New in PHDays: Supercomputer Protection, iOS Application Security, and Exploit Sale


    Not so long ago, the first wave of the Call For Papers information security forum PHDays V took place . We present to your attention a new portion of performances, which will be heard May 26–27 in Moscow (the first and second announcements can be read on Habrahabr ). Speakers will tell you how to increase the security of an iOS application, how the supercomputer attracts hackers and how to protect it, as well as talk about the relationship between sellers and buyers of exploits of zero-day vulnerabilities.

    Debug Automation

    Alexander Tarasenko will talk about debug automation using the WinDbg tool. Students will gain practical scripting skills using the built-in WinDbg engine, as well as using Python and the Pykd extension. The report may be of interest to code researchers and developers of software that requires the use of non-standard debugging tools.

    IOS app security

    An OWASP member and IS specialist at Emirates Airlines, Prateek Gianchandani, will conduct a master class on creating exploits for iOS applications. During the demonstration, the speaker will use a specially developed application containing typical vulnerabilities. Listeners will learn how to increase the security level of an iOS application at the stage of its development. At the end of the introductory part, everyone will be able to try their hand at testing applications.

    Watching Supercomputers

    Employees of the German information security company ERNW Felix Wilhelm (Felix Wilhelm) and Florian Grunov (Florian Grunow) will talk about the file system IBM General Parallel File System, which is used in some well-known supercomputers (for example, Watson from IBM), its architecture and vulnerabilities. The popularity of the system makes it the goal of cybercriminals who are interested not only in stored data, but also in the ability to gain access to the computing resources of powerful computers. Speakers will demonstrate the exploitation of two real IBM GPFS security errors.

    Exploit Sale

    Alfonso De Gregorio, the founder of BeeWise project and chief consultant of secYOUre, will talk about morals prevailing in the exploit market of zero-day vulnerabilities: the relationships between sellers and buyers of such tools that have developed on popular sites will be described.

    Hacking hashes at fifth speed

    Alexey Cherepanov, who participated in the development of the well-known password cracking utility John the Ripper and supports a GUI interface for it, at PHDays V will talk about increasing the speed of cracking hashes using code generation methods.

    Quick and useful

    In addition to standard lectures, an extensive FastTrack is planned in the PHDays V program, consisting of rich and dynamic fifteen-minute speeches.

    Forum visitors will learn about how attacks on a GSM network with a base station spoofing allow you to listen to any GSM phone - Sergey Kharkov, an employee of the NRNU MEPhI engineering center, will talk about this.

    In addition, Kudelski Security cryptographer and security specialist Sylvain Pelissier, using the GNU / Linux eCryptfs file system as an example, will show that file encryption can be used to crack passwords in some cases.

    From the story of Denis Gorchakov, listeners learn about how to counteract payment fraud in the network of a telecom operator. It will be about a software and hardware complex for virus analysis for Android OS, identification of control centers (online & SMS) by botnets from infected devices, data collectors and battery accounts.

    How to become a speaker

    On February 16, the second wave of Call For Papers started . Acceptance of works will last until March 31, so you still have a chance to become a presenter of the upcoming PHDays.

    We also invite you to participate in the CFP of friends of our forum - the HITB conference .

    See you at Positive Hack Days V!

    Also popular now: