Program⁠

Download the program in PDF format

November 15

November 15
11:30 — 12:00
Opening ceremony
Main Track
Russian
November 15
12:00 — 13:00
20 years of Information Security: researcher's view
Main Track
Russian
Over the past two decades, the world around us has significantly changed. There are new professions, new technologies and, of course, new problems with attempts to solve them. I was lucky to be involved in one of the most interesting and dynamic areas of modern times - Information Security. In my ...
November 15
13:00 — 14:00
Cashless payments: how it works
FINANCE.ZONE
Russian
To have an effective defence, it is crucial to understand the subject area. The presentation will show you the nuts and bolts of cashless payments in Banking. ...
November 15
13:00 — 14:00
Another way to bypass WAF: Cheat Sheet
WEB.ZONE
Russian
Bypassing Web Application Firewall can be done not only by messing with its signatures. Oftentimes it is possible to fly malicious requests under the radar of security, simply by sending the data in such a way that the firewall fails to register ...
November 15
13:00 — 14:00
Quick guide to Software Defined Radio
HARDWARE.ZONE
Russian
To understand how SDR works, one needs to have an understanding about these devices. In this report, I plan to investigate this issue and focus specifically on FPGA, which is an essential component of all modern SDRs. ...
November 15
13:00 — 14:00
We will charge you. How to [b]reach vendor's network using EV charging station
Main Track
Russian
During the past five years, the number of electric vehicles (EVs) in private use increased up to 2 million or even more. It is understandable that home EV charging stations are becoming more and more popular. Consumer market requirements call for new features to be implemented. Consumerism ...
November 15
14:00 — 15:00
November 15
14:00 — 15:00
DNS Rebinding in 2k18
WEB.ZONE
Russian
In this paper FBK CyberSecurity team will talk about an old yet still active attack, namely DNS Rebinding, which hasn’t lost relevance for so many years and even became more dangerous with the emergence of the IoT era ...
November 15
14:00 — 15:00
Getting to know GnuRadio
HARDWARE.ZONE
Russian
Some less than obvious specifics attributed to SDR (what is intermodulation, and why it’s bad, how to suppress a receiver by transmitting in the sideband frequency, as well as sensitivity and selectiveness of SDR). Modern types ...
November 15
15:00 — 16:00
Introduction to Circuit Design
HARDWARE.ZONE
Russian
The life-cycle of a project. Development of device architecture, its structural and functional circuits. The effect of decision-making on the circuitry and topology of the finished product. Prototype, experimental and mass-produced specimens. Ways to test the ...
November 15
15:00 — 16:00
Wake up, Neo: detection of virtualization via speculative execution
Main Track
Russian
There have been several Speculative Execution vulnerabilities allowing to read privileged data from kernel mode, as well as other processes and even hypervisors. However, there are several more ways in which speculative execution can be leveraged by adversaries.  I have discovered one ...
November 15
16:00 — 17:00
Android Malware Hunting: Novel «sandbox» techniques for identifying threat actors
FINANCE.ZONE
Russian
Recent mobile trojans are like a Swiss knife: they allow you to get almost any information from the infected device.
In this research, we analyse a novel technique to identify criminal actions with the aid of BI.ZONE Tools. ...
November 15
16:00 — 17:00
STM32 microcontrollers: Introduction
HARDWARE.ZONE
Russian
STM32 microcontrollers are in a way a middle ground in terms of value for money. In this report we are going to look at just how much more you can get out of STM32 than out of Arduino, for instance, and all for the same price. And still ...
November 15
16:00 — 17:00
HTTP/2
WEB.ZONE
Russian
Internet development requires the development of protocols to be in line with contemporary needs. Nevertheless, HTTP, being one of the most popular protocols, had not been updated during a very long time (15 years, to be precise!). The new version ...
November 15
16:00 — 17:00
Vulnerabilities of mobile OAuth 2.0
Main Track
Russian
Mobile applications are increasingly implementing the OAuth 2.0 protocol. Despite this, vulnerabilities in mobile OAuth 2.0 implementations are still found even in the products of large companies.

