ZeroNights 2014: No Forbidden Topics


    There is very little time left before the start of the ZeroNights 2014 conference. Soon, a platform for a meeting of security experts, researchers, programmers, stars of the hacker world, and just good friends and acquaintances will open its doors to meet the new. This year, we tried not only to fill the event with high-quality content and various activities, but also to reveal new topics that are of practical importance for everyone who is not indifferent to information security problems.

    This time we invited Alexander Peslyak, also known as Solar Designer, as a keynote speaker! He is familiar to everyone as an excellent specialist with a wide range of knowledge in many areas, including not only attack methods, but also defense methods. His report, “Is infosec a game?” will open the conference on November 13 and promises to be special, not at all what everyone is used to seeing.

    Specially for Habrahabr visitors, we have made an approximate breakdown of reports by topic. So you can pre-determine for yourself which reports are close to you in spirit, the specifics of work, etc., in what activities you want to participate. Although, of course, you can use the approach of our techdir AlexandrPolyakov, who, as a rule, chooses speeches on unfamiliar topics - broadens his horizons, receiving information from advanced specialists in his field. As he says, "In those topics that I understand, I will understand and from the slides."

    So let's get started:

    • If you follow all the ups and downs in the world of cryptography, then you should pay attention to the following reports:

    1) Jean-Philippe Aumasson / Jean-Philippe Omasson (Switzerland) “Crypto programming, version 2”:
    2) Jake McGinty / Jake McGinty (Great Britain) “How to really anger the state system surveillance with its surveillance protection system:

    • If you are interested in web-technologies and web-security, then you should definitely visit the reports:

    1) Nicolas Gregoire / Nicolas Gregoire (France) “The hunt for the best rewards”:
    2) Georges Geshev (Great Britain) “Your MQ is my MQ”: .html # geshev
    3) Ivan Novikov (Russia) “Unexpected Expected Exceptions: An Alternative Look at Web Vulnerabilities”:
    4) Dmitry Bo0oM Bumov (Russia) “Deanonymization and Total Spying”:

    • If you are interested in how the security situation is in the mobile world, then you will definitely like these reports:

    1) Peter Hlavaty / Peter Hlavaty (Slovakia) “Racing with androids”:
    2) Kirill Nesterov, Timur Yunusov, Alexey Osipov (Russia) “4x4G: from SIM-card to GGSN” :
    3) Marco Grassi / Marco Grassi (Italy) “Analysis of application security on steroids”:
    4) And Workshop by Andrey Belenko (Russia ) on the topic "Forensics in iOS using OpenSource":

    • If you are not only awake, but also in a dream looking for vulnerabilities, write exploits, then such reports will be a joy for you:

    1) Patroklos Argyroudis / Patroclos Argiroudis (Greece) “Heapbleed Project”:
    2) Fabien DUCHENE / Fabien Duchenne (France) “Fazzer of states: evolutionary fuzzing '' black box ''”:
    3) Rene Freingruber / Rene Freingruber (Austria) “EMET 5.0 - armor or curtain?”:
    4) Peter Kamensky (Russia) “ Hardware virtualization in antivirus programs ”:
    5) Nikita Tarakanov (Russia)“ Past, present and future software exploitation techniques ”:

    • If you like to understand how everything is arranged and working (at the same time, the concept of “reverse” is not alien to you), you will probably want to drop by a visit to these speakers:

    1) Dmitry Schelkunov and Vasily Bukasov (Russia) “Deobfuscation and not only”:
    2) Sergey Soldatov and Mikhail Egorov (Russia) “Non-cryptographic study of Orthodox cryptography media, or How we tested security storing key information on tokens ... ”:
    3) And visit the Workshop by Anton Kochkov (Russia) and Julien Voisin / Julien Voisin (France)“ Reversing and debugging malware and firmware with using the radare2 framework:

    • If the words “hardware”, “power analysis”, the abbreviations JTAG, UART are used daily in your vocabulary, then here:

    1) Dmitry Nedospasov (Russia) “Chip reversing”:
    2) Workshop by Roman Korkikyan (Switzerland) “We are looking for keys of cryptographic algorithms through power consumption”: html # korkikyan

    • If the abbreviations ACS TP, ICS, SCADA, etc. are part of your work, then you will be interested in the following studies:

    1) Alexander Bolshev, Gleb Cherbov, Svetlana Cherkasova (Russia) “DTM components as secret keys to the kingdom of automated process control systems”:
    2) Jason Larsen / Jason Larsen (USA) “Miniaturization (how fit an entire attack on a technological process into a small microcontroller) ”:

    Not only breaking, but also building

    This year we decided to organize a special session in the framework of ZeroNights dedicated to real, practical protection. In this section, presentations will be made from those guys who are really concerned about protection, and not in words or in theory, but in practice.

    Our short reports:

    1) Igor Bulatenko (Qiwi, Russia) “DPI as a means of restricting access to the corporate network”:
    2) Karim Valiev (Mail.Ru Group, Russia) “SMM- monitoring guard the security of Internet services ”:
    3) Alexey Sintsov (Here, Russia)“ WAF in scale ”:
    4) Aleksey Karyabkin and Pavel Kulikov “Building a comprehensive system for analyzing incoming mail on OpenSource solutions”:

    The section will also include a lively discussion of the practical problems of using various protection technologies: RPKI, DNSSEC, DANE, etc. There are many useful and modern standards and technologies, why are we still using the old and unsafe? Why are advanced technologies being introduced slowly or ignored? Come to listen and participate in the discussion, it will be interesting and useful! Presenters - Anton Karpov (Yandex) and Alexander Lyamin (Qrator Labs)!

    Fast and Fast - FastTrack Section

    In addition, as always, the FastTrack section will work for us, where only 15 minutes are given for each report (everything is clear and in essence). The topic of performances is the most diverse. This year many releases of various instruments are expected in this section.

    1) Victor Alyushin (Russia) “Insecure factory settings and firmware”:
    2) Denis Makrushin, Stas Merzlyakov (Russia) “Parkagy: a new look at parking terminals”: 2014.zeronights. com / fasttrack.html # makmer
    3) Denis Kolegov, Oleg Broslavsky, Nikita Oleksov “Hidden channels in time based on HTTP protocol caching headers”:
    4) Eldar Zaitov (Russia) “Fast (and almost automatic) SSRF detection "
    5) Dmitry Vyukov (Russia) “Kernel AddressSanitizer: search for vulnerabilities in the Linux kernel”:
    6) Boris Ryutin (Russia) “Go to virmaker production ”:
    7) Vlad Roskov (Russia)“ +22: we reverse 64-bit binaries using Hex-Rays x86 Decompiler ”: roskov
    8) Roman Bazhin (Russia) “Oracle Database Communication Protocol through the eyes of the pentester, or Crude experiments on Oracle”:
    9) Anton Cherepanov (Russia) “Crouching Tiger”: 2014.zeronights. com / fasttrack.html # cherepanov
    10) Artem Shishkin, Mark Ermolov (Russia) "Bypass the kernel protection mechanism against modifications (patchguard) on Windows 8.1 and Windows 10":

    Also popular now: