News

5/25/2017

Day 2 of PHDays VII: Revenge of the Hackers

Positive Hack Days VII came to an end this week, having drawn a record-setting 4,800 attendees from all over the world, including the U.S., Israel, Korea, Italy, France, Germany, Kazakhstan, Belarus, India, and Poland. The two-day gathering hosted hundreds of events: seven tracks plus hands-on labs, workshops, and hacking contests. Here are some of the highlights. The Standoff: hackers strike city-wide panic

5/24/2017

Day 1 of PHDays: How to create a botnet, hack Telegram, and survive ransomware

The Joy of Tech webcomic about the Internet of Ransomware Things—with dishwashers mining bitcoins and coffee machines threatening to brew only decaf unless paid—is both funny and a sign of the times. Considering the Internet's increasing reach into our offices and homes, the theme of the Positive Hack Days forum this year is "The Standoff: Enemy Inside." The seventh annual PHDays international digital security forum opened today, drawing over 4,000 participants from all over the world, who contributed and took part in talks, hands-on labs, roundtables, and hacking contests. Experts showed the finer points of ransomware infection, created an experimental router botnet, demonstrated the process of hacking electrical infrastructure and WhatsApp accounts, and looked at techniques for intercepting phone calls and text messages.

5/22/2017

PHDays VII Business Program: Search for Concrete Answers to Real Threats

Is Internet of things the next spurt of IT development or a global threat to the development of enterprises, the Internet, and the modern world? What will SOCs be like tomorrow? UEBA—already tomorrow or never? These and other topics are included in the business program of Positive Hack Days VII. Below are the presentations that you just cannot miss. Day 1 The forum opens with a plenary discussion in two parts. "Information security today: the splendor and misery of corporate security" devoted to the main factors characterizing the state of security of enterprise information systems will be held from 10:00 a.m. to 11:30 a.m. in the Amphitheater Hall. Is the bug bounty approach applicable in government institutions? What should be done to really prevent and detect attacks on enterprise systems? What prevents the industry from developing? These issues will be discussed by government officials and heads of IS departments of major Russian companies. Vitaly Lyutikov (FSTEC), Artem Sychev (CBR), Sergey Lebed (Sberbank), Alexander Baranov (FTS), Muslim Medzhlumov (Rostelecom), Sergey Gordeychik (Kaspersky Lab), Evgeny Klimov (Infosec), Sergey Danilov (Rosatom), Roman Kalina (Supreme Court) are invited to take part. The discussion will be moderated by Boris Simis, Deputy General Director for Business Development at Positive Technologies. The second part is called "Information security tomorrow: is it a stop factor for digitalization of economy?" The participants will discuss what aspects of information security can hinder the process of digitalization and what risks going digital can pose. Deputy Minister of Telecom and Mass Communications Aleksey Sokolov, Kirill Kerzenbaum (Kaspersky Lab), Denis Baranov and Dmitry Finogenov (Positive Technologies), Ilya Sachkov (Group-IB), Georgy Gritsay (Open Networks Association), Roman Chaplygin (PWC) will share their views on the issue. The discussion will be moderated by Alexey Kachalin, Deputy Director for Business Development in Russia at Positive Technologies (11:30 a.m. – 1:00 p.m., Amphitheater Hall). From 1:00 p.m. to 2:00 p.m. in the Press Hall, Dmitry Gusev, Deputy General Director of InfoTeCS, together with the participants of the round table will try to figure out how import substitution will affect the overall level of security of Russian information systems and the IT industry in general. Is it possible to create competitive high-tech products and export them to foreign markets? Experts of the Russian IT and IS market will present their forecasts. The key theme of PHDays is the Internet of things. From 4:00 p.m. to 6:00 p.m. in the Amphitheater Hall, Alexey Lukatsky, an expert in information security, will host the panel "IoT (in)security". The participants of the discussion will try to look at IoT security from different angles, touch upon the technical, organizational, and legal issues of IoT security, the details of attacks and defense. Dmitry Berezin and Alexander Butenko (CROC), Igor Girkin (Cisco), Vladislav Shershulsky (Microsoft), Pavel Novikov (Positive Technologies), Nikita Utkin (TC 194) are invited. In the afternoon, the Valdai Hall will be given to a whole series of presentations on the experience of operating SOCs. Over the past year, the topic of SOCs was picked up by many organizations in Russia. The presentations will show how SOCs are operated by Russian companies, such as Rostelecom, Sberbank, MTS, and how internal SOCs are operated by global vendors, SAP and Microsoft. At 2:00 p.m., Andrey Dugin, Head of the Information Security Department at MTS, will start talking about the Security Operations Center built by MTS. What can you face? What peculiarities need to be considered in technological implementation and business processes when providing security for an IP/MPLS network of this scale? What conclusions did the company make after participating in the Standoff during PHDays VI? The panel "SOC Evolution 2017" (3:00 p.m. – 6:00 p.m.) will continue the topic. The floor will be given to representatives of companies that have real experience in constructing and operating centers for monitoring and responding to IS incidents—both internally and for customers. Among the panelists are Alexander Lesnikov (Sberbank), Alexey Novikov (Positive Technologies), Arkady Prokudin and Alexey Shabanov (SAP), Elman Beybutov (IBM), Alexander Bondarenko (R-Vision), Vladimir Dryukov (Solar Security), Dmitry Pudov (ANGARA Technologies), Vladimir Shadrin (Rostelecom), Sergey Soldatov (Kaspersky Lab). Another panel is "Innovations in protection tools and security tests" (11:00 a.m. – 1:00 p.m., Conference Hall A). Developers will present new technologies for providing information security, and their customers will confirm the effectiveness of these solutions by their experience. The moderators are Egor Nazarov, Key Partners Manager at Positive Technologies, and Anton Ivanov, Head of the Department for Information Security Technologies at Skolkovo. Among the participants are Wallarm, Yulmart, SafeTech, Vozrozhdenie Bank. Day 2 Today, information security is experiencing acute internal contradictions. Everybody is saying: "Who needs you?", "They will still hack!", "Buy new solutions". Developers of IS solutions and those who use them have lost some of their faith and motivation. The brightest representatives of the IS community will gather in the Amphitheater Hall to talk about what they feel are burning issues and share their ideas, which, in their opinion, can affect everyone and the industry as a whole. The panel will include a series of presentations on various aspects of technology, security, the development of the IS community, and business: what do those who motivate teams of IS developers, customers, and the entire IS branch think about? And what motivates them? The participants of the panel are Alexey Kachalin and Vladimir Bengin (Positive Technologies), Alexey Lukatsky and Mikhail Kader (Cisco), Ilya Sachkov (Group-IB), Elman Beybutov (IBM), Dmitry Manannikov (SPSR Express), Ivan Novikov (Wallarm), Alexey Volkov (Sberbank). The panel will be held from 10:00 a.m. to 12:00 p.m. in the Amphitheater Hall. Those interested in where protection technologies are moving should stop by the Valdai Hall to see the presentations during the panel "Security practice" (12:00 p.m. – 3:00 p.m.). Denis Remchukov together with the representatives of technology companies Oleg Bakshinsky (IBM), Pavel Zemtsov (ICL System Technologies), Konstantin Goldstein (Microsoft), Andrey Revyashko (WildBerries), Sergey Rysin (STLC) will discuss innovative technologies for information protection. The key topics are "How to choose and implement a SIEM system?", " UEBA—already tomorrow or never?", "When will you stop buying these useless endpoint antiviruses?" The day will be rounded off with the panel "Security Path: Dev vs Manage vs Hack" devoted to the problem of human resources in the IS industry: how to build a career in security, what helps in development, and where hackers and defenders can face career deadlocks. Is it possible to hunt bugs during your whole career or is a transition to paperwork expert or people manager inevitable? Which is more attractive to hack and design—software or "bulletproof" enterprise processes. Dmitry Manannikov (SPSR Express), Mikhail Levin (Positive Technologies) and other panelists will try to answer these questions from 4:00 p.m. to 6:00 p.m. in the Amphitheater Hall. See the PHDays VII full schedule on the forum's official website.

