lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <A466774BDF16B44295D39A3ABD8B8EA3C9E1AA8E@srv-ex03.ptsecurity.ru>
Date: Tue, 26 Jun 2012 07:50:48 +0000
From: Dmitry Evteev <devteev@...ecurity.ru>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Presentations from Positive Hack Days 2012
	Published

It's finally happened! When videos of reports and hands-on-labs from
Positive Hack Days were published, we decided to move on. So now you have an
opportunity to view presentations of the forum's reports.

For your convenience we provide links not only to the slides but to the
videos of the reports as well (if they were made).

 


KEYNOTE REPORTS


 

Video of Bruse Schneier's report is available
<http://live.digitaloctober.ru/embed/1201?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> here from
01:00 p.m. The guru of cryptography told about his own security philosophy
that surprised most of visitors. He thinks that law breakers (hackers) may
not only cause harm but be useful as well.

 

Datuk Mohd Noor Amin is the Chairman of the International Multilateral
Partnership Against Cyber Threats (IMPACT), he leads the first United
Nations-backed public-private partnership against cyber threats with UN's
International Telecommunication Union (ITU) as its partner, and with 137
countries as members, IMPACT is also recognized as the world's largest
cybersecurity alliance [
<http://live.digitaloctober.ru/embed/1207?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/enhancing-cybersecurity-readiness-through-
international-cooperation> presentation ENG].

 


TELECOM


 

Report: Sergey Gordeychik. How to hack a telecom and stay alive 2. Owning a
billing [
<http://live.digitaloctober.ru/embed/1207?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/how-to-hack-a-telecom-and-stay-alive-13376
390> presentation ]

 

Where to look for the keys to a technological network? How to obtain the
billings without interfering with the main business of a company? The
speaker answered these questions and shared new illustrative and funny
examples of penetration testing performed for telecommunication networks.

 

Report: Roman Kaplya. Operators' cooperation against fraud[
<http://www.slideshare.net/phdays/ss-13375905> presentation RUS]

 


STATE SECTOR


 

Report: Mikhail Yemelyannikov. Why it is impossible to comply with Russian
private data protection law? [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/152-13376464> presentation RUS]

 

Report: Andrey Fedichev, FSTEK of Russia. Why state secrets leak to the
Internet? [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/ss-13376989> presentation RUS]

 

Report: Alexey Lukatsky. How presidential election in Russia influences
information security market, or Trends in regulations. Video is available
<http://live.digitaloctober.ru/embed/1201?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> herefrom
04:00 p.m [ <http://www.slideshare.net/phdays/ss-13376690> presentation
RUS].

 


NETWORK PROTECTION


 

Report: Vladimir Styran. The truth about the lie. Social engineering for
security experts [
<http://live.digitaloctober.ru/embed/1210?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/ss-13376195> presentation RUS]

 

Hands-on-lab: Andrey Masalovich. Internet competitive intelligence. Video is
available
<http://live.digitaloctober.ru/embed/1203?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> here from
04:08 p.m [ <http://www.slideshare.net/phdays/ss-13376774> presentation
RUS].

 

By using practical examples, participants of the workshop acquired the
skills of using analytical technologies in solving real problems of
competitive intelligence, including methods for rapid detection of
confidential information leaks, fast-detection of open partitions on
servers, methods of penetration on the FTP server without hacking
protection; password leak-detection methods; methods of access to
confidential documents via bypassing DLP; means of penetrating into sections
behind 403 error messages. Techniques were demonstrated on examples of
portals in certainly well-protected companies (such as the leaders of the IT
and IS markets, large state organizations, intelligence, etc.).

 

Hands-on-lab: Dmitry Ryzhavsky. Wireless network security. How your network
was hacked and how it could be avoided [
<http://live.digitaloctober.ru/embed/1205?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/ss-13375770> presentation RUS]

 

In the course of the report the most relevant methods of obtaining
unauthorized access to WiFi-network were considered, and the mechanisms,
proposed by Cisco Unified Wireless Network to protect against the described
attacks, were demonstrated.

 

Hands-on-lab: Nikhil Mittal. Breaking havoc using a Human Interface Device[
<http://live.digitaloctober.ruembed/1211?language=en&params%5Bpw%5D=630&para
ms%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/creating-havoc-using-human-interface-devic
e> presentation]

 

This hands-on-lab focused on a highly dangerous and yet widely neglected
computer security issue - vulnerability of Human Interface Devices (HIDs).

 

Report: Sylvain Munaut. Abusing Calypso phones [
<http://live.digitaloctober.ru/embed/1207?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/abusing-calypso-phones> presentation]

 

Report: Andrei Costin. PostScript: Danger ahead! Hacking MFPs, PCs and
beyond [
<http://live.digitaloctober.ru/embed/1207?language=en&params%5Bpw%5D=630&par
ams%5Bph%5D=355&params%5Bepisodes_under%5D=1&params%5Beh%5D=100> video], [
<http://www.slideshare.net/phdays/postscript-danger-ahead> presentation]

 

Videos of demonstrations: 

 <http://www.youtube.com/watch?v=wnKDpelQAOw&feature=player_detailpage>
http://www.youtube.com/watch?v=wnKDpelQAOw&feature=player_detailpage

 <http://www.youtube.com/watch?v=Sotga17rFUM&feature=player_detailpage>
http://www.youtube.com/watch?v=Sotga17rFUM&feature=player_detailpage

 <http://www.youtube.com/watch?feature=player_detailpage&v=JvrNOEuoIZA>
http://www.youtube.com/watch?feature=player_detailpage&v=JvrNOEuoIZA

 <http://www.youtube.com/watch?v=guyh8mJmmdw&feature=player_detailpage>
http://www.youtube.com/watch?v=guyh8mJmmdw&feature=player_detailpage

 <http://www.youtube.com/watch?v=pTbBzGIk5ok&feature=player_detailpage>
http://www.youtube.com/watch?v=pTbBzGIk5ok&feature=player_detailpage

 <http://www.youtube.com/watch?feature=player_detailpage&v=qiSBVzUFq28>
http://www.youtube.com/watch?feature=player_detailpage&v=qiSBVzUFq28

 <http://www.youtube.com/watch?v=HRmMm9NLWxA&feature=player_detailpage>
http://www.youtube.com/watch?v=HRmMm9NLWxA&feature=player_detailpage

 

Report: Sergey Klevoghin. CEH. Ethical hacking and penetration testing [
<http://live.digitaloctober.ru/embed/1207?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384515
73> video], [ <http://www.slideshare.net/phdays/ss-13376135> presentation
RUS]

 

Visitors of the hands-on-lab learnt typical vulnerabilities of network
protocols, operating systems and applications. The speaker described the
sequence of different types of attacks on computer systems and networks and
made recommendations to strengthen the security of computer systems and
networks Students were immersed in a practical environment, where they saw
how to really hack the system to subsequently be able to anticipate possible
actions of a hacker and successfully resist them.

 

Report: Travis Goodspeed. Exploiting radio noise with packets in packets.
Video is available
<http://live.digitaloctober.ru/embed/1201?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383721
96> here from 03:10 p.m.

 [
<http://www.slideshare.net/phdays/packetinpacket-the-orson-welles-attacks-on
-digital-radio> presentation].

 

This talk showed peculiarities of PIP writing, including working examples
for IEEE 802.15.4 and the Nordic RF low-power radios.

 


SAP, SCADA, ERP


 

Report: Alexey Yudin. ERP as viewed by attackers. Video is available
<http://live.digitaloctober.ru/embed/1202?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383732
58> here from 03:00 p.m.

 [ <http://www.slideshare.net/phdays/erp-13377142> presentation RUS].

 

Report: Evgeniya Shumakher. A lazy way to find out your fellow worker's
salary, or SAP HR security [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384519
55> video], [ <http://www.slideshare.net/phdays/sap-hcm> presentation RUS]

 

Report: Alexander Polyakov. SAP insecurity: the new and the best [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384588
46> video], [ <http://www.slideshare.net/phdays/sap-insecurity-new-and-best>
presentation]

 

This report focused on ten most interesting vulnerabilities of SAP systems
from problems with encryption to bypassing authentication, and from easy
mistakes to sophisticated attack vectors. A large proportion of
vulnerabilities were presented to the public for the first time.

 

Hands-on-lab: Alexey Yudin. DIY SAP security [
<http://live.digitaloctober.ru/embed/1211?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384591
57> video], [ <http://www.slideshare.net/phdays/sap-hands-on-labru>
presentation RUS].

 

Participants of this workshop learnt how to perform security assessment of
SAP R/3 and NetWeaver systems (including application servers and
infrastructure) by means of available tools.

 

Report: Mikhail Afanasyev. SCADA security. Web vector [
<http://www.slideshare.net/phdays/scada-13376048> presentation RUS]

 


WEB SECURITY


 

Hands-on-lab: Vladimir Lepikhin. Web application attacks. The basics. Video
is available
<http://live.digitaloctober.ru/embed/1203?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384661
10> here from 09:00 a.m.[ <http://www.slideshare.net/phdays/web-13376234>
presentation RUS].

