info@offzone.moscow

Program⁠

Download the program in PDF format

          Download          

November 15

November 15
11:30 — 12:00
Opening ceremony
Main Track
Russian
...
November 15
12:00 — 13:00
20 years of Information Security: researcher's view
Main Track
Russian
Over the past two decades, the world around us has significantly changed. There are new professions, new technologies and, of course, new problems with attempts to solve them. I was lucky to be involved in one of the most interesting and dynamic areas of modern times - Information Security. In my ...
Dmitry Sklyarov

Head of Reverse Engineering, Positive Technologies

November 15
13:00 — 14:00
Cashless payments: how it works
FINANCE.ZONE
Russian
To have an effective defence, it is crucial to understand the subject area. The presentation will show you the nuts and bolts of cashless payments in Banking. ...
Dmitry Gadar

CISO, Tinkoff.ru

November 15
13:00 — 14:00
Another way to bypass WAF: Cheat Sheet
WEB.ZONE
Russian
Bypassing Web Application Firewall can be done not only by messing with its signatures. Oftentimes it is possible to fly malicious requests under the radar of security, simply by sending the data in such a way that the firewall fails to register ...
Anton Lopanitsyn

Bughunter and researcher

November 15
13:00 — 14:00
Quick guide to Software Defined Radio
HARDWARE.ZONE
Russian
To understand how SDR works, one needs to have an understanding about these devices. In this report, I plan to investigate this issue and focus specifically on FPGA, which is an essential component of all modern SDRs. ...
Aleksandr Alekseev

Information security specialist, independent researcher

November 15
13:00 — 14:00
We will charge you. How to [b]reach vendor's network using EV charging station
Main Track
Russian
During the past five years, the number of electric vehicles (EVs) in private use increased up to 2 million or even more. It is understandable that home EV charging stations are becoming more and more popular. Consumer market requirements call for new features to be implemented. Consumerism ...
Dmitry Sklyar

Application Security Specialist, Kaspersky Lab

November 15
14:00 — 15:00
Fraud Evolution
FINANCE.ZONE
Russian
Fraud Evolution. ...
Igor Mityurin

Cybersecurity service, Sberbank

November 15
14:00 — 15:00
DNS Rebinding in 2k18
WEB.ZONE
Russian
In this paper FBK CyberSecurity team will talk about an old yet still active attack, namely DNS Rebinding, which hasn’t lost relevance for so many years and even became more dangerous with the emergence of the IoT era ...
Mikhail Firstov

Head of the research lab, FBK CyberSecurity

Andrey Skuratov

Information security engineer/pen-tester, FBK CyberSecurity

November 15
14:00 — 15:00
Getting to know GnuRadio
HARDWARE.ZONE
Russian
Some less than obvious specifics attributed to SDR (what is intermodulation, and why it’s bad, how to suppress a receiver by transmitting in the sideband frequency, as well as sensitivity and selectiveness of SDR). Modern types ...
Daniil Pogorelov

Information security specialist, independent researcher

November 15
15:00 — 16:00
Introduction to Circuit Design
HARDWARE.ZONE
Russian
The life-cycle of a project. Development of device architecture, its structural and functional circuits. The effect of decision-making on the circuitry and topology of the finished product. Prototype, experimental and mass-produced specimens. Ways to test the ...
Anton Kanyshev

Hardware designer

November 15
15:00 — 16:00
Wake up, Neo: detection of virtualization via speculative execution
Main Track
Russian
There have been several Speculative Execution vulnerabilities allowing to read privileged data from kernel mode, as well as other processes and even hypervisors. However, there are several more ways in which speculative execution can be leveraged by adversaries.  I have discovered one ...
Innokenty Sennovsky

Reverse Engineering Specialist, BI.ZONE

November 15
16:00 — 17:00
Android Malware Hunting: Novel «sandbox» techniques for identifying threat actors
FINANCE.ZONE
Russian
Recent mobile trojans are like a Swiss knife: they allow you to get almost any information from the infected device.
In this research, we analyse a novel technique to identify criminal actions with the aid of BI.ZONE Tools. ...
Boris Ivanov

Lead Cyber Security Specialist, BI.ZONE

November 15
16:00 — 17:00
STM32 microcontrollers: Introduction
HARDWARE.ZONE
Russian
STM32 microcontrollers are in a way a middle ground in terms of value for money. In this report we are going to look at just how much more you can get out of STM32 than out of Arduino, for instance, and all for the same price. And still ...
Aleksandr Alekseev

Information security specialist, independent researcher

November 15
16:00 — 17:00
HTTP/2
WEB.ZONE
Russian
Internet development requires the development of protocols to be in line with contemporary needs. Nevertheless, HTTP, being one of the most popular protocols, had not been updated during a very long time (15 years, to be precise!). The new version ...
Magomed Nurov

Lead Penetration Tester, BI.ZONE

November 15
16:00 — 17:00
Vulnerabilities of mobile OAuth 2.0
Main Track
Russian
Mobile applications are increasingly implementing the OAuth 2.0 protocol. Despite this, vulnerabilities in mobile OAuth 2.0 implementations are still found even in the products of large companies.