5/16/2017

PHDays VII Young School: Results Are In

For the sixth year in a row, Young School is being held as part of the Positive Hack Days forum. This program gives undergraduate and graduate students the opportunity to share their research with a wide audience. Young School works this year will be included in the forum's research track, Spring Hack Tricks lightning talks, and security product analysis contest. A total of six works made the cut and will be presented by their authors at PHDays VII. "Over the last several months we have been accepting works on a range of topics in the applied security field. We received a total of 18 proposals from India, Kazakhstan, and Russia. We were delighted to see some of the same applicants from previous years. Selection was performed by academic reviewers and the PHDays Young School program committee. The most interesting works for us were those that combined scientific rigor with experimentally confirmed proposed solutions," described Andrey Petukhov, member of the PHDays Young School program committee. The six works to be presented at PHDays are: Vladislav Aleksandrov (ITMO University), Vasily Desnitsky. — "Energy depletion attack analysis: a case with wireless network devices" Roman Alfyorov (Demidov Yaroslavl State University), Andrey Gorokhov — "Protection against unauthorized access—which method is better?" Askar Dyusekeyev (State Technical Service of the Ministry of Information and Communications of the Republic of Kazakhstan) — "Ransomware analyzer" Anastasiya Parygina (Gumilyov Eurasian National University) — "Developing a Google Chrome extension to protect against information leakage through other browser extensions" Alexey Pertsev (Nivelsky Maritime State University) — "A heuristic approach for detection of DOM-based XSS combined with tolerant parsing" Andrey Fedorchenko (St. Petersburg Institute of Informatics and Automation), Andrey Chechulin, and Igor Kotenko — "Using the event types relationship graph for data correlation in SIEM systems" One author of each of the chosen works will receive full reimbursement for travel and accommodation; co-authors will receive a forum pass. PHDays will take place on May 23–24, 2017, at the Moscow World Trade Center. Register and buy tickets on the PHDays website. Positive Hack Days Business Partner: MONT Forum Partners: Rostelecom, R-Vision, IBM, Microsoft, Solar Security, InfoTeCS, and SAP Forum Sponsors: Axoft, ANGARA, Kaspersky Lab, Check Point, McAfee, and Symantec The Standoff Partners: Palo Alto Networks, ICL System Technologies, Beyond Security, and SberTech The Standoff Participants: Informzaschita, Advanced Monitoring, Jet Infosystems, and Croc Technology Partners: Cisco, CompTek, Synack, ARinteg, Qrator, Wallarm, PROSOFT, Advantech, and QIWI Premier Media Partner: TASS

5/3/2017

Palo Alto Networks participating in PHDays VII

Palo Alto Networks has partnered with The Standoff, the marquee team-on-team hacking competition at PHDays VII. Palo Alto Networks will join with Servionica at The Standoff as the team responsible for digital defense of an office complex. "We decided to join The Standoff in part to see the behavior of live attackers. With so many clients and sometimes repetitive tasks in our work, it’s easy to get complacent. The Standoff is a challenge that will help to keep us on our toes and inspire new ideas. It will be particularly interesting for us to protect an office, since this is one of our typical client scenarios," noted Denis Batrankov, Information Security Consultant at Palo Alto Networks. Also, on May 23 from 2:00 p.m. to 3:30 p.m. in Hall B, Batrankov will hold a hands-on workshop entitle "Hacker in a Trap—A Practical Demonstration of How to Block Exploits and Ransomware." Batrankov will demonstrate malware and ways of protecting against it. Forum visitors will learn how to block malicious code that has evaded antivirus protection, stop malware at all stages of the kill chain, prevent phishing-related theft of corporate accounts, and understand how modern protection tools work at the network and host level. PHDays will be held on May 23 and 24 in Moscow. To register and buy tickets visit the PHDays site. Positive Hack Days is supported by: Business Partner: MONT Partners: Rostelecom, R-Vision, IBM, Microsoft, Solar Security, InfoTeCS, and SAP Sponsors: Axoft, ANGARA, Kaspersky Lab, Check Point, McAfee, and Symantec The Standoff Partners: Palo Alto Networks, ICL System Technologies, Beyond Security, and SberTech The Standoff Participants: Informzashchita, Perspective Monitoring, Jet Infosystems, and Croc Technology Partners: Cisco, CompTek, Synack, Arinteg, Qrator, Wallarm, Prosoft, Advantech, and QIWI Premier Media Partner: TASS