 

The mechanisms of attack on web applications, techniques and tools
(specialized scanners, security, utilities, using the results of their work
during manual analysis) used by violators were provided in a systematic
form. Practical examples clearly demonstrated major weaknesses of web
applications that make it possible to conduct attacks, illustrated by the
shortcomings of the means of protection in use and methods to bypass them.

 

Report: Miroslav Štampar. DNS exfiltration using sqlmap [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384619
56> video], [
<http://www.slideshare.net/phdays/dns-exfiltration-using-sqlmap-13376798>
presentation].

 

The speaker represented DNS exfiltration technique using SQL injection,
described its pros and contras, and provided illustrative examples.

 

Report: Vladimir Vorontsov. Attacks against Microsoft network web clients [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384405
38> video], [
<http://www.slideshare.net/phdays/attacks-against-microsoft-network-web-clie
nts> presentation 1], [
<http://www.slideshare.net/phdays/cookie-mechanism-and-attacks-on-webclient>
presentation 2].

 

The report covered methods of attacks on Internet Explorer users functioning
as part of Microsoft networks. The considered attacks are aimed at obtaining
confidential information about users both on remote servers (bypassing
access policy restrictions) and local PCs.

 

Hands-on-lab:  Andres Riancho. Web 2.0 security. Advanced techniques [
<http://live.digitaloctober.ru/embed/1204?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383721
96> video], [
<http://www.slideshare.net/phdays/andres-riancho-advanced-web-20-security>
presentation]

 

The hand-on-lab covered protection techniques against attacks exploiting XML
and HPP/HPC, as well as Click Jacking and Session Puzzling.

 

Report:  Sergey Scherbel. Not all PHP implementations are equally useful.
Video is available
<http://live.digitaloctober.ru/embed/1202?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383732
58> here from 04:00 p.m. [
<http://www.slideshare.net/phdays/andres-riancho-advanced-web-20-security>
presentation].

 

The reporter considered detected security problems and operational features
of Web applications using third-party implementations of PHP and gave
examples of 0-day vulnerabilities. 

 

Report:  Sergey Scherbel. Not all PHP implementations are equally useful.
Video is available
<http://live.digitaloctober.ru/embed/1202?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383732
58> here from 04:00 p.m, [
<http://www.slideshare.net/phdays/naxsi-an-open-source-waf-for-nginx>
presentation]

 

Report:  Aleksey Moskvin. On secure application of PHP wrappers [
<http://live.digitaloctober.ru/embed/1210?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384479
70> video], [ <http://www.slideshare.net/phdays/php-wrappers> presentation
RUS].

 

Videos of demonstrations:

 

 <http://www.youtube.com/watch?feature=player_detailpage&v=rkgPFIGofYs>
http://www.youtube.com/watch?feature=player_detailpage&v=rkgPFIGofYs

 <http://www.youtube.com/watch?feature=player_detailpage&v=J5HTTxuuu3o>
http://www.youtube.com/watch?feature=player_detailpage&v=J5HTTxuuu3o

 

Report:  Vladimir Kochetkov. Hack an ASP.NET site? It is difficult, but
possible! [
<http://live.digitaloctober.ru/embed/1210?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384692
92> video], [ <http://www.slideshare.net/phdays/to-hack-an-asp-net-website>
presentation]

 

The reporter presented examples of new 0 day attacks and possible
exploitation techniques including a brand new type of Code Injection.

 


MOBILE SECURITY


 

Hands-on-lab:  Manish Chasta. Securing Android applications [
<http://live.digitaloctober.ru/embed/1205?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383732
58> video], [
<http://www.slideshare.net/phdays/manish-chasta-securing-android-application
s> presentation 1], [
<http://www.slideshare.net/phdays/manish-chasta-android-forensics>
presentation 2]

 

The talk briefed the audience on the techniques of discovering and
mitigating vulnerabilities in any Android Mobile Application. In addition to
this, the presentation covered Android rooting, SQLite database analysis,
ADB and mobile server related threats. The audience also learnt about the
proposed OWASP Top 10 for mobile applications.

