What's New in the PHDays Program: supercomputer protection, iOS security, exploit selling
2/25/2015
The first stage of Call for Papers has finished recently and we'd like to announce another batch of reports that will be presented on May 26 and 27 at PHDays V (you can find the first and the second announcements on Habrahabr). Speakers will discuss how to improve iOS application security and what hackers find attractive about supercomputers. They will also address the relationship between sellers and buyers of zero-day vulnerability exploits.
Debugging automation
Alexander Tarasenko's report is devoted to debugging automation using WinDbg. Attendees will gain skills in writing scripts using the built-in WinDbg's engine, and also in Python and Pykd extension. The report will be interesting for code researchers and developers of software that requires uncommon debugging tools.
iOS security
Prateek Gianchandani, a member of OWASP and an information security engineer at Emirates, will lead a hands-on lab on developing exploits for iOS applications. During the demonstration, the speaker will use his own application with typical vulnerabilities. Participants will learn how to improve iOS applications' security level at the stage of development. Upon the introductory part, participants will try to test iOS applications by themselves.
On guard of supercomputers
Felix Wilhelm and Florian Grunow from ERNW, a German infosec company, will tell about the IBM General Parallel File System, abouts its architecture and vulnerabilities. The system is used in certain known supercomputers (such as IBM Watson), which makes it a prime target for attackers aiming at both data stored in the file system and the system's powerful resources. The speakers will demonstrate the exploitation of two security bugs in IBM GPFS.
Exploit selling
Alfonso De Gregorio, the founder of BeeWise and chief consultant at secYOUre, will speak about the relationship between sellers and buyers of zero-day vulnerability exploits, about morals in the exploit market.
Hash hacking at fifth gear
Alexey Cherepanov took part in the development of John the Ripper and maintains its GUI interface. He will tell us how to speed-up hash hacking by using code generation methods.
Fast and useful
In addition to standard reports the PHDays V program includes an extensive FastTrack that involves informative and dynamic short speeches.
Sergey Kharkov, a specialist at National Research Nuclear University MEPhI, will tell attendees how to tap a GSM-based phone by attacking a GSM network and replacing the base station.
Moreover, Sylvain Pelissier, a cryptologist and a security engineer at Kudelski Security, will show how sometimes file encryption tools allow cracking user passwords.
During Denis Gorchakov's presentation, the audience will learn how to prevent payment fraud. He will speak about a hardware and software system for virus analysis, detection of botnet control centers and data collectors.
The second stage of Call for Papers started on February 16. It will last till March 31, so you still have a chance to become a speaker at PHDays this year.
We also invite you to participate in CFP launched by our partner, the HITB conference.
We look forward to seeing you at Positive Hack Days V!