4/18/2017

PHDays VII: hacking competitions designed to keep things real

For many participants, hacking competitions are the highlight of PHDays. This year we've prepared a number of contests—some of them old hat, others entirely new, but all realistic—for participants' hacking pleasure. Most of the contests will take place as part of The Standoff, which centers around a smart city. Forum visitors can try to hack a smart home, surveillance cameras, and IoT devices, peek under the hood of a smart car, and break the infrastructure of our mock city. The WAF Bypass contest is back as well. As before, participants will attempt to bypass PT Application Firewall, the web application firewall solution from Positive Technologies. Tasks will challenge participants to bypass the new database protection component of PT Application Firewall. Victory will be assessed based on flags. Both forum visitors and ordinary Internet users will have the opportunity to try their hand. Hackers in the mood for espionage can check out MITM Mobile. Our very own mobile operator will be servicing the PHDays venue. So participants will have free reign to intercept SMS messages, find USSDs, eavesdrop on phone conversations, and clone mobile devices. Looking for piles of money? Try $natch. We've made this contest even bigger and better this year with a full-fledged setup that includes banks, ATMs, self-service terminals, online stores, and bank cards. Your mission: to get money by any means possible. And for those in a less criminal mood, there's also something in it for any white hats who can find zero-day vulnerabilities and quickly write a high-quality advisory. New to this year's PHDays is HackBattle. A qualifying stage will be held on the first day of the forum, where participants will need to complete several tasks. On the second day, the brightest hacker minds will assemble on the main stage to astound the audience with their speed, smarts, and improvisation while hacking in real time. Our team of professional streamers will be providing commentary all the while. More detailed information on the start of the competitions will be published soon. Check our page for news and get ready for exciting action! The forum's partners are Microsoft, IBM, Infotecs, R-Vision, Solar Security and Axoft; the business partners is MONT; among technology partners are Cisco, CompTek, ARinteg, Qrator, and Wallarm; the Standoff partners are PaloAlto, ICL System technologies, Beyond Security; the Standoff participants are Informzaschita, Advanced Monitoring, Jet Infosystems and CROC; the general information partner is the news agency TASS.

4/13/2017

PHDays online contests: let there be CTF

Participation in online contests is a great opportunity to get into the right mood for PHDays. In early May, as a part of preparation for the forum, CTF, HackQuest (from Wallarm), and Competitive Intelligence contests will be held. Presents and free invitations to PHDays are at stake. The traditional contest HackQuest will be held from May 1 till May 13. This time, it is organized by Wallarm. Participants should solve as many hacking tasks as possible in a short time. The tasks are based on real vulnerabilities discovered in the last year. By the way, this will be the first time participants will have to contend ... with neural networks. Winners will receive souvenirs and free tickets for PHDays. The motto of the Competitive Intelligence contest is "keep on seeking, and you will find." Any participant will be able to check how fast he or she is in searching for information on the internet. But in contrast to previous years, they will need to find information on IoT devices, not on people. The contest will be held for three days, from May 14 till May 16. Some participants longed for the good old CTF. This year, no one will leave disappointed. On May 12 and 13, an online CTF will be held in the attack/defense format. The contest is organized the Hackerdom team. The main topic of the forum is the internet of things. You can register at . Winners will get valuable presents and invitations for the forum. Get your things packed! The PHDays contest program will be published soon. Stay tuned! The forum will take place on May 23 and 24, 2017, at the Moscow World Trade Center. You can register and buy tickets here. The price for the full 2-day conference is 9,600 rubles, and 7,337 rubles for one day. The forum's partners are Microsoft, IBM, Infotecs, R-Vision, Solar Security and Axoft; the business partners is MONT; among technology partners are Cisco, CompTek, ARinteg, Qrator, and Wallarm; the Standoff partners are PaloAlto, ICL System technologies, Beyond Security; the Standoff participants are Informzaschita, Advanced Monitoring, Jet Infosystems and CROC; the general information partner is the news agency TASS.