 

Report:  Marcus Niemietz. Hijacking attacks on Android devices [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384446
37> video], [
<http://www.slideshare.net/phdays/hijacking-attacks-on-android-device-s>
presentation]

 

Hands-on-lab:  Sergey Nevstruev. Practicalities of Mobile Security [
<http://live.digitaloctober.ru/embed/1209?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384655
95> video], [ <http://www.slideshare.net/phdays/ss-13376886> presentation
RUS]

 

Report: Artyom Chaikin. Mobile device troyan in action [
<http://www.slideshare.net/phdays/inaction-13375694> presentation RUS]

Videos of demonstrations: the
<http://www.youtube.com/watch?feature=player_detailpage&v=D3mGh5l7zbU> first
and the
<http://www.youtube.com/watch?feature=player_detailpage&v=D3mGh5l7zbU>
second.

 


BOTNETS CONTROL


 

Report:  Maria Garnayeva. The techniques of putting a spoke in botmasters'
wheels: the Kelihos botnet. Video is available
<http://live.digitaloctober.ru/embed/1201?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383721
96> here from 09:10 a.m. [ <http://www.slideshare.net/phdays/kelihos>
presentation RUS].

 

Report: Alexander Lyamin. DDoS Surveillance HowTo. Part 2. Video is
available
<http://live.digitaloctober.ru/embed/1203?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384661
10> here from 05:03 p.m.  [
<http://www.slideshare.net/phdays/ddos-practical-survival> presentation].

 

Report:  Fyodor Yarochkin and Vladimir Kropotov. Life cycle and detection of
bot infections through network traffic analysis [
<http://live.digitaloctober.ru/embed/1207?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384626
76> video], [
<http://www.slideshare.net/phdays/life-cycle-and-detection-of-bot-infections
-through-network-traffic-analysis> presentation]

 

Hands-on-lab:  Pierre-Marc Bureau. Win32/Georbot. Understanding and
automated analysis of a malware [
<http://live.digitaloctober.ru/embed/1204?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383542
90> video], [
<http://www.slideshare.net/phdays/technical-workshop-win32georbot-analysis>
presentation]. 

 

It is the first hands-on-lab in the world related to this botnet.

 


ISSUES OF PASSWORD PROTECTION


 

Report:  Alexey Zhukov. Lightweight cryptography: resource-undemanding and
attack-resistant. Video is available
<http://live.digitaloctober.ru/embed/1202?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383732
58> here from 12:00 p.m. [ <http://www.slideshare.net/phdays/ss-13376519>
presentation RUS].

 

Report:  Dmitry Sklyarov and Andrey Belenko. Secure password managers and
military-grade encryption for smartphone: Huh, really? Video is available
<http://live.digitaloctober.ru/embed/1201?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383721
96> here from 10:15 a.m [
<http://www.slideshare.net/phdays/secure-password-managers-and-militarygrade
-encryption-on-smartphones-oh-really-13376371> presentation].

 

Report:  Alexander (Solar Designer) Peslyak. Password security: past,
present, future [
<http://live.digitaloctober.ru/embed/1207?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384583
70> video], [
<http://www.slideshare.net/phdays/password-security-past-present-future>
presentation].

 

The report addressed the issues of password protection in a historical
perspective, as well as the prospects of authentication technologies in the
near future.

 

Report:  Benjamin Delpy. Mimikatz to restore passwords for Windows 8 [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384552
97> video] , [ <http://www.slideshare.net/phdays/mimikatz> presentation]

 


HACKERS AND MONEY


 

Report:  Aleksandr Matrosov and Eugene Rodionov. Smartcard vulnerabilities
in modern banking malware. Video is available
<http://live.digitaloctober.ru/embed/1202?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383732
58> here from 11:07 a.m. [
<http://www.slideshare.net/phdays/smartcard-vulnerabilities-in-modern-bankin
g-malwaremalware> presentation].

 

The speakers described the study of the most common banking malware, as well
as the discovery of interesting vulnerabilities by using two-factor
authentication and smart cards. The report also covered techniques and
tricks used by hackers to conduct anti-forensics.

 

Report:  Micha Borrmann. Paying with credit cards in the Internet can result
in headache [
<http://live.digitaloctober.ru/embed/1210?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384620
04> video], [
<http://www.slideshare.net/phdays/guessing-cvv-spoong-payment-and-experience
s-with-fraud-detection-systems> presentation]

 

Report: Nikita Shvetsov. Three new stories about attacks on remote banking
systems [ <http://www.slideshare.net/phdays/ss-13376149> presentation].

 

Report: Dmitry Kuznetsov. Payment application security [
<http://www.slideshare.net/phdays/ss-13376659> presentation].

