At ZeroNights - for free!

The CFP for the main ZeroNights conference program is closed, and the program committee finishes the selection of papers for the conference. But CFP on the Fast Track continues.

Today I will share with you a little secret about how to attend the ZeroNights 2012 conference in November in the capital of our country for free. For those who have forgotten or not in the know, this is the most expected event for information security researchers, a place where there are no marketing reports, but only real research from world-class translators and the most useful trainings where you, for example, learn to write exploits for browser vulnerabilities to wrest the prize at PWN2OWN next year. Already confirmed the participation of experts such as: Grugq - the famous party-goer at all conferences, FX - the leader of the cult hack Ty Phoenolit, Miaubiz - the hardcore researcher from Finland, J00ru - the author of a heap of research in the field of low-level gutting Windows Rick Flores from Rapid7 (MetaSploit), joernchen from Phenoelit, Alexey Sintsov is the founder of DCG # 7812, the author of this post, and many other researchers.

In fact, everything is very simple, and some researchers have already taken advantage of this opportunity. At the ZeroNights conference, in addition to the main reports, there is a section called Fast Track. I borrowed this idea at a number of western conferences where I constantly go, and it seemed to me extremely correct. I decided to add this section to the program of the last ZeroNights, and, as it seems to me, it came out no less interesting than the main track.
')
The Fast Track section is short reports of 15 minutes each. It is a very convenient format, because it is often boring to listen about one vulnerability stretched over an hourly report flavored with water, and you can hear as many as four good speeches. Anyway, TED proved that 15 minutes should be enough for any performance, and for details you can send it to whitepeper. Accordingly, this section is easier to get, and the selection is not so hard.

What reports are interesting for Fast Track?

Initially, I assumed that this section would be more informal in nature and cover not only technical research, but also funny live khaki, as well as just thoughts of pain and even trolling on a topical topic. Students can present their interesting R & D and diplomas, and developers can tell about their concerns. Last year it was all of the above, but more than two-thirds were, of course, technical topics, which I do not regret. You can see last year's themes here , and I will give a few examples to make it clearer what the Fast Track is.

Examples of technical reports
• Andrei Labunets (Tomsk State University, DSecRG): “Methods of tracing network traffic to find vulnerabilities”
• Dmitry “D1g1” Evdokimov (SPbSPU, Digital Security): “Basics of DBI (Dynamic Binary Instrumentation)”
• Artem Shishkin, "The method of intercepting print by modifying Windows GDI"

Examples of happy life hacking
• Dmitry Chastukhin (SPbGPU, Digital Security), “Practical attacks on Internet kiosks and payment terminals”
• Nikita Kislitsin (] [akep) - about the vulnerabilities of internal systems in the Gameland edition

Sample discussion
• Alexey Krasnov (Gazinformservice): “We all learned a little bit, something and something”

An example of a slippery theme on the verge of trolling
• Anton “TOXA” Karpov (Yandex): “Black and white in IB”

These were the topics last year. As for this year, the reports have already been confirmed:
• Mass CSRF attacks
• botnets
• Cryptography from SolarDesigner itself
• Python for RE

What are we interested in this year? Naturally, any technical reports on the subject of the conference, that is, critical business applications, mobile systems, embedded devices, new hacking techniques. But I also want to pay attention to the safety of developers, QA, project managers, for example (in the order of interest):

1. Real case studies of interesting vulnerabilities of unknown or known systems. There are a lot of developers here, and I am sure that they have something to tell. In an impersonal form, it will also be interesting. Who, if not the developer, knows all the subtleties of a product and can tell about it?
2. Opinions of developers on how to approach the issue of security and what they do not like in the current processes, if they exist, and in the current situation in the industry as a whole (trolling is not forbidden). In particular, we are interested in your opinion on secure development for mobile platforms.
3. Interesting developments in the field of frameworks for getting rid of all the annoying XSS, SQLinj, CSRF, BOF and others. Particularly interesting protection against more sophisticated attacks.
4. Interesting cases on the analysis of the source code.

Thus, I want to look at security from the developer, and not just from the hacker.

And now about the buns. The speaker receives a free entrance to the conference, a Speaker Party pass, which promises to be hot, crazy popularity or a tomato in the face, female attention or forever alone - depending on the performance, and, of course, the opportunity to communicate with the most interesting people in the IB party both from Russia and from the whole world. And just a good mood.

PS: The best will be invited to the discussion panel dedicated to the battle of developers and hackers, which I will talk about later (you can join the discussion panel independently from the Fast Track, by sending a request to cfp@zeronights.org).

And remember! Fast Track slogan: “Less is not worse.”