New on PHDays VII: Hacking IPv6 Networks, Future WAFs, and POS Terminals

Preparation for PHDays VII is in full swing. At the beginning of the year we received 50 applications for reports and workshops from Russia, Europe, Asia, Africa, North and South America, and on February 1, the second stage of Call for Papers started. As promised, we announce the first group of participants included in the main technical program. This year, PHDays students will learn how to hack IPv6 networks, how they steal money using POS terminals and what the next generation WAF will be.

Payment System Insecurity: POS Terminal Vulnerabilities

Today, almost all shops and services are equipped with special POS-terminals (point of sale) for processing transactions for financial settlements on plastic cards with magnetic stripe and smart cards. Terminals are widely used in different countries, and of course, where the money - there are attackers. So, in the autumn of 2013, two hackers were detained, who hacked hundreds of POS terminals and stole the payment details of more than 100,000 Amer . Hackers scanned the Internet for vulnerable devices that support the RDP protocol, accessed them and installed a keylogger on the terminals.
')
On PHDays VII, Gabriel Bergel, Strategic Planning Director at Dreamlab Technologies of Switzerland and Chief Security Officer at 11Paths, will talk about vulnerabilities in POS terminal protocols and possible deception methods: from using card readers, intercepting and modifying data, installing third-party software to hardware hacking of the terminal.

Alternative Vulnerability Detection Techniques

Last November, Head of Research at PortSwigger Web Security, James Kettle, released an open source scanner that uses an alternative approach to finding vulnerabilities. Existing security scanners currently search for server vulnerabilities by signatures using a specific set of rules specific to each system, which is reminiscent of how antivirus programs work. James will share his experience developing a scanner that can find and confirm the presence of both well-known and rare classes of vulnerabilities.

Safety of industrial systems: and again holes

Brian Gorenck, head of Trend Micro's vulnerability research department, and part-time leader of the Zero Day Initiative (ZDI), the largest independent software bug search program, will speak at PHDays. Brian will present the results of a detailed analysis based on a study of more than 200 SCADA / HMI vulnerabilities. Listeners will learn about popular vulnerability types in Schneider Electric, Siemens, General Electric, and Advantech solutions and vendor patch release policies, and will receive recommendations on how to detect critical vulnerabilities in the underlying code.

Do WAFs dream about static analyzers?

For most modern WAFs, the protected application is a black box: HTTP requests at the entrance, HTTP answers at the output — that's all that is available to the firewall for making decisions and building a statistical model. Even if WAF has the ability to intercept all applications to the outside world (file system, sockets, DB, etc.), this will only improve the quality of heuristic methods, but it will not help in the transition to formal methods of proof of attack. But what if you teach WAF how to work with an application model that is obtained as a result of static analysis of its code and supplemented directly during the processing of each HTTP request?

Vladimir Kochetkov, a leading expert at Positive Technologies and one of the organizers of the community of developers interested in application security issues, the Positive Development User Group, will highlight aspects of the implementation of a new web firewall concept, which treats the protected application as a white box and relies on formal attack detection methods instead heuristic.

The future of machine learning

Intel’s security engineer Anto Joseph’s talk is about machine learning: you’ll learn about classification based on Boolean principles, as well as classifications used in many common machine learning systems. Anto Joseph will show an example of deploying pipeline safety systems based on machine learning principles and developed using the Apache Spark framework.

IPv6 on the gun

The whole world is moving to a new version of the Internet Protocol IP - IPv6. It should solve the problems of the Internet addresses that IPv4 has encountered by using the address length of 128 bits. This means that every device with Internet access will receive a unique IP address. However, with the transition to IPv6, the rules of the “network intelligence” game have changed: it becomes more difficult to use the address search method, as is the case with IPv4, due to an increase in the address space.

An expert and security consultant at SI6 Networks, Fernando Gaunt, did an IPv6 security analysis. As part of PHDays VII, he will hold a master class on working out methods for investigating and hacking IPv6 networks, and also will talk about the latest technologies in the field of IPv6 networks research, described in RFC 7707 regulatory document.

***

So, this is only part of the first wave reports. In the near future we will talk about several interesting topics and speakers - stay tuned. If you want to become a PHDays VII speaker, you still have time to submit an application by March 15, 2017. We remind you that the results will be announced on March 30, 2017. A full list of presentations will be published in April on the official PHDays VII website. Learn more about topics and rules for participation on the Call for Papers page.

The conference will be held on May 23 and 24, 2017 in Moscow, in the World Trade Center. Register and buy tickets here . Ticket price for two days of the forum - 9600 rubles, 7337 rubles - for one day.