IB far and wide on ZeroNights
Friends, did you really think that we had already submitted all the news of the ZeroNights program? And no! Today we have a lot of pleasant surprises and unreal announcements.
To begin with we will tell about updates in the main program in detail .
1) Our other keynote speaker, Gregor Kopf (Germany), will show you what is happening with cryptography today: main directions, problems, popular errors and interesting vectors of cryptographic surveys.
')
Cryptographic state
In recent months, a lot of cryptographic problems have been discovered. Is she still trustworthy or are we all doomed, and the skeptics were right from the start? In this report we will try to better understand what is happening. To this end, the current situation will be analyzed and the problems we face will be affected. We will investigate popular errors and identify interesting directions for cryptographic surveys.
2) Gal Diskin (Israel) from Cyvera will provide an overview of hardware virtualization technology, existing techniques of attacks on virtualization systems, and also explain why creating a secure hypervisor is a daunting task.
Almost impossible: the reality of secure virtualization
From this report, you will learn why it is almost impossible to ensure proper security for virtual machines.
The speaker will provide an overview of the fundamentals of hardware virtualization technology, existing techniques of attacks on virtualization systems, and also explain why creating a secure hypervisor is such a complex task. Then there will be a smooth transition to discussing the prospects of methods of attacks on hypervisors.
After this report, you will surely overestimate your attitude to the security of virtualized cloud platforms and VMM mechanisms such as XEN, RVM and VMware, as well as virtualization-based sandboxes.
In the report, among others, the following topics / methods of attack / shortcomings of virtualization are mentioned:
• SMM as a shared component of virtual machines. Why is this dangerous?
• STM - why is it never used?
• Shared MSR and how dangerous they are (remember about TSC)
• The fundamental problem of SR-IOV
• VT-d / IOMMU problems
• About memory configuration, mapping and how difficult it is to manage memory (redistribution, PEG, System, IGD, ...)
• MMIO
For those who are not very familiar with the architecture of computers: do not worry. The report includes a brief introduction to the topic, which will allow you to understand the technical issues discussed.
The speaker will provide an overview of the fundamentals of hardware virtualization technology, existing techniques of attacks on virtualization systems, and also explain why creating a secure hypervisor is such a complex task. Then there will be a smooth transition to discussing the prospects of methods of attacks on hypervisors.
After this report, you will surely overestimate your attitude to the security of virtualized cloud platforms and VMM mechanisms such as XEN, RVM and VMware, as well as virtualization-based sandboxes.
In the report, among others, the following topics / methods of attack / shortcomings of virtualization are mentioned:
• SMM as a shared component of virtual machines. Why is this dangerous?
• STM - why is it never used?
• Shared MSR and how dangerous they are (remember about TSC)
• The fundamental problem of SR-IOV
• VT-d / IOMMU problems
• About memory configuration, mapping and how difficult it is to manage memory (redistribution, PEG, System, IGD, ...)
• MMIO
For those who are not very familiar with the architecture of computers: do not worry. The report includes a brief introduction to the topic, which will allow you to understand the technical issues discussed.
3) The report by Peter Hlavaty (Slovakia) from ESET will be devoted to the DbiFuzz framework.
DbiFuzz framework
Code coverage in fuzzing, dynamic unpacking and emulation depends on tracers and utilities for DBI (dynamic binary instrumentation). Some of them are designed for debugging, some change the binary code and add instrumentation. This report is dedicated to the DbiFuzz framework. DbiFuzz uses an alternative approach that allows you to trace not a target application, but another area. This out-of-the-box framework supports binary code 64, multithreading, and tracing of several applications from under one user of the tracer.
4) And Mateusz 'j00ru' Jurczyk (Switzerland) from Google, a big fan of memory corruption, in his presentation will focus on the interesting shortcomings of kernel mode.
Handler for invalid Windows kernel operations and NTVDM vulnerabilities: A hands-on analysis
Belief in client application security, which is now widely used, is slowly but surely beginning to depend on the stability of operating system kernels, and risk mitigation mechanisms such as sandboxes and forced access control are becoming increasingly important. Although research into the zero protection ring is steadily gaining popularity in the hacker community, it’s unrealistic to cover all security threats with a manual audit due to the incredibly huge core of possible attacks. In this presentation, we will highlight a number of interesting flaws in kernel mode, discovered using automated and manual testing techniques and recently corrected by Microsoft, including appropriate operating methods and working exploits for clarity. We will discuss, among other things, low-level processor mechanisms, such as the handler for invalid operation under x86, and support for 16-bit DOS programs implemented by Microsoft at the deep core level.
5) The Meder Kydyraliev (Australia) report will be devoted to the extraction of Mach services inside the OS X sandbox.
Mining Mach services inside OS X sandbox
The sandbox technology has recently been developing and gaining popularity among manufacturers. Therefore, the day is not far off when memory corruption vulnerabilities will be used primarily to steal a cookie. But today there are still interesting ways from inside the applications locked in the sandbox to the “hidden” surface of the attack and, ultimately, to escape from the sandbox. After a short overview of the sandboxes in OS X, I will talk about one of these ways and present fuzzing tools that can help with this task.
Information more and more, it is more difficult to protect. ZeroNights speakers will talk about the dangers posed by information files and what to expect from office documents. We continue the main program:
6) Ivan Novikov, also known as Vladimir "d0znpp" Vorontsov (Russia) from ONsec will tell about the attacks on file systems based on time.
The practice of attacks on the file system with a time count
Collecting file system information is the basis of black box security audits. The classic technique of such an attack is called dirbusting: full names of files and folders will be brutally generated in order to extract their contents. In this report, the author explores new methods of attack, based on the calculation of time, which can significantly save time browsing files and directories. The problem of synthesis, characteristic of brute force, is reduced to the problem of analysis, characteristic of the search. We study time counting techniques for hardware and software components. Also considered a general theory of similar effects.
7) From the report of Anton Dorfman (Russia) you will learn what the data can tell.
Reversing data formats: what data can tell
Any program somehow works with data: it accepts it as input, processes it and outputs it at the output. Understanding the data formats used in the program greatly simplifies its reversal, and also allows you to effectively fuzz it. There are many regularities in the data formats, which will be discussed in the report. There will also be considered methods and utilities for automatic analysis of data structures in network protocols and files of various formats. The author will offer his own vision of the problem and demonstrate all the concepts with examples.
8) Vlad Ovchinnikov (United Kingdom) from SensePost will present a report with the eloquent title “When documents bite”
When documents bite
In 1999, the Melissa virus changed the industry’s perception of malware distribution. At first glance, safe formats, such as Microsoft Word and Adobe PDF, were used to transmit malicious data. A recent report on this topic shows that attackers now prefer to transmit viruses with the help of malicious documents. In the "diplomatic cyber attack" of the Red October virus, Word and PDF files were used as the primary method of transmitting the virus. This attack vector is characterized by successful attempts at social engineering, primarily due to the possibility of circumventing mail filters by transmitting information in widely accepted formats (for example, * .doc is supposedly a safe format, which is the industry standard), and in most cases they reach the recipient.
So, the analysis of real examples of attacks using malicious documents from the office suite is the key to protecting against targeted attacks, which are one of the most important IT security problems in corporate networks.
This report explores the details of these attack techniques and reveals some of their detection techniques that can help corporations counter these threats.
So, the analysis of real examples of attacks using malicious documents from the office suite is the key to protecting against targeted attacks, which are one of the most important IT security problems in corporate networks.
This report explores the details of these attack techniques and reveals some of their detection techniques that can help corporations counter these threats.
9) And Alexey Troshichev (Russia) will tell a fascinating story about static analysis of 10,000 iOS applications
A blow to the infrastructure. The history of the analysis of thousands of mobile applications
Modern applications are often just an interface between the user and some kind of infrastructure, which, in terms of attack, can be much more appetizing than any one person with their phone. I will present a tool that automatically retrieves data potentially suitable for an attack, as well as the result of analyzing 10,000 applications from the App store with an overview of both statistics and particular cases.
10) Vladimir Kropotov (Russia) and Vitaly Chetvertak (Russia) will introduce students to the practice of using pattern recognition theory and theory for detecting attacks.
The practice of applying methods and the theory of pattern recognition to detect attacks. C a ... adorable examples!
