News
PHDays 11 wrap-up: interest in information security explodes, Rutube attack investigated, pipeline shutdown demo
Information security is directly linked to the security of the general public and the entire state. This was underscored repeatedly at the international practical security forum Positive Hack Days 11. A live demonstration took place as part of the world’s biggest open cyberbattle, The Standoff. The events were the most watched in their history: over 127,000 online viewers and participants and 8,700 visitors on-site in Moscow. The PHDays 11 program included around 100 talks, discussion sections, and round tables, contests with cash prizes (for example, hacking an ATM, a POS terminal, or a cash register), the creative festivals Positive Wave and HackerToon, the final of the first All-Russian open-source project competition for schoolchildren and students, a cyberart theft competition, and much more besides.
PHDays 11 talks: bootkit infection, sanitizers for the Linux kernel, the new face of OSINT, and phishing on official websites
Positive Hack Days 11 will begin in a matter of weeks. This international forum on practical security will be held on May 18–19 in Moscow. The red and blue teams for The Standoff have already been formed, and we are putting the finishing touches to the cyberrange infrastructure and the conference program. As per tradition, PHDays will have three big tracks dedicated to countering attacks (defensive), protection through attack (offensive), and the impact of cybersecurity on business. It is our pleasure to present the first talks. How to detect 95% of attacks covering 5% of threat actors' techniques Oleg Skulkin, Head of Digital Forensics and Incident Response Team, Group-IB, will analyze a short list of techniques (used by almost all threat actors, no matter their sophistication) based on real-world attack scenarios. This provides detection opportunities even if there is very little data. IoC scoring When dealing with indicators of compromise, analysts need to quickly understand the danger posed by the object in question. For this purpose, a special threat intelligence score is used. How exactly the vendor calculates it is often a commercial secret. Nikolay Arefiev, co-founder of RST Cloud, will explain how scoring works using the example of open indicators. If you have bootkits When a computer is infected with viruses at the user level, you can use known methods of counteraction that rely on the kernel API. And what if the OS kernel itself or the firmware is compromised? Anton Belousov, Senior Specialist at Malware Detection, Positive Technologies, will talk about potential vectors of infecting BIOS- and UEFI-based systems with bootkits, and explain how to use the Xen–LibVMI–Drakvuf bundle to monitor malware behavior and what events or signs are indicative of an attempt to introduce a bootkit. Sanitizing the Linux kernel In his report, independent information security researcher Andrey Konovalov will focus on KASAN implementation and practical usage, but will also briefly cover other sanitizers—the main tools for detecting bugs in the Linux kernel. KASAN detects memory safety issues: out-of-bounds and use-after-free bugs in slab, page_alloc, vmalloc, stack, and global memory. Open-source intelligence Andrey Masalovich, CEO, Inforus, will cover 20 practical OSINT techniques leveraging the opportunities of the digital age: image search using neural networks, collecting information from the dark web, detecting cloud storage leaks, tracking a user's digital footprint. Qualcomm BootROM Vulnerabilities in BootROM, the most important component of hardware and software security, can lead to attackers gaining full control over the device. Independent researcher Dmitry Artamonov will discuss the role of BootROM in the Android smartphone boot chain. He will also talk about BootROM vulnerabilities of various mobile device vendors, share his experience of getting access to the JTAG interface in a Qualcomm smartphone, explain how to use it to extract the BootROM image from a modern device, and demonstrate successful exploitation of a one-day vulnerability in BootROM. Phishing on official websites It is generally believed that fake websites are used for phishing. And if the site is genuine? What specific issues can lead to such consequences as website hacking? Independent information security researcher Aleksandr Kolchanov will give a number of examples of not just small companies easily falling victim to such phishing attacks, but large banks and airlines too. He will talk about common and lesser-known problems, including subdomain takeover and attacks on administrators of external services and on URL shorteners. The co-organizer of PHDays 11 and The Standoff cyberbattle is the Innostage Group. The business partners of the forum are Security Vision, a developer of cybersecurity solutions, Rostelecom-Solar, a national provider of information security services and technologies, and MONT, a distributor of software for any business. The technological partner is Azbuka Vkusa. The partners of PHDays 11 are Axoft, Fortis, ICL System Technologies, InfoWatch, Marvel Distribution, R-Vision, Gazinformservice, Pangeo Radar, Jet Infosystems, Liberum Veritas, IBS Platformix, and USSC. Stay tuned for more updates!
