Russian look at the Power of Community conference in Seoul

At the beginning of November 2012, the PositiveTechnologies shock team was reckless to accept the invitation of the organizers and to speak at the Power of Community (POC) conference in Seoul (South Korea).

While the impressions have not been dispelled, I want to share how security is done in the Land of Morning Freshness.

Under the cut a lot of photos.

About the conference

The POC Conference is the largest regional information security event, bringing together more than 300 experts from Korea, China, Japan and other nearby countries. This year the event is being held for the seventh time.

Conference website: http://www.powerofcommunity.net
Hashtag on Twitter: # POC2012

Me and Power of Community

There are a lot of Europeans on the site, whose lame fate brought to the region. Three Russians came this time: Sergey Gordeychik (I) and Gleb Gritsay from Positive Technologies , as well as AlexandrPolyakov from Digital Security.

PoC preparty

However, there were much more Russian speakers. From Andrei Kostin (roots src = USSR) to ex-NSA Tom Creedon of iDefence - winner of the Drinking Hell.

Suddenly, Tao Wan from a Chinese IBM hosted a stunning karaoke session with us (Black Raven, Moscow Nights, etc.). So you understand that Russia is a Far Eastern power.

Power of XX

Conference is held in one thread. In parallel, in a separate room, several hacker activities take place.

In addition to various geek contests a la blind programming and the battle of overclockers, this year the organizers presented a real surprise - CTF competitions, in which only girls participated.

Here it is, the power of XX

I obviously couldn’t take part in the competition and evaluate the complexity of the tasks due to the wrong set of chromosomes, but HexView, Burp and OllyDbg flashed on laptop screens, which is good.

The Pussy Cat team won the competition by a bit ahead of secu.

Final scoreboard

Reports

The conference program is focused on the practical aspects of information security, but the organizers do not adhere to some kind of “party line” and simply include reports from the best experts from around the world.

Local features - a number of performances were in Korean and Chinese, which somewhat complicated the understanding. If it turned out that the slides were a work of calligraphic art full of hieroglyphs, then I could only catch the speakers after the speech, since the site is small.

Hence the conclusion: we make slides in English.

Sync

Personally, I really liked Tao Wan's talk about the Chinese hacking scene (a little more in the note ). An excellent bunch of reports was devoted to Windows 8. After Chengyun Chu from Microsoft made a review of the new built-in security features of the new OS and stated that it would be very difficult to write exploits for it, MJ0011 showed some workarounds and, as I understand it, mentioned SMEP, with whom we have already played a little .

Nice report by Luigi Auriemma and Donato Ferranteabout attacks on online games. A couple of 0day in Call of Duty will surely interest all cheaters. For Luigi, this was the first performance on the big stage, and he was slightly nervous. I had to hold emergency consultations to combat the "bad adrenaline." Hope that helps.

Links: http://www.techhive.com/article/2013725/researchers-uncover-hole-in-call-of-duty-modern-warfare-3.html , http://revuln.com/files/ReVuln_CoDMW3_null_pointer_dereference. pdf

[Re] Vuln. Start

By the way, Donato and Luigi decided to unite and organize the company [Re] Vuln . It’s just great when talented people get together and do something new. Good luck guys!

Andrei Costin cheated on his favorite printers and talked about the ADS-B dispatcher security system. More precisely, the complete absence of any security system. Falsification of aircraft coordinates, false reports of malfunctions and a terrorist threat - all this is available to a lazy person.

Babah!

Iron is for sale, software is open source. More details: http://www.andreicostin.com/papers/adsb_blackhat12us_slides.pdf ,http://www.forbes.com/sites/andygreenberg/2012/07/25/next-gen-air-traffic-control-vulnerable-to-hackers-spoofing-planes-out-of-thin-air/

About us favorite

themes The development of the “Die Hard - 4” scenario was continued by Gleb Gritsay and I.

We are performing

The SCADA Strangelove: How I Learned to Start Worrying and Love Nuclear Plants report summarized the current results of our company's research in the field of ICS safety. In addition to a couple of dozens of new vulnerabilities in PLC / SCADA / HMI, including Siemens SIMATIC WinCC, PLCScan utilities, the Metasploit WinCC Harvester module, and the approach of agentless client-side fingerpring systems with HMI software surfing the Internet based on Surfpatrol were presented. Learn more about releases here .

The salvation of mankind is the work of hands ...

Safety comes first! (at one of the ACS TP audits)

Immediately after the performance, we received an invitation to AV Tokyo. This, it seems to me, is a sign that we were not in vain digging the code of industrial systems and wearing helmets at audits.

Yes, this is about us.

Unfortunately, I had to refuse the opportunity to speak in the capital of the Country of the Rising Sun, because this week Positive Technologies is celebrating its 10th anniversary, and instead of lighting it with the Japanese hacker community, I will have to take off on corporate parties in Moscow.

Japanese hacker community ignites

Anyway. But I saw a booklet about MaxPatrol in Korean, which inspires.

PT @ Korea

Power of Community

An integral part of any successful conference is a party. For this, all conditions were created at POC2012: traditional Korean dinners, formal and informal parties, battles with Benny about the need to drink local beer despite the presence of the Leffe menu ...

Unfortunately, I could not fight for the honor of the Russian people in Drinking Hell, I found only cooking.

Drinking hell under construction

But Gleb did not disappoint and took an honorable third place.

Korea

I would like to say a few words about Korean cuisine. For me, a nee Khabarovsk citizen who grew up on kim-chi, “Korean” carrots and dried squid, not to mention the basis of the student’s diet - Doshirake, a visit to Korea is a birthday and a feast of the stomach. Tasty food everywhere, from the Michelin-starred restaurant to the street tray. Although you should not forget that in Korean, “tasty” and “spicy” are almost synonyms.

Om-Nom-nom!

I often hear about the beauty of the Moscow metro. Friends, you probably were not in the Seoul subway!

Simple, ugly Seoul metro

In general, Seoul impresses with an eclectic combination of skyscrapers, Buddhist temples, high-tech gadgets and traditional gymnastics exercises in the subway, on the street and in general everywhere ...

Seoul

I left POC2012 with a lot of ideas, a bunch of new acquaintances and a touch of regret. So everything went fine!

Many thanks to the organizers and Vangelis personally , the speakers and all the participants for the wonderful event!

Preparing for POC2012

PS On the plane from Seoul to Moscow, Gleb and Alexander indulged a little with the AirBus multimedia system.

SOMETHING WICKED THIS WAY COME!

PPS Several links to articles written based on our report:

searchsecurity.techtarget.com/news/2240171014/Report-highlighting-SCADA-insecurities-alarmist-says-ICS-expert

www.digitalbond.com/2012/11/08/siemens -time-for-code-review-sdl

www.computerworld.com/s/article/9233378/Siemens_software_targeted_by_Stuxnet_still_full_of_holes

www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240049917/scada-seost-incurity -stuxnet-world.html

Posted by Sergey Gordeychik, Technical Director, Positive Technologies .