This report will look at vulnerabilities specific to mobile OAuth 2.0. It will also show ...
Nikita Stupin

Information Security Analyst, Mail.Ru Group

November 15
17:00 — 18:00
Anti-Fraud
FINANCE.ZONE
Russian
There are different types of fraud and all the more different ways of preventing it. We will discuss what fraudulent schemes used to be popular in the past and which have taken their place, learn about the evolution of antifraud systems and heuristics for ...
Ekaterina Blinova

Anti-fraud, Yandex.Money

November 15
17:00 — 18:00
XSS Exploiting
WEB.ZONE
Russian
In this report we will cover how to exploit XSS and how to benefit from it. Among many things, we’ll examine the most important JS objects, the specifics of writing a payload and several examples of XSS use to upload a shell and ...
Igor Sak-Sakovskiy

Web Application Security Tester, Positive Technologies

November 15
17:00 — 18:00
Hardware reverse FT2232H, ESP32, PSoC5, usb-sniffer on MAX3421E, KiCAD: DIY
HARDWARE.ZONE
Russian
Hardware reverse FT2232H, ESP32, PSoC5, usb-sniffer on MAX3421E, KiCAD: DIY. ...
Egor Litvinov

Information Security Specialist, GS-Labs

November 15
17:00 — 18:00
Lazarus Group: a mahjong game played with different sets of tiles
Main Track
English
Lazarus Group is one of the most notorious APT actors nowadays. The infamous attacks by the group include cyber-sabotage against Sony Picture Entertainment, and cyber-heists leveraging fraudulent SWIFT payment messages from banks in Bangladesh, Southeast Asia and Africa. The group intensified its ...
Michal Poslušný

Malware Researcher, ESET

Peter Kálnai

Malware Researcher, ESET

November 15
18:00 — 19:00
Attacking the multi-layered web applications
WEB.ZONE
Russian
A typical web service today is not just a single network machine with a couple of scripts, it’s rather a whole infrastructure with a bunch of backends and internal communication protocols.
Lots of web attacks are related to the ...
Omar Ganiev

Application security and penetration testing expert, Deteact

November 15
18:00 — 19:00
Fault Injection attacks on ARM MK
HARDWARE.ZONE
Russian
In the HARDWARE.ZONE I’m going to talk about and showcase how by just using some very common items like FPGA and Python you can enact a glitch attack on an MK running a ARM core through its power supply. Our test subject will be our good old ...
Arseniy Zhgilev

Reverse Engineering Specialist, BI.ZONE

November 15
18:00 — 19:00
HIDS as a service: deployment and control over 20 000 installations
Main Track
Russian
We are going to talk about maintaning huge installation of HIDS software (OSSEC):
- How to install & launch it properly?
- How to monitor it?
- How to collect & store alerts?
- How to deal with 3 000 000 daily events?
- How to make profit?
...
Ivan Agarkov

Security Infrastructure Engineer, Wargaming






November 16
11:00 — 13:00
For the sake of money. Payment endpoint's vulnerabilities
FINANCE.ZONE
Russian
Hackers all around the world use vulnerabilities of payment terminals and cards for money laundering and fraudulent payments. However, the actual amount of available information is quite small, it is fragmentary and incomplete.
How do hackers get access ...
Timur Yunusov

Expert in Banking and Application Security, Positive Technologies

Yaroslav Babin

Head of Banking Systems Security Research Team, Positive Technologies

November 16
11:00 — 12:00
Side Channel attacks
HARDWARE.ZONE
Russian
Side channel атаки ...
Innokenty Sennovsky

Reverse Engineering Specialist, BI.ZONE

November 16
11:00 — 12:00
Is biometrics technology mature enough for mass use?
Main Track
Russian
This is a complex research of modern biometric technologies and systems. The research contains description of discovered bypass methods for face recognition, voice recognition and fingerprints biometrics systems.
Windows Hello authentication with Intel RealSense infrared ...
Nikita Vdovushkin