3/29/2017

PHDays Technical Program: What to Expect from HummingBad Trojan, What Is macOS Malware, and Java Card Attacks

Positive Hack Days is just around the corner: more than 4,000 security experts are gathering in Moscow on May 23 and 24 this year to discuss the most pressing issues of information security. Recently we announced the first batch of speakers who got into the main technical program. If you’d like to share the stage with the biggest names in information security, you have your last chance—we are extending our Call for Papers until March 30. And while you are preparing your applications, we’d like to introduce our next batch of speakers.

3/14/2017

Hacking Contests at PHDays VII: City-Wide Digital Mayhem

For many, the highlight of PHDays is the hacking contests—besides adding a bit of competitive fun, they give valuable experience. This year's participants will be able to peek under the hood of a smart car and break into the automation systems powering an entire (virtual) city. Most of the contests at PHDays VII are part of The Standoff, including Critical Infrastructure Attack: City, in which hackers can probe and test automated control systems. Last year, at Critical Infrastructure Attack: Blackout, a tenth-grader succeeded in causing a short-circuit at a high-voltage substation (500 kW). Hackers will have free reign on digital infrastructure that faithfully recreates the systems found in a real city, consisting of: Residential areas with building management systems (BMS), smart homes, transportation systems, and IoT gadgets Railroad Power station and substation (electrical generation, distribution, and management) Oil refinery and oil storage/transport facilities Video surveillance systems If that seems too intimidating to start, we have partnered with ASP Labs to prepare a special warm-up contest named Free SCADA. Our stand will consist of SCADA equipment and PLCs (based on Raspberry Pi single-board computers), where participants can start practicing for Critical Infrastructure Attack: City and get hints about the city infrastructure and system settings. Hackers may take part in the contests only as part of Standoff teams. All necessary software and hardware must be brought by the participants. In addition, conference participants will have two days of access to stands containing the “electronic insides” of modern vehicles. Today's cars are essentially computers with wheels, making them a tempting target for hackers. At the Automotive Village hands-on lab, experts and novices alike can see how car electronics are structured, independently explore a car's network, and write their own exploits. For the theoretically minded, discussion will include security of self-driving and connected cars, plus the difficulties of ECU reverse engineering and QNX security. Aficionados of automotive security can test their knowledge at Automotive Village: CarPWN. This contest will include searching for wires, ECU searching, connecting to the on-board network without interruption, setting up an MitM attack using CANToolz, testing the security of QNX, and much more. All forum visitors are invited to take part. We recommend bringing your own CAN bus equipment. Important: Participants must bring their own laptop for all contests. A detailed description of contests and hands-on labs will be published soon on the forum website. Stay tuned for more news! The forum's partners are Microsoft, IBM, Infotecs, R-Vision, Solar Security and Axoft; the business partners is MONT; among technology partners are Cisco, CompTek, ARinteg, Qrator, and Wallarm; the Standoff partners are PaloAlto, ICL System technologies, Beyond Security; the Standoff participants are Informzaschita, Advanced Monitoring, Jet Infosystems and CROC; the general information partner is the news agency TASS.

