Experts and Hackers to Land on the PHDays Field How to fabricate a key, crack a browser, escape from a smart home

4/25/2014

Why the Internet of things is a threat to national security? What is impressioning? How to detect a zero-day vulnerability in applications presented in the quantity of hundreds of millions of copies? Is there a panacea for DDoS attacks? We would like to bring to you attention a new set of reports that will be presented at Positive Hack Days IV.

Two thousand experts in practical security will gather in Moscow on May 21 and 22 this year to discuss Iranian, Chinese and North Korean cyberpotencial, cryptography after Snowden and Heartbleed, raising information security awareness of Yandex specialists, important discoveries of SCADA Strangelove, cyberthreat for modern electrical substations, main attack vectors against SAP systems. Attendees of the forum will hear about new generation indicators of compromise, visual analytics in the field of information security, automated reverse engineering and more.

The PHDays IV programm includes more than 40 reports, sections and round tables, hands-on labs, short and informative Fast Tracks.

Do it yourself

Hands-on labs held at Positive Hack Days usually get plenty of attention. As a rule, for participation in this kind of activity a person needs some basic grounding, thirst for knowledge and maybe a laptop.

In particular, TOOOL's workshops are among the most popular. The members of the organization Deviant Ollam, Babak Javadi and Keith Howell keep proving that the basis of any security is physical security. This time, the three Houdinis will talk about impressioning—the art of fabricating a working key for a lock using only a hand file, a blank key, and keen observation. During the presentation, attendees will know the features of the method and will try to apply it by themselves.

You can find a brief description of hands-on labs to be held at the forum on the PHDays website.

Searching for the answers

The most acute practical security issues that do not have a solution yet will be addressed at PHDays.

The section “Internet of Things—a Threat of Next Generation?” will address address the threats triggered by gradual integration of digital technologies into our life. How to forecast these threats? What tools to use for mitigation? These and other issues will be tackled by the section speakers Andrey Bosenko (Perspektivny Monitoring), Andrey Moskvitin (Cisco), Andrey Petukhov (Moscow State University) and Artyom Chaikin (Positive Technologies).

Éric Filiol, a well-known French professor, cryptologist, cybersecurity and cyber warfare expert, winner of the Roberval Prize for his book “Computer Virology: from Theory to Application”, will visit PHDays this year. He will present his view of the changes that occurred in cryptography after the revelations of Edward Snowden and shocking issues of RSA, Heartbleed, Goggle and ANSII. The speaker will also share a few non-official things.

Experts from every corner of the world will consider a perspective approach to intrusion detection and prevention (Robert Griffin from EMC) and new challenges for mobile telecommunication operators based on the Orange example (Sébastien Roché, a mobile core network security manager at Orange Group). Among other topics: comparing Iranian, Chinese and North Korean hacking worlds (William Hagestad), implementation of information security awareness processes presented by Natalya Kukanova from Yandex (according to Positive Technologies, more than 30% of large companies' employees follow a phishing link).

You can find a description of business-related reports on the PHDays website.

Brief and clear

In addition to standard reports the PHDays IV program includes an extensive Fast Track that involves informative and dynamic short speeches. Attendees will hear about how an anecdote that occurred to colleague software developers Igor Agiyevich and Pavel Markov helped them to learn “on the other side” how anti-virus labs really work. Moreover, participants of the forum with the help of Svetlana Gayvoronskaya and Ivan Petrov will learn how to catch shellcodes under ARM.

Nazar Tymoshyk will tell about cloud honeypots for intruders. Dmitry Yerusov will speak on how to access corporate information in Microsoft Dynamics AX via an X++ injection.

Denis Makrushin from Kaspersky Lab in his report will cover a security concept that makes DDoS attacks ineffective. Main techniques for hindering exploit detection and analysis in PHP scripts will be presented by Grigory Zemskov, Head of Revisium. Marat Rakhimov, a design engineer at Gazinformservice, will demonstrate how to integrate an IT-GRC system and a vulnerability and compliance management system.

Moreover, Anton Sapozhnikov, a senior consultant at KPMG Russia, will present a brand new technique of exploiting a vulnerability in Windows SSPI implementation, which allows obtaining credentials even without admin privileges, while the system analyst at the Russian company Perspektivny Monitoring Andrey Plastunov will demonstrate a MiTM attack against an Android phone via a specially crafted NFC transmitter based on Arduino.

Find more about Fast Track on the PHDays website.

Reports and public round tables are only a small part of the great event that will launch in a month. Competitions are designed, the battlefield for PHDays Everywhere visitors is ready, CTF participants and Young School finalists are defined. Looking forward to seeing you at Positive Hack Days IV!