News
New talks at The Standoff: the art of the breach, protection from ransomware, and automation of honeypot
We continue to introduce you to the upcoming talks at The Standoff online conference. How do hackers break into IT systems step by step? Is it possible to recover data after a ransomware attack? Why should we automate honeypot? These questions will be answered by the speakers we are announcing today. The art of the breach Robert Sell, President of Trace Labs, will tell how hackers gain physical access to the equipment or area where the IT resources they strive to obtain are located. Such physical access is often required for the exploitation of various vulnerabilities. The talk takes the attendees through a step-by-step process to get from the sidewalk to the president's filing cabinet so everyone can see not only the steps, but how an attacker would plan the entire event. This ensures that every single audience member will have at least one point of value to bring back to their office. Investigations and bulletproof hosting Vladimir Kropotov and Fyodor Yarochkin, researchers at Trend Micro, will tell about pivoting techniques in investigations of bulletproof hosters. Cyberattacks leverage network hosts for a variety of different purposes. Bulletproof hosting services are used to build C2 servers, deliver exploit payloads or for hosting phishing pages, as well as other components of an attacker's network infrastructure. The speakers will highlight techniques of pivoting through indicators and tracing its origin. Programmer vs ransomware Dmitry Sklyarov, Head of Reverse Engineering at Positive Technologies, will tell how he managed to recover his friend's data and find online keys for many victims of STOP (Djvu) malware. To solve this problem, he had to think like a programmer. Honeypot infrastructure and automation Matthias Meidinger, Software Engineer at VMRay, will show how the plethora of collected data and payloads can be visualized and processed with as little manual work as possible. Honeypots can provide valuable insights into the threat landscape both on the open Internet as well as your internal network. But deploying them correctly, and interpreting activity on them, is not easy. This is a follow-up to the VB2020 talk "Like bees to a honeypot," which focuses on generated data, its visualization, as well as automation and integration of multiple systems. COVID-19 and IS issues In addition to the talks, The Standoff conference will also include a series of interviews with international IS experts. For instance, Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky, will tell what impact sophisticated attacks have on healthcare at COVID-19 time. Also, Sergey Golovanov, Principal Security Researcher at Kaspersky, will answer the question of how to react to information security incidents during COVID-19.
More topics to be discussed at The Standoff: ICS security, approaches to disclosure of dangerous vulnerabilities and evasion attacks against computer vision
We continue to introduce you to the program of the online conference, which will be held as part of The Standoff. Please find announcements of other talks on the Positive Technologies website (first and second announcements), and here are five more interesting topics. How to disclose serious weaknesses In the "Kr00k," the talk given by Robert Lipovsky, Senior Malware Researcher at ESET, you will learn the details on his responsible disclosure process of serious security weaknesses identified in chipsets used by a significant number of Wi-Fi capable devices. Robert will also tell how he successfully cooperated with vendors while they prepared patches. The presentation will include technical details and a demonstration, where the speaker will show how his team triggered a reassociation to set an all-zero encryption key and decrypt intercepted packets. He will also discuss the potential impact of these vulnerabilities, along with the limitations of exploiting them. Specifically, the speaker discovered that FullMAC Wi-Fi chipsets by Broadcom (Cypress)—and possibly other manufacturers—are vulnerable to encrypting packets in a WPA2-protected network with an all-zero encryption key. The number of affected devices is likely over a billion including devices by Amazon, Apple, Samsung, and others that use the vulnerable chipsets. The chipset-level all-zero-key vulnerability has been assigned CVE-2019-15126. How to hack a factory Vyacheslav Moskvin, Senior Specialist of ICS Security at Positive Technologies, will conduct a three-day workshop on ICS security. Specially for pentesters and reverse engineers. The speaker will describe ICS features and tell how to hack the system. Specially for reverse engineers, the talk will cover firmware analysis of industrial devices: the speaker will provide an overview of their internals, explain how to obtain the firmware, and outline the first steps of the analysis. Verix OS security Independent researcher Danila Parnishchev will give a talk about the design and security of the Verix OS, a proprietary platform for POS terminals that has its own SDK, binary executable format, and developer documentation. Although recent trends in digital payments suggest that mobile POS terminals may eventually replace this old platform entirely, it is still widely used all over