Pattern recognition methods and other interesting mathematics can give quite interesting results in practice. In this presentation, the speakers will share their practical experience of rolling algorithms on network traffic and talk about the application of wavelets, pattern recognition theory and other interesting features for detecting and classifying suspicious traffic. The work of some methods will be shown on the example of modern threats, examples of the search for patterns and characteristic signs in malicious traffic, training the system in life-interesting “case studies” and much more. The report is based on the personal practice of the speakers on the real traffic of 2012-2013, the complete absence of button accordions is guaranteed. Some open-source creative work in codes will be released (sp?).
11) Denis Makrushin (Russia) will talk in detail about load testing services.
Web under pressure: denial of service as a Service
Any web project has an important indicator of its performance - the maximum load. The report from a non-standard position will examine load testing services: we will see how a harmless tool can be turned into a tool for carrying out DDoS attacks.
12) The report Inbar Raz (Israel) will sound a lot of words with the prefix "cyber".
Physical (non) security: NOT ONLY CYBER
The current set of threats includes cyber threats, cyber security, cyber war, cyber intelligence, cyber espionage ... The prefix "cyber" is almost unanimously understood as the "Internet", but in fact the Internet can have nothing to do with it. The emphasis on access to the Internet gives rise to some false assumptions and hides other attack vectors, which are even simpler and less dangerous. Namely: physical access to your network and devices.
13) Dmitry Bumov (Russia) will talk about vulnerabilities in the logic of the web applications of the hosting control panels.
Vulnerabilities in the web application control logic of hosting providers
The report is devoted to vulnerabilities in the operation logic of web applications of hosting control panels of other providers. These vulnerabilities, as well as the simple inattention of users when managing an account, can lead to unauthorized access to manage domains. The author of the report is trying to draw a thin line between user error in managing the account and logic vulnerabilities on the side of the hosting provider.
14) Alexander Timorin (Russia) and Alexander Tlyapov (Russia) should go deeper into SCADA.
SCADA Depths: Protocols, Security Mechanisms, Software Architecture
The report will provide a technical description, a detailed analysis of common industrial protocols Profinet DCP, IEC 61850-8-1 (MMS), IEC 61870-5-101 / 104 on real examples. The potential capabilities that these protocols offer to the attacker, as well as the authentication mechanism in the proprietary S7 protocol of Siemens from Siemens, will be revealed.
In addition to the protocols, the results of the Siemens Simatic WinCC study will be presented. The general architecture of interaction of components, protocols and mechanisms of interaction through HTTP, vulnerabilities of authorization and the internal logic of the system are shown.
In conclusion, a methodological approach to the analysis of network protocols, recommendations and release of scripts.
In addition to the protocols, the results of the Siemens Simatic WinCC study will be presented. The general architecture of interaction of components, protocols and mechanisms of interaction through HTTP, vulnerabilities of authorization and the internal logic of the system are shown.
In conclusion, a methodological approach to the analysis of network protocols, recommendations and release of scripts.
And now - attention! Our cool workshops !
1) Do not miss the excellent workshop “Breaking HTML5” by Krzysztof Kotowicz (Poland).
Break HTML5
The era of HTML5 has arrived, bringing with it a ton of advanced functionality and a galaxy of new glitches. Innovative applications are being created, browser developers are competing in the speed of introducing advanced features. History shows that security is suffering from the rapid adoption of new technologies, and now this is happening to us again.
At this workshop you will get acquainted with the stack of HTML5 technologies and get a good idea of ​​modern web applications and their operation. Emphasis is placed on practical solutions, demonstration tools, security bypass techniques and attacks. This is not just another OWASP TOP 10, where you are shown using XSS
Plan:
- Same Origin Policy: features, weirdness and security bypass
- XSS to HTML5: looping vectors and awesome exploits
- We exploit Web Messaging
- We attack through Cross Origin Resource Sharing
- We aim at the client-side data storage and poison the cache
- We use web sockets for attacks
- Intra-browser exploits for tunneled TCP servers
- Sandbox and clickjacking for iFrame
- Bypass Content Security Policy
- Webkit XSS Auditor and IE Anti-XSS Filter: Behind the Scenes
Audience: Pentesters, security specialists, web developers (frontend), JavaScript developers
Requirements for workshop participants:
- 4 hours
- Requires knowledge of web security (knowledge of TCP / IP basics, HTTP, HTML, XSS, CSRF, client security) and practical skills in using common toolkits (interception of a proxy, Linu command line, scripts, netcat), because the program Workshop will be very rich. The ability to program in JavaScript and familiarity with a number of tools for debugging browsers (Firebug and others) is recommended. Participants will be provided with a virtual machine (VirtualBo) with the necessary tools, although for starters, the usual Linux with installed modern browsers (Chrome / Firefo / Opera) will be enough.
