PHDays III Call For Papers: The Latest Intelligence Data on either side of a fence

The first wave of the Call for Papers has already yielded its results: specialists from different countries are ready to be loaded onto the plane to the PHDays III. Both reports and hands-on-labs (where the audience is able to participate) will be presented at the forum. Today we are ringing up the curtain to tell you about several reports taking place at the forum.

Special Guest Stars

Among special guests at the forum are: Travis Goodspeed,who we all know, and ReVuln's founders, Donato Ferrante and Luigi Auriemma, known for their researches in information security ofSCADA and Smart TV.

Data Interception within Optical Fiber Networks

Alexey Demenyuk (FixedBug's founder) together with Vladimir Grishachev and Dmitry Khlyapin in their report "Sound at the end of the tunnel" will demonstrate data interception methods within optical fiber network without its tapping. The speaker will raise a question on how reliable the optical fiber networks are considering security issues and will also contemplate current security threat, based on physical properties of the optical fiber. During the lecture, data interception within optical fiber network without its tapping will be demonstrated.

If the Psychological Warfare can not be Stopped, it Should be Headed

Andrey Manoilo (vice-chancellor at the Political Science Department at Moscow State University and editor-in-chief of Mir i Politica) will have a detailed look at the two main concepts of state policy implementation under the conditions of the psychological warfare: psychological warfare resistance and control. Upon the speaker's opinion, psychological warfare control soon will be the main category in the state information policy system.

Cyber War of a Chinese Hacker, Black Economy, and Trojan Tool

China's billion-plus population means that proportionally, there are a lot of hackers in China. Nonetheless, you can't say enforcement is non-existent in China. What happened to China hackers in the last ten years? Who are they and what do they want? Tao Wan, also known as Eagle Wan, the leader of the China Eagle Union will give you the truth.

Airlines against hackers

Security flaws associated with business process management could be a serious threat for companies. Mushtaq Ahmed, a specialist of IT Security&Risk Management department in Emirates Airline, will present a report "Software Development Life Cycle with a Tinge of Application Security". He will take up application security aspects, and flaws in business process management that could have a pernicious effect on the business effectiveness.

Hackers against airlines?

During a short speech "Experiments with entertainment systems on board of aircratfs", gentlemen from Anonymous and Bnonymous will show how the Internet works on the board of an aircraft, what is a strange box with video on the back of the seat before you, and what you could do with it to spend your time cheerfully and profitably during the flight.

How to "sell" the security improvement tools

Jerry Gamblin, an employee in House of Representatives, Missouri, whos report in PHDays 2012 was favoured by Anonymous, will show how to protect your work from the management and lobby for new projects.

Hacking Services Underground Market

Max Goncharov, Senior Threat Analyst at Trend Micro, will represent his report Underground Market 101: Pricing Stats and Schemas. The speaker will cover the principles of underground information exchange, ways to secure money/goods in underground transactions and basic cyber hierarchy. Crypt services, DDoS attacks, Traffic resale, Bulletproof servers, SMS Fraud, Spam services and Credit card Hijack — these topics will also be covered.

Hack on level 8

Gathering enough data about systems and staff from the public resources (Open-Source Intelligence, OSINT) is often essential in security audit, and is also critical for audit success based on social engineering methods. To confirm this statement, Vladimir Styran, a well-known blogger (http://securegalaxy.wordpress.com), Security13 podcast presenter (http://securit13.libsyn.com), will present a report about OSINT automation methods by free of charge or paid means.

Abusing Browser User Interfaces for Fun and Profit

Rosario Valotta, a security researcher from Italy known for demonstration of zero-day vulnerabilities in Internet Explorer, will raise the question of exploitation of user interfaces flaws. The speaker will show how notification bars in major browsers (Chrome 24, IE9, IE10) can be abused with little (or even no) social engineering, leading to users security compromise and even to conducting trivial code execution on the victim's machine.

Attack modeling, security assessment metrics and visualization in promising SIEM systems

Igor Vitalievich Kotenko (head of information security issues laboratory, SPIIRAN) will present the current research in SIEM systems. The report includes aspects of software implementation for an SIEM system of the next generation, developed as a part of the integrated project of The Seventh Framework Programme ( FP7), and also attack modeling and security protection issues.

NFC new threats

Nahuel Grisolía will present "RFID workshop for fun (and profit?;)" workshop that introduces vulnerabilities in NFC (Near Field Communication) wireless technology. The range of topics will vary from the use of traditional NFC 13.56 MHz readers, their API and proprietary software, to Proxmark3 hardware, open source software (LibNFC), known attacks and other RFID uses and practical ideas.

How to develop a secure web application?

Vladimir Kochetkov from Positive Technologies is going on with secure application development and presents hands-on lab "How to develop a secure web application and stay in mind?". The target audience is web application developers and researchers that want to improve skills in code and architecture security and Security Development Lifecycle for complex projects based on Microsoft ASP.NET technologies (Web Pages, Web Forms, MVC, Entity Framework, SignalR). The hands-on lab is based on real vulnerabilities in popular solutions. It considers the best practices and techniques of detection and elimination of vulnerabilities of all classes on each stage.

Sqlmap: Under the Hood

Miroslav Štampar is a professional software developer from Croatia, an expert in automation of SQL Injection. He will present in-depth analysis of capabilities and inner workings of sqlmap. Hands-on lab is devoted to peculiarities and hidden features of sqlmap.

Hard logic for security

A Berlin University of Technology (TU Berlin) PhD-student and Deutsche Telekom researcher Dmitry Nedospasov together with Keykeriki developer, Thorsten Schroder, will make «Let the „hardware“ Do All the Work: Adding Programmable Logic to Your Toolbox" report. They will report how to avoid common issues in coping with overwhelming amounts data and timing using FPGA tools matrix, that is a basis of high-end tools for hardware debugging and analysis.

So Insecure Security Appliances

Stefan Viehböck with his report (In)security of Appliances will lift the curtain over the vulnerabilities of security software and will demonstrate how security appliances suddenly become the weakest link of your defense, how to abuse security appliances to gain access to your network, to your data, and your crown jewels. The speaker promises to disclose world-shattering vulnerabilities in security appliances.

As a part of Fast Track:

• Alexander Tovstolip and Alexander Kuznetsov will show ten methods to overcome DLP Systems.
• Artyom Poltorzhitsky together with Vladimir Konev will show the high-end bank spy for smartphones.
• One of the most important elements of an up-to-date virus is an antivirus system bypass module, which makes the conventional signature approach and heuristic analysis give in. To solve this problem, a lot of vendors of IS tools launched cloud reputation systems. Pavekl Korostelev's report analyzes functions of such services.

How to Participate

If you want to speak to the world leading IS specialists, share your experience and research results, or demonstrate your skills in practical information security, you are welcome the speakers' team of PHDays III. Do not waste your time — the later the date of your application, the fewer chances you have to be among the speakers. The second stage of Call for Papers will be over on April 14, 2013.

Find the details about the format and participation rules, as well as the list of topics we are mostly interested in and application submission instructions on the PHDays website.