Technologies, techniques, attacks and research on ZeroNights 2012

ZeroNights is an international conference dedicated to the technical aspects of information security. The main goal of the conference is to spread information about new methods of attacks, threats and protection against them, and also to create a platform for communication of information security practitioners.

Location and time: Russia, Moscow, November 19–20, 2012.
')
This conference is for technical specialists, administrators, managers and employees of the information security service, pentesters, programmers and all those who are interested in applied aspects of the industry.

Our event is a unique, unforgettable event in the world of information security in Russia. Guests from all over the world, technical hacker reports and master classes - without water and advertising, only technology, methods, attacks and research!

We remind you that Call for Papers will last until 10.10.2012. Already we can talk about some speakers:

Keynote speakers

The grugq

The Grugq is a distinguished information security researcher with over 10 years of professional experience. He worked extensively with forensic analysis, binary reverse engineering, rootkits, VoIP, telecommunications and financial security. His professional career includes working for companies from Fortune 100, leading information security firms and innovative start-ups. Living in Thailand, he works as a senior information security researcher at COSEINC. In his free time, he continues his research in the field of security, expertise and beer.

The Grugq has been a speaker at 12 conferences over the past 7 years; Conducted expert training for government agencies, the army, the police and financial systems.

In 2011, The Grugq began to mediate between hackers and the government, helping its colleagues sell rare exploits, and in a short time has already pulled several dozen deals. He says he expects to earn about a million dollars this year.

For ten years of hacking, he has made many friends in the FBI, so he knows what marketing techniques and technical support are in demand in these circles. “This is a common sale of commercial software, it needs supporting documentation and quality assurance for the development. The only difference is that you sell only one license, and everyone thinks you are a villain, ”says The Grugq in a sensational interview with Forbes magazine.

And here is how The Grugq describes the hacker community in an interview with CSO magazine:
“A hacker is primarily characterized by his motives, and they appear as soon as the hacker has gained complete control. If he makes a mess and runs off to look for a new victim, then this is just an ordinary script. If he starts a fraudulent enterprise, then it is a criminal. But a hacker who, having carefully examined the vulnerable system, quietly leaves it - the old school.

Over the years, the old school does not change, although some lose interest in hacking. Scriptures or go to prison, or grow up, or turn into one of two other subtypes. Entrepreneurs ... I have no idea what happens to them . ”

Felix 'FX' Lindner

Felix 'FX' Lindner is the founder and lead researcher of Recurity Labs GmbH, a high-class team of researchers and consultants specializing in code analysis and the development of secure systems and protocols. Felix holds a German State-Certified Technical Assistant in Computer Science and Information Technology, as well as Certified Information Systems Security Professional (CISSP) status. He is an excellent specialist in hacker attacks technology, but lately he has been engaged in defense rather than attack, since an attack seems to him to be a less interesting topic.

FX heads the Phenoelit Group (famous developers of exploits and attacks, mainly on network equipment, organizers of the PH-Neutral conference) and gladly breaks everything that has a processor and some means of communication, preferably networked. He has 18 years experience in computer technology, 10 years experience in the IT industry, mainly consulting for large enterprises and telecommunications companies. His knowledge in IT, telecommunications and software development is inexhaustible. He also has experience in managing and participating in various projects, especially in the field of planning, implementing, supporting and testing security systems in a variety of technical environments using advanced methods. He is a co-author of the book “The Shellcoder's Handbook: Discovering and Exploiting Security Holes”.

FX is well-known in the computer security community: he has had the opportunity to talk about his research, including with Phenoelit, at Black Hat Briefings, CanSecWest, PacSec, DEFCON, Chaos Communication Congress, MEITSEC, and many other events. His research focuses on, for example, topics such as Cisco IOS security, HP, SAP printers, and BlackBerry RIM.

