will describe his point of view on specified questions together with trends of development of banking malware and fraud techniques from a forensic perspective. |