News

4/25/2012

Registration for PHDays starts May 14, at midday

Please, note: the number of places is limited. Set your reminders for May's second Tuesdays, 12:00 am. The faster you get registered, the higher are your chances to be among the invitees. PHDays will give you an opportunity to hack anything you see, chat with Bruce Schneier, and wash down failures with free tequila. The registration procedure will be published soon. Stay tuned! P.S. A note for late-risers: don't oversleep ;)

4/25/2012

The Author of John the Ripper Will Speak at PHDays 2012

In 1996, Alexander Peslyak (aka Solar Designer) created a program called John the Ripper. This cross-platform utility designed to analyze password strength has become one of the top 10 popular software in the field of information security, while the program's site has been visited by 15 million people. Besides, Alexander is a founder of the Openwall project and a leading developer of Openwall GNU/Linux (Owl) a highly secured operating system. Alexander Peslyak is considered the greatest brute-force specialist ever since Ali Baba and Abu Yusuf al-Kindi. In 2007, such projects as phpBB 3, WordPress, and Drupal accepted the password security improvements he had developed. In 2009, Alexander was awarded with the Lifetime Achievement Award at Black Hat, a highly recognized conference on information security. At PHDays 2012, the master of bruteforce will present his report titled Password security: past, present, future. In his presentation, he will discuss issues of password protection and speak of history and near-term prospects of the authentication technology.