3/2/2017

New at PHDays VII: Hacking IPv6 Networks, WAFs of the Future, POS Terminals

Preparations for PHDays VII are in full swing. Early in this year, we received 50 applications for presenting reports and workshops from Russia, Europe, Asia, Africa, North and South America. On February 1, the second stage of Call for Papers started. For now, we will announce the first participants enrolled in the Tech program. This year, attendees will learn how to hack IPv6 networks, how attackers steal money using POS terminals, and will know about new generation WAFs. Insecurity of payment systems: vulnerabilities in POS terminals Today, almost every shop is equipped with a POS terminal (point of sale) for processing transactions at financial calculations via magnetic stripe cards and smart cards. Terminals are widely used in different countries, and of course, where there is money, there are also attackers. In fall 2013, two hackers were arrested for hacking hundreds of POS terminals and stealing payment details of more than 100,000 of Americans. The attackers scanned the internet searching for vulnerable devices that supported RDP, obtained access to them, and installed a keylogger on detected terminals. At PHDays VII, Gabriel Bergel, Chief Strategic Officer (CSO) in Dreamlab Technologies and Chief Security Ambassador in 11Paths, will talk about vulnerabilities in protocols of POS terminals and possible fraud methods: from the classic skimmer, eavesdropping, modification, and installation of third-party software to hardware tampering POS. Alternative methods for vulnerability detection In November 2016, James Kettle, Head of Research at PortSwigger Web Security, designed an open-source scanner that implied an alternative approach to searching for vulnerabilities. Existing web scanners search for server-side injection vulnerabilities by throwing a canned list of technology-specific payloads at a target and looking for signatures—almost like an anti-virus. The speaker will share key insights from the conception and development of an open-source scanner that's capable of finding and confirming both known and unknown classes of injection vulnerabilities. ICS security: flaws again Brian Gorenc, a senior manager of Vulnerability Research at Trend Micro and the head of the Zero Day Initiative (ZDI) program (the world's largest vendor-agnostic bug bounty program), will also speak at PHDays this year. Brian will present in-depth analysis performed on a corpus of more than 200 confirmed SCADA HMI vulnerabilities. Attendees will know about popular vulnerability types discovered in HMI solutions developed by Schneider Electric, Siemens, General Electric, and Advantech. The speaker will also talk on vendors' policies on issuing patches. Additional guidance will be provided on detecting critical vulnerabilities in the underlying code. Do WAFs dream of static analyzers? For most modern WAFs, a protected application is a black box: HTTP requests in the input, HTTP responses in the output—that's all that is available for a firewall to make decisions and build a statistical model. Even if the WAF will be able to catch all application requests to the outside world (the file system, sockets, databases, and so on), it will improve the quality of heuristic methods, but will not help to switch over to formal methods of proving an attack. But what if we teach the WAF to work with the application model that is received as a result of static analysis of its code. Or if we display it directly during the runtime, implemented in all the important steps of the application running process? Vladimir Kochetkov, a lead expert at Positive Technologies and one of the organizers of Positive Development User Group, a community of developers who are interested in application security, will speak on implementing the concept of WAF that considers an application as a white box and relies on formal methods of detecting attacks instead of heuristic ones. Machine learning is the future A report of Anto Joseph, a security engineer at Intel, covers the field of machine learning: he will give an introduction to the topic with the classic Boolean classification problem and introduce classifiers, which are at the core of many of the most common machine learning systems. Anto Joseph will also provide a simple example of deploying security machine learning systems in production pipelines using Apache Spark. Drawing a bead on IPv6 The whole world switches to IPv6, a new version of IP. It should solve the problem of internet addresses that existed in IPv4 by using the address length of 128 bits. This means that each device that has access to the internet will have a unique IP address. However, the emerging IPv6 deployments change the rules of the "network reconnaissance" game: with the typical 264 addresses per subnetwork, the traditional brute-force approach to address scanning from the IPv4 world becomes unfeasible. Fernando Gont, a security consultant and researcher for SI6 Networks, performed security analyses of IPv6. At PHDays VII, he will hold a hands-on lab on methods of research and hacking IPv6 networks, and will tell about the latest IPv6 network reconnaissance techniques discussed in RFC7707. \* This is only a part of accepted reports of the first stage. We will soon tell you about several interesting topics and speakers. Stay tuned! If you want to present a report at PHDays VII, you still have time to apply till March 15, 2017. We remind you that we will announce the results on March 30, 2017. A full list of presentations will be published in April on the official website of PHDays VII. You can find more about topics and participation rules at the Call for Papers page. The forum will be held in Moscow on May 23 and 24, 2017, at the Moscow World Trade Center. You can register and buy tickets here. The ticket price for two days of the forum is 9,600 rubles, and 7,337 rubles is for one day. The forum's partners are Microsoft, IBM, Infotecs, R-Vision, Solar Security and Axoft; the business partners is MONT; among technology partners are Cisco, CompTek, ARinteg, Qrator, and Wallarm; the Standoff partners are PaloAlto, ICL System technologies, Beyond Security; the Standoff participants are Informzaschita, Advanced Monitoring, Jet Infosystems and CROC; the general information partner is the news agency TASS.