Best PHDays IV Papers: Snooping, Hacking, and National Cyber ​​Warfare Features

    image

    At large conferences, where the reports go in several streams, a special version of Murphy’s law often works, according to which the most interesting (for you personally) sections are delivered simultaneously. If you choose one, you won’t get into the others. What to do?

    In the case of the Positive Hack Days international security forum, you can solve this problem by watching the speeches you are interested in. This will be especially true for those who did not attend the conference at all. All video files are on the site: phdays.ru/broadcast/ .

    However, to look at the records of all the halls in a row, for both days, this is an option for oh-so-very patient people. It’s more logical to look by topic or by author: first read the report descriptions in the program , and then select a specific report in the video list.

    Here, however, one must understand: the descriptions were written before the conference, when it was still unknown how good this or that report would be. Maybe he only has a cool name, but inside is boring? .. Therefore, we offer you a third way: by popularity. We analyzed feedback from PHDays participants and collected ten of the most successful reports. Here they are:

    1) “Big data in social networks: you do not need a special NSA surveillance”


    Artificial intelligence specialist Igor Ashmanov began the report by saying that he himself was not interested in information security and accidentally got to the conference. But then he told so much interesting about the study of people using social networks that the audience did not let him go for another hour after the end of the report. Slides about the composition of the Navalny’s gang, as well as the rating of liberal and patriotic media based on the analysis of reposts on Twitter and Facebook, are especially cited on the Internet .

    Video: http://live.digitaloctober.ru/embed/2990#time1400666542

    2) “Life after Snowden. Modern Internet Intelligence Toolkit »


    If Ashmanov’s report used social networks for generalized research, the head of the competitive intelligence department of the “Academy of Information Systems” Andrey Masalovich showed techniques for more targeted collection of confidential data. Many examples were demonstrated live on the sites of the Pentagon. And the most cited slide from the report is the collection of passport scans by a simple search on Vkontakte .

    Video: http://live.digitaloctober.ru/embed/2999#time1400760000

    3) “How to eavesdrop on a person on the other side of the globe”


    Of course, the publication of telephone conversations of well-known politicians is a very fashionable topic in the press, and it is no coincidence that it fell into the title of the report. However, Positive Technologies experts Dmitry Kurbatov and Sergey Puzankov spoke not only about wiretapping, but also about many other hacker opportunities in the SS7 signaling network - including DoS attacks, fraud, money transfer, SMS interception and location of the subscriber without his knowledge.

    Video: live.digitaloctober.ru/embed/2990#time1400670335

    4) “Comparison of the hackers of Iran, China and North Korea”


    William Hagestad served in the United States Marine Corps for more than 20 years, and now is a major specialist in military cyber technologies from different countries. He began his report in Chinese - as an example of another culture that is completely incomprehensible to Westerners, including information security issues. You can simply sort out your further presentation by quoting: “If you have a question, stop me and ask right away, because I love the multitasking mode.” It is difficult to imagine such a vivid report by, say, a representative of the Russian Ministry of Defense ... Although, maybe they will accept the challenge and answer at the next PHDays conference?

    Video: live.digitaloctober.ru/embed/2996#time1400756290

    5) “State and information security”


    The organizers invited very different people to this round table: there were a representative of the Ministry of Foreign Affairs, a member of the Federation Council, the head of the National Domain Coordination Center, a researcher from the HSE, the head of an analytical company and two hackers. Section moderator, former chief editor of Webplanet magazine Alexei Andreev invited the audience to talk about new laws governing the Internet - but not in general terms, but in a security language. Why is a blogger once having 3,000 readers suddenly dangerous? Why will Russia never join the Budapest Convention on the fight against cyber crime? Where is ICANN's Golden Egg hiding? How much does hacking a Yarosh mailbox cost? It turned out to be messy, but interesting.

    Video: live.digitaloctober.ru/embed/2996#time1400738565

    6) "Intercepter-NG: a new generation sniffer"


    The head of PentestIT training department Alexander Dmitrenko spoke about the development of “the most advanced tool for recovering data from traffic”. Schemes of some little-known attacks were dismantled. The author of the sniffer, presented as Ares, corresponded with Edward Snowden, who was interested in the work of this tool with large amounts of data. Thus, it turned out that Western children play Russian toys!

    Video: live.digitaloctober.ru/embed/2991#time1400677520

    7) “On the search for binary zero-day vulnerabilities in 2014”


    There were a lot of female hackers (or security experts) at PHDays this year. Here and the Korean CTF team, which consisted of only girls, and connoisseurs of the cute SORM , and the finalists of Young School . But Alisa Shevchenko, the head of her own company Esage Lab, distinguished herself at this conference twice. She not only read a report on her own fuzzing techniques with examples of “holes” in Microsoft Word and Microsoft XML, but she also won the Critical Infrastructure Attack contest, finding several serious vulnerabilities in the latest versions of real SCADA systems. At the same time, according to Alice, the search for binary vulnerabilities is not her main job: just a hobby "for a couple of hours in the evening."

    Video: live.digitaloctober.ru/embed/3000#time1400742033

    8) “Impression: do not break, make your key”


    Representatives of the American Open Organization for Lockbreakers (this is how the abbreviation TOOOL stands for ) came to PHDays for the second time. For two days, their tables were constantly surrounded by a crowd. What most people saw only in the cinema, one could try it here with their own hands: to crack the classic door lock with a pair of simple metal hooks. This year the TOOOL team not only showed the work with master keys, but also the impression technique: to open the lock, you only need a key blank, a sharp eye and a file.

    Video: live.digitaloctober.ru/embed/2996#time1400760340

    9) "SCADA Strangelove: hacking in the name of"


    Sergey Gordeychik and six other Positive Technologies experts told several stories about vulnerabilities in automated control systems used in various fields: here are electricity meters, oil producers, and even hadron collider. Vendors are also different - ABB, Emerson, Honeywell, Siemens. For two years of working with SCADA-systems, the company discovered more than 200 zero-day vulnerabilities, but only those that could already be talked about were selected for the presentation - because manufacturers had already eliminated them. Speakers hinted that they still have many such stories for next year.

    Video: live.digitaloctober.ru/embed/2990#time1400663085

    10).............. .


    Void in tenth place is not a mistake. We just decided to invite you to choose what should be written here. Which report on PHDays IV did you personally like the most? Suddenly we missed something? Tell us in the comments!

    Also popular now: