New in PHDays: protection of supercomputers, security of iOS applications and sale of exploits

Not long ago, the first wave of Call For Papers of the PHDays V Information Security Forum took place. We present to your attention a new portion of speeches that will be performed on May 26–27 in Moscow (you can read the first and second announcements on Habrahabr). Speakers will tell you how to increase the security of an iOS application, what a supercomputer attracts hackers to and how to protect it, as well as tell about the relationship of sellers and buyers of zero-day vulnerability exploits.

Debug Automation

Alexander Tarasenko will talk about debug automation using the WinDbg tool. Students will gain practical scripting skills using the built-in WinDbg engine, as well as using Python and Pykd extensions. The report may be of interest to code researchers and software developers requiring the use of non-standard debugging tools.
')

IOS application security

A member of OWASP and an information security specialist at Emirates, Pratik Gianchandani (Prateek Gianchandani), will hold a master class on creating exploits for iOS applications. During the demonstration, the speaker will use a specially developed application containing typical vulnerabilities. Students will learn how to increase the security level of an iOS application at the design stage. Upon completion of the introductory part, everyone will be able to try their hand at testing applications.

Guarding supercomputers

Employees of the German security company ERNW Felix Wilhelm (Felix Wilhelm) and Florian Grunow (Florian Grunow) talk about the file system IBM General Parallel File System, which is used in some well-known supercomputers (for example, Watson from IBM), its architecture and vulnerabilities. The popularity of the system makes it the goal of cybercriminals who are interested not only in stored data, but also the ability to gain access to the computing resources of the most powerful computers. Presenters will demonstrate the exploitation of two real-world security errors IBM GPFS.

Sale of exploits

The founder of the BeeWise project and the chief consultant of secYOUre, Alfonso De Gregorio, will talk about the morals of the zero-day vulnerability market exploits: the relationships between sellers and buyers of such tools prevailing at popular sites will be described.

Breaking hashes at fifth speed

Alexey Cherepanov, who was involved in the development of the well-known password-breaking utility John the Ripper and supporting the GUI interface for it, on PHDays V will tell about increasing the speed of breaking hashes using code generation methods.

Quick and useful

In addition to standard presentations, an extensive FastTrack is planned in PHDays V, consisting of rich and dynamic fifteen-minute speeches.

Visitors to the forum will learn how attacks on GSM networks with the substitution of the base station make it possible to listen to any GSM phone, said Sergey Kharkov, an employee of the engineering center of NRNU MEPhI.

In addition, Kudelski Security cryptographer and security specialist Sylvain Pelissier will use the example of the GNU / Linux eCryptfs file system to show that in some cases, file encryption helps with password cracking.

From the story of Denis Gorchakov, students will learn how to counteract the payment fraud in the operator's network. It will be a question of a software and hardware complex for analyzing viruses under the Android OS, identifying control centers (online & SMS) by botnets from infected devices, data collectors and funds accumulator accounts.

How to become a speaker

On February 16, the second wave of Call For Papers started. Acceptance of works will last until March 31, so you still have a chance to become a speaker of the upcoming PHDays.

We also invite you to participate in CFP friends of our forum - the HITB conference.

We are waiting for you at Positive Hack Days V!