Positive Hack Days 2012 May 30, 2012 to May 31, 2012, Moscow, Russia

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
Keynote Bruce Schneier , Alexey Andreev None Security
Enhancing Cybersecurity Readiness Through International Cooperation Datuk Amin None Security
None Security
Packets-in-Packets Travis Goodspeed Noise is everywhere in radio, and in digital radio it is more than a nuisance. ... Security
Password security: past, present, future Alexander Peslyak The report will address the issues of password protection in an historical perspective, as well ... ExcludeThinkstScapes Passwords
The secret of Duqu Alexander Gostev The report is dedicated to Duqu, a complicated Trojan program, which seems to be developed ... Security
How to hack a telecom and stay alive 2. Owning a billing Sergey Gordeychik The main IT value of a telecommunication company is its technological network. Penetrating its perimeter ... Network Penetration ExcludeThinkstScapes
Analysis of US laws and regulations protecting personal information. What is wrong and how to fix it Mikhail a. Utin The reporter will present Rubos, Inc. research on “grass roots” security in the US. Analysis ... Security
To hack an ASP.NET site? It is difficult, but possible! Vladimir Kochetkov ASP.NET/MVC web applications security analysis is almost always a challenge for a pentester who quite ... ExcludeThinkstScapes ASP.NET LINQ
PostScript: Danger ahead! Hacking MFPs, PCs and beyond… Andrei Costin After the very successful "Hacking printers for fun and profit" series of talks, the reporter ... IncludeThinkstScapes Printers PostScript
On secure application of PHP wrappers Aleksey Moskvin Vulnerabilities related to PHP wrappers are discussed at length. Links to them are present in ... ExcludeThinkstScapes
Abusing Calypso phones Sylvain Munaut Sylvain Munaut will be presenting "Abusing calypso phones", explaining the process by which it was ... ExcludeThinkstScapes
Not all PHP implementations are equally useful Sergey Scherbel There are several third-party implementations of PHP, designed to improve the performance of Web applications. ... Security
DNS exfiltration using sqlmap Miroslav \xc5\xa0tampar In this presentation, current methods of SQL injection exploitation together with the premiere of DNS ... ExcludeThinkstScapes SQL Injection
A lazy way to find out you fellow worker's salary, or SAP HR security Evgeniya Shumakher SAP ERP Human Capital Management (HCM) is a software solution helping to manage company’s human ... ExcludeThinkstScapes
Life cycle and detection of bot infections through network traffic analysis Fyodor Yarochkin , Vladimir borisovich Kropotov In this presentation Fyodor Yarochkin and Vladimir Kropotov will share their experience of analysing network ... Botnets ExcludeThinkstScapes
To Recover Plaintext Passwords of Windows Users Benjamin Delpy Benjamin Delpy, an information security researcher also known as gentilkiwi, has expressed his intention to ... ExcludeThinkstScapes Windows LSASS
How presidential election in Russia influence information security market, or Trends in regulations Alexey Lukatsky Last year was marked with numerous standards that regulate information security issues, such as a ... ExcludeThinkstScapes
Why it is impossible to comply with Russian private data protection law Mikhail Emelyannikov The law of the Russian Federation on personal data has been applied for five years ... Security
Smartcard vulnerabilities in modern banking malware Aleksandr Matrosov , Eugene Rodionov The past few years have seen a rapid growth of threats targeting the Russian system ... Botnets ExcludeThinkstScapes
Defense of industrial control systems – a factor of survival of mankind Alexey Lafitsky The modern civilization unconditionally depends on information systems. Especially in the environment of industrial control ... ExcludeThinkstScapes
Three modern stories about malware bank attacks Nikita Shvetsov This report contains information about three most active and high-end malware families for bank attacks. ... ExcludeThinkstScapes
Fighting Anonymous in Tunisia Haythem el Mir "The Tunisian revolution was a favorable environment for the development of groups such as Anonymous. ... ExcludeThinkstScapes Anonymous
Naxsi, an open source and positive model based web application firewall Thibault Koechlin In 2012, trivial Web vulnerabilities are still threatening poorly developed web applications, and poorly maintained ... ExcludeThinkstScapes Nginx
Hijacking attacks on Android devices Marcus Niemietz "At the moment Marcus Niemietz is focusing on attacks and countermeasures in the mobile phone ... Android ExcludeThinkstScapes
DDoS Surveillance HowTo. Part 2. Alexander Lyamin There are “cookbooks” written solely on how to arrange protection against DDoS. Let’s analyze the ... ExcludeThinkstScapes DDoS
SAP as viewed by attackers Alexey Yudin Despite the fact that SAP offers numerous security solutions, trivial flaws trigger cases when SAP ... ExcludeThinkstScapes
The techniques of putting a spoke in botmasters' wheels: the Kelihos botnet Maria Garnayeva As part of "Operation b79", Kaspersky Lab, Kyrus Tech and Microsoft took control over the ... ExcludeThinkstScapes
How to find an elephant in a haystack Yuri Gubanov "Investigating Internet-related digital artefacts can reveal so much evidence now that sometimes you do not ... Security
Light and dark side of code instrumentation Dmitriy ( d1g1 ) Evdokimov Development technologies evolves rapidly — code becomes more complex (virtual function, jit-code etc.) Such code ... ExcludeThinkstScapes Instrumentation
Attacks against Microsoft network web clients Vladimir Vorontsov The report will consider the modern aspects of attacks on Microsoft web client networks. It ... ExcludeThinkstScapes XML
Fraud prevention the way it is done in Russia Evgeny Tsarev The speaker will compare two approaches to combating fraud: Western and Russian. The report will ... ExcludeThinkstScapes
Secure password managers and military-grade encryption for smartphone: Huh, really? Dmitry Sklyarov , Andrey Belenko With the growing popularity of smartphones and tablets the importance of the problem and ensuring ... ExcludeThinkstScapes
From 0-day to APT your favourite framework Ulrich Fleck , Martin Eiszner Vulnerability research is a complex process within an information security company, often covered in veil ... ExcludeThinkstScapes Advanced Persistent Threat
Automated vulnerability detection tool Nikita Tarakanov , Alexander Bazhanyuk The report will present a means to automatically search for vulnerabilities. The practical result of ... ExcludeThinkstScapes
Program agent cyberwars. Applying the theory of intelligent agents team-work to form cyberarmies Igor Kotenko The report proposes a general approach and its practical application for research and implementation of ... ExcludeThinkstScapes
Lightweight cryptography: resource-undemanding and attack-resistant Alexey yevgenievich Zhukov The report focuses on Lightweight Cryptography, which apart from stability should be more effectively implemented ... ExcludeThinkstScapes
What we can (and should) learn from LulzSec Jerry Gamblin LulzSec did not invent hacktivism, but its small crew of hackers whose motto is “Laughing ... ExcludeThinkstScapes Anonymous
Paying with credit cards in the Internet can result in headache Micha Borrmann Some security issues allow the guessing of the card verification value (CVV) on VISA and ... ExcludeThinkstScapes Payment Card
The truth about the lie. Social engineering for security experts Vladimir Styran The report draws attention to the ambiguity of the onlooker’s perception of social engineering as ... ExcludeThinkstScapes
SAP insecurity: the new and the best Alexander mikhailovich Polyakov "Over the past few years, interest in SAP security has grown exponentially. There have been ... ExcludeThinkstScapes SAP
Computer security incident investigation: SCADA forensics Andrey andreevich Komarov As part of the report the following aspects will be covered: the problems of collecting ... Security