Materials of the ZeroNights 0x01 Conference

This post is intended to collect all the materials (priority presentations) of the ZeroNights conference held on November 25 in St. Petersburg, before their “official” publication on the conference website (who can not stand it, and maybe it will help the organizers). Useful for those who have not been, and those who want to once again review / re-read the materials.

- all presentations in upd 2 ---

I would very much like to thank Bitworks , where I work not so long ago, but which sent me to this conference at its own expense - from snowy Siberia to rainy Petersburg.

Track # 1

1. Marcus Niemets - “UI Redressing and Clickjacking: Data Theft and Fraud
Clicks ” UI Redressing: Attacks and Countermeasures Revisited. (pdf)

2. Report by Jonathan Brossar “Analysis of memory after its damage.” was replaced by a report on SCADA systems, unfortunately I did not attend it (I don’t even know what to look for).

3. Alexey Sintsov - “Where is the money?”

4. Fedor Yarochkin - “Analysis of illegal Internet activities”
[video 0.37 min] [video 20.01 min] [video 9.38 min]

5. Philippe Langlois - “The dangers of 3G and LTE: from the radio to the core of the network and protocols.”
Getting in the SS7 kingdom: hard technology and disturbingly easy hacks to get entry points in the walled garden. (pdf)

6. Dmitry Schelkunov, Vasily Bukasov - “On practical deobfuscation”


7. Anton Bolshakov - “United anti-crime. Open source. "

8. Nikita Tarakanov - “Kernel Pool Overflow: from Windows XP to Windows 8”
You can read here

9. Ivan Medvedev - “Software for SDL (Security Development Lifecycle)”

Track # 2

1. Alexey Lukatsky - “The Boston matrix of cyber crime or what is the modern hacker’s business model?”
[ video 2.35 min ]

2. Alexander Matrosov, Evgeny Rodionov - “Current trends in the development of malware for remote banking systems”


3. Andrey Beshkov - “Behind the scenes of Windows Update. From vulnerability to patch. ”

4. Sergey Gordeychik - “How to hack a telecom and stay alive”

( English version )

5. Vladimir Vorontsov - “Vulnerabilities in splitting an HTTP response, introducing headers, and infecting a cache: back in service”

Fasttrack

# Alexander Polyakov - “Do not touch, or it will fall apart: hacking business applications in extreme conditions”

# Nikita Abdullin - “Techniques for researching embedded MIPS devices using the example of DrayTek SOHO routers”

# Dmitry Chastukhin - “Practical attacks on Internet kiosks and payment kiosks” terminals ”

# Andrey Labunets -“ Methods of tracing network traffic to search for vulnerabilities ”


# Dmitry “D1g1” Evdokimov - “DBI: Intro”

# Artyom Shishkin - “The method of printing interception by modifying Windows GDI”

# Alexey Krasnov - “We all learned a little, something and somehow”
[video 9.00 min]

# Maxim Sukhanov - “Fraud in RBS systems: problems encountered in the production of forensic computer-technical examinations”

# Alexander Matrosov, Evgeny Rodionov - “Win32 / Duqu: involution of the Stuxnet worm”


# Vladimir Kropotov - “The evolution of the Drive-By-Download attack before and after the publication of vulnerabilities through the eyes of an information security analyst.”

# Denis Baranov - “Root through XSS”


Evening 0day:
Alexander Polyakov - [video 6.54 min]

A short video like this:


A little photo, as it were: picasaweb.google.com/106780973074407646953/ZeroNights2011

=== I personally advise the speech of Fedor Yarochkin, very sensible and interesting ===

PS The post will be updated. We leave links to materials in the comments (I saw by the way, some shot the video, it will also be necessary) and I will immediately add them to the post.

UPD: Added presentation "Network Tracing Methods for Vulnerability
Scan " UPD2: All presentations by tag - www.slideshare.net/DefconRussia/tag/zeronights-2011