⬆️ ⬇️

ZeroNights 2018. Reload

ZeroNights is an international conference dedicated to the practical aspects of information security. This year, the anniversary conference 2 ^ 3 ZeroNights will be held November 20-21 at Club A2, St. Petersburg. New location - a new conference format.





What's new?



One hall - one track. Conference reports from IS rock stars and only beginners, but with original and relevant topics, you will hear from the main club scene, which featured Limp Bizkit, Smashing Pumpkins, Fall Out Boy, New Order, and the educational and interactive sections will be held in a separate the hall. The main thing in the speeches is the idea, the thought and the knowledge that tags will perfectly express, and not the usual section names.



New CFP system, you can get acquainted with it on the site . If necessary, the organizing committee will help the speakers to prepare the coolest performance! Do not miss the deadline for applications - October 20.



Own style. ZeroNights 2018 style is a stencilled graffiti, an original street art genre, which grew out of disorderly conduct. He clearly expresses a challenge to society and the individual.

')

Main report of the conference







The keynote speaker at ZeroNights 2018 will be our good friend Dillon '@ L33tdawg' Cannabhire, CEO of Hack in The Box . HITB is one of the most famous and oldest security conferences in the world of practical security. HITB organizers hold their conference in Kuala Lumpur, Malaysia, Amsterdam, Beijing and Dubai! To whom, if not them, is it better to know what a security conference is. In his speech, Dillon will tell you how modern hacker conferences have seen in the past, how they developed and will present what to expect from the future.



First approved reports



Speakers - Alexandre Gese, Fabien Périgueux and Jofri Charna

Turning your BMC into a revolving door



Description of the report
Late installation of patches for BMC and the lack of control over their work almost always leads to the erosion of the security of complex network infrastructures and data centers. A study of HPE iLO systems (4 and 5) revealed a number of vulnerabilities, the operation of one of which allows you to completely compromise the iLO chip with the host system itself. From the report you will learn how the successful exploitation of the found vulnerabilities can turn the iLO BMC into a “revolving door” between the administrative and production networks.



Speakers - Junyou Zhou, Wenshu Wu and Jiantao Li

Who owned your code: Attack faces against Git web servers used by thousands of developers



Description of the report
The speakers will explain how in 2018 they carried out several successful remote attacks against popular Git web servers, including Gitlab, Github enterprise, Gogs and Gitea. The speakers will explain how the used technique works, present the discovered zero-day vulnerabilities and a completely new attack surface of Git web servers, as well as two chains of attacks on Gogs leading to RCE.



Speaker - Denis Selyanin

Research Marvell Avastar Wi-Fi: from zero knowledge to over-the-air zero-touch RCE



Description of the report
The vulnerability of Broadcom BCM43xx Wi-Fi chipsets was widely discussed last year. Exploiting vulnerabilities in the firmware of these chips, researchers could develop exploits that allow access to the device without user interaction. No matter how protected the device's OS is, there is a separate chip in the system that performs the parsing of Wi-Fi frames and does not have any means of protection against exploitation of vulnerabilities. This presentation will look at the design and operation of Wi-Fi vulnerabilities of Marvell Avastar chips, the possible attack surface of these devices and some algorithms of the real-time operating system ThreadX, on the basis of which the firmware of these devices are implemented, as well as techniques that make it easier to analyze such devices.



Speaker - Khoksen Kore

Diffing C source codes to binaries



Description of the report
Often during the course of a project, a reverse engineer has to import symbols from open access or leaked code bases into IDA databases. The most obvious solution that comes to mind in such situations is to compile into binary, execute diff and import matches. However, as a rule, the problem is complicated by compiler optimization, a set of used flags and other technical issues. The problem may become intractable, since the new versions of the compiler are not able to correctly handle the source code, presented only in the form of separate pieces. In this report, we will discuss the algorithms for importing characters "directly" from the source C-code into the IDA database and present to the listeners a tool (which most likely will work in conjunction with Diaphora) allowing it to be done.



Speakers - Ilya Nesterov and Sergey Shekyan

Unveiling the cloak:



Description of the report
A report on the amazing world of cloaking and how this technology has evolved from a simple IP filtering technique into a comprehensive platform used for fraud and bot detection. Web cloaking is used to disguise pornographic or propaganda content, cryptocurrency, as well as websites that distribute malicious software. Listeners will learn about the needs of the market in ways to prevent detours, control the level of cloaking-a complexity, and how to get rid of the web cloaking once and for all. We will also discuss what common web cloaking has with modern fraud methods and automatic detection systems, existing methodologies for minimizing the effects of web cloaking, and new protection mechanisms.



Speakers - Jianing Wang and Junyu Zhou

Ntlm Relay Reloaded: Attack methods you do not know



Description of the report
Many years have passed since the introduction of the NTLM authentication protocol in Windows. The NTLM relay attacks themselves have gained immense popularity among intruders during this time, and Microsoft managed to release a lot of patches to counter them. Speakers will talk about two new attack vectors. The first implies theft of NTLM Hash from Chrome (previously, attacks were only spreading to IE / Edge). When the browser-related services are compromised, the attacker can remotely execute his code without any user interaction. The second is to bypass the patch MS08-068 and remotely execute the code by transferring the Net-NTLM Hash to the machine itself. During the report, a tool will also be presented to automate such attacks.



Program:



Reports (15/30/45 minutes)



As always, all the most relevant and important about the protection and attack from security researchers from around the world. Our strict CFP committee selects reports, so be sure that only hardcore is waiting for you at the conference - no advertising, paid speeches or "water".



Webville



Innovation last year, which everyone liked so much, that it began to copy other conferences. On WebVillage you will learn about modern attacks on web applications, try yourself as an attacker, find out how the modern web works, and be able to participate in contests! Web Village is a place where people talk about the web, bugbounty, cool finds and funny situations. This year, WebVillage will occupy a separate room for one day of the conference.



Hardwarezone



This is an area for people interested in hardware and software and hardware security. The opportunity to demonstrate your favorite tools in battle and try something new with real examples. Within two days of ZeroNights, you will be able to discuss attacks on wireless technologies: from simple radio protocols to payment systems, low-level attacks and blackbox analysis techniques of embedded devices, industrial automation. Here you are waiting for reports on the practice and the application of the knowledge gained in solving competitive tasks.



Contests



At the conference site, our partners and friendly communities will hold contests for hacking systems and more. Do not forget to check your skills and win valuable prizes! We will tell you more about contests later. In the meantime, start preparing software and hardware for your laptops that will help you with hacking;)



A party







What is a non-party conference? November 20, after the end of the official program, we are going to a party at the A2 nightclub. Networking, communication and meeting with speakers, new projects and your DJ!



Tickets



Remember, CFP closes on October 20th! You still have the opportunity to speak at one

the scene with the best representatives of the whitehat community.



Tickets for the conference are already on sale, the number is limited. Also soon we will announce the annual ZeroNights HackQuest , where you can win tickets;)

Source: https://habr.com/ru/post/426573/



All Articles