 


PRACTICAL SECURITY


 

Hands-on-lab:  Boris Ryutin. Security without antivirus software [
<http://live.digitaloctober.ru/embed/1209?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384401
39> video].

 

Presentations: [ <http://www.slideshare.net/phdays/1-13377204> first ], [
<http://www.slideshare.net/phdays/2-13377205> second], [
<http://www.slideshare.net/phdays/3-13377203> third], [
<http://www.slideshare.net/phdays/4-13377206> fourth] (RUS).

 

The participants of this four-hour master class got basic knowledge of
detecting Trojans in OS, learnt most recent Trojan development techniques
for Windows (SpyEye, Carberp, Duqu), considered Trojans for Android and got
acquainted with actual exploits (PDF, Java).

 

Report:  Dmirty Evdokimov. Light and dark side of code instrumentation [
<http://live.digitaloctober.ru/embed/1210?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384657
82> video], [
<http://www.slideshare.net/phdays/light-and-dark-side-of-code-instrumentatio
n> presentation]

 

The reporter told about methods of instrumentation (Source Code
Instrumentation, Bytecode Instrumentation, Binary Code Instrumentation).

 

Report:  Nikita Tarakanov and Alexander Bazhanyuk. Automated vulnerability
detection tool. Video is available
<http://live.digitaloctober.ru/embed/1202?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383732
58> here from 05:00 p.m. [
<http://www.slideshare.net/phdays/the-system-of-automatic-searching-for-vuln
erabilities-or-how-to-use-taint-analysis-to-find-vulnerabilities>
presentation].

 

Report:  Igor Kotenko. Program agent cyberwars [
<http://live.digitaloctober.ru/embed/1210?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384404
19> video], [ <http://www.slideshare.net/phdays/ss-13375923> presentation
RUS]

 

Report:  Ulrich Fleck and Martin Eiszner. From 0-day to APT in terms of
favorite framework [
<http://live.digitaloctober.ru/embed/1210?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384511
80> video] , [ <http://www.slideshare.net/phdays/apts-and-other-stuff>
presentation 1], [
<http://www.slideshare.net/phdays/where-the-money-is-security-of-cbs>
presentation 2]

 

Report: Alexey Lafitsky. Defense of industrial control systems - a factor of
mankind survival [ <http://www.slideshare.net/phdays/ss-13375621>
presentation RUS]

 

Report: Alexey Sintsov. How to hack VMWare vCenter in 60 seconds[
<http://www.slideshare.net/phdays/how-to-hack-vmware-vcenter-server-in-60-se
conds> presentation]

 


ANONYMOUS AND LULZ


 

Report:  Jerry Gamblin. What we can (and should) learn from LulzSec [
<http://live.digitaloctober.ru/embed/1208?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13384692
33> video], [
<http://www.slideshare.net/phdays/what-we-can-learn-from-lulzsec>
presentation].

 

Report:  Haythem El Mir. How Tunisia resisted attacks by Anonymous. Video is
available
<http://live.digitaloctober.ru/embed/1202?language=en&params%5bpw%5d=630&par
ams%5bph%5d=355&params%5bepisodes_under%5d=1&params%5beh%5d=100#time13383732
58> here from 02:10 p.m. [
<http://www.slideshare.net/phdays/anonymous-attacks-on-tunisian-government>
presentation ENG].

 

Other topics

 

Report: Evgeny Tsarev. Fraud prevention the way it is done in Russia[
<http://www.slideshare.net/phdays/ss-13377014> presentation RUS]

 

Report: Vasily Pimenov. Application of quantitative risk assessment against
fraud in communication network [
<http://www.slideshare.net/phdays/ss-13376906> presentation RUS]

 

Report: Konstantin Mytkin. Smart technologies. Developer's point of view[
<http://www.slideshare.net/phdays/ss-13376862> presentation RUS]

 

Report: Alexandr Dorofeev. Social engineering technologies - is it difficult
to "hack" people? [ <http://www.slideshare.net/phdays/ss-13375823>
presentation 1 RUS], [ <http://www.slideshare.net/phdays/ss-13375853>
presentation 2 RUS]

 

Round table: Dmitry Ershov. Human resources. Assembly instruction[
<http://www.slideshare.net/phdays/ss-13376491> presentation RUS]

 

P.S. All presentations are available on
<http://www.slideshare.net/phdays/presentations> SlideShare.

You may learn how it was going on in Twitter making use of our hashtag
#PHDays.

 


Content of type "text/html" skipped

Download attachment "smime.p7s" of type "application/pkcs7-signature" (6595 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