phdays 2016 May 17, 2016 to May 18, 2016, moscow,russia

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Building Honeypots to Monitor DDoS Tech Terrence “tuna” Gareau This talk will outline how to use DDoS vulnerable services to develop a honeypot network ...
MiTM Mobile Artur Novikov Many services are based on mobile technology security — from GSM/GPRS modems employed in ICS ...
The Revenant Andrey Masalovich The whole range of means of information influence is used in both corporate communications marketing ...
Targeted Attacks: Be the First to Aim Sergey Gordeychik , Vladimir Ivanov An IT expert and a cybersecurity researcher will share their views on the problem of ...
Waf.js: How to Protect Web Applications Using JavaScript Arseny Reutov , Denis Kolegov The speakers will demonstrate how client-side JavaScript injection may be used to detect and prevent ...
—No viruses? I wouldn't be so sure Olga Zinenko Ural Security Systems Center (USSC) is performing an independent testing of mobile antiviruses for Android ...
Reverse Engineering of Binary Structures Using Kaitai Struct Mikhail Yakshin The report will cover current approaches to reverse engineering of binary files: where to start, ...
A Basic Course in Hacking Web Apps Mikhail Firstov The speaker will talk about the real-life cyberattacks on web applications (targeting both the server ...
Scalable and Effective Fuzzing of Google Chrome Max Moroz The talk includes an overview of ClusterFuzz, Chrome’s distributed fuzzing system that finds security bugs ...
Aspects of Insiders' Activity Within a Company Sergii Kavun This work describes the author's own insider detection methodology. The new technique represents mathematical tools ...
If You Find One, There are Probably More! A Detection Method of “Reproduced” Vulnerability Asuka Nakajima In a software development process, it is common to reuse source code from other software ...
Real and Formal Security: Born to Be TogetherBusiness Mikhail Emelyannikov Technical security, i.e. vulnerability analysis, penetration tests, implementation of safety tools, is often considered as ...
A Device Fingerprint as a Cure for Fraud. It All Depends on Dosage Evgeny Kolotinsky A device fingerprint or browser fingerprint is a typical way of collecting data about a ...
NFC: Naked Fried ChickenTech Matteo Beccaro This talk is about transportation security, frauds, and technological failures with focus on a general ...
Brute-Forced in Sixty Seconds Nikolay Anisenya The vast majority of users prefer dictionary passwords, modified according to certain rules, instead of ...
Andy, the Polluters, Rick Deckard, and Other Bounty Hunters Alfonso de Gregorio This talk is about the vulnerability supply chain, its participants, and ethical questions that arise ...
The City Never Sleeps Denis Makrushin , Yuri Namestnikov Among other things, security professionals rely on strict security policies of limiting internet access for ...
How We Developed the Federal Standard of SSDL Alexander Barabanov The speaker will talk about the national standard “Data Protection. Secure Software Development. General Requirements” ...
Electronic Access Control Security Matteo Beccaro The workshop focuses on exploiting techniques of modern EAC systems. It is designed to introduce ...
Pseudo-Security of NFC Services Lev Denisov The Moscow public transport system is one of the largest in the world. More than ...
Thanks SAP for the Vulnerabilities. Exploiting the Unexploitable Dmitry Chastukhin , Dmitry Yudin Blah blah blah SAP. Blah blah blah big companies. Blah blah blah hack multimillion-dollar systems. ...
Security Automation Based on Artificial Intelligence Rahul Sasi It is clear that traditional web application security scanners are incapable of finding logical security ...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Detection John Bambenek The cat-and-mouse game between malware researchers and malware operators has been going for years. The ...
DDoS Mitigation Workshop Krassimir Tzvetanov This DDoS mitigation hands-on lab focusing on such popular attacks as SYN flood, Sloworis, etc. ...
DNS as a Defense VectorTech Paul A. Vixie DNS offers a commanding view of both the local and global internet, and provides unparalleled ...
Web Application Firewall Bypassing Khalil Bijjou This workshop will teach you how to attack an application secured by a WAF. The ...
EAST 4 SCADA Emil Oleynikov , Dmitry Kazakov , Yuriy Gurkin , Mikhail Kropachev , Andrey Makhnev , Dmitry Chulkov The moderators will demonstrate the advantages of a free framework designed in Russia, an alternative ...
Enterprise Forensics 101 Mona Arkhipova This report outlines the typical aspects of digital forensics within enterprise systems: from initial data ...
Copycat Effect: From Cyberforensics to a Street Robbery Sergey Golovanov Everybody watches everybody. We got accustomed to cyberattacks financed by governments. The internet is overloaded ...
An Attack against a Surveillance Panel Valery Schepak A security monitoring service protects various enterprises, shops, restaurants, offices, banks, and cottages by providing ...
Wireless Hijack: From Quadrocopters to Computer Mouses Artur Garipov The talk will focus on general aspects of SDR application for wireless traffic analysis. The ...
Privacy and Security in the Internet of Things Jeff Katz Cisco predicts there will be 25 billion devices connected to the internet this year, and ...
Very Mighty eXtension for debugging Artem Shishkin This talk will show how to develop a hypervisor-based debugging facility: how to apply existing ...
Face to Face: the Arbiters of Security Natalya Kaspersky , Boris Simis , Dmitry Gusev , Oleg Bosenko , Evgeny Kraynov , Kirill Alifanov , Sergey Ryzhykov , Ilya Fedorushkin Organizations of different types see information security from different standpoints: regulators set rules and requirements; ...
