Visit Report Russian DEFCON Group
Good afternoon, dear habrayuzyra.
One glorious day (06/15/11) the first meeting of the newly formed group DEFCON-Russia DCG-7812 took place in the city of St. Petersburg, and I really want to share some information about the group itself (format, composition, future) and reports (and their already there were 3 pieces at once!) presented on it.
In general, DEFCON is the world's largest hacker gathering, held every year in Las Vegas, Nevada. The first DEF CON was held in June 1993. In 2006, approximately 6,500 visitors gathered at DEFCON.
Most students at DEFCON are computer security professionals, journalists, lawyers, federal government officials, crackers and hackers with a core interest in computer programs and computer architecture. Well, the more you can read on the same wiki ( rus , eng .).
Naturally, once a year - this is too little, too rare, and only in the United States, but the scene must live! That is why the first groups were organized around the world. Requirements - a place where you can gather, and topics for discussion, that's all!
It was this group that was created in St. Petersburg (code number 7 - the international telephone code of Russia + 812 - the telephone code of St. Petersburg), with all certainty we can say that this group is the first in Russia (there is one created in Kaliningrad (VKontakte) but alas, it was officially created later than St. Petersburg, not very active, and indeed nuff said). If you are still interested, then welcome under cat.
The event was held in the lecture hall of the Forestry Academy (Institutsky lane, 5, room 2), for which many thanks to them, although there were some overlays with equipment at the beginning (the projector was buggy).
The group was created, and the first meeting was organized by several people (mostly DigitalSecurity employees), among which it is worth noting Alexey Sintsov (twi) , who conducted this meeting. The meeting began with his opening speech and presentation, the name of which speaks for itself (WTF? Or what is the secret meaning ...). Fundamental aspects of the group were presented, such as:
The principles are quite good, the main thing is that they do not remain the lot of a small number of people.
Well, further topics were identified that are of interest to the group (nothing surprising here, the standard circle of interests of the IT community):
Well, the main goals and directions of the group were determined, then the immediate work of the group began - the presentation of reports and their most active discussion.
To retell the content of the work, it seems to me, it makes no sense, so I will give only a brief description of each of the reports.
')
To be honest, at first I was a little scared by kononencheg , Kononenko Sergey, who was telling the general principles of robot building, comparing the information model of the feedback action with weighing chunks to children when learning o_0. A very interesting report, but people who have studied automatic control systems at least a little would not discover anything new (but this is an excellent reason to refresh some facts in memory). According to the organizers, this topic was proposed as a report in order to show the unlimitedness of the group only by the “hack”, because for someone the system analysis is a new, fascinating and very interesting area. Spoiler - at the next meeting they promise lock picking .
The author is Alexey Sintsov, the presentation is posted on the group website, both in Russian and in English. The work is quite interesting, it tells that the administrator should not only think about deaf protection, but also counterattack. As a visual example, the site of the group was given, which contains a field for input. If you try to make malicious input (quotes, etc.), then a suggestion about loading a Java applet pops up, without which the admin panel will not load. After downloading the applet, the administrator was informed of certain information about the attacker. There were some very interesting results.
The author - chipik , Chastuhin Dmitry. In this paper, several vectors of attacks on a well-known service from Yandex were presented, such as flooding with tags and creating traffic jams. The details of the implementation were not given due to the fact that the author gave Yandex programmers a certain time so that they would close the found vulnerabilities in the communication protocols of the mobile device and servers. But I trust the author, I know him personally, he is not deceiving and in fact broke the defense, and did not show off in front of the audience without certain details)
In general, this is where the first meeting of DCG # 7812 ended, the impressions were only positive, the communication options were offered not only offline, but also online (forum, googlegroup, ...), in general, so that people would not get lost, but instead call friends to the next meeting While certain dates, dates, there is no place yet, everything will appear on the site.
PS By the way, all presentations are posted on the group website .
UPD: I think it’s worth sending questions and suggestions to the organizers, soap - dookie@inbox.ru, Alexey Sintsov.
One glorious day (06/15/11) the first meeting of the newly formed group DEFCON-Russia DCG-7812 took place in the city of St. Petersburg, and I really want to share some information about the group itself (format, composition, future) and reports (and their already there were 3 pieces at once!) presented on it.
What is it all about?
In general, DEFCON is the world's largest hacker gathering, held every year in Las Vegas, Nevada. The first DEF CON was held in June 1993. In 2006, approximately 6,500 visitors gathered at DEFCON.
Most students at DEFCON are computer security professionals, journalists, lawyers, federal government officials, crackers and hackers with a core interest in computer programs and computer architecture. Well, the more you can read on the same wiki ( rus , eng .).
