What will tell on PHDays IV: Trojans on the SIM card and where to run during cyber attack

How to create a virus and botnet for Android? What can you learn by buying a hard drive at an EBay auction? What threatens the SIM card to its owner? How to copy a one-time password token? On February 17, the final Call For Papers stage started (application procedure from speakers), which will last until March 31, and now we are announcing the presentations of the first group of participants that have entered the main technical program of the Positive Hack Days IV international forum on practical safety.

Cyber ​​weapons against mobile networks

Ideally, mobile networks should protect users on several fronts at once: they need to encrypt calls, protect user data, and save SIM cards from malware. However, many companies are very reluctant to introduce protection. And even those who take steps in this direction often cannot completely repel the attacks: their measures are aimed at eliminating the symptoms and not at solving problems. In this report, the most sophisticated attacks on mobile networks and SIM cards will be examined under a microscope to circumvent traditional protection measures.
')
Karsten Nohl is a specialist in data encryption and security. He tests in-house systems for security problems - and usually manages to crack them.

Making a malware under the sign of a green robot

Google is now not only the leader in the field of mobile platforms, but also the creator of the most vulnerable OS. Despite the efforts of the Good Corporation, Trojans are attacking millions of Android users — sending SMS to short numbers, stealing money from bank cards, stealing personal data, and taking hidden photos. You can watch the kitchen where Android malware is being prepared, during the four-hour hands-on-lab “Android Operation”.

The lesson will be conducted by Aditya Gupta - the founder of Attify and a member of the Indian community of Null. He will cover such topics as reverse engineering and research of malware for Android, testing applications manually and using automated tools, using Dex and Smali, writing exploits for Webkit and ARM.

Cyber ​​digging in cyber washers

Every day we hear about hacker "exploits": they crack the sites of large companies, government databases, millions of private accounts. But the real danger lies not in the attackers, but in the defenders: to obtain private information, as a rule, one does not have to be a computer genius. In the course of his report titled “Give me your data!”, Dave Chronister intends to prove that critical data is often kept so careless that it is enough just to reach out for them. In the course of the experiment, the author will not hack anything, but will get all the necessary information by legal means. He will demonstrate a variety of methods for obtaining information - from buying gadgets through Facebook and hard drives at EBay auctions to tracking public file sharing sites. The results of his experiments are impressive!

Dave is the founder and one of the managing partners of Parameter Security. He grew up in the 80s, when the Internet was just beginning to develop, and from the very beginning he watched hackers and studied their methods. Engaged in auditing, incident investigation and customer training around the world. His success was noted by many major media outlets - CNBC, CNN Headline News, ABC World News Tonight, Bloomberg TV, CBS, FOX Business News, Computer World, Popular Science, and Information Security Magazine.

Reusable one-time password tokens

Side Channel Attack is a very powerful tool for capturing hidden and encrypted data by studying the physical properties of the target device (for example, the level of electricity consumed). David Oswald will talk about SCA technology and related methods. The report listeners are expected to demonstrate how to use SCA in two examples: first, the researcher will show how you can use SCA to bypass IP protection in FPGA (bitstream encryption), and second, how to get AES keys for one-time password tokens.

David Oswald received a PhD in Information Technology in 2013 and now works at the Ruhr University of Bochum in the Embedded Security department. He is also one of the founders of Kasper & Oswald.

Your printers like the "man in the middle"

Printing solutions that can provide strong encryption, data accounting and access control are needed by large corporations and financial institutions. For the purpose of the study, multifunctional devices (MFPs) with embedded software from popular vendors carried out a man-in-the-middle attack (Man in the middle; MitM-attack). The results were shocking: many programs found vulnerabilities that allow them to bypass encryption, collect any data sent to the server from the server, and also make unauthorized printing possible.

Jakub Kałużny , who will present a report at the forum, works as an information security specialist at SecuRing, where he performs penetration tests, vulnerability analysis, modeling web application security threats and the network environment. In 2013, he entered the Google Hall of Fame.

Detection and exploitation of business logic vulnerabilities

Logical vulnerabilities are the least studied class, often ignored by researchers and pentesters. There are many reasons: the lack of automation tools for their detection and operation, well-established testing methodologies, a coherent theoretical framework that would facilitate the classification. At the same time, the tasks of analyzing the security of business applications make logical vulnerabilities a priority goal for pentesters, since attacks on logic often entail risks comparable to the risks of remote execution of arbitrary code. During the report, the theoretical features of business applications that underlie logical vulnerabilities will be described, as well as a partial domain modeling technique that allows you to quickly identify potentially problematic areas of business logic and identify possible attack paths. The practical application of this technique will be considered on the example of a number of logical vulnerabilities in real applications.

