POSITIVE HACK DAYS



ORGANIZER

Fast Track


Download the full program in PDF.

Yescrypt – Password Hashing Beyond Bcrypt and Scrypt

Author: Alexander Peslyak (Solar Designer)

  • Language
  • Russian

Alexander Peslyak, better known as Solar Designer, has been professionally involved in computer and network security since 1997, and he has been professionally developing software long before that. Alexander is an Open Source software author & team leader at Openwall Project and Openwall GNU/*/Linux, computer security expert, Founder & CTO at Openwall, Inc., information security consultant at DataForce ISP, member of informal and semi-formal computer security communities. Alexander has presented on computer security and Open Source software topics at international conferences (HAL2001, NordU, FOSDEM, CanSecWest), served as the technical reviewer for a novel computer security book (Michal Zalewski's Silence on the Wire) and wrote the foreword for it. He is recognized in the “security community” primarily for the security tools (software) released to the public under liberal Open Source licenses, and for many contributions to other popular Open Source software (primarily Linux and related applications).

Alexander Peslyak (Solar Designer) Alexander Peslyak (Solar Designer)

Leveraging IPv6 Features to Ensure Security

Author: Alexander Nevalenny

The report is devoted to IPv6 functionality usefull for security of global and local IT infrastructures. The new protocol is based on distribution of address ranges among countries by analogy with telephone services, distribution of addresses locally, and cancellation of address translation. The speaker will cover technical innovations, legal aspects and will touch upon unsolved problems.

  • Language
  • Russian

Alexander Nevalenny is occupied with banking information security. He was a chief information security specialist at Bank of China (ELUOSI); he currently works at ATAK (the Auchan group).

Alexander Nevalenny Alexander Nevalenny

What to Expect from Foxes in Your Hen House?

Author: Dmitry Tarakanov

We all know why malicious users attack companies — they spy and steal data and money. The damage caused by Stuxnet demonstrated how complicated targeted attacks can be and what outstanding specialists conduct them, especially if they are government-supported. What are cybercriminals capable of if they penetrate a company for the sake of easy money? What software do hackers use beside remote terminals and backdoors if money is somewhere deep in a system? What tricks do they fall back on to remain unnoticed for intrusion detection systems? The speaker will cover all these questions giving examples of gaming vendors that have been fighting with Winnti hackers for many years already.

  • Language
  • Russian

Dmitry Tarakanov is a senior virus analyst at Kaspersky Lab.

Dmitry Tarakanov Dmitry Tarakanov

Application of Radare2 Illustrated by Shylock and Snakso.A Analysis

Author: Anton Kochkov

The speaker will present his experience of applying Radare2 — an open-source reverse engineering tool, and illustrate it by the examples of the Windows trojan Shylock and 64-bit Linux malware Snakso.A. The techniques of analysis include both statistical disassembling of the code and its debugging with Radare2.

  • Language
  • Russian

Anton Kochkov has been Lead Developer at Security Code since 2013. During the last several years he focused on reverse engineering PC, ARM, and MIPS code. He contributes to the projects coreboot and Radare2.

Anton Kochkov Anton Kochkov

Efficiency of IdM Solutions: How Much Do They Help Economize?

Author: Alexey Zhukov

Identity Manager (IdM) solutions are at the confluence of information security and IT. Unlike many purely security solutions, IdMs allow not only ensuring security (such as creating a single accounts management point or controlling orphan accounts), but also automating common IT routines. The main reasons for implementing IdMs are: reduced time for account management and lower information security risks. The speaker will present the software for calculating the real profit from such implementations.

  • Language
  • Russian

Alexey Zhukov has more than 15 years of experience in the field of information security. He focuses on building systems for account and user rights management.

Alexey Zhukov Alexey Zhukov

Getting User Credential is Not Only Admins' Privilege

Author: Anton Sapozhnikov

If an attacker has only user level access to an infected machine inside corporate internal network, that means he or she has quite a limited number of ways to get the password of that user. Already known techniques require additional network access or great amount of luck. Having no access to internal network and absence of admin privileges is a common case during spear phishing attacks and social engineering activities. This talk will cover a brand new technique to grab credentials from a pwned machine even without admins privileges. The technique is possible due to a design flaw in the Windows SSPI implementation. A proof of concept tool will also be presented.

  • Language
  • Russian

Anton is a Senior Consultant for KPMG Russia. He has more than 7 years of experience in penetration testing, worked with many companies from the Fortune Global 500 list. In his spare time Anton participates in CTFs with More Smocked Leet Chicken, the team awardee and winner of Codegate, HITB, DEFCON, etc.

Anton Sapozhnikov Anton Sapozhnikov

Techniques of Impeding Malware Detection and Analysis in PHP Scripts

Author: Grigory Zemskov

The talk addresses main techniques used by malware developers for hindering detection and analysis of their scripts: multiple encryption, obfuscation, code hiding, “mimicry”, hidden PHP function calls, etc. For each method, the speaker will consider scanner detection techniques, difficulties of implementation and identification (illustrated with examples). The list of tools for identification and reverse engineering will also be provided.

