PHDays 2012 Master Classes: From Wi-Fi Network Protection to SAP and Web 2.0 Security
Is it possible to hack a computer with a mouse, keyboard or printer? How secure is Android? What should an ethical hacker know? Is it difficult to catch a cybercriminal? is HTML5 safe? You can guess about everything about it - or you can participate in the Hands-on Lab at the Positive Hack Days 2012 forum and get answers to all these questions.
The master class will cover protection techniques against attacks using XML, HPP / HPC, as well as attacks such as Click Jacking and Session Puzzling.
Moderator: Andrés Riancho - information security researcher, web application security specialist. He is currently leading three closely related projects: developing a security scanner for NeXpose web applications, developing a free w3af software product, and managing a team of qualified penetration testing experts for web applications at Bonsai.
')
Andres' area of ​​expertise: web application security, Python, bypassing intrusion prevention systems, network technologies, general information security research, software development, Agile, Scrum methodologies, the role of Product Owner, SAP systems research.
Additional materials
To participate in the master class, you need a laptop with the VMware Player program installed, at least 2 GB of RAM, 20 GB of free hard disk space.
Participants in this workshop will learn how to conduct basic security analysis of SAP R / 3 and NetWeaver systems (including application servers and infrastructure) using the available tools.
The following topics will be covered:
Moderator: Alexey Yudin - Head of Database and Business Applications Security at Positive Technologies. In 2003, he graduated from Moscow State University of Forest (specialty “Applied Mathematics”). From 2002 to 2005 he held the position of engineer (sector head) at FSUE NIITP. In 2005-2006, he was an analyst at NPC Informzaschita CJSC.
The main activity of Alexey is the security of databases and business applications; He is involved in conducting large-scale audits and penetration tests, as well as in the design and implementation of security systems.
This master class will discuss a very important, but universally ignored aspect of computer security - the vulnerability of devices designed to interact with a human being (Human Interface Devices, HID). Using Teensy's HID devices, Nikhil will demonstrate how you can effortlessly crack an operating system using the property of modern OSs to perceive input devices as safe by default. It will also discuss the use of Teensy for keyboard emulation.
In addition, the master class participants will be presented with a package of Kautilya tools, designed to facilitate the work of experts during penetration testing. This package contains convenient, easily customizable tools, and the user of the package does not even need to program.
The master class will include many demonstrations.
Host: Nikhil Mittal is an Indian hacker, researcher and enthusiast who actively participates in the development of information security. His areas of interest include the study of attacks and defense strategies, the study of the results of hacking. For more than three years, he has been conducting penetration tests for government organizations in India, and at the moment his services are used by large international corporations.
Nikhil specializes in assessing the security of information systems; This requires a non-standard approach to finding new attack vectors and fresh defense solutions. In addition, he developed the Kautilya toolkit, which allows the use of a Teensy HID device during penetration tests.
Additional materials
A laptop with VMware Player installed, at least 2 GB of RAM, 20 GB of free hard disk space, and Teensy ++ 2.0 (the number of devices provided by the organizers is limited).
The four-hour master class, whose participants will acquire basic skills for detecting Trojans in the operating system, learn the latest technologies for developing Trojans for Windows (SpyEye, Carberp, Duqu), review Trojans for Android, and get familiar with the analysis of actual exploits (PDF, Java) .
Presenter - Boris Ryutin . He graduated from the Faculty of Rocket and Space Technology BSTU "Voenmech" them. D. F. Ustinov in 2009 (specialty "Flight dynamics and motion control of aircraft"). He worked as an engineer at the FSUE "Design Bureau of Mechanical Engineering." Currently an analyst for Esage Lab's malicious code.
The report will systematically present the mechanisms for implementing attacks against web applications, tricks and tools of intruders (specialized security scanners, utilities, using the results of their work in the course of manual analysis). Practical examples will demonstrate the main weaknesses of web applications that make it possible to conduct attacks, will illustrate the shortcomings of the security tools used and workarounds.
The speaker will consider both simple, well-known vulnerabilities, and more interesting cases. In addition to attacks aimed at vulnerable web applications themselves, possible uses of these applications during an attack on other systems will be analyzed.
Presenter - Vladimir Lepikhin. Since 1999, Vladimir has been working at the Informzaschita Training Center, coordinating the Network Security direction. Participated in the development of many of the author's courses of the training center. Specializes in network attack detection and security analysis. For a long time, he read and adapted authorized courses by Internet Security Systems - in the recent past, the leader in the attack detection and security analysis industry. Currently continues to engage in training for the same product line, but already "under the wing" of IBM. Takes an active part in the development of authorized training on Positive Technologies products. Regularly participates in conferences and forums on information security.
