Geekly Articles each Day
📜 ⬆️ ⬇️

ZeroNights 2012: the final straight

image

There are only 3 weeks left to mega-events - the ZeroNights 2012 conference. The program of the event was formed by 90%, for which I want to say a special thank you to DCG # 7812 and to the program committee. The conference organizers in the face of Digital Security and Software People are ready to present you the final list of speakers and tell about all the events that await you.

So, in order.
')
The main program and the heart of our conference are technical reports. This year we will have 21 reports from the best specialists in their field from all over the world: the USA, Canada, England, Germany, France, Finland, Spain, Israel, Taiwan, Romania, Moldova and, of course, Russia.

The conference program is scheduled many interesting events:

• 3 key reports
• 21 technical reports in 4 sections:


• 7 workshops from 2 to 5 hours long
• More than 7 reports on the fast track (the exact number will be known at the conference)
• 2 competence centers with demonstrations of attacks on SAP and mobile applications
• Round table
• 0-day show

Key reports

Keynote to the main program of the first day

The Grugq will tell you where the attackers and hacktivists are punctured and how they can be calculated. Grugq is an eminent IS researcher with over 10 years of professional experience. He worked extensively with forensic analysis, binary reverse engineering, rootkits, VoIP, telecommunications and financial security. Also known as reseller exploits.

Keynote to the main program of the second day

Felix 'FX' Lindner is a cult figure in the world of information security, the leader of Phenoelit. He has performed at Black Hat, CanSecWest, PacSec, DEFCON, Chaos Communication Congress, MEITSEC and many other events. His research topics are related to Cisco IOS, HP, SAP and RIM BlackBerry printers. The topic of the report is still kept secret.

Keynote to mobile security section

Alexander Polyakov and Dmitry Evdokimov from Digital Security will deliver introductory words on the security of mobile applications, thus opening the mobile security section. You will learn the latest trends in this area and some history, and also hear more about the reports that will be presented at the section. But do not rush to think that it will be a boring keynote. As part of the welcome speech will be presented the results of a new project dedicated to the security of mobile applications.

Reports are divided into 4 categories, which cover the most interesting areas of security:

That's really scary

In this category, collected reports that show you the real threats that can be implemented in the presence of various vulnerabilities in various systems and technologies. This is the security of everything that is closely connected with our life and goes beyond the framework of computer systems or relates to systems that are critical for business: the security of aircraft, transportation systems, cars, payment applications, bank cards, EMV, NFC, security systems and critical corporate applications transmitting financial information.



Technical hardcore

This category is a paradise for reversers and those who love something harder. We have prepared for you an excellent portion of reverse from those who know a lot about it.



The future of web

In this section, you will learn about the latest research in the field of WEB security, No-SQL, automatic search for indirect vulnerabilities, and also plunge deep into the field of the XML protocol that is used almost everywhere: as they say, XML is a new TCP. We even specifically invited a researcher from France.



Mobile internals

Last but one of the key topics is mobile security. Anyway, this is a trend, and a lot of research is being done in this area. We tried to choose the best reports on this topic, by the way, all of them will be presented to the public for the first time.



Workshops

Workshops will allow you to dive deep into one area or another and gain practical experience from the hands of experts. You will plunge into the world of exploit and circumvention, learn how to exploit XSS vulnerabilities, learn a lot about DDoS, immerse yourself in the physical security of RFID and much more.

