ZeroNights 2014: no taboo topics

Before the start of the conference ZeroNights 2014 there is very little time. Soon a platform for meeting practitioners in information security, researchers, programmers, stars of the hacking world, and just good friends and acquaintances will open its doors to meet the new. This year we tried not only to fill the event with high-quality content and a variety of activities, but also to reveal new topics that are of practical importance for everyone who is not indifferent to the problems of information security.

This time we invited keynote speaker Alexander Peslyak, also known as Solar Designer! He is familiar to everyone as an excellent specialist with a wide range of knowledge in many areas, including not only attack methods, but also defense methods. His report, “Is infosec a game?”, Will open the conference on November 13 and promises to be special, not at all the way everyone is used to seeing.
')
Especially for Habrahabr visitors, we made an approximate breakdown of reports by topic. So you can pre-determine for yourself which reports are close to you in spirit, the specifics of the work, etc., in which activities you want to take part. Although, of course, you can use the approach of our technical director AlexandrPolyakov , who, as a rule, chooses speeches on unfamiliar topics - broadens the mind, receiving information from advanced experts in their field. As he says, "In those topics in which I understand, I will figure out the slides."

So let's get started:

• If you follow all the ups and downs and events in the world of cryptography, then you should pay attention to the following reports:

1) Jean-Philippe Aumasson / Jean-Philippe Omasson (Switzerland) “Crypto programming, version 2”: 2014.zeronights.ru/program.html#aumasson
2) Jake McGinty / Jake McGinty (UK) "How to really piss off the state surveillance system with your surveillance protection system": 2014.zeronights.ru/program.html#mcginty

• If you are interested in web-technologies and web-security, then you should definitely visit the reports:

1) Nicolas Gregoire / Nicolas Gregoire (France) "Hunting for the best rewards": 2014.zeronights.ru/program.html#gregoire
2) Georgi Geshev (United Kingdom) “Your MQ is my MQ”: 2014.zeronights.ru/program.html#geshev
3) Ivan Novikov (Russia) “Unexpected expected exceptions: an alternative look at web vulnerabilities”: 2014.zeronights.ru/program.html#novikov
4) Dmitry Bo0oM Booms (Russia) “De-anonymization and total espionage”: 2014.zeronights.ru/program.html#boomov

• If you are interested in how things are going with security in the mobile world, then you will obviously like the following reports:

1) Peter Hlavaty / Peter Hlavaty (Slovakia) "Race with androids": 2014.zeronights.ru/program.html#hlavaty
2) Kirill Nesterov, Timur Yunusov, Alexey Osipov (Russia) "4x4G: from SIM-card to GGSN": 2014.zeronights.ru/program.html#neosyun
3) Marco Grassi / Marco Grassi (Italy) “Safety analysis of applications on steroids”: 2014.zeronights.ru/program.html#grassi
4) And the Workshop from Andrei Belenko (Russia) on the topic “Forensics in iOS using OpenSource tools”: 2014.zeronights.ru/workshops.html#belenko

• If you are looking for vulnerabilities not only in reality, but also in a dream, you write exploits, then such reports will be your joy:

1) Patroklos Argyroudis / Patroklos Argyroudis (Greece) "Heapbleed Project": 2014.zeronights.ru/program.html#patroklos
2) Fabien DUCHENE / Fabien Duschen (France) “State Phaser: Evolutionary Fuzzing '' Black Box ''”: 2014.zeronights.ru/program.html#duchene
3) Rene Freingruber / Rene Freingruber (Austria) "EMET 5.0 - armor or curtain?": 2014.zeronights.ru/program.html#freingruber
4) Peter Kamensky (Russia) “Hardware virtualization in antivirus programs”: 2014.zeronights.ru/program.html#kamensky
5) Nikita Tarakanov (Russia) “Past, present and future software maintenance technician”: 2014.zeronights.ru/program.html#tarakanov

• If you like to understand how everything works and works (the concept of “reverse” is not alien to you), you will probably want to look into visiting these speakers:

1) Dmitry Schelkunov and Vasily Bukasov (Russia) “Deobfuscation and Not Only”: 2014.zeronights.ru/program.html#schelbuk
2) Sergey Soldatov and Mikhail Egorov (Russia) “Non-cryptographic study of Orthodox cryptography carriers, or How we checked the security of key information storage on tokens ...”: 2014.zeronights.ru/program.html#soleg
3) And visit the Workshop from Anton Kochkov (Russia) and Julien Voisin / Julien Voisin (France) “Reversing and debugging malware and firmware using the radare2 framework”: 2014.zeronights.ru/workshops.html#kovoi

