Reports and competitions for NeoQUEST-2015

On July 2, NeoQUEST-2015 will be held in St. Petersburg, which will bring together the best participants of the March hackquest and guests, whose overall passion is information security!

We remind you that anyone can visit NeoQUEST - admission is free, guests only need to register on the event website.

The hackquest participants are waiting for 8 hours of cybersecurity in non-stop mode, while everyone else at this time will be able to enlighten and have fun like this:

• Listen to reports on the latest and latest in cybersecurity: Android, TPM and TXT, brute-force Bitcoin wallet password hashes, auto-access on any web user, malware energy detection and much more!
• see practical demonstrations: attack of the Rutkovskaya team on TXT, remote control of the car’s electronics, hacking into Bitlocker ...
• take part in exciting real and virtual contests and win various prizes: Escape-room, "Exam on IB" and much, much more!

Reports and demonstrations of attacks

1. "Detection of malware with an oscilloscope ...?" . The report will suggest a method for detecting malware by analyzing energy consumption. The author will talk about what malware is, list alternative approaches to finding them, especially focus on the very "energy" approach. There will also be considered the pros and cons of this method, and in conclusion, the work of the method will be demonstrated in practice!
2. "Evil Maid" . A report on the security features of full disk encryption systems. Technologies of full encryption of disks and operating systems are rapidly gaining popularity. However, often using BitLocker, LUKS or TrueCrypt can be a requirement when working with confidential data. How can the security of such systems be compromised and how to protect against it?
3. "Android: an infection game." Features of the distribution of malicious software for the Android platform: the report will tell you what are the ways of installing malware in the system. Demonstration of one of the ways: it will be shown how to infect a game for Android in such a way that its main operation does not undergo any changes, but at the same time the work of a malicious program is covertly performed.
4. "Visual pentesting . " Visualization of pentest data: the ontological approach to data description and presentation of pentest data will be described with the help of a specially developed ontology. There will also be covered query languages ​​to TDB, in particular, SPARQL.
5. "Learn in 60 seconds . " There is more than enough information about each person in the network to compile a kind of “electronic file” for him, and an indirect search based on the relationship of information that was obtained is very, very much. Privacy on the Internet is becoming an increasingly relevant trend in cybersecurity, and, as will be shown in the report, it is not at all necessary to work at the NSA and have super-power equipment to become Big Brother's younger brother. Demonstration? Sure to!
6. “TPM.TXT: try to hack!” TXT technology and its features: a lot of things not included in last year’s report. The author of the report will remind what TPM is, why Intel TXT is needed and how it works from the inside. The tboot internals and its non-trivial configuration will be considered. As an example, it will be shown how to violate the integrity and order of loading. And finally, the author will analyze in detail the attack of Joanna Rutkovskaya’s team on a TXT on an old-school Q35 board bought at a Rostov-on-Don flea market, and demonstrate it!
7. "Fast search of slow hashes on the GPU" . How to implement a brute force on the GPU algorithms with protection against such brute force. The report will analyze the algorithms that have protection against brute force on the GPU, it is shown how to bypass such protection. The author will also tell about the search for demanding password hashes from a Bitcoin wallet.
8. “Crazy Car: control of car electronics via CAN-bus.” The report will talk about the functioning of the software part of modern cars, will be considered a communication protocol designed to exchange data between devices. The speaker will tell and show how to make the car crazy, how to remotely control its electronic components. Guests are also waiting for a demonstration of the stated capabilities: everyone can feel at the place of the driver of the “hacked and gone crazy” car.

Competitions and entertainment

')

Crazy car

Virtually all reports include a practical demonstration, but the most extreme, of course, is a demonstration of hacking the electronic components of a car! Anyone can get into the Crazy Car, which will be parked all day and feel for yourself, what is it like when the car went crazy? Let's say frankly: it is impressive, especially when you reflect on the fact that all this can happen with your “iron friend”!

Virtual and real

Traditionally, every hour in the NeoQUEST Twitter will be published various tasks in the framework of the "Examination of information security". The best guest member will be waiting for a prize! In addition, guests are waiting for fun contests from our permanent leader Dmitry Kuzenyatkin, both team and single. Gifts and dedication in the Cyber ​​Lodge of Masons rely on themselves (NeoQUEST-2015 will revolve around such a mysterious legend, the same subject awaits the participants of hackquest!).

Escape-room

In the lobby will be assembled Escape-room: carefully look around when you find yourself locked in it. Tips on how to get out - next! Everyone will be able to feel like a hero of spy movies, hiding from surveillance cameras and bypassing signaling devices. Those who go unnoticed to the end, opening all doors without the use of brute force, will also be awarded a prize and dedication to the Masonic Lodge.

What? Where? When?

CDC «Club House» is located within walking distance from the metro station Petrogradskaya, at the address: St. Petersburg, Medikov Avenue, Building 3, Building 1. How to get from the metro, you can see here . For the guests of NeoQUEST-2015, the event will begin at 11:00, for the hackquest participants, the time will be different, and each of them will be notified personally.

NeoQUEST is held for the fourth time, and this year with the support of the Cyber ​​Security Division of the St. Petersburg Polytechnic University (Department of Information Security of Computer Systems ).

NeoQUEST is a cyber-safe St. Petersburg summer event, organized not only to meet professionals and colleagues, but also to broaden the horizons of knowledge of newcomers who take the first steps in understanding information security! We are waiting for all those who are passionate about information security and are ready to expand the horizons of their knowledge!