  • Language
  • Russian

Grigory Zemskov is an information security specialist and the head of the Revisium. He architected and developed the AI-Bolit malware scanner. He graduated from the Nizhny Novgorod State Technical University specializing in automatic control systems. Previously he worked as Senior Developer at Tecom Group and Lead Architect in Teleca Russia.

Grigory Zemskov Grigory Zemskov

Technical Details of Integration between IT GRC Systems on One Hand and Vulnrability and Compliance Management Solutions on the Other

Author: Marat Rakhimov

The talk will address the integration of an IT GRC system and a vulnerability and compliance management system (VCMS) using their embedded mechanisms. The speaker will demonstrate how on the basis of an XSD scheme of a VCMS report to create a reference XML report sample, containing all possible components and attributes of VCMS reports. He will also show a universal XSLT transformation, which adapts the structure of an initial VCMS report for loading to GRC. The speaker will consider possible issues of integration and give recommendations on how to avoid them. The audience will learn how gained data can be applied in GRS for vulnerability and compliance management.

  • Language
  • Russian

Marat Rakhimov is a design engineer at Gazinformservice. He is an SPbNRU ITMO graduate (2013) specializing in information protection organization and techniques. Marat is a certified administrator of the platform RSA Archer GRC.

Marat Rakhimov Marat Rakhimov

Injecting Axapta — Attacks on Business Data in Microsoft Dynamics AX

Author: Dmitry Yerusov

The speaker will tell about how to leverage the peculiarities of the three-tier ERP system Microsoft Dynamics AX (previously known as Axapta), in order to obtain access to a system’s domain admin account and enterprise data via an X++ injection.

  • Language
  • Russian

Dmitry Yerusov graduated from the Bauman Moscow State Technical University specializing in plasma power generators. Over the last 10 years has been developing and deploying solutions based on the Axapta ERP system. From 2003 till 2010 worked for Favorit Motors, since 2010 holds the post of IT director in a railway company.

Dmitry Yerusov Dmitry Yerusov

NFC Implementations Security

Authors: Andrey Plastunov and Roman Bazhin

The NFC technology is gradually becoming an integral part of our activities in many areas, from payments in public transport to intelligent home technologies. It is certainly convenient. But is it secure enough?
The talk will cover the protocol of NFC devices communication and the way they operate in NFC mode. The speakers will outline the attack surface and consider an NFC threat model. The concept will be exemplified by a MiTM attack against an Android phone via a specially crafted NFC transmitter based on Arduino.

  • Language
  • Russian

Andrey Plastunov is a system analyst at the Russian company Perspektivny Monitoring. He is a MEPhI graduate, chair 12. Andrey’s interest is in fuzzing, mobile devices and developing bots for social networks.

Roman Bazhin is a software developer at Perspektivny Monitoring. He is fond of radio electronics.

Andrey Plastunov and Roman Bazhin Andrey Plastunov and Roman Bazhin

Virtual Machine Introspection – a Way to Track an Attacker in the Cloud

Author: Nazar Tymoshyk

With modern world moving into the cloud, Virtual Machine Introspection is becoming a new promising approach of tracking attackers as well as full user activities monitoring in datacenter using virtualization. In this report, the speaker will present how to resolve and implement VMI approach for VirtualBox for honeypot project and enable feature to grab all activities of hacker or insider. VMI is like keylogger that is able to control all hosted virtual machines on hypervisor level. The talk will also uncover how existing cloud providers may use and track all cloud instances on Amazon and Rackspace.

  • Language
  • Russian

Software Security Engineer and senior Penetration tester, worked in different Ukrainian outsourcing companies like SoftServe, Eleks, Symphony-Solutions. Specialized in web and mobile application security, but main direction of research was honeypot systems as approach for early attack detection. Lead of OWASP local community in Lviv. Author of owasp-lviv.blogspot.com. Ph.D. in Information Security. Certified Ethical Hacker.

Nazar Tymoshyk Nazar Tymoshyk

Analysis of Anti-Virus Labs Work

Authors: Igor Agiyevich and Pavel Markov

Sophisticated security researchers already got used to reports on investigating security issues by anti-virus analytics. However this investigation is a bit of unusual one. This time anti-virus labs themselves are examined.
An anecdote that occurred to colleague software developers helped the researchers to learn “on the other side” how anti-virus labs really work while analyzing suspicious software. The talk will present the kits used by anti-virus labs to analyze potentially malicious software, and also the signs allowing real malefactors to spot anti-virus labs’ interest to their command servers in advance by analyzing incoming traffic.

