News
ESCalation Story online forensics contest to start April 22
Want to test your mettle at investigating cybersecurity incidents? Take part in the ESCalation Story online contest, which will be held in the run-up to Positive Hack Days. The contest will take place via Telegram from April 22 through May 15. Winners will get prizes from the PT Expert Security Center. The contestants will have to deal with a tricky situation at a small trading company called Much Money. Its CEO recently started thinking hard about security and after attending last year's PHDays decided to hire a cybersecurity expert, Jaxson Hunt (@jaxhunt_bot). Jaxson had always dreamed of catching hackers and wanted a chance to prove himself. But his experience was limited, so when his boss woke him up at night saying someone had hacked into their network, Jaxson was at a loss. "Ouch... Now I'll have to recall what they taught us in our incident investigation classes. We only have a few servers, what could happen, anyway?" thought poor Jaxson. "Maybe the community will help me investigate? I should get a Telegram account, that's the place to find the real pros. Hopefully I can get the situation sorted out before PHDays, since the boss wanted to send me there this year." The first person to figure out what exactly happened and who's behind it all will be the winner of our ESCalation Story. Details will be published soon on the PHDays website. Check our page for news and start getting ready!
The Standoff: new twists added to a PHDays favorite
At this year's Positive Hack Days, teams of attackers, defenders, and security operations centers will wage cyberbattle in The Standoff for the fourth time. But this year, the organizers have some changes in store. City F, which we all remember from before, has grown to become a true modern digital metropolis. Now in addition to the traditional facilities the city infrastructure includes offices. These belong to an airline, insurance company, IT company, media outlet, and maritime shipper. The city even has a soccer club. And just like last year, City F will have its own cryptocurrency. The city is still densely populated. People work in various offices and factories for different companies, live in modern homes, and use all the latest digital technologies in their daily lives. Changes have been made to the format of the game as well (see more on The Standoff page). First, teams of developers will join the fight, making work for both attackers and defenders. During a hackathon, developers will create applications which the attackers will also try to crack. Second, many facilities will remain unprotected. This time the defenders will secure only offices, while the other facilities will remain vulnerable (as sometimes happens in real life). But this does not necessarily mean smooth sailing for attackers. Maxim Tselikov, member of the PHDays organizing committee, said: "We have spiced things up a bit. To see whose approach to security is more effective, we have put the defender teams on equal terms, entrusting them with the different offices. And to make sure the defenders don't completely cut off their perimeters from the bad guys, we will have special checks in place, ones even better than last year's." "Attackers will still be free to act as they will, but we have changed the scoring. The score for a task will now depend on more than just its complexity. Although some tasks will resemble those from past years, they will be worth fewer points than before. We did this to motivate more experienced teams to get out of their comfort zone, while giving beginners a chance to try out new things. Also we have decided to place limits on the ability to compromise bank accounts, to avoid a repeat of the dramatic game-altering events we witnessed last year in the last hour of competition. What we can promise is that the teams will have to work hard. We have prepared a lot of interesting and unexpected tasks for them." Last year, The Standoff ended in a draw. What will this year's competition bring? Let's find out!
New additions to PHDays competitions: More theory and practice
The competitive program of Positive Hack Days 9 promises to be packed. In addition to the traditional contests, there will be applied security competitions of various difficulty held in a workshop format. This means that during a couple hours contestants will acquire basic knowledge of some aspect and will immediately use that knowledge. Network Village Over the course of two days the security experts at the Network Village test bed will speak about network fuzzing, SSL pinning, MITM attacks, attacks against web applications and USB devices, and many other topics. Contestants will learn about attack types and scenarios, and will put the new knowledge to use in the E&E Exploit Express contest. The purpose of the contest is to go through several vulnerable services and collect flags. The participant who gets all the flags first becomes the winner. The services will be available through a Wi-Fi router. The contest is open for anyone interested in networks, the knowledge level is irrelevant, just bring your laptop. AI Track Nowadays artificial intelligence is used not only for protection against attacks, but also for attacking. At the AI Track test bed, famous experts in machine learning will give technical presentations on various aspects of using AI in security. The presentations might be of interest to security specialists, as well as to ML engineers who care about security. Also, throughout the two days a CTF contest will be held. The tasks will be related to the use of ML models. All participants are welcome. The link will be posted before the start of PHDays. Payment Village At the Payment Village test bed, you can practice attacking banking systems. Experts in banking systems security will explain how various banking devices work, what vulnerabilities they have, and will share interesting cases from security analysis projects. In a special demo area they will demonstrate scenarios of attacks on ATMs and POS terminals. After learning the theory, Payment Village contestants will try hacking an ATM. All visitors are welcome to try. More details on contests and prizes will be published in April. Check our page for news and get ready for exciting action!