Additional materials
Laptop with installed VMware Player, at least 2 GB of RAM, 20 GB of free hard disk space.
Master class participants will become familiar with typical vulnerabilities of network protocols, operating systems and applications. In the course of her presentation, the moderator will describe the sequence of various types of attacks on computer systems and networks, and also give recommendations on how to strengthen their security. Listeners will be immersed in a practical environment and will see how to really hack the system, in order to subsequently predict the hacker's actions and successfully resist them.
Moderator: Sergey Pavlovich Klevogin is a unique specialist in computer network security. The first in Russia to receive the status of a certified ethical hacker (Certified Ethical Hacker, CEH). Microsoft certified security engineer, SCP security professional and cryptographic information security instructor for CryptoPro.
Sergei Pavlovich served as a programmer at the Ministry of Defense of the Russian Federation, information security specialist at the Central Bank of the Russian Federation, and head of the information technology department at a commercial bank. He taught at the Moscow Institute of Economics and Statistics, collaborates with the training center "Specialist". The most valuable experience of Sergey Pavlovich testifies not only to the professional development of IT products and principles, but also to a deep understanding of the interrelation of business processes with information technologies.
Additional materials
Laptop with installed VMware Player, at least 2 GB of RAM, 20 GB of free hard disk space.
The report will briefly highlight techniques for detecting and fixing vulnerabilities in Android Mobile applications. Vulnerability detection techniques include reverse engineering, memory analysis and HTTP traffic. In addition, the presentation will cover issues of obtaining administrator rights for devices running on the Android platform (Android rooting), analyzing SQLite databases, using the Android Debug Bridge package (ADB) and threats associated with a mobile server. The list of ten most dangerous threats for mobile applications, published by the Open Web Application Security Project (OWASP) community, will also be presented to the listeners.
Moderator: Manish Chasta is a leading information security consultant with six years of experience. His main field of activity is the security of mobile and web applications. Regulated pre-sale preparation processes for various clients, oversaw and implemented numerous projects on application security and safety assessment in various areas, including banking, insurance, trade, financial, as well as in the field of Internet commerce, customer relationship management and healthcare . Conducted classes on application security and ethical hacking.
The master class is dedicated to investigating incidents involving unauthorized access to Internet resources. The host will introduce students to a psychological portrait of a modern hacker and talk about the types of intruders. The process of working on the incident will be considered: from detecting traces of malicious actions and responding to burglary signals to searching for an intruder in collaboration with law enforcement agencies. In addition, listeners waiting for a fascinating story about real security incidents.
Moderator: Sergey Sergeevich Lozhkin - specialist of the Echelon Training Center.
Additional materials
Laptop with installed VMware Player, at least 2 GB of RAM, 20 GB of free hard disk space.
Nowadays, all enterprise-class Wi-Fi equipment manufacturers offer customers a wide range of protection against attacks and intruders. To effectively use such tools, it is not enough for an administrator to simply read the documentation. The enemy must be known in person, and various means of protection help to detect or warn only some very well-defined attacks from among those that are in the arsenal of a trained attacker. The purpose of this report is to give listeners the opportunity to look at the issues of wireless network protection both in the eyes of a hacker and in the eyes of a system administrator.
During the presentation, the most relevant methods of obtaining unauthorized access to the Wi-Fi network will be considered, and the mechanisms proposed by the comprehensive Cisco Unified Wireless Network to protect against these attacks will be demonstrated. This will allow listeners to consciously determine which set of protection functions they need.
Moderator - Dmitry Ryzhavsky. He lives in Moscow, works as a systems engineer at Cisco Systems. He studied at the Cisco Center in Moscow under the Cisco Networking Academy program. Cisco Certified Network Design Professional (Cisco Certified Design Professional, CCDP), Cisco Certified Network Design Specialist (Cisco Certified Design Associate, CCDA), Cisco Certified Network Specialist (Cisco Certified Network Associate, CCNA), Cisco Unified Networks Expert (Cisco Certified Internetwork Expert, CCIE) Security, Routing and Switching.
Additional materials
Laptop compatible with BackTrack or Slitaz distribution , with at least 2 GB of RAM. The wireless card must be compatible with the aircrack-ng program.