KASan in a Bare-Metal Hypervisor Alexander Popov This report discusses the successful experience of porting KASan (a dynamic memory error detector) to ...
Magic box or: A Story about White Hat ATM Hackers Alexey Osipov , Olga Kochetova The report focuses on the most common methods of hacking and protecting ATMs. The speaker ...
john-devkit: 100 Hash Types Later Aleksey Cherepanov Speeds in hash cracking grow. The number of hashing algorithms grows. Work needed to maintain ...
How I Became Paranoid in the World of Mobile Devices Elena Feldman Nowadays people often debate on the security of mobile messengers. Many developers protect their apps ...
Communications are Insecure. Evidence-Based Arguments Sergey Puzankov , Dmitry Kurbatov Any mobile operator’s networks contain vulnerabilities inherited from obsolete technologies. The report reveals the security ...
Janitor to CISO in 360 Seconds: Exploiting Mechanical Privilege Escalation Babak Javadi For over 100 years, the modern pin tumbler lock has been used as the gold ...
How to Become the Sole Owner of Your PC Positive Research The speakers will tell you about a no-frills way to disable Intel AMT and become ...
Memory Protection Based Anti-Cheat for Computer Games Roman Kazantsev , Maxim Vafin , Andrey Somsikov Customer services with cheat technologies for multiplayer online games is continuously developed because cheat makers ...
Why We Hack: The Truth Timur Yunusov , Boris Simis , Dmitry Evteev , Nikita Kislitsin , Omar Ganiev Participants will explain why they prefer to study information security and how they estimate the ...
The CPU Does Not Matter. A Simple Analysis of Binary Files Using IDAPython Anton Dorfman This hands-on lab will focus on approaches to automation of a preliminary analysis of binary ...
Exploiting Chrome on a Nexus Phone Guang Gong The speaker will tell how to pwn a Nexus device with a single vulnerability. He ...
A Riddle Wrapped in a Mystery, or Vulnerabilities in Medical and Industrial Software Emil Oleynikov , Yuriy Gurkin Both medical and SCADA systems can be operated, configured, and monitored via remote control. They ...
From Cyber Offense to Cyber Arms Control: Developing Cybersecurity Norms Jan Neutze Increasingly, nation states use the internet to advance intelligence or even military operations: espionage, reconnaissance, ...
Crowdsourced Malware Triage Sean Wilson , Sergey Frankoff Malware triage is a process of quickly analyzing potentially malicious files or URLs. It is ...
Information Security and Other Pseudosciences Boris Simis Representatives of different information security schools with diverse views on professional education will consider the ...
Defense and Offense Technologies in 2016: Which Side will Make a Breakthrough? Alexey Kachalin Leading experts from PT Expert Security Center cover the most important events in the world ...
Engineering Systems and Development Errors as the Factor of Security Flaws Anton Zhbankov This will examine the relationship between IS incidents and IT problems, engineering and capital development, ...
Catch Me If You Can Nikolay Zdobnov InfoWatch has been active in the market of DLP solutions for more than 12 years. ...
Groundbait: Analysis of a Surveillance Toolkit Anton Cherepanov Operation “Groundbait” (Russian: Prikormka) is an ongoing cybersurveillance that took place in Ukraine. The group ...
Fear and Loathing in Telecoms Ilya Safronov The report will provide information on various schemes used by attackers to enrich themselves at ...
Industrial System Security: It's Time to Take Action Ivan Melekhin It is well proved by notorious incidents that cyber threats to industrial systems are as ...
Realization of Self-Learning Techniques in WAF Vladimir Lepikhin This tutorial will focus on the benefits and drawbacks of a statistical-based approach for intrusion ...
Time is Not on Your Side: Exploiting Browser-Based Timing Attacks Tom Van Goethem This talk introduces a new threat: browser-based timing attacks that can be used to extract ...
How to Start an Information Security Business Alexander Bondarenko The speaker will introduce a short story of creating an IS company from the ground ...
SDR and Others of That Ilk Artur Garipov , Pavel Novikov The hands-on lab is built around wireless technologies. The participants will find out how to ...
SSDL: One Day in the Life of a DeveloperDev Valery Boronin Source code analysis at an implementation phase of an SDL/SSDL: how to make the process ...
SIEM, or not SIEM, That is the Question Alexey Lukatsky What tasks can be solved by a SIEM system and what does it actually do? ...
Fingerprinting and Attacking a Healthcare Infrastructure Anirudh Duggal There has been a recent spike in the number of attacks on healthcare intuitions, the ...
Flash is Dead. Flash Forever! Alexandra Svatikova Participants will learn about critical security vulnerabilities in Odnoklassniki resulting from three errors in Flash ...
Lightning Talk Andrey Petukhov , Evgeny Minkovsky Attendees will have an opportunity to tell briefly about their research, about a new vulnerability ...
Static Code Analysis in the SSDL Context Ivan Yolkin The talk will present successful cases of implementation of Static Analysis Security Tool for QIWI ...
Machine Learning Technique to Detect Generated Domain Names Alexander Kolokoltsev This talk focuses on the machine learning techniques used to detect domain names generated by ...
How to Exploit Certifi-Gate, in Theory and Practice Dan Koretsky Millions of Android devices have vulnerabilities that grant root privileges. The speaker will talk about ...
Invited Talk Dave Monnier LanguageEnglishTeam Cymru Fellow and the Director of Sales and Marketing at Team Cymru, a specialized ...
Application security? Firewall it! Eldar Beybutov N/A