Speakers

The dark and light side of the (un) security iCloud

Andrei Belenko is a senior information security analyst and software developer for Elcomsoft. One of the developers of Thunder Tables technology is an improved version of rainbow tables. The first to use is GPU acceleration for password recovery. Master of Information Technology and CISSP certificate holder.
Dmitry Sklyarov is an information security analyst at ElcomSoft Co. Ltd. Associate Professor of Information Security at Moscow State Technical University. N.E. Bauman. Author of research on the safety of electronic books and the reliability of methods for ensuring the authenticity of digital photos. One of the developers of technology ElcomSoft iOS Forensic Toolkit.

Andrei Belenko and Dmitry Sklyarov will analyze the security and privacy of the iCloud backup service - a universal cloud service for Apple devices, allowing their owners to share information (contacts, calendar notes, applications, photos), as well as download backup copies of data from the iOS operating system directly to iCloud . Its architecture will be described (if you think that your backups are stored in the Apple data center, then we will have to upset you) and the protocol by which iOS devices communicate with iCloud to download and download backups. You will learn how iCloud encrypts backups and why their encryption (as opposed to encrypting offline backups) is practically not an obstacle.

The purpose of the report is to push the audience into reality and convey to you that from the moment you start using iCloud backup, all your data belongs to Apple or anyone who knows your Apple ID and password.

About fuzzing in detail and with taste

Atte Kettunen is an information security researcher from the secure programming group of the University of Oulu (Oulu University Secureamming Group - OUSPG). In 2011 and 2012 they successfully held a fuzzing Firefox and Chromium. As a result, a dozen vulnerabilities were discovered - this allowed the author to be the leader of vulnerability detection programs from both manufacturers.
Miaubiz is a developer and independent security researcher who discovered more than 50 vulnerabilities in WebKit over the past two years. In his spare time he collects four-leaf clover.

To heat a home is an important task, but it must be approached wisely. Our speakers will show you how they find vulnerabilities, create cases, use grammar, collect and track failures, launch, monitor, stop and update browsers, minimize repetition of bugs, resort to Redis, coordinate clusters and plan resources.

SSRF attacks and sockets: Vulnerability Buffet

Vladimir Vorontsov is the founder and leading expert of ONsec. Engaged in web application security research since 2004. Head and leading expert of ONsec. Author of many studies in the field of web application security. Yandex was awarded for winning the “month of searching for vulnerabilities” contest, Google for the vulnerabilities of the Chrome browser, Trustwave for the ModSecurity SQLi Challenge, 1C Beatrix for the contest to bypass proactive defense and many others. Currently he is actively developing a web application firewall system.

Together with the leading ONsec expert Alexander Golovko, he will tell us about the vulnerabilities of the server request forgery (Server Side Request Forgery - SSRF) from the point of view of their practical application for various attacks. Various vulnerabilities and attacks with the use of sockets are listed, ranging from controlling the HTTP response of the web server, operations with the DBMS to the execution of arbitrary code. Special attention is paid to the attacks described above that are relevant to the PHP interpreter. The above methods and techniques for conducting attacks were developed and successfully used in the course of conducting security audits of real web applications.

Safety features of ADS-B and other airborne technologies

Andrei Kostin was born and raised in Moldova and graduated from the Faculty of Computing Engineering at the Polytechnic University of Bucharest, where he was engaged in scientific work in the field of biometric technology and image processing. He began his career in the development of computer games, but also worked in the field of telecommunications and was a senior developer in a company specializing in programming various GSM / UMTS / GPS subsystems. He is the author of MiFare Classic Universal toolKit (MFCUK), the first publicly available key cracking tool for the MiFare Classic RFID card family, and also received the nickname “Mr. Printer” for his series of reports on cracking MFPs and PostScript at various international conferences. He is a security enthusiast in its widest and global sense. He is now preparing for his PhD at the EURECOM Institute in the field of embedded device security.

At ZeroNights, Andrei will highlight the issue of security technology related to aviation. Now they are at the peak of technological development and advancement, that is, about the same place where cellular networks and smartphones were 5-10 years ago. Practice shows that this technological development opens up new opportunities for both innovations and more productive work, and for exploiting vulnerabilities.