PHDays 11 talks: bootkit infection, sanitizers for the Linux kernel, the new face of OSINT, and phishing on official websites
Positive Hack Days 11 will begin in a matter of weeks. This international forum on practical security will be held on May 18–19 in Moscow. The red and blue teams for The Standoff have already been formed, and we are putting the finishing touches to the cyberrange infrastructure and the conference program. As per tradition, PHDays will have three big tracks dedicated to countering attacks (defensive), protection through attack (offensive), and the impact of cybersecurity on business. It is our pleasure to present the first talks. How to detect 95% of attacks covering 5% of threat actors' techniques Oleg Skulkin, Head of Digital Forensics and Incident Response Team, Group-IB, will analyze a short list of techniques (used by almost all threat actors, no matter their sophistication) based on real-world attack scenarios. This provides detection opportunities even if there is very little data. IoC scoring When dealing with indicators of compromise, analysts need to quickly understand the danger posed by the object in question. For this purpose, a special threat intelligence score is used. How exactly the vendor calculates it is often a commercial secret. Nikolay Arefiev, co-founder of RST Cloud, will explain how scoring works using the example of open indicators. If you have bootkits When a computer is infected with viruses at the user level, you can use known methods of counteraction that rely on the kernel API. And what if the OS kernel itself or the firmware is compromised? Anton Belousov, Senior Specialist at Malware Detection, Positive Technologies, will talk about potential vectors of infecting BIOS- and UEFI-based systems with bootkits, and explain how to use the Xen–LibVMI–Drakvuf bundle to monitor malware behavior and what events or signs are indicative of an attempt to introduce a bootkit. Sanitizing the Linux kernel In his report, independent information security researcher Andrey Konovalov will focus on KASAN implementation and practical usage, but will also briefly cover other sanitizers—the main tools for detecting bugs in the Linux kernel. KASAN detects memory safety issues: out-of-bounds and use-after-free bugs in slab, page_alloc, vmalloc, stack, and global memory. Open-source intelligence Andrey Masalovich, CEO, Inforus, will cover 20 practical OSINT techniques leveraging the opportunities of the digital age: image search using neural networks, collecting information from the dark web, detecting cloud storage leaks, tracking a user's digital footprint. Qualcomm BootROM Vulnerabilities in BootROM, the most important component of hardware and software security, can lead to attackers gaining full control over the device. Independent researcher Dmitry Artamonov will discuss the role of BootROM in the Android smartphone boot chain. He will also talk about BootROM vulnerabilities of various mobile device vendors, share his experience of getting access to the JTAG interface in a Qualcomm smartphone, explain how to use it to extract the BootROM image from a modern device, and demonstrate successful exploitation of a one-day vulnerability in BootROM. Phishing on official websites It is generally believed that fake websites are used for phishing. And if the site is genuine? What specific issues can lead to such consequences as website hacking? Independent information security researcher Aleksandr Kolchanov will give a number of examples of not just small companies easily falling victim to such phishing attacks, but large banks and airlines too. He will talk about common and lesser-known problems, including subdomain takeover and attacks on administrators of external services and on URL shorteners. The co-organizer of PHDays 11 and The Standoff cyberbattle is the Innostage Group. The business partners of the forum are Security Vision, a developer of cybersecurity solutions, Rostelecom-Solar, a national provider of information security services and technologies, and MONT, a distributor of software for any business. The technological partner is Azbuka Vkusa. The partners of PHDays 11 are Axoft, Fortis, ICL System Technologies, InfoWatch, Marvel Distribution, R-Vision, Gazinformservice, Pangeo Radar, Jet Infosystems, Liberum Veritas, IBS Platformix, and USSC. Stay tuned for more updates!