the world. Therefore, the security of the Verix platform remains an important and timely topic. The talk describes the internal structure of the OS, as well as external protocol for uploading and downloading files to and from Verifone terminals. It also introduces tools developed for static analysis of Verix binary applications. And, of course, security issues will also be presented, including a critical vulnerability that allows bypassing signature verification and running arbitrary applications on POS terminals. Best practices of vulnerability disclosure Cesar Cerrudo, Chief Technology Officer at IOActive Labs, will give a talk that can help those companies that are not mature enough to improve their vulnerability disclosure processes, and also make researchers more collaborative and their lives easier. In 20+ years working in cybersecurity, the speaker reported more than 1,000 vulnerabilities to a wide variety of companies. The response (or lack thereof) from different vendors was also very different, depending on vendor security maturity. Based on his experience, the speaker came up with a list of disclosure laws which he is willing to share. Evading machine learning antimalware models Hyrum Anderson, Principal Architect at Azure Trustworthy Machine Learning, Microsoft, will talk about evasion attacks against computer vision. The speaker's research shows that while the underlying concepts of evading machine learning remained constant, an evolution of tactics from manual bypasses towards automated learning methods manifested itself in just over a year. Hyrum will review the concepts and evolutions, highlighting a relatively sophisticated sequential optimization attack against black-box antimalware models.
First talks at The Standoff: machine learning vulnerabilities, red teaming tools, and forensic artifacts
Less than a month is left until The Standoff, a unique global information security event. We are putting the finishing touches to the cyber-range infrastructure, completing the formation of the red and blue teams, and preparing the conference program, which will be an important part of the event. Today we present the first group of speakers whose presentations have already been included in The Standoff discussion section. So here is what they will talk about. Vulnerabilities of machine learning infrastructure The boom of artificial intelligence brought to the market a set of impressive solutions both on hardware and software sides. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. Sergey Gordeychik, CIO at Inception Institute of Artificial Intelligence, will present results of hands-on vulnerability research of different components of AI infrastructure, including NVIDIA DGX GPU servers, ML frameworks, such as PyTorch, Keras, and TensorFlow, data processing pipelines and specific applications, including medical imaging and face recognition–powered CCTV. Also, updated Internet Census toolkit based on the Grinder framework will be introduced. Red teaming simulation: unique attacks of lateral movements In his career, Lawrence Amer, a vulnerability researcher at PwC's DarkLab, reported medium- and severe-level vulnerabilities in Adobe, Carbon Black, CrowdStrike, eBay, Facebook, Microsoft, Sony, and Yahoo. At The Standoff, Lawrence will talk about techniques of lateral movements, and how attackers can achieve their goals before they get on the radar. The speaker will also introduce frameworks and tools which will help red teams in their operations. How to hack medical imaging applications via DICOM Maria Nedyak, a developer at BI.ZONE, will talk about DICOM, one of the core technologies used in medical imaging applications along with machine learning. Maria has conducted security analysis of popular DICOM servers, protocols, and libraries employed in medical imaging systems. In this talk, the speaker will present the most interesting security bugs in the DICOM ecosystem and demonstrate how easy it is to find critical flaws and how to fix them quickly. SailfishOS: forensic artifacts Krassimir Tzvetanov, an expert in information security and graduate research assistant at Purdue University, will talk about SailfishOS, a Linux kernel-based operating system, mostly deployed on cell phones. It is being rapidly deployed in Russia, India, and China, where it is used by government agencies and large companies, such as Huawei. While popularity is growing, there is no sufficient research in this space, so it is likely for investigators to encounter it in the field. This presentation shows the mapping of the digital artifacts pertinent to an investigation, which can be found on the file system of a phone running SailfishOS 3.2. It covers call logs, text messages, location services, address books, and other important artifacts. Safety of the Safari reader mode You might have come across a nice article on a website fully loaded with different advertisements, funky background images and sounds. To deal with it, browser vendors created reader mode. In his talk "My hacking adventures with Safari's reader mode," Nikhil Mittal, a security consultant at Payatu Software Labs will describe some major flaws in reader mode which result in security policy bypass. We continue to accept applications from speakers. If you want to talk at The Standoff, please, fill out this form.