At this workshop you will get acquainted with the stack of HTML5 technologies and get a good idea of ​​modern web applications and their operation. Emphasis is placed on practical solutions, demonstration tools, security bypass techniques and attacks. This is not just another OWASP TOP 10, where you are shown using XSS
<img src= onerror> Plan:
- Same Origin Policy: features, weirdness and security bypass
- XSS to HTML5: looping vectors and awesome exploits
- We exploit Web Messaging
- We attack through Cross Origin Resource Sharing
- We aim at the client-side data storage and poison the cache
- We use web sockets for attacks
- Intra-browser exploits for tunneled TCP servers
- Sandbox and clickjacking for iFrame
- Bypass Content Security Policy
- Webkit XSS Auditor and IE Anti-XSS Filter: Behind the Scenes
Audience: Pentesters, security specialists, web developers (frontend), JavaScript developers
Requirements for workshop participants:
- 4 hours
- Requires knowledge of web security (knowledge of TCP / IP basics, HTTP, HTML, XSS, CSRF, client security) and practical skills in using common toolkits (interception of a proxy, Linu command line, scripts, netcat), because the program Workshop will be very rich. The ability to program in JavaScript and familiarity with a number of tools for debugging browsers (Firebug and others) is recommended. Participants will be provided with a virtual machine (VirtualBo) with the necessary tools, although for starters, the usual Linux with installed modern browsers (Chrome / Firefo / Opera) will be enough.
2) Next, Alexander Matrosov and Evgeny Rodionov (Russia) during their workshop called “Reversing Complex Threats” will devote listeners in particular to reversing software developed in object-oriented programming languages.
Reversing complex threats
This workshop is devoted to the analysis of software developed in object-oriented programming languages. In recent years, there has been a sharp increase in the number of malicious programs with a complex object-oriented architecture, including the most prominent representatives: Stunet, Flamer, Duqu. The analysis of such software requires a different approach than the analysis of programs in procedural programming languages. Basically, we consider examples implemented in C ++ and compiled using the MS Visual C ++ development environment.
In this workshop, the authors will share the experience of reverse engineering of object-oriented and base-independent code accumulated during work on the analysis of complex malicious programs.
The program includes:
- introduction to the analysis of object-oriented code: calling conventions, compiler conversions, service data structures (vftables, RTTI), etc.
- use of static analysis tools to restore complex data types (structures, classes, objects)
- automation of C ++ code analysis using IDApython and He-Rays Decompiler SDK
- method of restoring complex data types using the He-Rays Decompiler (HeRaysCodeXplorer) decompiler extensions
- analysis of malicious software developed using object-oriented programming languages ​​(C ++), as well as using basic independent code (PIC): Stunet, Flamer, Gapz.
The participant will receive:
- an idea of ​​object-oriented and base-independent code in terms of reverse engineering
- Practical skills in IDA Pro and He-Rays Decompiler to recover complex data types
- A basic understanding of the development of extensions for He-Rays Decompiler
- practical experience in analyzing complex threats with examples of Flamer, Stunet, Gapz
Requirements for participants:
- 4 (5) hours
- laptop with pre-installed IDA Pro, He-Rays Decompiler
In this workshop, the authors will share the experience of reverse engineering of object-oriented and base-independent code accumulated during work on the analysis of complex malicious programs.
The program includes:
- introduction to the analysis of object-oriented code: calling conventions, compiler conversions, service data structures (vftables, RTTI), etc.
- use of static analysis tools to restore complex data types (structures, classes, objects)
- automation of C ++ code analysis using IDApython and He-Rays Decompiler SDK
- method of restoring complex data types using the He-Rays Decompiler (HeRaysCodeXplorer) decompiler extensions
- analysis of malicious software developed using object-oriented programming languages ​​(C ++), as well as using basic independent code (PIC): Stunet, Flamer, Gapz.