Naturally, once a year - this is too little, too rare, and only in the United States, but the scene must live! That is why the first groups were organized around the world. Requirements - a place where you can gather, and topics for discussion, that's all!
It was this group that was created in St. Petersburg (code number 7 - the international telephone code of Russia + 812 - the telephone code of St. Petersburg), with all certainty we can say that this group is the first in Russia (there is one created in Kaliningrad (VKontakte) but alas, it was officially created later than St. Petersburg, not very active, and indeed nuff said). If you are still interested, then welcome under cat.
Organization
The event was held in the lecture hall of the Forestry Academy (Institutsky lane, 5, room 2), for which many thanks to them, although there were some overlays with equipment at the beginning (the projector was buggy).
The group was created, and the first meeting was organized by several people (mostly DigitalSecurity employees), among which it is worth noting Alexey Sintsov (twi) , who conducted this meeting. The meeting began with his opening speech and presentation, the name of which speaks for itself (WTF? Or what is the secret meaning ...). Fundamental aspects of the group were presented, such as:
- People, not companies!
- Ideas, not ads!
- Communication, not trolling
- Development, not degradation
- Action, motion and rock and roll 8)
The principles are quite good, the main thing is that they do not remain the lot of a small number of people.
Well, further topics were identified that are of interest to the group (nothing surprising here, the standard circle of interests of the IT community):
- Vulnerability - search, exploitation. techniques, methods, protection
- Exploits - development, protection
- WEB (2.0) - attacks, defense
- Banks - EDS, theft of accounts, protection, attacks?
- State Institutions - how much are we protected there?
- Penetration tests - experience, history, technology
- Organization of protection - OS, application software, complex networks and systems, experience
- Programming - Algorithms, Languages
- Robotics - technology, weaknesses, protection
- New technologies and projects - ideas, weak points
- Much more - everything related to IT or Security
Well, the main goals and directions of the group were determined, then the immediate work of the group began - the presentation of reports and their most active discussion.
To retell the content of the work, it seems to me, it makes no sense, so I will give only a brief description of each of the reports.
')
1. Robots
To be honest, at first I was a little scared by kononencheg , Kononenko Sergey, who was telling the general principles of robot building, comparing the information model of the feedback action with weighing chunks to children when learning o_0. A very interesting report, but people who have studied automatic control systems at least a little would not discover anything new (but this is an excellent reason to refresh some facts in memory). According to the organizers, this topic was proposed as a report in order to show the unlimitedness of the group only by the “hack”, because for someone the system analysis is a new, fascinating and very interesting area. Spoiler - at the next meeting they promise lock picking .
2. Aggression on the side of ow
The author is Alexey Sintsov, the presentation is posted on the group website, both in Russian and in English. The work is quite interesting, it tells that the administrator should not only think about deaf protection, but also counterattack. As a visual example, the site of the group was given, which contains a field for input. If you try to make malicious input (quotes, etc.), then a suggestion about loading a Java applet pops up, without which the admin panel will not load. After downloading the applet, the administrator was informed of certain information about the attacker. There were some very interesting results.
3. We play with Yandex-cards
The author - chipik , Chastuhin Dmitry. In this paper, several vectors of attacks on a well-known service from Yandex were presented, such as flooding with tags and creating traffic jams. The details of the implementation were not given due to the fact that the author gave Yandex programmers a certain time so that they would close the found vulnerabilities in the communication protocols of the mobile device and servers. But I trust the author, I know him personally, he is not deceiving and in fact broke the defense, and did not show off in front of the audience without certain details)
the end
In general, this is where the first meeting of DCG # 7812 ended, the impressions were only positive, the communication options were offered not only offline, but also online (forum, googlegroup, ...), in general, so that people would not get lost, but instead call friends to the next meeting While certain dates, dates, there is no place yet, everything will appear on the site.
PS By the way, all presentations are posted on the group website .
A word to the organizers (Alexey Sintsov)
“Creating a group, I didn’t know what would happen and how it would float, because the essence of such a group is communication on those topics that worry IT, information security specialists and, more importantly, future specialists: I would like students who are interested in IT security is interesting involved in the life of the group. Naturally, there are also IT / IS professionals in the group’s life, and not only from St. Petersburg. It is especially nice that the guys from Moscow have responded, and we are waiting for them to visit, perhaps already at the meeting next month. In any case, after the first meeting I received very pleasant impressions, because I saw the feedback and the desire of people to do something - and this is the main thing. Thanks you!"
UPD: I think it’s worth sending questions and suggestions to the organizers, soap - dookie@inbox.ru, Alexey Sintsov.
Source: https://habr.com/ru/post/122107/
All Articles