New to PHDays: defensive track from the PT ESC team
This year, PHDays will include a special track for digital defenders! Our forum has tended to concentrate more on about attacks, vulnerabilities, and hacking techniques, and less on protection. To close that gap, we have created a special technical track named thrEat reSearch Camp for presentations about incident response, threat intelligence, threat hunting, OSINT, and malware analysis. During the two days, experts will discuss new APT campaigns, share effective methods and tools for detecting incidents, monitor the darkweb, and analyze open sources. They will also pick apart complex malware. Presentations will target a diverse audience, with content intended both for novices and technical experts. Elmar Nabigaev, Head of Threat Response at Positive Technologies and member of the PHDays organizing committee, said: "Every year, there is more and more information about new vulnerabilities and flashy hacking techniques. But protection-related topics can get shortchanged. At PHDays 9, we want to change this by doing more to include the other set of people, those who protect us from cybercriminals every day." He continued: "thrEat reSearch Camp will be a space where all PHDays participants can share ideas. We hope this will be the start of a tradition for future years." The PHDays program committee has already selected the first group of speakers who will present at the defensive track. Visitors will learn how optical character recognition helps combat macro viruses, how cloud incidents can be best investigated, how Active Directory logs can be analyzed in a new way, and how security experts monitor threats on the darknet. Detecting macro viruses The 1990s were full of interesting trends. On the computing side, these included documents with injected malicious code. Most commonly, attackers would embed a VBA macro in an innocent-seeming document, such as an invoice. Many still remember the Melissa macro virus, which appeared in March 1999 and infected hundreds of thousands of computers all over the world. But malicious macros have made an unexpected comeback. In 2014, Microsoft noted an increasing number of such threats: the company's tools were generating as many as around 8,000 VBA detections per day. In 2016, Microsoft blocked macros in Microsoft Office by default. However, malware developers found a way to bypass this restriction: they now kindly ask users to enable macros. Check Point reverse engineer Ben Herzog will present a new approach to macro detection. Attackers who create such documents invariably use the words "Enable Content" and must hide them in a document's header or in a picture. Ben will demonstrate a classifier that immediately detects infected files and also share the results of his research, based on tens of thousands of malicious documents. New method of analyzing AD event logs Analysts from the JPCERT/CC Incident Response Group will speak on the topic "Analyzing Active Directory event logs with visualization and machine learning." Tomoaki Tani coordinates investigation of cybersecurity incidents and analyzes incident trends and attack methods. Shusei Tomonaga is engaged in malware analysis and forensics investigation. He is spearheading a group responsible for analyzing targeted attacks on critical industries in Japan. Event log analysis is a key stage in incident investigation. Analyzing Active Directory event logs allows identifying the hosts compromised as the result of lateral movement. The duo will show a new method of analyzing Active Directory event logs with LogonTracer, a tool that visualizes relationships between accounts and hosts. Cloud incident investigation An increasing number of companies are migrating their infrastructure to public clouds, such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform. According to IDC, the biggest spender on cloud services in 2018 was healthcare ($12.1 billion), followed by government ($8.4 billion) and finance ($7.3 billion). Analysts expect that investment in cloud services will continue at an accelerated clip until 2021. The cloud boom has been fuelled by the digitalization of key industries. Despite the advantages of cloud technology, it also brings security risks. Frederic Baguelin, incident response expert at Société Générale and co-founder of ArxSys, will speak about incident investigation on cloud infrastructure. Frederic will tell about EC2 and methods for analyzing EC2 instances in the AWS ecosystem. He will propose an automated approach based on AWS and the Python API to retrieve snapshots for local analysis. He will also demonstrate the tools needed to perform a full scan directly from the cloud. Monitoring darknet threats Muslim Koser, Head of Products & Technology at Volon, will speak about effective methods for gathering information about attackers on the darknet. Muslim has over 20 years of information security experience. For the past 10 years he has been leading threat intelligence teams. The speaker will explain how to cope with information overload to pinpoint the useful nuggets, and how to combine AI and ML with HUMINT to get the most out of the "take." \* Don't miss your chance to speak from the same stage as big-name experts at PHDays 9! Apply by March 31. Stay tuned to keep up with the latest news!