Participants in the master class will learn about analytic technologies, in particular, with examples of real-world competitive intelligence tasks, including methods for quickly detecting leaks of confidential information, as well as open sections on servers, methods of penetrating FTP servers without breaking the protection and detecting leaks of passwords, methods of obtaining access to confidential documents bypassing DLP and intrusion into sections, without the corresponding rights (error 403). The demonstration will be held on examples of portals of obviously well-protected companies (leaders of IT and information security markets, large government agencies, special services).
Moderator: Andrey Igorevich Masalovich - Ph.D. in Physics and Mathematics, member of the Board of Directors of DialogueScience, CJSC, Head of Competitive Intelligence at the Academy of Information Systems. Head of a number of successful projects on analytical equipment of banks, financial and industrial groups, large trade networks, and government organizations. In the past - Lieutenant Colonel FAPSI. Cavalier of the Order "Star of Glory of the Fatherland", winner of the scholarship of the Russian Academy of Sciences "Outstanding Scientist of Russia" (1993).
Author of numerous publications on the problems of data search and analysis. He conducted seminars in a number of Russian universities (Academy of National Economy, Moscow State University, MAI) and the USA (Harvard University, Stanford University, Georgia Institute of Technology, University of Texas A & M). Expert RFBR, INTAS, ITC UN, APEC.
The Win32 / Georbot malware family has been developed for at least 18 months. It is surprising that in the security industry this threat was not given enough attention, despite the fact that there are already hundreds of different modifications of the program. It turned out that the virus is installed only on the victim computer, where it most likely comes after a network attack. Presumably, this malware is used by people who want to steal private information from infected computers. The master of the master class will talk about the functionality of such programs.
Moderator: Pierre-Marc Bureau is a researcher and specialist in the field of information system security. He has performed at a variety of industry events. Read more about the master class in our special topic on "Habrahabr".
Presenter - Sergey Nevstruev, head of mobile solutions at Kaspersky Lab
PS If you did not have time to register for the forum, you have the opportunity to participate in an interactive online broadcast or visit one of the PHDays Everywhere sites.
Web 2.0 security. Advanced technology
The master class will cover protection techniques against attacks using XML, HPP / HPC, as well as attacks such as Click Jacking and Session Puzzling.Moderator: Andrés Riancho - information security researcher, web application security specialist. He is currently leading three closely related projects: developing a security scanner for NeXpose web applications, developing a free w3af software product, and managing a team of qualified penetration testing experts for web applications at Bonsai.
')
Andres' area of ​​expertise: web application security, Python, bypassing intrusion prevention systems, network technologies, general information security research, software development, Agile, Scrum methodologies, the role of Product Owner, SAP systems research.
Additional materials
To participate in the master class, you need a laptop with the VMware Player program installed, at least 2 GB of RAM, 20 GB of free hard disk space.
Do-it-yourself SAP security
Participants in this workshop will learn how to conduct basic security analysis of SAP R / 3 and NetWeaver systems (including application servers and infrastructure) using the available tools.The following topics will be covered:
- search and identification of SAP services;
- selection of clients;
- Features of using SAP GUI Scripting;
- Passwords picking through SAP GUI and SAP RFC;
- access to critical tables;
- selection of passwords by hashes;
- the use of system transactions to access the OS;
- receiving data from another client;
- interception of data over the network and the identification of passwords in the clear;
- possible abuse of administrators and how to deal with them.
Moderator: Alexey Yudin - Head of Database and Business Applications Security at Positive Technologies. In 2003, he graduated from Moscow State University of Forest (specialty “Applied Mathematics”). From 2002 to 2005 he held the position of engineer (sector head) at FSUE NIITP. In 2005-2006, he was an analyst at NPC Informzaschita CJSC.
The main activity of Alexey is the security of databases and business applications; He is involved in conducting large-scale audits and penetration tests, as well as in the design and implementation of security systems.
We create chaos using input-output devices
This master class will discuss a very important, but universally ignored aspect of computer security - the vulnerability of devices designed to interact with a human being (Human Interface Devices, HID). Using Teensy's HID devices, Nikhil will demonstrate how you can effortlessly crack an operating system using the property of modern OSs to perceive input devices as safe by default. It will also discuss the use of Teensy for keyboard emulation.In addition, the master class participants will be presented with a package of Kautilya tools, designed to facilitate the work of experts during penetration testing. This package contains convenient, easily customizable tools, and the user of the package does not even need to program.
The master class will include many demonstrations.