PHDays 2022: cyberart is at risk. Again
Collectors no longer store works of art in safes—galleries and museums are now no less secure than the most impenetrable vaults. But can criminals steal a painting without leaving home? PHDays 2022 in May will see a revamped edition of The Standoff Digital Art: intrepid researchers will again try to steal cryptomasterpieces right there in the metaverse, while forum guests will be able to visit London without leaving Moscow. Last year can be safely called the year of NFT. Trade on the NFT art market reached $41 billion, coming close to the traditional art market. Tokens allow everyone to become owners of unique items. When artists, especially during lockdown, had new opportunities to sell their works, cybercriminals came knocking: phishing and exploitation of smart contract vulnerabilities are now all too common in the NTF sphere.Experts do not rule out the emergence of new methods of fraud in this market. At The Standoff in November, white hats managed to hack the works of six Russian digital artists. Desinfo, Meta Rite, Artem Tkach, volv_victory, Anomalit Kate, and loiterkiddd were brave enough to let their masterpieces be hacked. To steal a picture, cybersecurity researchers had to find vulnerabilities in smart contracts by analyzing the source code published in the Ethereum blockchain test network. Each NFT was hacked only once. Five of them succumbed to Alexey Bykhun in the first hours of the competition, and Alexey Egorov cracked the sixth. "Most smart contract vulnerabilities are related to the generation of a new collection. At this stage, each item in the collection is assigned a set of characteristics. Having learned to predict them, an attacker can intercept the rarest and most expensive NFTs outside the pricing rules.At PHDays 2022, participants will have to solve even more complex and interesting tasks than last year, and our competition will reach a cosmic level: together with Arcona, we will place digital artworks in augmented reality," notes Arseny Reutov, Head of Application Security Research, Positive Technologies. Paintings by Russian artists will appear in the virtual art galleries of Arcona XR Metaverse one week before the forum. The application will let you visit the digital exhibition from anywhere in the world. "Arcona XR Metaverse is a global augmented reality (AR) metaverse. It is based on a unique technology platform that automatically generates an AR layer anywhere in the world. On this layer, on digital land, different interactive projects can run simultaneously: games, historical reconstructions, tourist attractions. Such a large-scale ecosystem increases the demand for AR technology, making it mainstream. Armed with a digitized plot of land and a set of 3D models, the general user can place virtual content anywhere in the world in a few minutes, independently and remotely. All digital plots of land and content in the metaverse are designed as NFT assets, which makes the platform open for integration and partnership with any decentralized platforms," says Ilya Korguzalov, founder of Arcona XR Metaverse. Blockchain remembers everything. This is what hackers can exploit. The contestants will have to conduct their own investigation and find information that will allow them to take possession of digital paintings. The forum will also host a unique event: a thematic AR project launched in London remotely from Moscow! An interactive installation generated in a Moscow studio will unfold in front of the audience in the British capital. Want to see it with your own eyes? Welcome to PHDays 2022!
PHDays 2022: cyberart is at risk. Again
Collectors no longer store works of art in safes—galleries and museums are now no less secure than the most impenetrable vaults. But can criminals steal a painting without leaving home? PHDays 2022 in May will see a revamped edition of The Standoff Digital Art: intrepid researchers will again try to steal cryptomasterpieces right there in the metaverse, while forum guests will be able to visit London without leaving Moscow. Last year can be safely called the year of NFT. Trade on the NFT art market reached $41 billion, coming close to the traditional art market. Tokens allow everyone to become owners of unique items. When artists, especially during lockdown, had new opportunities to sell their works, cybercriminals came knocking: phishing and exploitation of smart contract vulnerabilities are now all too common in the NTF sphere.Experts do not rule out the emergence of new methods of fraud in this market.
