POSITIVE HACK DAYS



ORGANIZER

Hands-on Labs


Download the full program in PDF.

Hands-on Experience on Power Attacks

Author: Roman Korkikian

The lab will cover side-channel attacks, specifically with exploitation of power consumption. The speaker will demonstrate an attack against DES, explain how to conduct a similar attack against AES, and then the lab participants will have an opportunity to practice these attacks.

  • Language
  • Russian

Roman Korkikian works in the Swiss company Kudelski Security, where he deals with hardware attacks and side-channel ones. Previously he worked in France, at Altis Semiconductor and also at the local division of STMicroelectronics. Roman frequently publishes his research articles and speaks at various international conferences.

Roman Korkikian Roman Korkikian

Compromise Indicator Magic

Authors: Fyodor Yarochkin, Vladimir Kropotov and Vitaliy Chetvertakov

During this hands-on lab Vladimir, Fyodor and Vitaliy will cover an interesting concept of compromise indicators and use of compromise indicators in pro-active incident response and forensic investigation process. The team has developed a framework and a platform that allows integration of various IOC formats into dynamic defense framework. The framework allows integration of various 3rd party-encoded indicators (such as CyBox, OpenIOC, etc.) and provides facilities to perform individual IOC characteristic mapping to known/existing Indicators of Compromise. The input can be provided in form of an IP address, a hash, a URL, a process of executable name, an executable behavior characteristic and so on. The output of indicators of compromise can be produced in form of: snort rule(s), Yara rule(s), or a hunt description for GRR Rapid Response Framework. The researchers will demonstrate an applied process of identifying, mining and refining IOCs as well as running "IOC sweeps" on available data sources. Several tools will be demonstrated (including passive DNS, passive HTTP frameworks developed by authors) in these examples as well as possibilities of integration with 3rd party tools, such as Splunk, Moloch and so on.

The researchers will also discuss the implementation of IOC sharing policies and facilitation of such shares and will walk attendees through series of simulated case studies including breach simulations, customized rootkits detection and use of framework to detect, refine, redeploy and sweep for potential indicators of compromise.

All the provided tools are to be released open-source.

  • Language
  • Russian

Fyodor Yarochkin is a security analyst at Academia Sinica, Chroot Study Group.

Vladimir Kropotov is an information security analyst and independent researcher.

Vitaliy Chetvertakov is a security analyst and independent researcher.

Fyodor Yarochkin, Vladimir Kropotov and Vitaliy Chetvertakov Fyodor Yarochkin, Vladimir Kropotov and Vitaliy Chetvertakov

ARM Exploitation

Author: Aseem Jakhar

The ARM exploitation workshop takes a deep dive into the security concepts of ARM Linux starting right from the ARM assembly, shellcoding, buffer overflows, reverse engineering to сode injection. The workshop has a lot of hands-on to get the participants comfortable with ARM assembly and understand the issues involved in exploitation of ARM-based Linux systems.
To make the workshop more interesting, it uses Android as the platform for learning ARM exploitation and hence it covers Android OS specific dev/security concepts as well and takes the participants through the basics of Android to be used as an ARM Linux platform. All concepts taught in the workshop are Android independent though and will be the same for any ARM embedded Linux device except for the lab dev environment. This workshop provides a base for the participants to develop security research expertise on the ARM/Android platform.

  • Language
  • English

Aseem Jakhar is the director, research at Payatu Technologies Pvt Ltd, a boutique security testing company, and the founder of the Nullcon security conference. He has extensive experience in system programming, security research, consulting and managing security software development projects. He has designed/developed and worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He is an active speaker at security and open source conferences; some of the conferences he has spoken at include AusCERT, Black Hat, ClubHack, Defcon, GNUnify, Hack.lu, OSI Days, XCon.

Aseem Jakhar Aseem Jakhar

How to React to Security Incidents: Investigation of a Cyber-Attack

Author: Alexander Sverdlov

People often become rash and chaotic during an IS incident and can destroy crucial evidence. The 4-hour hands-on lab “How to react to IS incidents: Investigation of a cyber-attack” focuses on a practical approach to incident investigation and learning how to act quickly and calmly to collect evidence, to analyze system logs, memory and disks, and to search for traces of a cybercrime. Participants will be provided with special instructional material and virtual machines, and will be offered several effective strategies to respond to simulated incidents.

  • Language
  • English

Alexander Sverdlov worked at Mobiltel EAD (Bulgaria’s mobile operator) and at Hewlett-Packard, was a freelance security consultant and trainer. Now he is an IT security officer at ProCredit Bank Bulgaria. He conducted a four-hour hands-on lab on cyber forensics at PHDays III. Sofia, Bulgaria

Alexander Sverdlov Alexander Sverdlov

Android Exploitation

Author: Aditya Gupta

The lab will be based on Android exploitation, and the lab will address such topics as reversing and analyzing Android malware, auditing applications with manual and automated testing, going into the depth of Dex and Smali file manipulation. Webkit based exploitation for Android and ARM exploitation for mobile devices will also be covered.

  • Language
  • English

Aditya Gupta is the founder of Attify. Previously worked as Lead of Security Team for Rediff.com and Lead of Product Development for XY Security. He is a co-creator of the Android Framework for Exploitation (AFE). He was a speaker and a trainer at such conferences as BlackHat (Abu Dhabi and Las Vegas), Toorcon (San Diego), OWASP AppSec (S. Korea), Singapore), RSA (Singapore), Nullcon (India), Clubhack (India), the Hackers Conference (India), Defcon India Chapters (Chennai and Bangalore). He is a member at Null (The Open Security community, India). Author of upcoming books "Learning Pentesting for Android" and "Mobile Device Exploitation" (will be published shortly by PacktPub).

Aditya Gupta Aditya Gupta