PHDays talks to include eavesdropping on videoconferences, new version of GhostTunnel, and Java Card attacks
Our review board has been hard at work sorting through proposals for talks at Positive Hack Days. We encourage would-be speakers to apply soon: the call for papers closes on March 31. Recently we announced a highlighted speaker at PHDays 9, prominent GSM security researcher Karsten Nohl. Today we present the first group of speakers whose talks have already made the cut. Yamila Vanesa Levalle, security researcher at ElevenPaths, will be making her PHDays debut. She will speak about two open-source Python tools that automate attacks on Cisco Meeting Server (CMS).
Karsten Nohl to speak at PHDays 9
World-renowned GSM security researcher Dr. Karsten Nohl will give a keynote talk at Positive Hack Days 9. A member of the Chaos Computer Club in Germany during his student days, Karsten is a leading specialist in data security and encryption. He likes to test security assumptions in proprietary systems and typically breaks them. He is personally behind the security for Reliance Jio, the world's fastest-growing telecom network.
Become a speaker at PHDays 9!
The Call for Papers is now open for the Positive Hack Days forum on practical information security. Please send your application by May 31. Both the esteemed experts and young specialists are welcome. An international program committee consisting of independent researchers and leading IS and IT experts will name the best reports. Under the banner of "Breaking the constant" we will pay close attention to the relationship between society and technology. Presentations will target a more diverse audience than just information security experts, also addressing the IS impact on e-government, finance, cyberinsurance, blockchain, energy in the digital age, cloud computing, telecoms, relationship between business and technology, globalization, biohacking, and the future of intellect. We also welcome practical findings and research outcomes in different areas of cybersecurity: Security of embedded systems and the IoT for homes and businesses Blockchain flaws and vulnerabilities Telecom security Security of smart homes and video surveillance (CCTV) Security of financial technologies and tools Security of web and business applications Reverse engineering Applied cryptography Machine learning Malware and exploit development Targeted attacks and hardware backdoors Secure development and automation of protection tools Participation formats: Report (50 minutes), Fast Track (15 minutes), and Hands-on Lab (up to 4 hours). To participate in the conference, please fill out the application form at phdays2019.exordo.com. For more information, check the Call for Paper page
PHDays 9 tickets available now
The early bird catches the worm, as well as a nice discount on tickets to PHDays. Act by January 10, 2019, and get a ticket for both days for just RUB 7,337! On January 11, prices will increase to RUB 9,600 for two days and RUB 7,337 for one day. And starting March 1, you'll have to pay RUB 14,400 for two days and RUB 9,600 for one. Quantities are limited! So don't delay and get your PHDays 9 ticket at a special low price! There are also ways to snag a PHDays ticket for free. Dazzle us with security research you're willing to present, win in one of our special hacking contests, or join one of the teams in The Standoff. More details to come!