Head of Cyber Audit Team, BI.ZONE

Vladislav Lazarev

Lead Penetration Tester, BI.ZONE

November 16
11:00 — 11:30
Things Pro Suite - under the bonnet of Moxa IIoT gateway
Fast Track
Russian
In this talk, we will present the analysis of ThingsPro Suite — an IIoT gateway software solution with device management functionality that was developed by Moxa in 2017. We will take a good look under the hood of the Moxa suite and discuss ...
Aleksandr Nochvay

Security Researcher, Kaspersky Lab

November 16
11:30 — 12:00
OAuth2.0@2018: You are doing it wrong
Fast Track
Russian
Implementation OAuth2.0 + MitM + 2018 =?! ...
Aleksey Chernykh

Lead Incident Response Specialist at RT-CERT, Rostelecom

November 16
12:00 — 13:00
Zigbee: Introduction
HARDWARE.ZONE
Russian
Zigbee: Introduction ...
Egor Litvinov

Information Security Specialist, GS-Labs

November 16
12:00 — 13:00
Secrets Windows DPAPI
Main Track
Russian
The Windows DPAPI mechanism was introduced a long time ago and proved to be a reliable means of storing encrypted user’s data. Google Chrome, Dropbox, RSA SecurID, Windows standard mechanisms (such as crypt.exe, EFS) use it for protect users’ passwords, keys information and other ...
Konstantin Evdokimov

Reaseacher/pentester/redteam specialist, M-13

November 16
12:00 — 12:30
Hacking Telephone Systems for Fun & Profit
Fast Track
English
The main motto of this session is to walk through the multitude of vulnerabilities present in PBX that may pose a threat to any individual or organization. This talk will demonstrate multiple exploitable security vulnerabilities including impact and attack ...
Himanshu Mehta

Senior Threat Analysis Engineer, Symantec

November 16
13:00 — 14:00
АТМ Security
FINANCE.ZONE
Russian
This brief focuses on the common ATM attacking techniques and the ATM hardware hacking approach. The speaker unfolds main attack scenarios, ATM flaws, and threats formulated on the basis of live project experience. ...
Aleksey Stennikov

Security engineer, hardware expert, ICS/SCADA, and ATMs, Positive Technologies

November 16
13:00 — 14:00
How to intercept and process digital signals using nRF24
HARDWARE.ZONE
Russian
The principles of scanning devices, and the more effective ways of detecting radio-transmitting devices. Principles of hiding radio-transmitting devices during radio monitoring. The basics of building radio receiving devices in GnuRadio, and ways to detect the ...
Daniil Pogorelov

Information security specialist, independent researcher

November 16
13:00 — 14:00
Violation of the most valuable: attacks on license managers
Main Track
Russian
It is conventional wisdom that the right approach to doing things is to «Trust but verify». However, corporate solutions often use only the former part of this principle. Third-party code, specifically a license manager (a small software ...
Sergey Temnikov

Senior Security Researcher, Kaspersky Lab

Vladimir Daschenko

Head of Vulnerability Research Team, Kaspersky Lab

November 16
13:00 — 13:30
Ins and outs of Cisco ASA debugging
Fast Track
Russian
Nowadays, Cisco device vulnerability research is not just important but beneficial (in financial meaning) for a bug hunter. Cisco bug bounty program is in 4th position of ‘Top 30 Bug Bounty Programs in 2018’ due to  ...
Ilya Kostyulin

Head of vulnerability assessment and penetration testing team, Advanced Monitoring

Sergey Ovchinnikov

Expert-researcher on security analysis and penetration testing, Advanced Monitoring

November 16
13:30 — 14:00
MS Exchange relay attack without sms and registration
Fast Track
Russian
Phishing is an integral part of red teaming. Using documents with macros and DDE has come to be in bad taste. Luckily, a lot of companies use MS Exchange as a corporate mail server. The use EWS makes the users’ life easier and really ...
Olga Karelova

Head of Security Analysis of Information Systems, М-13

November 16
14:00 — 15:00
Online Banking Security
FINANCE.ZONE
Russian
Competition between banks leads to new opportunities for clients, which are the cause of new risks for the banks and for the clients themselves. During the talk we will discuss the internals of Online and Mobile banking, what vulnerabilities are common or specific for these services and what best ...
Arkadiy Litvinenko