Host: Nikhil Mittal is an Indian hacker, researcher and enthusiast who actively participates in the development of information security. His areas of interest include the study of attacks and defense strategies, the study of the results of hacking. For more than three years, he has been conducting penetration tests for government organizations in India, and at the moment his services are used by large international corporations.
Nikhil specializes in assessing the security of information systems; This requires a non-standard approach to finding new attack vectors and fresh defense solutions. In addition, he developed the Kautilya toolkit, which allows the use of a Teensy HID device during penetration tests.
Additional materials
A laptop with VMware Player installed, at least 2 GB of RAM, 20 GB of free hard disk space, and Teensy ++ 2.0 (the number of devices provided by the organizers is limited).
Security without antiviruses
The four-hour master class, whose participants will acquire basic skills for detecting Trojans in the operating system, learn the latest technologies for developing Trojans for Windows (SpyEye, Carberp, Duqu), review Trojans for Android, and get familiar with the analysis of actual exploits (PDF, Java) .Presenter - Boris Ryutin . He graduated from the Faculty of Rocket and Space Technology BSTU "Voenmech" them. D. F. Ustinov in 2009 (specialty "Flight dynamics and motion control of aircraft"). He worked as an engineer at the FSUE "Design Bureau of Mechanical Engineering." Currently an analyst for Esage Lab's malicious code.
Attacks to web applications. The basics
The report will systematically present the mechanisms for implementing attacks against web applications, tricks and tools of intruders (specialized security scanners, utilities, using the results of their work in the course of manual analysis). Practical examples will demonstrate the main weaknesses of web applications that make it possible to conduct attacks, will illustrate the shortcomings of the security tools used and workarounds.The speaker will consider both simple, well-known vulnerabilities, and more interesting cases. In addition to attacks aimed at vulnerable web applications themselves, possible uses of these applications during an attack on other systems will be analyzed.
Presenter - Vladimir Lepikhin. Since 1999, Vladimir has been working at the Informzaschita Training Center, coordinating the Network Security direction. Participated in the development of many of the author's courses of the training center. Specializes in network attack detection and security analysis. For a long time, he read and adapted authorized courses by Internet Security Systems - in the recent past, the leader in the attack detection and security analysis industry. Currently continues to engage in training for the same product line, but already "under the wing" of IBM. Takes an active part in the development of authorized training on Positive Technologies products. Regularly participates in conferences and forums on information security.
Additional materials
Laptop with installed VMware Player, at least 2 GB of RAM, 20 GB of free hard disk space.
CEH. Ethical Hacking and Penetration Testing
Master class participants will become familiar with typical vulnerabilities of network protocols, operating systems and applications. In the course of her presentation, the moderator will describe the sequence of various types of attacks on computer systems and networks, and also give recommendations on how to strengthen their security. Listeners will be immersed in a practical environment and will see how to really hack the system, in order to subsequently predict the hacker's actions and successfully resist them.Moderator: Sergey Pavlovich Klevogin is a unique specialist in computer network security. The first in Russia to receive the status of a certified ethical hacker (Certified Ethical Hacker, CEH). Microsoft certified security engineer, SCP security professional and cryptographic information security instructor for CryptoPro.
Sergei Pavlovich served as a programmer at the Ministry of Defense of the Russian Federation, information security specialist at the Central Bank of the Russian Federation, and head of the information technology department at a commercial bank. He taught at the Moscow Institute of Economics and Statistics, collaborates with the training center "Specialist". The most valuable experience of Sergey Pavlovich testifies not only to the professional development of IT products and principles, but also to a deep understanding of the interrelation of business processes with information technologies.
Additional materials
Laptop with installed VMware Player, at least 2 GB of RAM, 20 GB of free hard disk space.
Android application security
The report will briefly highlight techniques for detecting and fixing vulnerabilities in Android Mobile applications. Vulnerability detection techniques include reverse engineering, memory analysis and HTTP traffic. In addition, the presentation will cover issues of obtaining administrator rights for devices running on the Android platform (Android rooting), analyzing SQLite databases, using the Android Debug Bridge package (ADB) and threats associated with a mobile server. The list of ten most dangerous threats for mobile applications, published by the Open Web Application Security Project (OWASP) community, will also be presented to the listeners.Moderator: Manish Chasta is a leading information security consultant with six years of experience. His main field of activity is the security of mobile and web applications. Regulated pre-sale preparation processes for various clients, oversaw and implemented numerous projects on application security and safety assessment in various areas, including banking, insurance, trade, financial, as well as in the field of Internet commerce, customer relationship management and healthcare . Conducted classes on application security and ethical hacking.