4/12/2012

New Reports at PHDays 2012

New speakers who have recently joined PHDays 2012 will speak of SAP hacking, vulnerabilities in smart cards and Ukrainian style cyber security and answer most interesting questions. For example, how many stadiums can be built for the money stolen from Russian remote banking systems? Or what are the real motives that stand behind the cruel war banks started to fight against hackers? Peculiarities of Fights Against Russian Fraud An interesting fact - on January 1, 2013 the law on national payment system is coming into effect. In case of an unauthorized money deduction from a client's account, the bank will have to return the money to the account. In other words, so far money has been stolen from clients; but starting from next January, the victims of such crimes will be banks. This is quite a reason for the bank community to start a crusade against cybercriminals 'specialized' in remote banking systems. How to make 2013 and the following years unhappy for such hackers? Evgeny Tsarev will give the answer in his report Systems of Russian style Fraud Resistance. The reporter will speak of peculiarities of Russian fraudulence in the banking field, outline various fraud schemes, point out the reasons of a low level of efficiency of the Western approach and demonstrate how a complex security system should be build up. DNS Exfiltration Using SQLmap In military usage, exfiltration is a tactics of retreating from a territory which is under the enemy's control. In such operations, proper camouflaging is far more significant than speed. Likewise, hackers who have obtained access to a system make no rush to copy the data. Firstly, the risk to be disclosed is high. Secondly, the right information may show up later. So, the hacker's program sends the data in small portions through hidden channels that are often not designed for data transfer. A developer from Croatia, Miroslav Stampar in his report DNS Exfiltration Using SQLmap will present a DNS exfiltration technique performed by means of SQL injections, speak of its pros and cons and support it with visual presentations. Methods of Penetration Through Internet Explorer In the report Attack Against Microsoft Networks Web Clients, Vladimir Vorontsov introduces methods that allow conducting attacks against Internet Explorer users that operate within Microsoft Networks. The main goal of the attacks in question is to obtain confidential data from users located both on remote servers (bypassing access restrictions) and on local PCs. Investigating Information Security Incidents Within Automated System of Technological Process Management (SCADA Forensics) Hackers' growing interest in technological infrastructures and automated systems of technological process management (SCADA) is becoming a sort of a trend. According to experts' estimations, Russian leading industry companies lose up to 10% of their revenue because of internal fraud, thievery, violation of technological processes, configuration flaws in measuring equipment. A specific nature of SCADA requires developing an essentially new technical discipline - computer forensics in the field of industrial automated systems. Andrey Komarov's report also covers incident prevention mechanisms used in the field and considers possibilities of Business Assurance Systems (BAS) regarding economic frauds prevention in the SCADA sector (alteration of such data as fuel-dispensing station readings, data of trading and accounting systems, readings of container indicators, data of fuel and discount card processing). The report will be supported with a demonstration of incidents of practical significance that occurred in the TOP 10 largest industrial companies in various countries. Andrey Komarov is the head of audit and consulting department of the Group-IB company. At present, he is involved in work on Penetration Testing Execution Standard (PTSE) as a representative of Russia. Smart Card Vulnerabilities: How Much Are We Talking About? For some years we have been observing a boost in the number of threats to Russian remote banking systems (Shiz, Carberp, Hodprot, RDPdoor, Sheldor). Hackers have been managing to steal dozens of millions of dollars every month (the annual amount is quite enough to build at least a stadium for Spartak and TSSK football clubs, one for each). Working on the report Smartcard Vulnerabilities Exploited by Modern Banking Malware, Aleksander Matrosov and Evgeny Rodionov have examined the most widely used banking malware and revealed quite interesting vulnerabilities in two-factor authentication and smart cards. The report will also consider tricks and shams that hackers use to impede forensic investigation. Aleksander Matrosov is a director of the Center for Virus Research and Analytics, the ESET company. Evgeny Rodionov is in charge of complex threat analysis at ESET. New and Popular Ways of SAP Hacking In the last couple of years, SAP security is in focus of ever-growing attention. The public information space has been saturated with various topics from attacks against SAProuter and SAP web applications up to vulnerabilities of low severity level in the SAP core and ABAP code. So far, SAP has released more than 2000 notifications on vulnerability fixes in its products but it's only the beginning. Which vulnerabilities are still there, in SAP systems, apart from the same old XSS, SQL injections and buffer overflow? In the report SAP Insecurity: the New and the Best, Aleksandr Polyakov will focus on a dozen of most interesting vulnerabilities and vectors of attacks against SAP systems: from an encryption flaws to authentication bypassing, and from amusing errors to complicated attack vectors. A great many of vulnerabilities described in the report will be a novelty for the public. Aleksandr Polyakov is the technical director of Digital Security, and one of the world's most prominent experts in SAP security. With PHP, Haste Makes Waist Some third-party PHP implementations allow reducing script-execution period by 5 times. But are they capable of ensuring steady and secure work of web applications? Sergey Scherbel, an expert of the Positive Technologies company, will present his report Not All PHPs Are Equally Useful to introduce revealed security problems and exploitation peculiarities of web applications that use third-party PHP implementations and to give some examples of 0-day vulnerabilities. Sergey's specialization is application security, penetration testing, web application and source code analysis. He is in the team of PHDays CTF developers. About a Secure Use of PHP Wrappers The PHP topic will be further developed by Aleksey Msockvin, another Positive Technologies security expert. His report About a Secure Use of PHP Wrappers focuses on vulnerabilities related to PHP wrappers. Such vulnerabilities have been discussed for quite a while. OWASP TOP 10 and WASC TCv2 provide links to them. However, a number of peculiar features of some wrappers and filters may cause vulnerabilities (including critical ones) even in applications developed according to security requirements. The report covers algorithms that allow transferring data to an application bypassing its logic. This approach can be used for bypassing Web Application Firewalls built into security filter applications, as well as for conducting attacks aimed at obtaining access to file system and executing arbitrary code. The speaker will introduce some of 0-day vulnerabilities detected by means of the method described in the work. Aleksey is a specialist in static and dynamic security analysis of application source code. He is in the team of PHDays CTF developers. Instrumentation Methods of Complex Code Analysis Time goes by, development technologies get more sophisticated, codes get more complex (virtual function, JIT-code and etc.). It gets extremely hard to analyze such codes. To make researchers' lives easier, there are various code instrumentation methods available at present. PIN libraries, Valgrind, DynamoRIO, DynInst, etc. are new indispensable constituents of a security researcher's arsenal. Current methods of instrumentation (of source code, byte-code, and binary code) will be described by Dmitry Evdokimov in his report Light and Dark Sides of Code Instrumentation. Dmitry Evdokimov is a columnist of the Hacker magazine, Russia. He writes a column titled Security-soft. He is also an expert in SAP security in terms of its internal arrangement (SAP Kernel and SAP Basis), and the ABAP code. Cybersecurity in The Ukrainian Style Konstantin Korsun, a former officer of the Anti-Cybercrime Unit, the Security Service of Ukraine, and currently the director of iSIGHT Partners Ukraine LLC will tell the listeners about emergence of community of information security officers in Ukraine. The community was originally started as loud night-outs of Ukrainian IT security specialists in Kiev bars and made its way up to an officially registered (in 2012) public organization called Ukrainian Information Security Group. Currently, Konstantin Korsun is the president of UISG. At PHDays, he will present a report titled UISG, a Community of Information Security Experts of Ukraine. Achievements and Prospects. Stay tuned!

