Proceedings of the conference "ZeroNights" 0x01

This post is designed to collect all the materials (priority presentation) of the ZeroNights conference held on November 25 in St. Petersburg, before their “official” publication on the conference website (for whom it is unbearable, and may help the organizers). It is useful to those who were not, and those who want to once again review / re-read the materials.

- all presentations in upd 2 ---

')

I would very much like to thank the Bitworks company , where I work not so long ago, but which sent me to this conference at my own expense — from snowy Siberia to rainy Petersburg.

Track # 1

1. Markus Niemiec - “UI Redressing and Clickjacking: about data theft and fraudulent clicks”

UI Redressing: Attacks and Countermeasures Revisited. (pdf)



2. The report by Jonathan Brossar “Analysis of memory after it was damaged.” Was replaced by a report on SCADA systems, unfortunately not present at it (I don’t even know exactly what to look for).



3. Alexey Sintsov - “Where is the money?”



4. Fedor Yarochkin - “Analysis of illegal Internet activities”

[video 0.37 min] [video 20.01 min] [video 9.38 min]



5. Philip Langlois - “The dangers of 3G and LTE: from radio to network core and protocols.”

Get to know the kingdom of the kingdom garden. (pdf)



6. Dmitry Schelkunov, Vasily Bukasov - “On practical deobfuscation”





7. Anton Bolshakov - “United anti-crime. Open source. "



8. Nikita Tarakanov - “Kernel Pool Overflow: from Windows XP to Windows 8”

You can read here



9. Ivan Medvedev - “Software for SDL (Security Development Lifecycle)”

Track # 2

1. Alexey Lukatsky - “Boston matrix of cybercrime or what is the business model of a modern hacker?”

[ video 2.35 min ]



2. Alexander Matrosov, Evgeny Rodionov - “Modern trends in the development of malware for RBS systems”





3. Andrei Beshkov - “Behind the scenes of Windows Update. From vulnerability to patch. ”



4. Sergey Gordeychik - “How to hack a telecom and stay alive”



( English version )



5. Vladimir Vorontsov - “Vulnerabilities in HTTP response splitting, header injection, and cache infection: back into service”

FASTTRACK

#Aleksandr Polyakov - "Do not touch, otherwise it will fall apart: hacking of business applications in extreme conditions"



# Nikita Abdullin - “Methods of the study of embedded MIPS devices on the example of DrayTek SOHO routers”



# Dmitry Chastukhin - "Practical attacks on Internet kiosks and payment terminals"



#Andrey Labunets - “Methods of tracing network traffic to search for vulnerabilities”





#Dmitry „D1g1“ Evdokimov - “DBI: Intro”



Artyom Shishkin - “The method of intercepting print by modifying Windows GDI”



# Alexey Krasnov - “We all learned a little, something, and something”

[video 9.00 min]



# Maxim Sukhanov - “Fraud in the RBS systems: problems arising in the production of judicial computer-technical expertise”



#Alexander Matrosov, Evgeny Rodionov - “Win32 / Duqu: the involution of the Stuxnet worm”





#Vladimir kropotov - “The evolution of a drive-by-download attack before and after the publication of vulnerabilities through the eyes of an information security analyst.”



# Denis Baranov - “Root through XSS”





Evening 0day:

Alexander Polyakov - [video 6.54 min]



A short video, as it was:





A little photo, as it was: picasaweb.google.com/106780973074407646953/ZeroNights2011



=== I personally advise Fedor Yarochkin's performance, very sensible and interesting ===



PS The post will be updated. In the comments we leave the links to the materials (I saw the way, some shot the video, will also be necessary) and I will immediately add them to the post.



UPD: Added the presentation "Methods for tracing network traffic to search for vulnerabilities"

UPD2: All presentations by tag - www.slideshare.net/DefconRussia/tag/zeronights-2011