Investigation of computer incidents
The master class is dedicated to investigating incidents involving unauthorized access to Internet resources. The host will introduce students to a psychological portrait of a modern hacker and talk about the types of intruders. The process of working on the incident will be considered: from detecting traces of malicious actions and responding to burglary signals to searching for an intruder in collaboration with law enforcement agencies. In addition, listeners waiting for a fascinating story about real security incidents.Moderator: Sergey Sergeevich Lozhkin - specialist of the Echelon Training Center.
Additional materials
Laptop with installed VMware Player, at least 2 GB of RAM, 20 GB of free hard disk space.
Wireless LAN security: how your network was hacked and how you could avoid it
Nowadays, all enterprise-class Wi-Fi equipment manufacturers offer customers a wide range of protection against attacks and intruders. To effectively use such tools, it is not enough for an administrator to simply read the documentation. The enemy must be known in person, and various means of protection help to detect or warn only some very well-defined attacks from among those that are in the arsenal of a trained attacker. The purpose of this report is to give listeners the opportunity to look at the issues of wireless network protection both in the eyes of a hacker and in the eyes of a system administrator.During the presentation, the most relevant methods of obtaining unauthorized access to the Wi-Fi network will be considered, and the mechanisms proposed by the comprehensive Cisco Unified Wireless Network to protect against these attacks will be demonstrated. This will allow listeners to consciously determine which set of protection functions they need.
Moderator - Dmitry Ryzhavsky. He lives in Moscow, works as a systems engineer at Cisco Systems. He studied at the Cisco Center in Moscow under the Cisco Networking Academy program. Cisco Certified Network Design Professional (Cisco Certified Design Professional, CCDP), Cisco Certified Network Design Specialist (Cisco Certified Design Associate, CCDA), Cisco Certified Network Specialist (Cisco Certified Network Associate, CCNA), Cisco Unified Networks Expert (Cisco Certified Internetwork Expert, CCIE) Security, Routing and Switching.
Additional materials
Laptop compatible with BackTrack or Slitaz distribution , with at least 2 GB of RAM. The wireless card must be compatible with the aircrack-ng program.
Competitive Intelligence on the Internet
Participants in the master class will learn about analytic technologies, in particular, with examples of real-world competitive intelligence tasks, including methods for quickly detecting leaks of confidential information, as well as open sections on servers, methods of penetrating FTP servers without breaking the protection and detecting leaks of passwords, methods of obtaining access to confidential documents bypassing DLP and intrusion into sections, without the corresponding rights (error 403). The demonstration will be held on examples of portals of obviously well-protected companies (leaders of IT and information security markets, large government agencies, special services).Moderator: Andrey Igorevich Masalovich - Ph.D. in Physics and Mathematics, member of the Board of Directors of DialogueScience, CJSC, Head of Competitive Intelligence at the Academy of Information Systems. Head of a number of successful projects on analytical equipment of banks, financial and industrial groups, large trade networks, and government organizations. In the past - Lieutenant Colonel FAPSI. Cavalier of the Order "Star of Glory of the Fatherland", winner of the scholarship of the Russian Academy of Sciences "Outstanding Scientist of Russia" (1993).
Author of numerous publications on the problems of data search and analysis. He conducted seminars in a number of Russian universities (Academy of National Economy, Moscow State University, MAI) and the USA (Harvard University, Stanford University, Georgia Institute of Technology, University of Texas A & M). Expert RFBR, INTAS, ITC UN, APEC.
Win32 / Georbot. Features of malware and their automated analysis
The Win32 / Georbot malware family has been developed for at least 18 months. It is surprising that in the security industry this threat was not given enough attention, despite the fact that there are already hundreds of different modifications of the program. It turned out that the virus is installed only on the victim computer, where it most likely comes after a network attack. Presumably, this malware is used by people who want to steal private information from infected computers. The master of the master class will talk about the functionality of such programs.Moderator: Pierre-Marc Bureau is a researcher and specialist in the field of information system security. He has performed at a variety of industry events. Read more about the master class in our special topic on "Habrahabr".
Practical aspects of mobile security
Presenter - Sergey Nevstruev, head of mobile solutions at Kaspersky LabPS If you did not have time to register for the forum, you have the opportunity to participate in an interactive online broadcast or visit one of the PHDays Everywhere sites.
Source: https://habr.com/ru/post/144187/
All Articles