3/26/2012

"The Georgian" botnet by Canadian Pierre-Marc Bureau. A new master-class for PHDays.

Spreading over the world recently has been news of the "Georgian" botnet, based on Win32/Georbot, which steals secret documents and also captures audio and video via web-cameras. It will be possible to learn how Win32/Georbot works, and how to control or neutralize it, in our forum Positive Hack Days on 30 and 31 May. Pierre-Marc Bureau , the leading engineer of the virus laboratory ESET, an expert on cyberwar and cyberespionage, will hold the world's first "georbot master-class". How does it take screenshots and record sound? Pierre will show the audience the numerous possibilities of Win32/Georbot. You will see in real time how this malware, managed by the Canadian specialist, will perform the following tricks: stealing documents taking screenshots via Web-camera, installed on the "victim" computer making an audio recording on the built-in microphone scanning the network causing denial of service Methods of obfuscation Like a real resident, the malware is not looking for fame and tends to remain in the shadows. An exclusive and specially complicated code also makes it imperceptible to antivirus. Participants in the master class will learn how the obfuscation (entanglement) of the code of Win32/Georbot is implemented and will be able to clarify the following points: Control of obfuscation flow sequence of obfuscation API of obfuscation call by hash function How to control the "georbot" Participants will see how this "combat worm" communicates with its command and control server using HTTP. Pierre will also show how to create an alternative command and the sever control element in the laboratory, and how to give commands to the program and get its feedback. What is required for the master class Do not forget to bring a laptop running Windows XP, installed on a virtual machine. It is necessary for the active participants in the master class to install the following applications (which can be downloaded free of charge): Python IDA Free Immunity Debugger (or Olly, if you prefer) Wireshark Required skills for a smooth immersion in the subject: understanding of assembly principals understanding of the structure of Windows understanding of the Python programming language Briefly about Win32/Georbot According to Pierre-Marc Bureau, the Win32/Georbot family of malicious applications appeared about a year and a half ago. The virus has many variations, is not intended for "carpet bombing", is used to steal confidential information and is difficult to identify. Related Links Detailed analysis: .

3/6/2012

The first reports on PHDays 2012 have been determined

Can you trust passwords on your iPhone or iPad? Dmitry Skliarov, in his reports "Secure Password Managers" and "Military-Grade Encryption for smartphones: Is it really serious?" presents the results of the analysis of several programs to protect passwords and data for the Apple iOS. Dmitry is Information Security Analyst at ElcomSoft Co. Ltd. and assistant professor of "Information Security" of MSTU Bauman. Security of mobile communications. Hacking GSM and GRPS Sylvain Munaut, developer of the project OsmocomBB, tells how GSM and GRPS are hacked in his report "Abusing Calypso phones." Attacking through the mouse and keyboard? It's a reality The famous Indian hacker Nikhil Mittal, creator of the framework Kautilya, conducts a master class "Creating havoc using a Human Interface Device." The main theme of the report is how easy it is to hack a computer using devices that present themselves as a mouse, keyboard, etc. Information Security in the U.S. Michael Utin in the report "Analysis of US Laws and Regulations Protecting Personal Information - What Is Wrong and How to Fix It" will tell how activities in the field of information security are regulated in the United States. Michael has a Master's in Computer Science with 20 years' experience in IT and 10 years' experience in the field of information security. Payment by MasterCard and VISA cards in the internet shops - how safe is it? Micha Borrman, of the company SySS in his report "Internet, CVV2 and fraud detection systems," analyzes common vulnerabilities in the security systems of online stores that use payment cards, MasterCard and VISA as a payment method. The smartphone sends SMS by itself, and the money debited from the account? Marcus Niemietz raises the current topic of attacks on mobile phones (in particular, popular smartphones running Android). His report is called "Hijacking Attacks on Android Devices". Marcus, author of the book "Clickjacking and UI-Redressing", promises to demonstrate at the conference one or two 0day-attacks and a lot of practical experiments. What can LulzSec teach society? An analysis of the activities of the hacker group LulzSec, which has consistently compromised servers of the CIA, Sony, Arizona, and British police UBOP - SOCA, will be conducted by Jerry Gamblin in his report "What We Can (and Should) Learn from LulzSec." Jerry is an expert in information security for the Missouri State House of Representatives. Are printers not only dangerous for trees? Andrei Kostin will report on the unusual ability of printing devices and attacks using the PostScript language in the report "PostScript: Danger ahead! / Hacking MFPs, PCs and beyond..." Andrei is the winner of many gems in the field of information security. Can programs fight, like in the movie "The Matrix"? Igor Kotenko, head of the SPIIRAS laboratory of computer security problems, will report on "The cyber-warfare of software agents." How to automate the search for vulnerabilities? Nikita Tarakanov and Alexander Bazhanyuk will present their report "A tool to automatically search for vulnerabilities." Nikita and Alexander are the founders of the information security company CISS RT. Keynote speaker. The legendary expert on security, Bruce Schneier, will appear for the first time in Russia at PHDays-2012. Bruce Schneier is the author of dozens of codes along with six books, among which the bestseller "Applied Cryptography" has been translated into Russian. The forum will also include training sessions and master classes. The PHDays Forum, organized by Positive Technologies, will take place in Moscow on May 30-31. Independent experts in IS will all meet in one place: hackers, representatives of state and of big business. The program includes - CTF Competition, hacking competitions, master classes, workshops, seminars, round tables and discussions. You could join the speakers at PHDays! Until April 16 anyone can send a request to participate in the forum - we are interested in the actual, original and resonant themes in information security. For more information about the rules - CFP. Young scientists and students also have the opportunity to present their ideas and discoveries, speaking on the same site, together with well-known gurus of information security. The "Young School" competition has been organized especially for them.