The Standoff: worldwide virtual cyber-range highlights real-world cyber risks and defensive techniques
Event to include large-scale controlled offensive and defensive competition and online conference on top cybersecurity issues (November 12–17). Rapid digitalization continues to impact nearly all aspects of our lives. But along with the benefits come risks that did not exist prior to the interconnected digital world. From sensitive information disclosure to financial loss and risks to physical safety, the threats in the new digital paradigm are real. The Standoff aims to uncover these risks, empowering industry participants to address key issues and move towards a more secure tomorrow. This global event will be held on November 12–17 across three continents. The Standoff is an excellent example of collaboration between leading security and technology companies and conferences, including Positive Technologies, EPAM Systems, Microsoft, Cyber R&D Lab, and Hack In The Box. Attendees will see the best offensive and defensive cybersecurity teams in the world come together to enhance their skills in an online competition format. Would you like to join us to create a new approach to security analysis of new technologies and develop tools to model critical infrastructure threats without impacting the real world? If yes, then we are waiting for you at The Standoff. If there were a way to know in advance how new technologies will interact with each other and how the activity of cybercriminals will affect them, the world would be a safer place. By launching The Standoff, we aim to create a platform for digital modeling of events, such as cyberattacks on critical infrastructure. One of the centerpieces of The Standoff is an online offensive/defensive competition in which defenders (blue teams) compete against attackers (red teams) to control the infrastructure of a simulated digital city. The exercise goes far beyond the standard Capture the Flag (CTF) format, in which participants only solve security-related tasks. Instead, at The Standoff, both sides get access to the real equipment and software that control the whole of modern urban life and have to hack or defend the infrastructure in real time. Defending and attacking teams participating in The Standoff are often comprised of actual corporate teams that have taken the opportunity to improve their skills and gain unique experience. By competing at The Standoff, they gain a deep familiarity and training within days that might take months or even years in the real world. As a cyber-range, The Standoff contains a full-fidelity virtual copy of the manufacturing chains, business scenarios, and technology landscape typical of different industries. A wide range of real companies will be recreated at The Standoff 2020: defenders and attackers will have free run of a natural gas pumping station, port, rail terminal, chemical plant, fire station, oil refinery, amusement park, airport, electrical plant and substation (with windmills), plus business and financial center. A cyber-range of this kind is the only truly effective way to model threats and empirically evaluate the security level of specific technologies. These insights can be used by companies and governments to understand how a particular technology works in the real world and see the consequences of a successful cyberattack. At the event site, there will be an active round-the-clock Security Operations Center (SOC) equipped with all the latest security tools. The SOC, in conjunction with specialists from the Positive Technologies Expert Security Center (PT ESC), will help to make the virtual action at The Standoff visible to all. At the same time, The Standoff is also a cybersecurity conference with talks, workshops, and demos from global cybersecurity experts. As a cybersecurity marathon under The Standoff brand, it will start in the U.S. and go through Europe, the Middle East, and Asia, before ending in Russia. The Standoff unites different audiences and countries with one agenda and one idea—improving cybersecurity through real-world offensive and defensive exercises. The Standoff provides a unique communication platform for instant text and video feedback from the audience, which can flip between channels in real time. All attendees will be able to track reactions, join the conversation, and expand their network by adding new connections. This year will be the first time for The Standoff conference to arrive online in people's homes. It will provide all participants with an opportunity to share their experiences and gain valuable insights in achieving the core cybersecurity mission of making the world a safer place while strengthening trust in technology! Learn more: . Join us on social media: Twitter, LinkedIn. See you at The Standoff!