• If the words “hardware”, “power analysis”, abbreviations JTAG, UART are used daily in your vocabulary, then you should:

1) Dmitry Nedospasov (Russia) "Chip Reversing": 2014.zeronights.ru/program.html#nedospasov
2) Workshop from Roman Korkikyan (Switzerland) "We are looking for the keys of cryptographic algorithms through power consumption": 2014.zeronights.ru/workshops.html#korkikyan

• If the abbreviations for process control systems, ICS, SCADA, etc. are part of your work, then the following studies will be of interest to you:

1) Alexander Bolshev, Gleb Cherbov, Svetlana Cherkasova (Russia) “DTM components as secret keys to the kingdom of industrial control systems”: 2014.zeronights.ru/program.html#bocheche
2) Jason Larsen / Jason Larsen (USA) "Miniaturization (how to fit a whole attack on the technological process in a small microcontroller)": 2014.zeronights.ru/program.html#larsen

Not only to break, but also to build

This year we decided to organize a special session within ZeroNights, dedicated to real, practical protection. In this section there will be presentations from those guys who are really concerned about protection, not in word or in theory, but in practice.

Our short reports:

1) Igor Bulatenko (Qiwi, Russia) “DPI as a means of differentiating access in the corporate network”: 2014.zeronights.ru/defensive.html#bulatenko
2) Karim Valiev (Mail.Ru Group, Russia) "SMM monitoring on guard of Internet services security": 2014.zeronights.ru/defensive.html#valiev
3) Alexey Sintsov (Here, Russia) “WAF in scale”: 2014.zeronights.ru/defensive.html#sintsov
4) Alexey Karyabkin and Pavel Kulikov "Building a comprehensive system for analyzing incoming correspondence on OpenSource solutions": 2014.zeronights.ru/defensive.html#karkul

The section will also include a lively discussion of the practical problems of using various protection technologies: RPKI, DNSSEC, DANE, etc. There are many useful and modern standards and technologies, why are we still using the old and unsafe? Why are advanced technologies being introduced slowly or ignored? Come listen and participate in the discussion, it will be interesting and useful! Presenters - Anton Karpov (Yandex) and Alexander Lyamin (Qrator Labs)!

Fast and Fast - FastTrack Section

In addition, as always, the FastTrack section will work for us, where only 15 minutes is given for each report (everything is clear and to the point). Subjects of speeches - the most diverse. This year many releases of various instruments are expected in this section.

1) Victor Alyushin (Russia) "Unsafe factory settings and firmware": 2014.zeronights.ru/fasttrack.html#alyushin
2) Denis Makrushin, Stas Merzlyakov (Russia) "Parkmagia: a new look at parking terminals": 2014.zeronights.ru/fasttrack.html#makmer
3) Denis Kolegov, Oleg Broslavsky, Nikita Oleksov "Hidden channels in time based on HTTP protocol caching headers": 2014.zeronights.ru/fasttrack.html#kobrol
4) Eldar Zaitov (Russia) “Fast (and almost automatic) SSRF detection”: 2014.zeronights.ru/fasttrack.html#zaitov
5) Dmitry Vyukov (Russia) “Kernel AddressSanitizer: search for vulnerabilities in the Linux kernel”: 2014.zeronights.ru/fasttrack.html#vyukov
6) Boris Ryutin (Russia) “Go in the production of the top maker”: 2014.zeronights.ru/fasttrack.html#ryutin
7) Vlad Roskov (Russia) "+22: reversing 64-bit binaries using Hex-Rays x86 Decompiler": 2014.zeronights.ru/fasttrack.html#roskov
8) Roman Bazhin (Russia) "Oracle Database Communication Protocol through the eyes of a Pentester, or Oracle Rough Tests ": 2014.zeronights.ru/fasttrack.html#bazhin
9) Anton Cherepanov (Russia) “Crouching Tiger”: 2014.zeronights.ru/fasttrack.html#cherepanov
10) Artem Shishkin, Mark Yermolov (Russia) “Bypassing the kernel protection mechanism against modifications (patchguard) on Windows 8.1 and Windows 10”: 2014.zeronights.ru/fasttrack.html#shisher