New Reports at PHDays 2012

New speakers who have recently joined PHDays 2012 will speak of SAP hacking, vulnerabilities in smart cards and Ukrainian style cyber security and answer most interesting questions. For example, how many stadiums can be built for the money stolen from Russian remote banking systems? Or what are the real motives that stand behind the cruel war banks started to fight against hackers?

Peculiarities of Fights Against Russian Fraud

An interesting fact - on January 1, 2013 the law on national payment system is coming into effect. In case of an unauthorized money deduction from a client's account, the bank will have to return the money to the account. In other words, so far money has been stolen from clients; but starting from next January, the victims of such crimes will be banks. This is quite a reason for the bank community to start a crusade against cybercriminals 'specialized' in remote banking systems. How to make 2013 and the following years unhappy for such hackers? Evgeny Tsarev will give the answer in his report Systems of Russian style Fraud Resistance. The reporter will speak of peculiarities of Russian fraudulence in the banking field, outline various fraud schemes, point out the reasons of a low level of efficiency of the Western approach and demonstrate how a complex security system should be build up.

DNS Exfiltration Using SQLmap

In military usage, exfiltration is a tactics of retreating from a territory which is under the enemy's control. In such operations, proper camouflaging is far more significant than speed. Likewise, hackers who have obtained access to a system make no rush to copy the data. Firstly, the risk to be disclosed is high. Secondly, the right information may show up later. So, the hacker's program sends the data in small portions through hidden channels that are often not designed for data transfer. A developer from Croatia, Miroslav Stampar in his report DNS Exfiltration Using SQLmap will present a DNS exfiltration technique performed by means of SQL injections, speak of its pros and cons and support it with visual presentations.

Methods of Penetration Through Internet Explorer

In the report Attack Against Microsoft Networks Web Clients, Vladimir Vorontsov introduces methods that allow conducting attacks against Internet Explorer users that operate within Microsoft Networks. The main goal of the attacks in question is to obtain confidential data from users located both on remote servers (bypassing access restrictions) and on local PCs.

Investigating Information Security Incidents Within Automated System of Technological Process Management (SCADA Forensics)

Hackers' growing interest in technological infrastructures and automated systems of technological process management (SCADA) is becoming a sort of a trend. According to experts' estimations, Russian leading industry companies lose up to 10% of their revenue because of internal fraud, thievery, violation of technological processes, configuration flaws in measuring equipment. A specific nature of SCADA requires developing an essentially new technical discipline - computer forensics in the field of industrial automated systems. Andrey Komarov's report also covers incident prevention mechanisms used in the field and considers possibilities of Business Assurance Systems (BAS) regarding economic frauds prevention in the SCADA sector (alteration of such data as fuel-dispensing station readings, data of trading and accounting systems, readings of container indicators, data of fuel and discount card processing). The report will be supported with a demonstration of incidents of practical significance that occurred in the TOP 10 largest industrial companies in various countries. Andrey Komarov is the head of audit and consulting department of the Group-IB company. At present, he is involved in work on Penetration Testing Execution Standard (PTSE) as a representative of Russia.

Smart Card Vulnerabilities: How Much Are We Talking About?

For some years we have been observing a boost in the number of threats to Russian remote banking systems (Shiz, Carberp, Hodprot, RDPdoor, Sheldor). Hackers have been managing to steal dozens of millions of dollars every month (the annual amount is quite enough to build at least a stadium for Spartak and TSSK football clubs, one for each). Working on the report Smartcard Vulnerabilities Exploited by Modern Banking Malware, Aleksander Matrosov and Evgeny Rodionov have examined the most widely used banking malware and revealed quite interesting vulnerabilities in two-factor authentication and smart cards. The report will also consider tricks and shams that hackers use to impede forensic investigation. Aleksander Matrosov is a director of the Center for Virus Research and Analytics, the ESET company. Evgeny Rodionov is in charge of complex threat analysis at ESET.

New and Popular Ways of SAP Hacking

In the last couple of years, SAP security is in focus of ever-growing attention. The public information space has been saturated with various topics from attacks against SAProuter and SAP web applications up to vulnerabilities of low severity level in the SAP core and ABAP code. So far, SAP has released more than 2000 notifications on vulnerability fixes in its products but it's only the beginning. Which vulnerabilities are still there, in SAP systems, apart from the same old XSS, SQL injections and buffer overflow? In the report SAP Insecurity: the New and the Best, Aleksandr Polyakov will focus on a dozen of most interesting vulnerabilities and vectors of attacks against SAP systems: from an encryption flaws to authentication bypassing, and from amusing errors to complicated attack vectors. A great many of vulnerabilities described in the report will be a novelty for the public. Aleksandr Polyakov is the technical director of Digital Security, and one of the world's most prominent experts in SAP security.

With PHP, Haste Makes Waist

Some third-party PHP implementations allow reducing script-execution period by 5 times. But are they capable of ensuring steady and secure work of web applications? Sergey Scherbel, an expert of the Positive Technologies company, will present his report Not All PHPs Are Equally Useful to introduce revealed security problems and exploitation peculiarities of web applications that use third-party PHP implementations and to give some examples of 0-day vulnerabilities. Sergey's specialization is application security, penetration testing, web application and source code analysis. He is in the team of PHDays CTF developers.

About a Secure Use of PHP Wrappers

The PHP topic will be further developed by Aleksey Msockvin, another Positive Technologies security expert. His report About a Secure Use of PHP Wrappers focuses on vulnerabilities related to PHP wrappers. Such vulnerabilities have been discussed for quite a while. OWASP TOP 10 and WASC TCv2 provide links to them. However, a number of peculiar features of some wrappers and filters may cause vulnerabilities (including critical ones) even in applications developed according to security requirements. The report covers algorithms that allow transferring data to an application bypassing its logic. This approach can be used for bypassing Web Application Firewalls built into security filter applications, as well as for conducting attacks aimed at obtaining access to file system and executing arbitrary code. The speaker will introduce some of 0-day vulnerabilities detected by means of the method described in the work. Aleksey is a specialist in static and dynamic security analysis of application source code. He is in the team of PHDays CTF developers.

Instrumentation Methods of Complex Code Analysis

Time goes by, development technologies get more sophisticated, codes get more complex (virtual function, JIT-code and etc.). It gets extremely hard to analyze such codes. To make researchers' lives easier, there are various code instrumentation methods available at present. PIN libraries, Valgrind, DynamoRIO, DynInst, etc. are new indispensable constituents of a security researcher's arsenal. Current methods of instrumentation (of source code, byte-code, and binary code) will be described by Dmitry Evdokimov in his report Light and Dark Sides of Code Instrumentation. Dmitry Evdokimov is a columnist of the Hacker magazine, Russia. He writes a column titled Security-soft. He is also an expert in SAP security in terms of its internal arrangement (SAP Kernel and SAP Basis), and the ABAP code.

Cybersecurity in The Ukrainian Style

Konstantin Korsun, a former officer of the Anti-Cybercrime Unit, the Security Service of Ukraine, and currently the director of iSIGHT Partners Ukraine LLC will tell the listeners about emergence of community of information security officers in Ukraine. The community was originally started as loud night-outs of Ukrainian IT security specialists in Kiev bars and made its way up to an officially registered (in 2012) public organization called Ukrainian Information Security Group. Currently, Konstantin Korsun is the president of UISG. At PHDays, he will present a report titled UISG, a Community of Information Security Experts of Ukraine. Achievements and Prospects.

Stay tuned!