PHDays 10 coming in spring 2021
For the last several months, the Positive Hack Days 10 organizing committee has been monitoring the coronavirus situation. We had hoped that, despite the current strict quarantine measures and restrictions on international travel, it would be possible to go ahead with the event later this fall. But subsequent events showed that risks and severe restrictions will very likely persist. The upshot is that we will not be able to hold the big anniversary PHDays the way we wanted. And an online-only event would not have been enough to realize the full scope of our ambitions. Therefore, we are announcing the postponement of PHDays 10 until spring 2021. Based on the predictions of health experts and other authorities, we believe that international air travel and mass gatherings are likely to resume by then. We will inform about the new dates of PHDays 10 as soon as this information becomes available. When the dates are announced, we will reach out to all participants and presenters to confirm their ability to attend. Previously purchased PHDays tickets will remain valid. The Call for Papers will be extended and we will continue to accept proposals from all interested presenters. Although we are postponing the forum, we will still have a few exciting things for you in the meantime: we will be holding The Standoff online this fall. Dates and details on the upcoming epic cyberbattle will be announced closer to that time. If you have already purchased a ticket but will not be able to attend next spring, we will give you a full refund. Fill out a refund request (for individuals or for organizations), sign it, and send a scanned copy to phdays10@ruvents.com.
PHDays 10 postponed
Due to the situation with COVID-19 coronavirus, to ensure safety of our guests, we have decided to postpone PHDays 10. The organizing committee has been analyzing the situation for the last two weeks, and has received many questions from our speakers regarding potential rescheduling of the forum. Taking into account the increasing risks of international travel, we started considering postponing the event. Yesterday, the Mayor of Moscow issued a decision canceling all public international events of more than 5,000 people until April 10. However, we can expect that the term might be extended further. In the end, we have decided to reschedule the forum, probably until fall 2020. The new date for PHDays 10 will be announced later. As soon as the dates are announced, we will contact all participants and speakers to see if they can attend. All tickets for PHDays already purchased will remain valid. We will also extend the Call for Papers. Our potential speakers will have an additional opportunity to submit their research. All applications already accepted will automatically be carried over to the new dates. Those who purchased entrance tickets but will not be able to attend PHDays in fall will get full compensation of the ticket cost.
The Standoff: Recap and highlights of live cyberbattle at HITB+CyberWeek 2019
In mid-October, a battle flared for three days in sunny Abu Dhabi between teams of security experts. Attackers (red teams) and defenders (blue teams) fought for control of the digital infrastructure of a mock city specially created by Positive Technologies for HITB+CyberWeek 2019. A longtime favorite among security professionals, The Standoff is a cyberbattle held annually by Positive Technologies at the Positive Hack Days international forum on practical security. The Abu Dhabi competition marked a big first for The Standoff, which had previously been held only in Moscow, most recently in May at PHDays 9. For details, check our previous article. Smart city in Abu Dhabi Positive Technologies created an enormous diorama of Kabakas, a fictional industrial city, spanning about 17 square meters (183 square feet) and containing thousands of figurines. Over 100 meters (328 feet) of miniature railway tracks and more than 500 meters (1,640 feet) of wiring went into creating the city infrastructure. The mock city model allowed demonstrating consequences of real cyberattacks against critical infrastructure.