The participant will receive:
- an idea of ​​object-oriented and base-independent code in terms of reverse engineering
- Practical skills in IDA Pro and He-Rays Decompiler to recover complex data types
- A basic understanding of the development of extensions for He-Rays Decompiler
- practical experience in analyzing complex threats with examples of Flamer, Stunet, Gapz
Requirements for participants:
- 4 (5) hours
- laptop with pre-installed IDA Pro, He-Rays Decompiler
Do not forget about the section FastTrack !
1) Alexey Matrosov and Evgeny Rodionov will surprise you in the FastTrack section. They will tell you how HeRaysCodeXplorer makes it easier to reverse object-oriented code.
HeRaysCodeXplorer: Makes it easier to reverse object-oriented code.
HeRaysCodeXplorer simplifies the analysis of object-oriented code in the process of using the He-Rays decompiler. Currently the following plugin features are supported:
- automatic recovery of complex data types for C ++ code (type REconstruction);
- visualization of the c-tree graph for the selected section of the decompiled code;
- navigation through calls to virtual functions;
- visualization of information about virtual functions (Object Explorer).
This report will cover the functionality of the plug-in and the profit from its use. Also, the algorithm for restoring complex types for position-independent code will be presented in detail and explained how this works in HeRaysCodeXplorer.
The authors will present a special release of the plugin (ZeroNights edition) with new features and make a new version of the commit directly from the scene.
- automatic recovery of complex data types for C ++ code (type REconstruction);
- visualization of the c-tree graph for the selected section of the decompiled code;
- navigation through calls to virtual functions;
- visualization of information about virtual functions (Object Explorer).
This report will cover the functionality of the plug-in and the profit from its use. Also, the algorithm for restoring complex types for position-independent code will be presented in detail and explained how this works in HeRaysCodeXplorer.
The authors will present a special release of the plugin (ZeroNights edition) with new features and make a new version of the commit directly from the scene.
2) Andrei Danau will talk about session management errors in cloud solutions and on classic hosting.
Session management errors in cloud solutions and on classic hostings
The problem of sharing sessions on virtual hosting has long been known. To isolate the context of the sessions of different users, the file system restrictions are usually used - access rights to different directories. Sessions of different hosting clients are stored in different files. With the development of cloud technologies, this problem again becomes relevant from the other side. There is a need to isolate the context of the sessions that are being executed on this cloud node at the current moment, while taking into account its one-time use by several clients. The practice of conducting information security audits shows that the isolation of the session context in modern cloud solutions is most often implemented incompletely. The methods of exploitation of such problems will be discussed in the report.
The report discusses various mechanisms for storing sessions, their identification, and methods of protection against bypassing access restrictions for modern cloud services. Additional attention is paid to the classification of used session keys in popular PHP web applications, in order to find the intersections of these keys. The results of the work are of interest from the point of view of practical application in conducting information security audits. Special attention is paid to the method of search and prevention of this kind of problems.
The report discusses various mechanisms for storing sessions, their identification, and methods of protection against bypassing access restrictions for modern cloud services. Additional attention is paid to the classification of used session keys in popular PHP web applications, in order to find the intersections of these keys. The results of the work are of interest from the point of view of practical application in conducting information security audits. Special attention is paid to the method of search and prevention of this kind of problems.
3) Anton Cherepanov (Russia) will thoroughly analyze the banking Trojan Hesperbot.
Hesperbot: analysis of a new banking Trojan
In August 2013, ESET specialists discovered a campaign against online banking users in the Czech Republic, Turkey and Portugal. During the study, it turned out that a previously unknown banking Trojan, Win32 / Spy.Hesperbot, was used to attack. A feature of this malicious family is the modular architecture, a unique technique for changing the web content of banking sites, as well as the use of mobile components for various platforms - Android, Symbian, Blackberry.
This is not all the news! New to ZeroNights: Security for business applications in detail.
This year, for the first time, a separate section on business application security will be presented at ZeroNights. This event is timed to update the project EAS-SEC (Enterprise Application Systems Security), which will now have a new life. Until recently, it was part of the OWASP consortium and was called OWASP-EAS. Since the security of business applications has already gone beyond the framework of WEB, it was decided to isolate this area as an independent project.