Lead Penetration Tester, BI.ZONE

November 16
14:00 — 15:00
How to launch GSM base station: Motorola and USRP
HARDWARE.ZONE
Russian
How to launch GSM base station: Motorola and USRP. ...
Daniil Pogorelov

Information security specialist, independent researcher

November 16
14:00 — 15:00
Story of one DevSecOps
Fast Track
Russian
A lot of companies use SAST. Some even integrate it in DevOps. But have you ever come across an integration of SAST in DevOps for 3500 projects? We have and successfully so!
We’ll talk about how we developed our own Secure ...
Denis Ratchenko

Head of IT-systems Development, Sberbank

Alexey Guskov

Chief IT Engineer, Sberbank

Artem Bachevsky

Head of IT-systems Development, Sberbank

November 16
15:00 — 16:00
Physical security: theory and practice of pick locking
HARDWARE.ZONE
Russian
Physical security: theory and practice of pick locking. ...
Danila Zgonnikov

Information security specialist, independent researcher

November 16
15:00 — 16:00
Intel ME Manufacturing Mode: a phantom menace
Main Track
Russian
Security through obscurity – is a principle which has been under criticism for some years now, but this doesn’t stand in the way of large electronics producers demanding the signing of a Non-Disclosure Agreement, masqueraded as protection of intellectual property when issuing technical ...
Maxim Goryachy

Security Researcher, Positive Technologies

Mark Ermolov

Security Researcher, Positive Technologies

November 16
15:00 — 16:00
AppSec as a Code
Fast Track
Russian
Today, everybody talks about DevOps, digitalization, business transformation and many more scary words. Digital transformation has found its way into security development, disrupting the cosy world of relying on static analysis before releases and leading many to question the ...
Anton Basharin

CTO, Swordfish Security

Yury Shabalin

Chief Security Architect, Swordfish Security

November 16
16:00 — 17:00
How to make pick locks for different types of lock
HARDWARE.ZONE
Russian
How to make pick locks for different types of lock. ...
Danila Zgonnikov

Information security specialist, independent researcher

November 16
16:00 — 17:00
Getting your hands dirty: A practical approach towards learning secure coding through interactive problem solving
Main Track
English
The current approach of teaching application security involves blindly attacking applications which are intentionally vulnerable (like DVWA/Webgoat). This approach has the inherent drawback of never guiding users on how to fix the vulnerabilities being exploited. Hence, ...
Anirudh Anand

Security Analyst, Flipkart

Mohan Kallepalli

Security Analyst, Flipkart

November 16
16:00 — 16:30
Scanner Orchestration Tool - one-click SDLC
Fast Track
Russian
Imagine you have SSDLC up and running, all the processes are set up and the released stuff is all secure, but the products start falling into microservices.
It’s getting hard to use this whole lot of different tools, doesn’t it? Tens of scanners, ...
Ivan Elkin

Lead Application Security, QIWI

Ilya Govorkov

Application Security Expert, QIWI

November 16
16:30 — 17:00
HWallet: the simplest Bitcoin hardware wallet
Fast Track
English
Last year we witnessed a huge leap in value of many cryptocurrencies, which attracted much interest from the hacking community to try and find vulnerabilities in various hardware and software used for storing private keys. Even the most secure, so-called hardware wallets, had to be patched after ...
Nemanja Nikodijevic

Security Researcher

November 16
17:00 — 18:00
Hunting for Privilege Escalation in Windows Environment
Main Track
Russian
After the initial penetration into the target corporate network, attacker can face a situation when the obtained access is limited by the rights of an unprivileged user account. Such rights are usually not enough for the further development of the attack into the ...
Teymur Heirhabarov

Head of Monitoring Technologies Research and Development Team, Kaspersky Lab

November 16
17:00 — 17:30
IP reputation: doing it wrong
Fast Track
Russian
I'm going to speak about some common mistakes happening in various cases of senselessly implementing IP reputation feeds. I'll also cover a few useful approaches that might help you in collecting your own IP reputation database and discuss why building it might be worth the effort. ...
Denis Gorchakov

Projects Director at Cybersecurity and Defence Center, Rostelecom

November 16
17:30 — 18:00
What’s new about Android security?
Fast Track
Russian
Within the framework of this report I plan to shine light on the differences of the new versions of Android in terms of security. We’ll cover novelty functionalities, changes to already existing mechanisms, imminent obstacles and necessities ...
Yury Shabalin

Chief Security Architect, Swordfish Security

November 16
18:30 — 19:00
CTFZONE Award Ceremony and Conference Closing Remarks
Main Track
Russian
...