1/27/2012

Bruce Schneier Will Speak at PHDays

A cryptography guru, world-famous expert in information security Bruce Schneier will come to Moscow for the first time. He will take part in our forum as one of the key speakers. Bruce Schneier is a legend in the information security world and his name means much for everyone who works in this field. Several generations of hackers have already grown up on his Applied Cryptography. Another bestseller by Bruce Schneier, Secrets and Lies, is devoted to broader issues of information security. Bruce Schneier has developed popular cryptographic algorithms Blowfish, Twofish, and Threefish and has been involved in the creation of over ten other well-known algorithms. Moreover, Bruce is one of the authors of Yarrow, a pseudo-random number generator, and Skein, a hash function. He publishes a popular Crypto-Gram newsletter and keeps a blog Schneier on Security; there are over 150 thousands readers from all over the world. We'll keep the subject of the Bruce's speech under wraps for a while, but we're already forming a queue of those who wish to get an autograph! And we keep developing the forum program. Leading Russian and foreign experts in various information security fields will give master-classes, workshops, and speeches at PHDays. Stay tuned to know the names! Attention! You can make a speech together with Bruce Schneier! For this opportunity, take part in CFP. We are looking forward to your abstracts!

12/14/2011

The first participants of PHDays CTF 2012 have been decided!

The qualifying stage of the international competition for the protection of information, PHDays CTF Quals, has been completed. Over a period of two days, 72 teams from 17 countries fought unremittingly for the right to reach the final and to attend the main competition in May 2012. The most active were Russian hackers, who were in the majority of the contestant teams.They were followed by the United States and France. The competition was also attended by experts from such countries as Japan, the Netherlands, South Korea, Tunisia, Germany, Switzerland, Kenya, Canada, Peru, the United Kingdom, Sweden, Lebanon, Australia and Spain. First place in the CTF Quals was the team rdot.org from St. Petersburg, who maintained a leading position throughout the game. The contest for second and third place was between eindbazen of the Netherlands and leetmore of St. Petersburg. Several times the teams changed places and the tension was unrelenting to the very end of the competition, when in the last half hour a winner emerged -the Dutch hackers just four points ahead of leetmore. The remaining teams in the top five were int3pids from Spain (4th) and Russian HackerDom (5th place). For the first half of the game the Spanish team was seriously lagging behind the leaders, but then was able to solve a series of complex tasks and have a high score at the finish. This late breakthrough determined their fate - int3pids and HackerDom joined the rest of the winners. The fifth place was also seriously contended by 0daysober from France, trailing HackerDom by just half a point in the last-minute struggle. Nevertheless, we are showing out appreciation for the activity and perseverance of 0daysober by inviting them to the main competition in 2012! We would like to mention Antichat Team, [censored], ufologist, Shine (Russia), Big-daddy, ensib (France), MachoMan (South Korea), Nullarea Tunisian Team (Tunisia) and takeshix (Germany), which, although they won no prizes, steadfastly fought for victory and helped make the game dynamic and exciting. We would like to remind you that PHDyas CTF Quals affects different areas of information security: assessment of security, search for and exploitation of weak points, reverse engineering, etc. In the qualifying stage, the gaming infrastructure PHDyas CTF 2011 was much used, as many of the participants' tasks in this face-to-face competition were not solved. Dmitrii Evteev, PHDays CTF Overlord: "I would like to thank everyone who participated in CTF Quals, - the competition became really nail-biting and exciting. However, the winners of the CTF Quals are not the only main participants in CTF. A number of team leaders of Russian and international ranking are invited hors concours. So, all in all, the full-time competition will involve 12 teams." The main competition, PHDAYS CTF, will be held in Moscow on May 30-31, 2012. View the full rating qualifying events here: http://phdays.ru/ctf/quals/rating/. Stay tuned!