Become a speaker at Positive Hack Days 10. Call for Papers is now open
The Call for Papers is now open for the Positive Hack Days forum on practical information security. Please submit your application by March 31. Both the esteemed experts and young specialists are welcome. An international program committee consisting of independent researchers and leading IS and IT experts will name the best talks. PHDays 10 topic is "The Origin." We invite everyone to participate in developing the concept of future information security together. We expect over 10,000 visitors and participants, including hackers and information security specialists, serious businessmen and famous politicians. We also welcome practical findings and research outcomes in different areas of cybersecurity: Vulnerability discovery and exploitation Attack mitigation Architectural issues of modern computing systems Detecting and investigating attacks and incidents: practical findings Threat intelligence and threat hunting OSINT Investigating activities of hacker groups Arranging processes for securing information infrastructures: practical findings Methods and ways of developing secure software, such as serverless apps, cloud-based apps, micro-service architectures, and AI systems Formal security models of applications Managing security risks in software development processes Security of BIOS, UEFI, and other firmware Methods of assessing informational risks for businesses Methods of detecting sore spots in business processes Methods of developing information security strategies for businesses We will discuss the security of embedded systems, home and industrial IoT devices, telecommunication networks, smart homes, and CCTV, as well as the security of financial technologies and tools. We will also discuss faults and vulnerabilities in blockchain, talk about reverse engineering, applied cryptography, machine learning, malware, and exploit development. Participation formats: Talk (50 minutes), Fast Track (15 minutes), and Hands-on Lab (up to 4 hours). To participate in the conference, please fill out the application form at .
Positive Hack Days 10: ticket sale has started
Tickets for the tenth international forum on practical information security PHDays are now on sale. You can register and buy tickets here starting December 5. Just as in previous years, we have the Early Birds discount. If you buy tickets before January 31, the ticket package for the two days of the forum costs 9,600 rubles. Starting from February 1, the price for the full 2-day conference registration will be 14,400 rubles, and 9,600 rubles for one day. Other ways to join PHDays There are other ways to become Positive Hack Days participants. Some of those are free. First of all, you can get involved as a speaker. Renowned experts and young specialists are equally welcome to present their research. Call for Papers will be announced soon. Stay tuned. Tickets will also be given to winners of special hacker contests and those participating in The Standoff. Keep track of the news. We will provide more details soon.
Positive Hack Days 10: The Origin
The first known virus for personal computers appeared in early 1980s. A few years later, a network virus caused losses totaling USD 96 million. Now we live in the age of botnets, targeted attacks, and cyberweapons. The age of computers seemed to get off to a rocky start. Would you like to team up with us in fixing the mistakes and creating a world of secure high-tech? Want to see development instead of running around in circles? If so, join us at PHDays 10, which is to take place on May 13–14, 2020, at Expocentre on Krasnaya Presnya, Moscow. In addition to discussing attack and defense, we will try to reset history. At the tenth international forum on practical information security Positive Hack Days, we invite you to participate in developing a concept of information security for the future. We expect over 10,000 visitors and participants, including hackers and information security specialists, serious businessmen and famous politicians. In the exhibition hall, we will have over 50 stands, themed areas for various topics and interests. We will provide high-quality communications and computing resources for demonstrating security systems and hacking tools. The forum agenda includes lectures, contests, competitions, live interaction, and training in real time. We will also have the fifth Standoff. This is a cyberbattle between the teams of attackers, defenders, and SOCs. A battle which the forum visitors are well familiar with. We invite teams from the largest Russian and international companies. SOCs use their preferred security tools, and the attackers use the most advanced attack methods and techniques. The cyberbattle is monitored by the independent SOC of the organizers, deployed using Positive Technologies products, such as MaxPatrol SIEM, PT Network Attack Discovery, PT Application Firewall, PT MultiScanner, and PT ISIM, allowing the experts to see the whole battle map online. An integral part of the Standoff is the cyber-range where Positive Technologies experts emulate the infrastructure of a modern metropolis. This digital environment includes corporate systems of large companies, industries, and other critical infrastructure. The model uses actual ICS, SCADA, and PLC from the best Russian and foreign manufacturers. The format of this cybersecurity exercise allows information security experts, representatives of state agencies, developers, and journalists to understand the current threats. For participating companies, this is a unique chance to practice defending the infrastructure when hackers put real pressure on. See you on May 13 and 14 at Expocentre on Krasnaya Presnya for "PHDays 10: The Origin."