ZeroNights. Less than 2 weeks left

A little less than 2 weeks are left before the grand event - the international conference on the latest methods of hacking and protection - ZeroNights 2011. The organizers are ready to present an almost complete program. Why practically? Because, as usual, there are still trumps in stock.

Reports

The slogan "ZeroNights - Hack All" is confirmed primarily by reports that cover almost all areas of hacking and protection against deep-level deobfuscation techniques and exploitation of vulnerabilities like "Memory corruption" and "kernel pool" and "Response Splitting" before attacks on ERP systems and rabo. From cybercrime analysis and specialized Trojans to building a secure software development cycle.
Here is almost the entire list of speakers from the main program:

• Fedor Yarochkin (Taiwan, Amorize), "Analysis of illegal Internet activities";
• Ivan Medvedev (USA, Microsoft), "Software for SDL";
• Jonathan Brossard (Australia, Toucan Systems), “Memory Analysis After It Is Damaged”;
• Markus Niemiec (Germany), UI Redressing and Clickjacking: data theft and fraudulent clicks;
• Alexey Lukatsky (Russia, Cisco), “The Boston matrix of cybercrime or what is the business model of a modern hacker?”;
• Alexey Sintsov (Russia, Digital Security), “Where is the money?”;
• Alexander Matrosov, Evgeny Rodionov (Russia, ESET), “Modern trends in the development of malware for RBS systems”;
• Andrey Beshkov (Russia, Microsoft), “Behind the Scenes of Windows Update. From vulnerability to patch ";
• Sergey Gordeychik (Russia, Positive Technologies), “How to hack a telecom and stay alive”;
• Vladimir Vorontsov (Russia, ONSEC), "Vulnerabilities in HTTP response splitting, header injection, and cache infection: back into the ranks";
• Dmitry Schelkunov, Vasily Bukasov (Russia, LETA), “On Practical De-Fuscation”;
• Nikita Tarakanov (Russia, CISS), “Kernel Pool Overflow: from Windows XP to Windows 8
• Anton Bolshakov (Singapore, Security-Assessment.com (New Zealand)), “Combined anti-crime. Open systems;

Fasttrack

In addition to the main program, we will also have FastTrack - a section of short and no less interesting, and somewhere even more intriguing reports on live examples of hacking of both Internet kiosks and home routers, and corporate business applications. In addition, progressive methods of searching for vulnerabilities will be described, such as dynamic binary analysis (DBI) and network traffic tracing, and much more, including reports from well-known representatives of the Russian IB tusovka with yet-classified topics.

• Alexander Polyakov (Digital Security), "Do not touch, and then it will fall apart: hacking business applications in extreme conditions";
• Dmitry Chastukhin (SPbGPU), "Practical attacks on Internet kiosks and payment terminals";
• Nikita Abdulin (St. Petersburg State Polytechnical University), “Methods for the study of embedded MIPS devices using the example of DrayTek SOHO routers”;
• Alexey Krasnov, "We all learned a little bit, something and somehow";
• Artyom Shishkin, "The method of intercepting print by modifying Windows GDI";
• Andrei Labunets (Tomsk State University, DSecRG), "Methods of tracing network traffic to search for vulnerabilities";
• Denis Baranov (Positive Technologies), “Root via XSS”;
• Dmitry "D1g1" Evdokimov (SPbGPU), "Basics of DBI (Dynamic Binary Instrumentation)";
• Alexander Matrosov (ESET), “Win32 / Duqu: the Stuxnet worm involution”;
• Vladimir Kropotov (TBinform), “The evolution of Drive-By-Download attack before and after publishing vulnerabilities through the eyes of an information security analyst”;
• Maxim Sukhanov (Group-Ib), “Fraud in the RBS systems: problems arising in the production of forensic computer-technical expertise”;
• Anton “TOXA” Karpov (Yandex) - TBA;
• Nikita Kislycin (XAKEP) - TBA;
• Arkanoid - TBA.

Round table

In addition to the main program, at the very end guests will have a round table devoted to the issues of disclosing information about vulnerabilities. Full against partial, against disclosure for money, as well as a simple hack for the idea or for fun. Who is right, who is wrong and what is best for the industry? Experts who support different points of view and are on different sides of the barricades will lead a heated discussion, in which each participant will be able to participate. Alexey Sintsov, Alexander Polyakov, Anton Karpov, Fyodor Yarochkin and Ivan Medvedev will act as experts, Ilya Medvedovsky will lead the round table.

0-day demonstrations

And that is not all! In conclusion, the program will be held a unique event - "Time ZeroNight". For 30 minutes in total darkness, under the light of the projector, the latest 0-day and 1-day vulnerabilities in popular software will be demonstrated.
The following applications are in the preliminary list so far:

• 1C Enterprise;
• Google documents;
• SAP NetWeaver;
• Bitrix CMS;
• In contact with;
• Microsoft Windows.

Get ready! It will be an unforgettable sight!
')

Contests

And, of course, not without contests.
First of all, this is a contest from our partners Yandex for the best vulnerability with a prize pool of $ 5000.
Secondly, this is a contest from Digital Security - “Hack SCADA”. The conference will feature a real stand of an industrial controller with a terminal in which it will be necessary to detect a vulnerability. The unique prize for this competition is practically SCADA – controlled all-terrain vehicle with a camera, controlled via Wi-Fi from iPhone.
Another contest from Digital Security is “Hack SAP”. The competitor will be asked to detect the vulnerability in the SAP NetWeaver Java engine 7.02 and demonstrate it. For the best vulnerability - the Amazon Kindle 3G prize.
For those who like to work with their hands - Lockpeek – stand - with many small prizes. The main prize for the fastest hacking is a racing car controlled from an iPhone or Android.
And, of course, hardcore contests from our partners:

• “Hack me if you can” from ESET;
• Oderer Hunter, from Esage Labs;
• "King of the Mountain" from ONSEC.

When and where?

Hurry up to take part in this unique event and raise the Russian information security industry to a new level. We are waiting for you all on November 25 at the address: St. Petersburg, ul. Tukhachevsky, 27/2, Club "Katovsky".
Follow the news and do not forget to pay for the tickets in advance. Purchase tickets at the entrance will not be carried out, unfortunately.
All the details you can find on the conference website: www.zeronights.ru

Credits

I would like to say thanks to Yandex, with the participation of which the conference is taking place, to our sponsors - ESET, Gazinformservice, Group-IB, MASKOM for support, as well as to our media partners for advertising assistance - Hacker magazine and many others.