PHDays 2022 contests: ML techniques, ATM hacking, and IDS bypass
The pandemic was followed by a real epidemic of cyberattacks, making the PHDays forum more relevant than ever in the new reality. As ever, there won’t be a dull moment. In addition to in-depth talks on information security, you will witness The Standoff cyberbattle, while the wide range of contests will not only keep you entertained, but deliver new knowledge and valuable experience. The competitions are open to all interested researchers. You can take part online or offline. Last year, there were a lot of venturous participants: each of the five contests at PHDays X gathered dozens of information security enthusiasts—a total of more than 200 people. This time, we want to attract even more, so we have refined and updated the formats of our contests. Artificial intelligence (AI) technologies have already become a part of our lives. The kidding is over. Now that cybercriminals have started using deepfakes in their attacks, AI is no longer a gimmick, rather the source of new incidents, some curious, some terrifying. At the AI Track, participants will hear talks on the role of AI in security, as well as on the security of AI itself. AI experts will share their experience in using machine learning (ML) for protection, and researchers will talk about the risks of AI-based solutions. The AI CTF competition will acquaint information security specialists with various ML techniques and vulnerabilities in CTF gaming services. The tasks of varying difficulty levels will fascinate both experienced CTF players and beginners. In the Payment Village, you can try your hand at finding vulnerabilities in banking systems. Our experts will tell you about various payment devices and their protection flaws. After getting acquainted with the theory, you’ll have the chance to test the security system of a real ATM, cash register system, or POS terminal. Even those without their own laptop can still take part. At the IDS Bypass stand, you can put a real network protection system through its paces. Not only will participants have to find weaknesses in six services and get flags for fulfilling certain conditions, but also bypass an intrusion detection system (IDS), which allows traffic through and blocks attempted network attacks. Vulnerable services are selected so that competitors focus their efforts on bypassing the IDS, and the number of possible solutions is unlimited. Such contests have been chosen for a reason. Cybercriminals, with their rich imagination, can weaponize any payment terminal, allowing them to attack banks and cardholders alike. And as the boom in biometrics continues, we can expect ever more deepfakes and other AI-related challenges in the near future. The PHDays 2022 program does not end there. Far from it. HackerToon, an experimental animation festival, and the final of the first All-Russian open-source project competition for schoolchildren and students await forum visitors and participants. In addition, music will feature heavily at PHDays: the finalists of the Positive Wave festival will perform, and a well-known Russian musician will play AI-composed tracks. The co-organizer of PHDays 2022 is InnoSTage Group, a key cybersecurity player. The business partners of the forum are Rostelecom-Solar, a national provider of information security services and technologies; MONT, a distributor of software for any business; and Security Vision, a developer of cybersecurity solutions. The partners of PHDays 2022 are Axoft, Fortis, ICL System Technologies, InfoWatch, MARVEL Distribution, R-Vision, Azbuka Vkusa, Gazinformservice, and Pangeo Radar.
Positive Hack Days 2022 to take place on May 18–19
New Year has arrived, which means that the cyberindustry's most eagerly awaited event is already on the horizon: the Positive Hack Days international practical cybersecurity forum, held annually since 2011. This year's event will take place on May 18–19 at the now traditional venue of the World Trade Center Moscow. For those unable to attend in person, an online broadcast of all talks and presentations will be available. PHDays is a meeting place for hackers, security researchers, key experts, opinion leaders, business heads, government officials, scientists, journalists, and more. Here we not only discuss the latest tech challenges and cybersecurity research, but unwrap the most pressing issues facing business and government, and ways to solve them through information security. Past headliners include: legendary cryptographer Bruce Schneier, co-developer of the FaceDancer tool for USB emulation Travis Goodspeed, co-creator of the concept of public key cryptography Whitfield Diffie, and Embedded Security Lead at NVIDIA Alexander Matrosov. Last year's anniversary event brought together more than 2,500 guests, and over 35,000 people tuned in to the forum and The Standoff cyberbattle online. The PHDays formula is time-tested and unchanged: a vast testing ground for experiment, unique insight and expertise, professional on-topic conversations, informal communication with hackers, and lots and lots of practical drills—a place where eyes sparkle with the thrill of discovery. As in previous years, the eleventh PHDays conference will provide