Program⁠

Download the program in PDF format

  • November 15
  • November 16
Filter
×
from 
till 

November 15

November 15
11:30 — 12:00
Opening ceremony
Main Track
Russian
November 15
12:00 — 13:00
20 years of Information Security: researcher's view
Main Track
Russian
Over the past two decades, the world around us has significantly changed. There are new professions, new technologies and, of course, new problems with attempts to solve them. I was lucky to be involved in one of the most interesting and dynamic areas of modern times - Information Security. In my ...
November 15
13:00 — 14:00
Cashless payments: how it works
FINANCE.ZONE
Russian
To have an effective defence, it is crucial to understand the subject area. The presentation will show you the nuts and bolts of cashless payments in Banking. ...
November 15
13:00 — 14:00
Another way to bypass WAF: Cheat Sheet
WEB.ZONE
Russian
Bypassing Web Application Firewall can be done not only by messing with its signatures. Oftentimes it is possible to fly malicious requests under the radar of security, simply by sending the data in such a way that the firewall fails to register ...
November 15
13:00 — 14:00
Quick guide to Software Defined Radio
HARDWARE.ZONE
Russian
To understand how SDR works, one needs to have an understanding about these devices. In this report, I plan to investigate this issue and focus specifically on FPGA, which is an essential component of all modern SDRs. ...
November 15
13:00 — 14:00
We will charge you. How to [b]reach vendor's network using EV charging station
Main Track
Russian
During the past five years, the number of electric vehicles (EVs) in private use increased up to 2 million or even more. It is understandable that home EV charging stations are becoming more and more popular. Consumer market requirements call for new features to be implemented. Consumerism ...
November 15
14:00 — 15:00
November 15
14:00 — 15:00
DNS Rebinding in 2k18
WEB.ZONE
Russian
In this paper FBK CyberSecurity team will talk about an old yet still active attack, namely DNS Rebinding, which hasn’t lost relevance for so many years and even became more dangerous with the emergence of the IoT era ...
November 15
14:00 — 15:00
Getting to know GnuRadio
HARDWARE.ZONE
Russian
Some less than obvious specifics attributed to SDR (what is intermodulation, and why it’s bad, how to suppress a receiver by transmitting in the sideband frequency, as well as sensitivity and selectiveness of SDR). Modern types ...
November 15
15:00 — 16:00
Introduction to Circuit Design
HARDWARE.ZONE
Russian
The life-cycle of a project. Development of device architecture, its structural and functional circuits. The effect of decision-making on the circuitry and topology of the finished product. Prototype, experimental and mass-produced specimens. Ways to test the ...
November 15
15:00 — 16:00
Wake up, Neo: detection of virtualization via speculative execution
Main Track
Russian
There have been several Speculative Execution vulnerabilities allowing to read privileged data from kernel mode, as well as other processes and even hypervisors. However, there are several more ways in which speculative execution can be leveraged by adversaries.  I have discovered one ...
November 15
16:00 — 17:00
Android Malware Hunting: Novel «sandbox» techniques for identifying threat actors
FINANCE.ZONE
Russian
Recent mobile trojans are like a Swiss knife: they allow you to get almost any information from the infected device.
In this research, we analyse a novel technique to identify criminal actions with the aid of BI.ZONE Tools. ...
November 15
16:00 — 17:00
STM32 microcontrollers: Introduction
HARDWARE.ZONE
Russian
STM32 microcontrollers are in a way a middle ground in terms of value for money. In this report we are going to look at just how much more you can get out of STM32 than out of Arduino, for instance, and all for the same price. And still ...
November 15
16:00 — 17:00
HTTP/2
WEB.ZONE
Russian
Internet development requires the development of protocols to be in line with contemporary needs. Nevertheless, HTTP, being one of the most popular protocols, had not been updated during a very long time (15 years, to be precise!). The new version ...
November 15
16:00 — 17:00
Vulnerabilities of mobile OAuth 2.0
Main Track
Russian
Mobile applications are increasingly implementing the OAuth 2.0 protocol. Despite this, vulnerabilities in mobile OAuth 2.0 implementations are still found even in the products of large companies.

This report will look at vulnerabilities specific to mobile OAuth 2.0. It will also show ...
November 15
17:00 — 18:00
Anti-Fraud
FINANCE.ZONE
Russian
There are different types of fraud and all the more different ways of preventing it. We will discuss what fraudulent schemes used to be popular in the past and which have taken their place, learn about the evolution of antifraud systems and heuristics for ...
November 15
17:00 — 18:00
XSS Exploiting
WEB.ZONE
Russian
In this report we will cover how to exploit XSS and how to benefit from it. Among many things, we’ll examine the most important JS objects, the specifics of writing a payload and several examples of XSS use to upload a shell and ...
November 15
17:00 — 18:00
Hardware reverse FT2232H, ESP32, PSoC5, usb-sniffer on MAX3421E, KiCAD: DIY
HARDWARE.ZONE
Russian
Hardware reverse FT2232H, ESP32, PSoC5, usb-sniffer on MAX3421E, KiCAD: DIY. ...
November 15
17:00 — 18:00
Lazarus Group: a mahjong game played with different sets of tiles
Main Track
English
Lazarus Group is one of the most notorious APT actors nowadays. The infamous attacks by the group include cyber-sabotage against Sony Picture Entertainment, and cyber-heists leveraging fraudulent SWIFT payment messages from banks in Bangladesh, Southeast Asia and Africa. The group intensified its ...
November 15
18:00 — 19:00
Attacking the multi-layered web applications
WEB.ZONE
Russian
A typical web service today is not just a single network machine with a couple of scripts, it’s rather a whole infrastructure with a bunch of backends and internal communication protocols.
Lots of web attacks are related to the ...
November 15
18:00 — 19:00
Fault Injection attacks on ARM MK
HARDWARE.ZONE
Russian
In the HARDWARE.ZONE I’m going to talk about and showcase how by just using some very common items like FPGA and Python you can enact a glitch attack on an MK running a ARM core through its power supply. Our test subject will be our good old ...
November 15
18:00 — 19:00
HIDS as a service: deployment and control over 20 000 installations
Main Track
Russian
We are going to talk about maintaning huge installation of HIDS software (OSSEC):
- How to install & launch it properly?
- How to monitor it?
- How to collect & store alerts?
- How to deal with 3 000 000 daily events?
- How to make profit?
...