12/8/2011

One day has left before the end of registration of participants for CTF Afterparty

If you want to take part in CTF Afterparty but you have not joined us yet - hurry up, the registration is closing soon! So far, it is certain that CTF Afterparty will become a battlefield for over 100 people from 18 countries. Most participants come from Russia, the USA and Australia. The registration for CTF Quals is closed. More than 100 teams from 29 countries applied for the contest. Once again, the most active applicants proved to be Russian hackers. However, American, French and Japanese contestants made a good keep-up with them. The elimination competitions of CTF Quals start in two days. December 12 will reveal winner teams that will participate in the CTF finals in Moscow on May 30-31, 2012. Follow the news! Complete list of participating countries CTF Quals: Afghanistan, Algiers, Argentina, Australia, Bolivia, Canada, Columbia, Estonia, France, Great Britain, Germany, India, Italy, Jamaica, Japan, Kazakhstan, Kenya, Lebanon, Macao, the Netherlands, Peru, Russia, Republic of Korea, Spain, Switzerland, Sweden, Ukraine, the USA, Western Sahara. CTF Afterparty: Afghanistan, Argentina, Australia, Barbados, China, France, Hungary, Kazakhstan, Kyrgyzstan, Lebanon, Malaysia, Montenegro, Papua New Guinea, Russia, Singapore, Switzerland, Ukraine, the USA.

11/14/2011

PHD CTF Quals opens up a team registration for the information security contests

December, 10-11 will see the PHD CTF Quals contest on information security organized by Russian developer company Positive Technologies. The PHD CTF Quals contest is a qualification competition for the international PHD CTF contest that will take place on May 30-31, 2012. The qualification competition is open for everyone. The requirements list a preliminary registration, a team of 5 contestants and a full observation of the rules. PHD CTF Quals will contest participants' skills of information security assessment, vulnerability search and exploitation, reverse engineering and hacking in general. It is notable that vulnerabilities used for the contest are not made-up but taken from the real life. Thus, participants will have an unrivaled chance to try themselves as real hackers. Teams will have a chance to exploit myriads of real vulnerabilities and to try their hands at solving little information security tasks. The maximum total score is 100. Participants scoring more than 100 will be awarded with traditional special prizes from the Positive Technologies company. The PHD CTF Quals results will decide the winning teams that will take part in the international PHD CTF contests that are held on May 30-31, Moscow, as part of Positive Hack Days (PHD) II, an international information security forum. PHD CTF Quals will be immediately followed by PHD CTF Afterparty 2011 where anyone will be able to solve available tasks according to the same rules. The CTF Afterparty 2011 contest will take place on December 12-25; winners will be awarded with prizes and certificates. The top participants will be invited to the PHD forum as competition contestants. In 2011, the international PHD CTF hosted 10 teams from Russia, India and various European countries. The main prize went to PPP, a team from Pittsburg, USA. The second and third places were taken by Russian teams Leet More and HackerDom. All participants received valuable prizes and presents, while the winners were also awarded with $135,000, 80,000 and 50,000 USD respectively.

10/26/2011

In 2012, Positive Hack Days will grow twice bigger

Positive Hack Days, which took place in 2011, became a center of undivided attention of IT specialists and drew a wide response of the IT community. The organizers have already been receiving requests for participation in the next PHD, so, to handle all the requests, Positive Hack Days 2012 will grow twice bigger. The program will consist of two major parts: a conference and a contest. The conference will involve discussions and round tables meant to bridge business and hacker worlds, as well as practical seminars designed for technical specialists, and master classes conducted by recognized international experts. Similar to the program of 2011, the contest part will be comprised of the CTF contests and a wide selection of various competitions on practical information security for all comers. The CTF contest will also be divided into several parts that include an old-school CTF, online contests and an innovation. The details are kept in secret so far and will be posted later on the PHD official site. Meanwhile, the PHD program is being intensively elaborating. Follow the news and the updates at the site.