Technical program PHDays: analysis of the HummingBad trojan, which is malware for macOS and attacks on the Java Card

Positive Hack Days is inexorably approaching: more than 4,000 experts in practical security will gather in Moscow on May 23 and 24, 2017 to discuss the most pressing issues of information security. Quite recently, we announced the first group of speakers that fell into the main technical program. If you want to speak at one podium with renowned security experts, you have one last chance left - we extend Call For Papers until March 30. In the meantime, you are preparing applications for participation , we present a new batch of speeches.

For the first time, a former NSA employee, and now Synack Research Director Patack Wardle, will speak at PHDays. He is studying malware for macOS and is developing free tools to protect this platform, in particular, OverSight to protect the Mac webcam from spying. For a long time, Wardle argued that malware for OS X is comparable to Windows viruses 10-15 years old. Has anything changed? The speaker will acquaint the forum participants with the malware features for macOS, which appeared in 2016 (properties, infection vectors and resilience mechanisms), will tell about universal attack detection methods (generic detections) that ensure the safety of macOS.
')
Sergei Volokitin , a security analyst with the Netherlands company Riscure, explores the vulnerabilities of the Java Card platform used in modern smart cards. Most cards from different manufacturers do not ensure the integrity and confidentiality of data in protected containers. On PHDays, Sergey will talk about attacks on Java-based smart card containers, which allow an attacker to steal the cryptographic keys and PIN codes of other applets installed on the card.

More and more companies are resorting to security centers to scan and manage vulnerabilities. As a rule, in order to cover a larger number of systems and preserve the least privileges, the security center is placed in a demilitarized zone (DMZ). The report of an employee of the non-functional testing group in the field of financial services at EVRY, Alexander Kazimirova, is devoted to passive and active collection of information on an administration server with an established security center. Alexander will demonstrate how to move from the DMZ to the work environment using a Nessus scanner, which allows white hackers to penetrate the internal network where confidential information is stored.

The creator of NoSQL Exploitation Framework, Francis Alexander, will give a presentation at PHDays VII. The need for distributed applications is growing, and therefore there are coordination and configuration management tools for applications of this class. The expert will share the results of pentest of various configuration management systems, as well as present tools for distributed configuration management, for example, Apache ZooKeeper, HashiCorp Consul and Serf, CoreOS Etcd. Listeners will learn about how to create prints of these systems, as well as how to use typical configuration errors to increase the attack surface.

In 2016, the world learned about the Android Trojan HummingBad, which was created by the Chinese group of hackers Yingmob. HummingBad is downloaded along with applications from unverified sources. Once in the mobile device, the Trojan allows attackers to take full control of the device and use it for advertising fraud, for example, for clicks on advertising. Tens of millions of mobile devices have been infected with HummingBad. A year later, a new version of the Trojan, called HummingWhale. Check Point specialists conducted an investigation into one of the most common mobile botnets. How to deal with HummingBad - the head of the Check Point Reverse Engineering Group Andrei Polkovnichenko will tell.

A full list of speeches will be published in April on the official PHDays VII website. Learn more about topics and rules for participation on the Call for Papers page.