  • Language
  • Russian

Igor Agiyevich is the Deputy Head of the IT Department at the company Tchnologii Radiocontrolya. He obtained a master's degree at the Saint Petersburg State Polytechnical University specializing in Secure Telecommunication Systems. He spoke at PHDays III, Chaos Constructions 2011, and DefCon Russia. Igor conducts researches in the field of information security, specifically he discovered and published vulnerabilities in Agnitum Outpost Security Suite, VirtualBox, and vBulletin.

Pavel Markov is a Development Engineer at the company Tchnologii Radiocontrolya (Saint Petersburg).

Igor Agiyevich and Pavel Markov Igor Agiyevich and Pavel Markov

Damnatio ad bestias: crowd-filter as a panacea for DDoS

Author: Denis Makrushin

Protection from DDoS is the battle of resources. Crowdsourcing used to filter traffic and balance load can cut costs of DDoS control. The report will enlarge upon a security concept that makes distributed attacks ineffective.

  • Language
  • Russian

Denis Makrushin is an expert at Kaspersky Lab occupied with cyberthreat protection technologies. Denis acquired versatile information security experience: he tried penetration testing and information system security auditing. He had an opportunity to study information security as part of protection: he was engaged in building security systems for large-scale power plants. Denis graduated from the Information Security Department of the National Research Nuclear University “MEPhI” specializing in Information Security of Bank Systems. Now he is going on with his research taking a postgraduate course at the university.

Denis Makrushin Denis Makrushin

Comparison of PDF Threat Detection Methods

Author: Mikhail Smirnov

One of the methods the modern information world employs to infect electronic devices is the use of vulnerabilities present in office applications, web browsers, Java, etc. Such methods are usually implemented to conduct cyber-attacks against production enterprises. Signature techniques help to detect and protect systems from such threats, but only during the second wave of the attack. It means a threat goes first, and then a signature and detection appear.
The author analyzes the results of detecting different well-known PDF vulnerabilities both in the PDF file as a whole and in its various specific objects related to the vulnerabilities; compares vulnerability action in different Adobe Reader software versions; compares various well-known utilities used to search vulnerabilities in PDF files (jsunpack, peepdf); describes the results of experiments with dynamic instrumentation utilities (pintools, DynamoRIO) and conditions of such utilities implementation.

  • Language
  • Russian

Mikhail Smirnov graduated from National Research Nuclear University MEPhI. He is a postgraduate student now. He worked as a research engineer for RU-CERT.

Mikhail Smirnov Mikhail Smirnov

Insider Attacks: Offence and Protection

Author: Nikita Panov

The report will cover typical cyber-attacks in accordance with the data provided by the leading IT vendors (Secunia, TrustWave, Infowatch, CISCO, etc.), as well as protection techniques that employ the default Microsoft tools of the updated product line (technologies included in OS WS2012R2, Windows 8.1 and security programs EMET, MASA, etc.).
The speaker will demonstrate one of inside attacks using a programmable controller designed in a form factor of a typical USB device (a mouse or flash drive) that executes a series of commands with elevated privileges upon connection to a PC.

  • Language
  • Russian

Nikita Panov is currently an IT freelancer. Previously he worked at Microsoft and Kaspersky Lab. His works were published in the Systemny Administrator Magazine; he spoke several times at Microsoft Platforma, Microsoft TechEd Russia and Microsoft SWIT. Hу leads Microsoft community in Voronezh, Russia.

Nikita Panov Nikita Panov

There's Nothing so Permanent as Temporary

Author: Dmitry Bumov

How to obtain a list of files in a directory via a single HTTP request without a directory index? Is it possible to view a script’s source code on a working site? What if to gain database or FTP passwords? Today many people neglect their temporary files and make configuration mistakes, facilitating attackers’ access to sensitive information.

  • Language
  • Russian

Dmitry Bumov is a security researcher and pentester at ONsec.

Dmitry Bumov Dmitry Bumov

USB Drive Threats

Author: Andrey Biryukov

Up-to-date computers are hardly protected from threats of USB devices connected to them. For instance, if a connected device emulates a keyboard, then it can perform any action with the privileges of a current user. The speaker will demonstrate such a device and the way to program it, as well as real attacks and protection techniques.
The main purpose of the report is to illustrate how modern computers are vulnerable to attacks that exploit HID USB devices. Though the attack concept was already known in 2010, the majority of systems still allow any USB drive to be connected. The report will touch upon the Teensy board and current projects on how to use Teensy for information security tasks (Kautilya ...). A series of attacks exploiting this device will also be demonstrated. The report has a practical emphasis and will be interesting to technical specialists: system administrators, information security specialists and pentesters.
The speaker will also show how to work with Teensy.

  • Language
  • Russian

Andrey graduated from the Moscow Aviation Institute specializing in applied mathematics. He has been working as a System Architect at Informzaschita since 2010. He is also a regular author and editor of the Systemny Administrator Magazine. Last year Andrey delivered his report about Raspberry Pi at PHDays 2013.

Andrey Biryukov Andrey Biryukov