Andrei will consider the (in) ADS-B security from a practical point of view. He will tell about what and how attackers can do with the generated and implemented aviation traffic and how likely such attacks are. You will learn about new vectors of attacks on air traffic control systems.

In a world of endless possibilities, I became BAh7BkkiDHVzZXJfaWQGOgZFVGkG

Phenoelit's joernchen likes to read. He especially likes to read the source codes of other people, as well as to study interesting binary data in order to expand the functionality of the system under investigation to unexpected limits.

In this presentation, he will talk about the results of his research on the internal mechanisms for managing a Ruby on Rails user session. joernchen will provide you with an overview of classic authentication and authorization patterns. It will further reveal the typical flaws in authentication and authorization in Ruby on Rails applications and demonstrate how many free software developers on Ruby on Rails carelessly treat security, and the ability to receive administrative privileges in many of the mentioned web applications is just one of the consequences of this negligence. And also you will see the consequences of their bad faith in the real world - with the help of critical.io.

Read more: 2012.zeronights.ru/program

Workshops

Workshop is a practical master class with a duration of 2-4 hours, where you can try to use one or another technique, technique or tool with your own hands and immediately ask all your questions.

Workshop: Exploit Development with Metasploit

Rick Flores is a senior security consultant and researcher at Rapid7. Rick has ten years of experience in hacking and security. Rick specializes in penetration testing focusing on the PTES methodology, developing exploits for the Windows i386 architecture, and especially on developing Metasploit modules. He is also familiar with static and dynamic analysis of malicious code, the strengthening of Unix / Linux / Windows, the management and installation of intrusion detection systems, and is also not indifferent to nanoelectronics, teaching, and stories about his research. Rick has worked as a pentester and security auditor with a variety of public, private, antivirus, educational, financial and energy companies, as well as with the government and the Department of Defense. When Rick isn’t busy learning Ruby, ASM, C ++ or math, developing exploits or Metasploit modules, he enjoys spending time with his son, wife, mother and his family in general, because these people give life to it.

With Rick, you will learn how to bypass modern memory protection methods in Windows 7, NX / DEP / ASLR. The Metasploit framework is rapidly capturing the world, and many researchers and pen-testers know how to use browser_autopwn, db_autopwn or Meterpreter, but come to a standstill in trying to read the source code of the exploit used. You will learn how to write your own modules for this framework and learn how easy it is to import the exploits you use from various programming languages ​​into Metasploit's native Ruby language. Professional knowledge, ability to control oneself, patience and time needed to create an exploit from scratch - this is what distinguishes a true master from a beginner. With my introductory course for developing exploits in Ruby, you will be able, step by step, to overcome the pain, to comprehend the dark secrets of this highly sought-after art.

Workshop: Everything you wanted to know about BeEF

Michele "antisnatchor" Orru is an IT specialist from Italy. Michel is the lead developer of BeEF, his research is mainly focused on application security and its associated operating methods. He often speaks at hacker conferences such as CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, HackPra, OWASP, 44Con, Ruxcon and many others that we cannot mention here.
In addition to his passion for hacking and working as a “senior spider” (at Trustwave SpiderLabs), he sometimes likes to leave his Mac alone, go fishing in seawater, and pray for the resurrection of Stanley Kubrick.

BeEF is a powerful platform for hacking the client side, the post-exploitation of XSS vulnerabilities and the abuse of browser insecurity on the victim as a whole. From a security point of view, each browser is different: the type and version of the browser and operating system, installed plug-ins, binding to specific domains can lead to different security holes. Imagine Internet Explorer 8 on Windows XP-SP3, without patches, vulnerable to the Aurora exploit, or, say, Firefox with the latest updates, but with a vulnerable Java plugin. The BeEF framework allows the pen tester to select (in real time) specific modules to attack each browser, and therefore its security features.

If you would like to love BeEF and you like application security, attendance at the master class is a must.

Read more: 2012.zeronights.ru/workshop

And this is only the beginning, so stay tuned to the site and our blog on Habré!