Back to Home

Pentestit Security Conference 2017: reports / Pentestit blog

Pentestit Security Conference 2017

Pentestit Security Conference 2017: reports

    image
     
    Colleagues and friends! July 15, 2017 in Orel, the Pentestit Security Conference will be held - a conference dedicated to practical information security: testing for penetration of modern networks and systems, identifying vulnerabilities of telecommunication equipment, bypassing modern protective equipment, detecting and countering attacks, forensic analysis and investigation of incidents.

    Reports


    Only technical reports on the practical aspects of information security will be presented at the conference. At the moment, the following reports have been agreed (the list is being updated):

    GSM protocol stack implementation


    The report is devoted to OsmocomBB - this is a project whose goal is the free (Open Source) implementation of the GSM protocol stack. The conference will demonstrate the practical application of OpenBSC technology.

    Using radare2 when analyzing binary files


    Using the popular Radare2 framework for reverse engineering malware.

    Detection and analysis of spy scripts on the site


    Detection and analysis of phishing scripts, online skimmers and spies on modern sites based on CMS Wordpress, Joomla, Magento, etc. The problem of hacking sites for espionage. Counter options.

    OSINT Automation


    The use of automation when collecting information from open sources - Open Source Intelligence (OSINT).

    Vulnerabilities of IoT / embedded devices


    Vulnerabilities of the modern Internet of things: how minor errors lead to significant problems.

    Mobile application malware analysis


    As you know, Android is the most popular operating system for mobile devices today: smartphones, tablets and other gadgets. This makes this system the most attractive for spreading malware.

    MorphAES: polymorphic-evasive shellcodes


    Analysis of sandbox evasion bypass techniques and advanced security features.

    Vulners Burp Suite Presentation


    Presentation and review of the new vulnerability detection plugin for Burp Suite, an integrated web application security research platform.

    Forensic analysis of Windows


    A review of the existing problems in forensic analysis of Windows-based systems. Determining the main sources of data in the OS for further analysis. Review and analysis of existing tools and solutions for forensic analysis.

    Distributed Computer Attack Detection Systems


    The architecture of typical distributed network systems for detecting computer attacks. Classification of tasks during their development, difficulties and solutions.

    Heuristic malware detection algorithms


    The report will consider a number of mechanisms for heuristic detection of malicious code built using well-known machine learning methods - composition of decision trees, neural networks, hidden Markov models, taking into account the formation of a feature space based on the characteristics of executable files obtained during their static analysis.

    User authentication on the Internet using HTTP cookies


    The issues of user identification on the Internet based on the data of HTTP cookies stored on the device are considered. Practical approaches to building a user profile and subsequent implementation of the identification procedure are proposed.

    Topological WAF Implementation Options


    Implementation of Web Application Firewall. The view of the architect.

    Practical techniques for secure network setup


    Recently, the issue of safe configuration of network infrastructure has become increasingly relevant. The trend of recent years: the growth of infections of various network devices (cameras, routers, devices of the class of "Internet of things", etc.), not only companies, but also ordinary users. Previously, problems were often associated with a lack of qualifications (knowledge about the safe configuration of equipment in practice) of end users and employees of network companies, now the problem of bookmarking software and hardware has also been added.

    FailOpen: how WAFs get out of place when protecting modern web applications


    The report will carry out a case study of typical cases when web applications are organized in such a way that the WAFs protecting them are not technologically ready for the full implementation of their functions. Modern web technologies and interaction schemes for complex applications, including schemes 3ds, SSO, etc.

    Penetration Testing Laboratory "Test lab v.11"



     
    On June 30, 2017, the Pentestit team will launch a new, 11th penetration testing laboratory, dedicated to the opening of the conference. As always, the laboratory will be a copy of the company's real corporate network containing typical vulnerabilities and configuration errors, and anyone can participate. Currently, more than 15,000 people are registered in the laboratory!

    In addition to the main conference program, at the Pentestit Security Conference 2017 we will conduct a practical workshop on “Test lab v.11”, which includes methods and techniques for testing the penetration of modern information systems

    Conference visitors will have the opportunity to communicate in an informal setting with the creators of laboratories, take part in competitions and try their hand at hacking infrastructure that is as close to real as possible.

    Call for papers


    If you have something to tell about - demonstrate a new vector or attack scenario, show an interesting tool in action, share cool research - send applications to [email protected] (marked CFP).

    Become a partner


    We offer conference partners a specially designated area for placing stands and media support. Want to join? Contact us by phone +7 (495) 204-19-72 or email [email protected]. Enhancing brand loyalty at a hacker conference is really cool!

    Follow the news!


    In the following articles we will talk about the speakers, the preparation of the laboratory and much more. Links:

    - Conference site ;
    - The site of the laboratory "Test lab" ;
    - Telegram channel of the conference .

    Read Next