The first reports of PHDays VI: how to break transport maps, set up hacker mousetraps and sell vulnerabilities for $ 100,000

On January 31, the first wave of applications for participation in the sixth international forum on practical security Positive Hack Days, which will be held in Moscow on May 17 and 18, 2016 in the Moscow International Trade Center, ended. Those who wish to speak at the forum, but did not have time to submit an application, will be able to do it soon: the second wave of Call for Papers will start on February 17th and last until March 31st!

In the meantime, we announce the first group of participants included in the main technical program. This year, PHDays students will learn how to break the big jackpot at Microsoft, how to test the security of transport systems with a smartphone, and find out all the ins and outs of the zero-day market vulnerabilities.
')

Trap for hackers

For the first time, a recognized expert on the suppression, prevention and liquidation of the effects of DDoS attacks Terrence Gareau will speak at PHDays. He will tell you how to create a honeypot (trap) and organize a service with updated data about the resulting DDoS bots using Kibana, Elasticsearch, Logstash and AMQP. For the last two years Terrence Garo worked with the team on a system for monitoring and collecting external statistics of DDoS attacks, and visitors to the forum will be able to familiarize themselves with its source code.

Award Hunters, or Who is Who in the Exploit Market

The participant of the fifth PHDays, the founder of the BeeWise project and the chief consultant of secYOUre, Alfonso de Gregorio, will again speak at the international forum on practical safety. He will continue the topic of exploit sales , launched last year . This time, Alfonso will talk in more detail about the participants of the exploit market and about the activity of the zero-day vulnerability broker and will reveal some aspects of business ethics.

How to make a perpetual ticket on the subway

The report of the Italian researcher Matteo Beccaro (Matteo Beccaro) is devoted to the general issues of transport security, fraud and technological failures. Matteo Beccaro will consider several serious vulnerabilities in real transport systems that use NFC technology. The key point of the presentation is the demonstration of an open application for testing transport systems from a smartphone. The report will be of interest to both professional pentesters and amateurs.

Protecting Web Applications with JavaScript

Implementing client-side JavaScript scripts can be used to detect and prevent various attacks, search for vulnerable client components, detect data leaks about the web application infrastructure, detect web bots and attack tools. Positive Technologies leading experts Denis Kolegov and Arseny Reutov will demonstrate how to protect web applications using JavaScript, as well as share their own methods of detecting injections without using signatures and filtering by regular expressions. Another issue that experts will consider is the concept of client-side JavaScript traps for SSRF, IDOR, Command Injection and CSRF attacks.

How to hit the jackpot at Microsoft

A few years ago, the American software giant Microsoft refused to take part in the Bug Bounty program, despite the fact that for competitors of the corporation, reward for vulnerabilities has long been common practice. In recent years, Microsoft has begun to pay remuneration for reports of certain types of vulnerabilities - from $ 100 to $ 100,000. Top 100 researchers participating in the program are published on a regular basis.

Jason Shirk - Chief Security Officer at the Microsoft Security Response Center tells the audience about the types of rewards and how the MSRC works with researchers, as well as reveals the secrets of major awards.

A full list of speeches will be published in April on the official PHDays VI website. In order to take part in the forum for free, you can come up with research in the field of information security , become a participant in one of the hacker contests or write the best cyberpunk story . Another way to get on PHDays VI is to buy a ticket. We remind you that from February 15 a ticket for two days of the forum costs 9600 rubles, for one day - 7337 rubles. From March 1, prices will rise to 14,400 and 9,600 rubles, respectively.