Russian hackers in Poland, or CONFidence 2012
Hello everybody! Today we would like to talk about our trip to the conference on information security CONFidence , which took place in Poland on May 23-24, in the city of Krakow. This conference was held this year for the 10th time. This report about the trip to the conference will be quite unusual, because we wrote it four together and partially right during the conference. But first things first.
About a month before the conference, we sent our current research (“Light and Dark Side of Code Instrumentation” and “How to hack VMware vCenter server in 60 seconds”) to the CFP conference, which we ( d1g1 , jug and d00kie ) carried out as part of the activity Digital Security Research Center. And our friends Andrei Petukhov and Karim Valiev (from Moscow State University) sent a report with the topic “You won't believe that blind can see: benchmarking SQL injection scanners”. These reports successfully passed the selection of the commission, and we all went to Poland (Alexey Sintsov, unfortunately, could not go for personal reasons). We chose the route St. Petersburg - Warsaw - Krakow, and our friends from Moscow - a direct flight to Krakow.
I would like to note that our research center has already been selected several times at CONFidence:
- 2010 (Krakow): Alexey Sintsov - “ You can't stop us: latest trends on exploit techniques ”
- 2010 (Prague): Alexey Sintsov, Alexander Polyakov - “ Stupid mistakes. Architecture and business logic vulnerabilities ”
- 2011 (Krakow): Alexey Sintsov - “ DNS for evil ”
- 2012 (Krakow): Alexander Minozhenko - “ How to hack VMware vCenter server in 60 seconds ”
- 2012 (Krakow): Dmitry Evdokimov - “ Light and Dark Side of Code Instrumentation ”
- 2013 (Krakow): In progress =)
Well, now let's go directly to the event itself. We will try to convey the atmosphere of CONFidence, but, of course, in order to feel it fully, we must visit it at least once. Specialists at the Digital Security Research Center have extensive experience attending international information security conferences, so I can confidently say that CONFidence is clearly different from everyone else.
So, upon arrival at Krakow airport, we were met by the lovely girl Justin (in general, during the conference, the speakers were three wonderful girls: Justin, Edith and Caroline). In addition to us, the legendary John Draper arrived at the same time.Also known as “Captain Crunch,” he flew from Los Angeles through Frankfurt (it took 10 hours to get there). For those who don’t know who Captain Crunch is: this is the man who invented the Blue box device and taught him how to make it Steve Jobs and Steve Wozniak (they then sold it, like Kevin Mitnik). This device has been used by freeloaders for free calls worldwide.
While we were driving to the hotel, he told a lot of interesting things about his past. It turns out that he was in Russia, in 1989, at some kind of academic conference, where he told Soviet scientists about computers. We were struck by the fact that, despite his venerable age, he is full of furious energy. Is an avid visitor of Burning man, loves to listen to psychedelic trance, goes on raves, and even does DJing. You can write a whole separate article about him! And we think that a book and a film about him are just around the corner.
All invited speakers lived in the four-star Galaxy Hotel, within walking distance of the city center.
Speakers were taken to the conference by car every morning. It took place not in Krakow itself, but in its suburbs, in nature, in the building of the former water treatment plant from the time of the Great Patriotic War.
The speakers had their own VIP-room, where they could calmly sit, prepare for their presentation or just chat, eat. This room was located in a nearby tower.
This time the conference was designed in the Soviet, proletarian style - this could be seen from the badges and posters.
At the conference, there were two parallel tracks in two large darkened rooms with beautiful lighting. Hall for the first track:
Hall for the second track:
We will not write about the reports themselves in detail, since all presentations are now available on the CONFidence website. The conference program amazes with the number of reports from the Americans: I recall at least 5 pieces. Communication with the speakers themselves opens up an interesting fact: this is not the first time everything at CONFidence. Of course, everyone knows that the so-called “party” gathers around each conference, which constantly goes there. The question is different: how did the permanent speakers of defcons and blackhats from the United States get there? The answer became obvious to us at the end - this is the attitude of the organizers to the speakers + the atmosphere and level of the conference itself.
The atmosphere at the conference is very homely: everyone actively gets to know each other, communicates, talks, exchanges experience. In general, the Poles are very kind people. However, this was probably also facilitated by the excellent weather, fresh air and beer in the bar. I personally managed to communicate well with the author of the once sensational exploit for vulnerabilities in the Windows .HLP file. It is also worth noting that people from other countries come to this conference for several years, not only as speakers, but also as visitors.
Any conference is always an opportunity to chat with the community, get to know someone interesting, upgrade skills in spoken English and in comprehension. Holivar was remembered from communication at the end of the first day after the welcome party, in which two representatives of academic circles and one practitioner came together. He told how cool he’s been for two years running bypass’s barracuda WAF (signature WAF, works on the basis of blacklists of bad patterns), which makes a living. Sandy 'Mouse' Clark and I said that bypass black-list filtering is monkey business. Especially considering the fact that all HTTP servers have their own HTTP parser, which is prone to queues like HPP and HPC. Accordingly, an intermediate parser can usually be passed with knowledge of the features of the target parser on the side of the web application ... They shouted at each other - hoo.
Lunch at CONFidence is a separate issue! A wonderful lunch in nature with a huge amount of barbecue, chicken, kebab, etc.
At one of the dinners for the speakers, I managed to talk with a person from the Core Group company - one of the organizers of the X-traction point. He said that they are organizing BlackHat Physical Penetration testing trainings, where they talk about breaking locks, alarms and unauthorized entry into the room, thereby raising awareness about physical security. These courses are very popular among public service employees.
Foreigners are very interested in the Russian hacker community. They told us a lot about how they sit on our forums and try to translate posts through google translate. In their eyes we have a very closed community and a lot of good, exclusive material. We were very pleased that they know the conference we are organizing - ZeroNights , and are going to attend it this year.
It is worth noting that this Polish conference has grown in such a huge number of activities that it has become like a festive fair with a lot of attractions: if you want, play karateka on atari, if you want, in Mortal Kombat 5 on PS3 (some of our delegation became MK champion ), if you want - participate in outdoor activities such as shooting or bypass'a motion sensors and surveillance cameras. Well, crackme, CTF and all sorts of hack quests, where without them. Add to this the sunny weather on the street, beer with a grill within walking distance, skillful DJing (the guys put exclusively famous compositions AC / DC, Metallica, Rammstein, Nightwish, Guns'n'Roses, etc.) - and you get an event where you want return both as a speaker and just as a gawker.
. On the territory of the conference there was an abandoned bunker from the Second World War, where this competition was held. Its essence was that the participants had to get into the bunker and save a cute girl. But it was not so simple, since the bunker was equipped with security systems, alarms, locks, surveillance cameras, turrets and security guards. It was necessary to apply the skills of breaking locks, computer networks, alarms and shooting. The winner is the one who saves the girl from the bunker faster than anyone and at the same time goes unnoticed. All participants had video cameras, and one could see live stream actions.
As for the cultural program, Krakow is a very beautiful ancient city. The symbol of the city is the dragon, and there are a lot of it.
PS Very soon, wait for reports of visits by our specialists with their new studies of the security conferences Just4meeting (Carcavelos, Portugal) and BlackHat USA (Las Vegas, USA).