This report will look at vulnerabilities specific to mobile OAuth 2.0. It will also show ...
November 15
17:00 — 18:00
Anti-Fraud
FINANCE.ZONE
Russian
There are different types of fraud and all the more different ways of preventing it. We will discuss what fraudulent schemes used to be popular in the past and which have taken their place, learn about the evolution of antifraud systems and heuristics for ...
November 15
17:00 — 18:00
XSS Exploiting
WEB.ZONE
Russian
In this report we will cover how to exploit XSS and how to benefit from it. Among many things, we’ll examine the most important JS objects, the specifics of writing a payload and several examples of XSS use to upload a shell and ...
November 15
17:00 — 18:00
Hardware reverse FT2232H, ESP32, PSoC5, usb-sniffer on MAX3421E, KiCAD: DIY
HARDWARE.ZONE
Russian
Hardware reverse FT2232H, ESP32, PSoC5, usb-sniffer on MAX3421E, KiCAD: DIY. ...
November 15
17:00 — 18:00
Lazarus Group: a mahjong game played with different sets of tiles
Main Track
English
Lazarus Group is one of the most notorious APT actors nowadays. The infamous attacks by the group include cyber-sabotage against Sony Picture Entertainment, and cyber-heists leveraging fraudulent SWIFT payment messages from banks in Bangladesh, Southeast Asia and Africa. The group intensified its ...
November 15
18:00 — 19:00
Attacking the multi-layered web applications
WEB.ZONE
Russian
A typical web service today is not just a single network machine with a couple of scripts, it’s rather a whole infrastructure with a bunch of backends and internal communication protocols.
Lots of web attacks are related to the ...
November 15
18:00 — 19:00
Fault Injection attacks on ARM MK
HARDWARE.ZONE
Russian
In the HARDWARE.ZONE I’m going to talk about and showcase how by just using some very common items like FPGA and Python you can enact a glitch attack on an MK running a ARM core through its power supply. Our test subject will be our good old ...
November 15
18:00 — 19:00
HIDS as a service: deployment and control over 20 000 installations
Main Track
Russian
We are going to talk about maintaning huge installation of HIDS software (OSSEC):
- How to install & launch it properly?
- How to monitor it?
- How to collect & store alerts?
- How to deal with 3 000 000 daily events?
- How to make profit?
...






November 16
11:00 — 13:00
For the sake of money. Payment endpoint's vulnerabilities
FINANCE.ZONE
Russian
Hackers all around the world use vulnerabilities of payment terminals and cards for money laundering and fraudulent payments. However, the actual amount of available information is quite small, it is fragmentary and incomplete.
How do hackers get access ...
November 16
11:00 — 12:00
November 16
11:00 — 12:00
Is biometrics technology mature enough for mass use?
Main Track
Russian
This is a complex research of modern biometric technologies and systems. The research contains description of discovered bypass methods for face recognition, voice recognition and fingerprints biometrics systems.
Windows Hello authentication with Intel RealSense infrared ...
November 16
11:00 — 11:30
Things Pro Suite - under the bonnet of Moxa IIoT gateway
Fast Track
Russian
In this talk, we will present the analysis of ThingsPro Suite — an IIoT gateway software solution with device management functionality that was developed by Moxa in 2017. We will take a good look under the hood of the Moxa suite and discuss ...
November 16
11:30 — 12:00
November 16
12:00 — 13:00
November 16
12:00 — 13:00
Secrets Windows DPAPI
Main Track
Russian
The Windows DPAPI mechanism was introduced a long time ago and proved to be a reliable means of storing encrypted user’s data. Google Chrome, Dropbox, RSA SecurID, Windows standard mechanisms (such as crypt.exe, EFS) use it for protect users’ passwords, keys information and other ...
November 16
12:00 — 12:30
Hacking Telephone Systems for Fun & Profit
Fast Track
English
The main motto of this session is to walk through the multitude of vulnerabilities present in PBX that may pose a threat to any individual or organization. This talk will demonstrate multiple exploitable security vulnerabilities including impact and attack ...
November 16
13:00 — 14:00
АТМ Security
FINANCE.ZONE
Russian
This brief focuses on the common ATM attacking techniques and the ATM hardware hacking approach. The speaker unfolds main attack scenarios, ATM flaws, and threats formulated on the basis of live project experience. ...
November 16
13:00 — 14:00
How to intercept and process digital signals using nRF24
HARDWARE.ZONE
Russian
The principles of scanning devices, and the more effective ways of detecting radio-transmitting devices. Principles of hiding radio-transmitting devices during radio monitoring. The basics of building radio receiving devices in GnuRadio, and ways to detect the ...
November 16
13:00 — 14:00
Violation of the most valuable: attacks on license managers
Main Track
Russian
It is conventional wisdom that the right approach to doing things is to «Trust but verify». However, corporate solutions often use only the former part of this principle. Third-party code, specifically a license manager (a small software ...
November 16
13:00 — 13:30
Ins and outs of Cisco ASA debugging
Fast Track
Russian
Nowadays, Cisco device vulnerability research is not just important but beneficial (in financial meaning) for a bug hunter. Cisco bug bounty program is in 4th position of ‘Top 30 Bug Bounty Programs in 2018’ due to  ...
November 16
13:30 — 14:00
MS Exchange relay attack without sms and registration
Fast Track
Russian
Phishing is an integral part of red teaming. Using documents with macros and DDE has come to be in bad taste. Luckily, a lot of companies use MS Exchange as a corporate mail server. The use EWS makes the users’ life easier and really ...
November 16
14:00 — 15:00
Online Banking Security
FINANCE.ZONE
Russian
Competition between banks leads to new opportunities for clients, which are the cause of new risks for the banks and for the clients themselves. During the talk we will discuss the internals of Online and Mobile banking, what vulnerabilities are common or specific for these services and what best ...
November 16
14:00 — 15:00
November 16
14:00 — 15:00
Story of one DevSecOps
Fast Track
Russian
A lot of companies use SAST. Some even integrate it in DevOps. But have you ever come across an integration of SAST in DevOps for 3500 projects? We have and successfully so!
We’ll talk about how we developed our own Secure ...
November 16
15:00 — 16:00
November 16
15:00 — 16:00
Intel ME Manufacturing Mode: a phantom menace
Main Track
Russian
Security through obscurity – is a principle which has been under criticism for some years now, but this doesn’t stand in the way of large electronics producers demanding the signing of a Non-Disclosure Agreement, masqueraded as protection of intellectual property when issuing technical ...
November 16
15:00 — 16:00
AppSec as a Code
Fast Track
Russian
Today, everybody talks about DevOps, digitalization, business transformation and many more scary words. Digital transformation has found its way into security development, disrupting the cosy world of relying on static analysis before releases and leading many to question the ...
November 16
16:00 — 17:00
November 16
16:00 — 17:00
Getting your hands dirty: A practical approach towards learning secure coding through interactive problem solving
Main Track
English
The current approach of teaching application security involves blindly attacking applications which are intentionally vulnerable (like DVWA/Webgoat). This approach has the inherent drawback of never guiding users on how to fix the vulnerabilities being exploited. Hence, ...
November 16
16:00 — 16:30
Scanner Orchestration Tool - one-click SDLC
Fast Track
Russian
Imagine you have SSDLC up and running, all the processes are set up and the released stuff is all secure, but the products start falling into microservices.
It’s getting hard to use this whole lot of different tools, doesn’t it? Tens of scanners, ...
November 16
16:30 — 17:00
HWallet: the simplest Bitcoin hardware wallet
Fast Track
English
Last year we witnessed a huge leap in value of many cryptocurrencies, which attracted much interest from the hacking community to try and find vulnerabilities in various hardware and software used for storing private keys. Even the most secure, so-called hardware wallets, had to be patched after ...
November 16
17:00 — 18:00
Hunting for Privilege Escalation in Windows Environment
Main Track
Russian
After the initial penetration into the target corporate network, attacker can face a situation when the obtained access is limited by the rights of an unprivileged user account. Such rights are usually not enough for the further development of the attack into the ...
November 16
17:00 — 17:30
IP reputation: doing it wrong
Fast Track
Russian
I'm going to speak about some common mistakes happening in various cases of senselessly implementing IP reputation feeds. I'll also cover a few useful approaches that might help you in collecting your own IP reputation database and discuss why building it might be worth the effort. ...
November 16
17:30 — 18:00
What’s new about Android security?
Fast Track
Russian
Within the framework of this report I plan to shine light on the differences of the new versions of Android in terms of security. We’ll cover novelty functionalities, changes to already existing mechanisms, imminent obstacles and necessities ...
November 16
18:30 — 19:00