So, during the section, short reports will be presented on vulnerabilities and interesting architectural errors in various business applications. In addition to traditional ERP systems, HR systems, business intelligence (BI) applications, accounting, banking software, development systems, and many other applications from key manufacturers of business systems, including SAP, Oracle, Microsoft, 1C, and more, will be hacked. . e. Only in this section there will be a unique opportunity to hear reports presented at the cult BlackHat conference.
It will also present the results of the EAS-SEC project in the field of protection against the listed problems in two directions: guidelines on analyzing the security of critical systems at the operational stage and guidelines on the safe development of critical systems taking into account the specifics of business applications. There will also be presented a list of key flaws in the development of business applications, similar to OWASP Top 10, which applies only to WEB applications.
We have no doubt that this unique event will be interesting both to researchers and hackers, and to specialists responsible for protecting information systems, including heads of security departments, administrators and programmers. We will not only show real examples of interesting attacks, but also present detailed protection guides.
The section leader is Alexander Polyakov . All reports are exclusively from Digital Security experts.
Section reports
1. Alexey Tyurin “Accounting hacking - arch bugs in MS Dynamics GP”
Description
Dynamics GP is a large and powerful accounting / ERP solution from Microsoft, which is widespread in Server America. The report will tell about how it was analyzed in the framework of the EAS-SEC project, as well as what results were achieved. Examples of how Dynamics GP can be used to attack the system based on the existing architectural solutions will be shown; how to raise your privileges from minimum to maximum and how to take full control of the system.
2. Evgeny Neyolov "Dev system hacking - arch bugs in SAP SDM"
Description
Why hack critical systems themselves, if you can attack application deployment servers, from where the source code spreads across all systems? In SAP ERP, this task includes the NetWeaver Development Infrastructure, consisting of the subsystems SDM, DTR, CBS, CMS.
Is this a perfect target for an attack? Who cares about the security of an application deployment server with dozens of servers and thousands of client machines? That is why such solutions have architectural vulnerabilities that allow anonymously injecting their code into applications on production servers. As a result, the malicious code of the attacker spreads across any selected systems, providing the ability to control each of them.
Is this a perfect target for an attack? Who cares about the security of an application deployment server with dozens of servers and thousands of client machines? That is why such solutions have architectural vulnerabilities that allow anonymously injecting their code into applications on production servers. As a result, the malicious code of the attacker spreads across any selected systems, providing the ability to control each of them.
3. Alexey Tyurin “HR Hacking - bugs in PeopleSoft”
Description
This report reveals the details of the analysis of one of the top HRMS solutions from Oracle, PeopleSoft, which has thousands and thousands of deployments worldwide as part of the EAS-SEC project. The example of this product and the vulnerabilities identified in it will show the importance of an integrated approach to security. It will be demonstrated how, on the basis of a mixture of vulnerabilities of medium and low criticality, six months ago it was possible to seize control over almost any system based on PeopleSoft. It will show the ascent path from the anonymous user to the system administrator.
4. Gleb Cherbov «DBO Hacking - arch bugs in BSS»
Description
The time of banking magic.
The features of the architecture of banking systems will be presented on the example of a number of vulnerabilities in RBS solutions from a leading domestic vendor.
Fascinating details of the useless use of robust cryptography and the nuances of the implementation of authentication. Mysterious disappearances and multiplication of client capitals are attached.
The features of the architecture of banking systems will be presented on the example of a number of vulnerabilities in RBS solutions from a leading domestic vendor.
Fascinating details of the useless use of robust cryptography and the nuances of the implementation of authentication. Mysterious disappearances and multiplication of client capitals are attached.
5. Dmitry Chastukhin "Business Intelligence hacking - Breaking ICCube"
Description
Option 1.
Business intelligence is a vital process for any large company, which is based on a large amount of data collected, usually for a long period of time. The results of this analytics allow you to make all sorts of management decisions to managers of the company, on which its further fate directly depends. Should I worry about the security of this data? Sure yes. Are the technologies used to build business intelligence systems safe?