Vladimir Kochetkov (Vladimir Kochetkov) is an expert at the research center of Positive Technologies. He specializes in analyzing the source code security of web applications and research into the theoretical foundations of information system security. Member of the SCADA Strangelove project and the development team of the PT Application Inspector analyzer. He pays a lot of attention to supporting open source projects, including rsdn.ru.

How to behave during an attack

Responding to information security incidents is often chaotic, and in a panic, people destroy important evidence. The four-hour workshop “Incident Response and Investigation of Cyber ​​Attacks” focuses on the practical study of the principles of incident investigation and the development of rapid and calm response skills, including collecting evidence, analyzing system logs, memory and disks, searching for traces of cybercrime. Participants will receive special training materials, virtual machines for analysis and, using simulations of various incidents, will get acquainted with effective response scenarios.

The master of the master class is Bulgarian specialist Alexander Sverdlov (Alexander Sverdlov), working as an IT Security Officer in ProCredit Bank Bulgaria. Alexander on PHDays is not the first time: last year he gave a master class on cyber forensics.

Intercepter-NG: New Generation Sniffer

The report is devoted to the non-trivial tool Intercepter-NG. To date, this is the most advanced sniffer for pentester, with a large set of functions.

Paradoxically, it is better known abroad than in Russia. In addition to reviewing the main features of the utility, the authors will consider in detail several practical examples of attacks with its use. Examples: the recently lit up at Chaos onstructions MySQL LOAD DATA LOCAL injection and the little-known, but quite effective DNS attack over ICMP.

The work will be presented by Alexander Dmitrenko ( sinist3r ) from Chernigov, the head of the training department of the PentestIT company, the regular author of articles in the Habrahabr technoblog and in the Hacker magazine. Ares will be his company, an expert from PentestIT, who is the creator of Intercepter-NG.

Analysis of third-party channels: practice and some theory

This topic is not often discussed at computer security conferences, so we decided to consider two points of view. In addition to David Oswald, Ilya Kizhvatov will perform the Side Channel Attack research. He will provide general information about third-party channels, talk about current issues and provide examples from practice. Listeners will learn how to determine if there is a risk of an attack on third-party channels for this device, how to resist this type of attack, and learn how to independently analyze third-party channels.

Ilya Kizhvatov (Ilya Kizhvatov) - Senior Analyst of the Dutch company Riscure. With six years of experience with embedded security systems (three years in graduate school and three in development), she specializes in third-party attacks based on vulnerabilities in the implementation of a cryptosystem.

There are no accidents?

Modern applications widely use random number sequences to solve security-related tasks (encryption keys, session identifiers, captcha, passwords). Burglary resistance of such programs strongly depends on the quality of random sequence generators. The researchers will talk about vulnerabilities found in Java applications that use pseudo-random number generators. In addition to the scenarios of successful attacks on such applications, the authors will demonstrate a tool that allows you to get the internal status of the generator (the so-called seed), as well as the previous and subsequent values. In addition, we will show how to use this tool to attack real-life Java applications.

Mikhail Yegorov (Mikhail Egorov) is an independent researcher and qualified programmer (Java, Python), specializing in fuzzing, reverse engineering, security of web applications and network security. Sergey Soldatov has been involved in practical network security for more than 10 years and participates in various ISP-related projects.

How to reverse OS X drivers

It is considered that the MacBook and Mac are much better protected than computers running under Windows. However, recent high-profile stories, including cases of unhindered connection to the built-in iSight cameras, make one doubt this. In his presentation, “Backward Development of OS X Drivers” on PHDays IV, Egor Fedoseev (Egor Fedoseev) will talk about the methods for analyzing OS X drivers, the attendant difficulties and ways to minimize labor costs. Listeners will get acquainted with the features of drivers for Mac, tools for their analysis, existing problems of reversing in the IDA disassembler and possible ways to solve them. The report is of interest to virus analysts and OS X security researchers.

Yegor Fedoseyev lives in Yekaterinburg and works at the Ural Federal University named after the first President of Russia BN Yeltsin. He is the head of the student group " Hackerdom ", which was formed in the fall of 2005 at the Faculty of Mathematics and Mechanics of UrFU. He has been engaged in reversing since 2004.

We remind you that you still have time - until March 31 - to present your research and speak on PHDays IV in front of several thousand of the world's leading experts in the field of information security. In addition, there are other ways to get into the number of participants. A full list of speeches to be held on May 21 and 22, 2014 at Positive Hack Days will be published in April on the official forum website.