Breaking the constants at PHDays 9
Exciting news: the slogan and topics are now out for next year's Positive Hack Days international forum on practical security. Under the banner of "Breaking the constant" speakers and contests at PHDays 9 will situate information security in the wider context of the relationship between society and technology. The event will bring hackers, security experts, and IT specialists together with those from fields not traditionally associated with digital security, including medicine, policymaking, and neurotechnology. What are the constants? Constants rule the world. Any event, from birth of a snowflake to exchange rate fluctuations, can be described with the help of unchanging numbers such as pi, the gravitational constant, and the golden ratio. We now live in a digital world where virtually all human activities depend on information technologies. Our digital world is subject to its own constants. Cloud computing, big data, artificial intelligence, machine learning, blockchain, virtual reality, and the Internet of Things all seem unshakable, if not inevitable. But if constants rule the world, who rules the constants? Can we take them for granted? What if they are broken by something—or someone? At PHDays 9, we are going to take a peek at the butterfly effect in today's age. By rethinking widespread assumptions, we can start imagining what might happen if these constants crumble. Boris Simis, Deputy CEO at Positive Technologies, said: "Government, business, and individuals live in a digital world. No longer is technology something that concerns 'computer people' only. The purpose of PHDays 9 is to help governments, businesses, IT, and security experts take a fresh look at the digital constants through the lens of information security. Discussion will include e-government, finance and banking, cyberinsurance, blockchain, energy in the digital age, cloud computing, globalization, telecoms, the information security market, relationship between business and technology, biohacking, and the future of intellect." PHDays 9 will be distinguished by a particularly unique and wide-ranging list of topics. Keynotes, presentations, and roundtables will offer something for both security professionals and anyone interested in the impact of security on nearly every area of life. More details will become available in February. Real world, real hands-on Presentations at PHDays 9 will target a more diverse audience, with a balance between content intended for novices and technical experts. Key topics will include: Security of embedded systems and the IoT for homes and businesses Blockchain flaws and vulnerabilities Telecom security Security of smart homes and video surveillance/CCTV Security of financial technologies and tools Security of web and business applications Reverse engineering Applied cryptography Machine learning Malware and exploit development Targeted attacks and hardware backdoors Secure development and automation of protection tools Contests are at the heart of PHDays 9. Timur Yunusov, member of the PHDays organizing committee, explained: "At PHDays 9, we are making a special effort to encourage a wider range of participants to compete. Besides competitors who prepare well in advance, we also want to inspire spur-of-the-moment participation by ordinary forum visitors. This is why most contests will be in workshop format: every few hours, visitors can come up and get an explanation of the basic principles, enough to complete at least a trivial task. Learning by doing will help participants to quickly grasp the subject and apply knowledge in practice. As always though, our classic hardcore hacking contests will be back in full force." Contest workshops will vary in complexity and subject matter, including industrial and financial systems, home and industrial IoT, smart cars and devices, reverse engineering, radio and hardware, and cryptography. For many, The Standoff is the highlight of PHDays. This intense badguys-versus-goodguys cyberbattle will be the centerpiece of the contests, just as in past years. More about The Standoff will come later, so stay tuned! PHDays 9 will be held on May 21–22, 2019, in Moscow at the Crocus Expo International Exhibition Center. Tickets will go on sale in December.
PHDays moves to Crocus Expo: check out the new venue
The dates of Positive Hack Days 9 are already out: the forum will be held on May 21–22, 2019. This time the organizers have chosen one of the largest and best equipped venues in town—the Crocus Expo International Exhibition Center. Crocus Expo hosts hundreds of large-scale and high-profile events annually, including national and international exhibitions, conferences, symposiums, and sports competitions with participation from both Russian and foreign companies. The new venue is twice as large as the World Trade Center Moscow, which used to host the event before. Just to give you an idea, the smallest conference hall in the World Trade Center seats 60 people, while Crocus Expo halls start at 160. This year there will be room for everyone who wants in on the Positive Development User Group, we promise! :) PHDays 9 will occupy the entire Crocus Congress Hall (Hall 20, Pavilion 3). It's a one-of-a-kind transformer hall that allows to configure the layout as needed. That means we will be able to expand our agenda considerably.