• Alexey Tyurin, " Exploitation of XML-based attacks " (2 hours): Alexey - the head of the audit department of the Digital Security company will tell, and most importantly, in practice will teach how to exploit the most interesting XML-related attacks, such as SSRF, XLST, XML Signature, XML Encryption, etc. He will also release a free tool for SSRF attacks and tunneling requests.
• Michele "antisnatchor" Orru, “ All you ever wanted to know about BeEF ” (2 hours): Michel is the author of the BeeF framework, works as a tester in TrustWave in London. At this workshop you will learn all about how to unleash a simple XSS to seize control over the entire corporate network.
• Kirill Salamatin (aka Del), Andrey Tsumanov, “ RFID: Jokers up our sleeves ” (4 hours): the simple Moscow guys will tell you all about RFID security, and most importantly, they will show you and let you try yourself to be all-powerful spies who can penetrate any protected object.
• Arseny Reutov, Timur Yunusov, Dmitry Nagibin, “ Random Numbers. Take Two ”(2 hours): at this workshop you will learn how to exploit vulnerabilities in the generation of random numbers. As many as three lecturers ensure that the material will be communicated to each listener.
• Jean-Ian Boutin, “ Reversing banking trojan: an in-depth look into Gataka ” (2 hours): A researcher from the ESET Canadian office will show you how to reverse interesting banker Trojans in practice.
• Alexey Sintsov, “ Advanced Exploit Development (x32). Browser Edition ”(5 hours): prepared a stunning course on exploit development and circumvention of defenses that prevent exploitation. This is a definite must have of this conference.
• Alexander Azimov from HighloadLab will tell you about DDOS and practical counteraction to such attacks.

Fast track

And that is not all. We have a section FastTrack, where interesting concepts will be presented, as well as incidents on the topic of information security. You will be able to get acquainted both with student work - by the way, no less interesting than the main reports - and with practical experience in protecting corporate systems from the first hands of people working in major organizations. Reports from this section will be added, and personally you also have a chance to speak and thus get to the conference for free. Already confirmed:

• Kirill Samosadny, “ Massive CSRF-attacks through Flash-advertising
• Fedor Yarochkin, Vladimir Kropotov, Vitaly Chetvertak, “ Techniques for traversing automatic systems for detecting malicious content — interesting examples of 2012
• Alexander 'SolarDesigner' Peslyak, “ New in password hashing (or with what to replace bcrypt)
• Oleg Kupreev, “ Infection of 3G modems
• Igor Gotz, Sergey Soldatov, “ How to catch your hacker, or safety“ on your knees ”: how to build a system of monitoring security events with minimal expenses, as well as what events to look for.
• Evgeny Sobolev, “ Typical IS mistakes in corporations and large organizations
• Dmitry Evdokimov will talk about the tools for analyzing binary applications using Python.

Competence Centers

In the main hall, we will have two competence centers in two areas of security: business applications and SAP, mobile applications and devices.

Digital Security at its booth organizes the SAP Security Competence Center, where visitors can get answers to all questions related to attacks on SAP systems, protection from them, as well as familiarize themselves with the product throughout the conference. In addition, during the coffee breaks at the stands will be held mini-reports on hacking SAP.

Hackspace Neuron - demonstrations of typical attacks on mobile devices were organized on the stand, and visitors were also given the opportunity to play with various devices for intercepting GSM traffic and other spy toys.

Contests

We will also have a lot of contests for which you can get valuable cash prizes, as well as free entry to the conference.

Recently the following contests were launched:

• Onsec Hack-Quest with prizes - free admission to the conference
• “Yandex” program for rewarding researchers for found vulnerabilities in web services and mobile applications called “ Hunting for bugs
Competition from GazInformService to search for vulnerabilities in E & S with a prize fund of 100,000 rubles
During the conference
• Nokia's “ Capture The Phone ” Contest
• T-shirt and wallpapers competitions from ZeroNights organizers with prizes courtesy of Pwnie Express

Round table

The round table will be dedicated to the discussion or the battle of researchers and developers. I invite you to look at these hot battles. You can also take part in them, if you have something to say. Experts from developers and auditors will be invited.

0-day show

A small but very interesting bonus. Within 3-5 minutes you will be shown the most interesting 0-day and 1-day in the popular software. By the way, you can take part in it yourself.

So, we are waiting for you on November 19 and 20 in Infospace : be one of those who create the future of the hardcore security scene! And remember that visitor registration ends on November 14th .

We thank Yandex for the support, as well as our sponsors: GazInformService, Intel, Dr. Web, Advanced Monitoring, Nokia, Pwnie Express, and key media partners are magazines] [akep and Hakin9.

PS: on the Speaker Party there will be a unique DJ set from DJ joernchen from Phenoelit!

Source: https://habr.com/ru/post/156849/

More articles:


All Articles