its own surprises, united by the general theme of this year's forum, which we will announce in the near future. Participants can look forward to a rich program of contests, developed by leading cybersecurity experts. The contests are an important part of the event, helping to visualize the infosec threats around us. Our traditional mix of open-to-all contests includes: legally attacking a payment system, hacking a smart contract, learning about machine-learning techniques in game-based CTF services, and testing them for robustness. All you need is a laptop, curiosity, and passion. Observe attacks by ethical hackers on a virtual city-state at The Standoff, cyberrange, where the world's largest open cyberbattle will once again unfold. In November, 65,000 people worldwide followed the cyberspace clash between attackers and defenders. Ten powerful teams of white-hat hackers spent 35 hours non-stop testing the robustness of the city-state's systems. This year's confrontation will feature all-new tasks and targets, corresponding fully to the realities of the current threat climate and corporate infrastructure. Forum participants will earn recognition from colleagues and make useful contacts in an informal setting—the reports and presentations will be seen by thousands of infosec stars from around the globe. Anything goes at the forum: if you have a cybersecurity report on a burning topic that you want to share, just submit an application. Anyone can be a speaker: from budding specialists to established pros. You have until March 1 to apply. The program committee will consider all submissions by April 1. Watch this space for more details of the new PHDays forum and The Standoff cyberdrills. In the meantime, get your applications in and mark May 18–19, 2022, in your calendars. See you at PHDays 2022!
Testing the security of the virtual state: The Standoff returns on November 9–10, 2021
This fall, a major cyberbattle will erupt at Moscow's VDNKh Exhibition Center. If the black-hat hackers win the two-day clash, the entire state of F will be plunged into chaos. The bravest companies in industry, retail, and finance will test the robustness of their systems. Our task is to protect the virtual state and learn how to thwart attacks in real life. The world's largest cybertraining, featuring an expanded business and technical program, will be held in hybrid format. Now The Standoff is more than a virtual city—it is a whole country, where we will simulate the technological and business processes of real companies from steel and chemical industries, energy, transport and logistics, and municipal services. There, organizations can test their in-house systems: analyze the level of security, trace typical cyberattack chains, correctly verify unacceptable events and their consequences, and assess potential damage. In 2020, held separately from the Positive Hack Days Forum, the world's largest open cyberbattle moved up a gear. The event was watched live on air by 20,000 captivated viewers. The defending and attacking teams comprise experts from real companies and independent security researchers from across the globe. The Standoff will present an opportunity for them to hone their skills and, in just a few days, gain unique cyberconfrontation experience. In ordinary life, this would take years. The Standoff is not only a thrilling and dynamic cyberbattle, but also a platform for dialog about information security. It is here that world-renowned experts, including professionals from Cyber R&D Lab, Hack In The Box, Positive Technologies, and other international companies, pool their vast knowhow. We consider and debate how the cybersecurity industry will evolve. And if that wasn't exciting enough, we also hold contests for participants. The dramatic rise in the number of cyberthreats in Russia and worldwide requires new security solutions. Together with leading infosec experts, we will take a no-nonsense, no-preaching look at the latest cybersecurity challenges and protection methods. We will talk about pressing business problems, develop the important dialog with the government on import substitution, discuss prospects for investing in cybersecurity, and explain how rising cybercrime affects the investment appeal of the industry. See you at The Standoff!
Breaking AI: writeups of AI CTF tasks at PHDays 10
We keep elaborating on the topic of AI security and risks and, for PHDays (phdays.com), we put together a track with talks and organized a CTF competition for cybersecurity experts, which addresses the risks of AI. In this article, we will tell you about the competition: what tasks were there and how everything went. AI CTF has taken place before, and we already published the last description of the format and tasks on Habr.
Breaking AI: writeups of AI CTF tasks at PHDays 10
We keep elaborating on the topic of AI security and risks and, for PHDays (phdays.com), we put together a track with talks and organized a CTF competition for cybersecurity experts, which addresses the risks of AI. In this article, we will tell you about the competition: what tasks were there and how everything went. AI CTF has taken place before, and we already published the last description of the format and tasks on Habr.