This report will examine the vulnerabilities of the popular icapube OLAP server and how an attacker using the MDX query language can compromise the OLAP server OS and all business data.
Option 2.
Boys! Patsanyyy !!! I learned a new abbreviation! Mdx. Have you heard about this? Not? And OLAP? So I did not hear. So, maybe you need to poke this strange thing? After all, people love reports related to hacking of abbreviations they do not understand. So after all, it will be possible to go to the conference for some kind of trip, like BlackHat, or to perform at ZeroNights (at least on the fast track). I'll tell you something about OLAP and MDX and show a couple of bugs on the example of icCube, and I will be fed for it with a confit. Well cool, huh?
Business intelligence is a vital process for any large company, which is based on a large amount of data collected, usually for a long period of time. The results of this analytics allow you to make all sorts of management decisions to managers of the company, on which its further fate directly depends. Should I worry about the security of this data? Sure yes. Are the technologies used to build business intelligence systems safe?
This report will examine the vulnerabilities of the popular icapube OLAP server and how an attacker using the MDX query language can compromise the OLAP server OS and all business data.
Option 2.
Boys! Patsanyyy !!! I learned a new abbreviation! Mdx. Have you heard about this? Not? And OLAP? So I did not hear. So, maybe you need to poke this strange thing? After all, people love reports related to hacking of abbreviations they do not understand. So after all, it will be possible to go to the conference for some kind of trip, like BlackHat, or to perform at ZeroNights (at least on the fast track). I'll tell you something about OLAP and MDX and show a couple of bugs on the example of icCube, and I will be fed for it with a confit. Well cool, huh?
6. Alexander Polyakov “EAS-SEC - a guide to the safe implementation of business applications”
Description
The report will present the result of the EAS-SEC project. The project has two directions: guidelines for analyzing the security of critical systems at the operational stage and guidelines for the safe development of critical systems, taking into account the specifics of business applications. This report will cover the area of ​​business application analysis during implementation and operation. As a result, a list of key security issues for business applications at all levels, from network to specific application problems, will be presented. The security guide for the SAP platform will also be presented as the first step of this project.
7. Alexander Minozhenko “EAS-SEC - a guide to the secure development of business applications”
Description
Report on the latest results of the project EAS-SEC (Enterprise Application Systems Security). The project, which was part of the OWASP consortium for 3 years and was called OWASP-EAS, has now received a new life, and got rid of the framework exclusively WEB. This report will provide a guide to safe development and a list of nine key flaws encountered in developing business applications, from code injection to covert data leakage channels. Most importantly, you will see examples of real vulnerabilities discovered during the use of manual analysis and automated tools applicable to SAP systems, and, of course, how to fix them.
And you are waiting for a hot talk show " Battle of the Titans: Hackers ZeroNights vs. Microsoft vs. Cisco ."
Hackers against vendors. Vendors against vendors. Vendors against hackers.
All against all or strong against weak? Is it possible to win this game, and how soon can the “Game over” sign appear? Are you sure of the winner? Place your bets! And come on November 8th at ZeroNights 2013.
Talk show promises to be interesting and absolutely politically incorrect! Let the vendors answer for everything.
Only our vendors can be asked any questions. Do you have a pair of cage? Then welcome.
- Who is full of holes: Cisco or Microsoft?
- Who introduced SDLC to someone - Cisco to Microsoft or Microsoft to Cisco?
... and so on!
There will be no concession, we will not forgive weaknesses, the questions will not remain unanswered.
Presenters: ... Vladimir Solovyov! .. why should he?
Digital Security - Ilya Medvedovsky and Oleg Kupreev
Microsoft - Andrey Beshkov
Cisco - Vasily Tomilin
We are waiting for your hot and sharp questions at questions@zeronights.ru.
Only here - the competition exclusively for the participants of the conference " Down and Down " will make you feel like a secret service agent. Imagine that management has instructed you to hack into the S-Lab computer network. This is not so easy, since S-Lab protects its resources perfectly. In addition, a similar task has been set for other employees of the Z-Hack unit in which you are a member. On each server you will find a token. The winner will be the agent who will collect all the tokens first.
Well, how? Isn't it, armor piercing news? But that is not all! It’s not long to wait!
Source: https://habr.com/ru/post/198096/
All Articles