Technologies, techniques, attacks and research at ZeroNights 2012


ZeroNights is an international conference dedicated to the technical aspects of information security. The main goal of the conference is to disseminate information about new attack methods, threats and defend against them, and in addition, to create a platform for communication between security practitioners.

Place and time: Russia, Moscow, November 19–20, 2012.

This conference is for technical specialists, administrators, managers and employees of the information security service, pentesters, programmers and all those who are interested in applied aspects of the industry.

Our event is a unique, inimitable event in the world of information security in Russia. Guests from all over the world, technical hacking reports and master classes - without water and advertising, only technologies, techniques, attacks and research!

We remind you that Call for Papers will last until 10/10/2012. Already, we can talk about some speakers:

Keynote speakers

The grugq

The Grugq is an outstanding researcher in the field of information security with professional experience of more than 10 years. He worked intensively with forensic analysis, binary reverse engineering, rootkits, VoIP, telecommunications and financial security. His professional career includes work in companies from Fortune 100, leading information security firms and innovative startups. Living in Thailand, he works as a senior security researcher at COSEINC. In his free time, he continues his research in the field of safety, examinations and beer.

The Grugq has been a speaker at 12 conferences over the past 7 years; conducted expert training courses for government agencies, the army, the police and financial systems.

In 2011, The Grugq began mediating between hackers and the government, helping its colleagues sell rare exploits, and in a short period of time it turned several dozen deals. He says he expects to make about a million dollars this year.

Over the ten years of hacking, he made a lot of acquaintances at the FBI, so he knows what marketing techniques and technical support are in demand in these circles. “This is a regular sale of commercial software, it needs supporting documentation and a guarantee of development quality. The only difference is that you sell only one license, and everyone considers you a villain, ”says The Grugq in a sensational interview with Forbes magazine.

And here is how The Grugq describes the hacker community in an interview with CSO magazine:
Hackers are primarily characterized by his motives, and they appear as soon as the hacker has full control. If he makes a mess and runs off to look for a new victim, then this is a normal scriptdiddy. If he starts a fraudulent enterprise, then this is a criminal. But the hacker, who, having carefully examined the vulnerable system, quietly leaves it - the old school.

Over the years, the old school does not change, although some lose interest in hacking. Skriptkiddy either go to prison, or grow up, or turn into one of the other two subtypes. Entrepreneurs ... I have no idea what is happening to them
. ”

Felix 'fx' lindner

Felix 'FX' Lindner is the founder and lead researcher of Recurity Labs GmbH, a high-class team of researchers and consultants specializing in code analysis and the development of secure systems and protocols. Felix holds a German State-Certified Technical Assistant diploma in computer science and information technology, as well as Certified Information Systems Security Professional (CISSP) status. He is an excellent specialist in hacker attack technologies, but recently he has been engaged in defense rather than attack, since the attack seems to him to be a less interesting topic.

FX leads the Phenoelit Group (well-known developers of exploits and attacks, mainly on network equipment, the organizers of the PH-Neutral conference ) and with pleasure breaks everything that has a processor and some means of communication, preferably network. He has 18 years of experience in computer technology, 10 years of experience in the IT industry, mainly in consulting for large enterprises and telecommunications companies. His knowledge of IT, telecommunications and software development is inexhaustible. He also has experience managing and participating in various projects, especially in the planning, implementation, support and testing of security systems in a variety of technical environments using advanced methods. He co-authored The Shellcoder's Handbook: Discovering and Exploiting Security Holes.

FX is well known in the computer security community: he has shared his research, including with Phenoelit, at Black Hat Briefings, CanSecWest, PacSec, DEFCON, Chaos Communication Congress, MEITSEC and many other events. His research focuses, for example, on topics such as Cisco IOS security, HP printers, SAP, and BlackBerry RIM.


The dark and light side of (non) iCloud security

Andrey Belenko is a senior information security analyst and software developer at Elcomsoft. One of the developers of the Thunder Tables technology, an improved version of rainbow tables. The first to use graphics processor acceleration (GPU) to recover passwords. Master of Information Technology and holder of the CISSP certificate.
Dmitry Sklyarov - information security analyst at ElcomSoft Co. Ltd. Associate Professor at the Department of Information Security at MSTU N.E. Bauman. Author of research on e-book security and the reliability of digital photo authentication methods. One of the developers of the ElcomSoft iOS Forensic Toolkit technology.

Andrey Belenko and Dmitry Sklyarov will analyze the security and privacy of the iCloud backup service, a universal cloud service for Apple devices that allows their owners to share information (contacts, calendar notes, applications, photos), as well as upload backup data from the iOS operating system directly to iCloud . It will describe its architecture (if you think that your backups are stored in the Apple data center, then we will have to disappoint you) and the protocol by which iOS devices communicate with iCloud to upload and download backup copies. You will learn how iCloud encrypts backups and why encrypting them (as opposed to encrypting offline backups) is practically no obstacle.

The purpose of the report is to confront the audience with reality and convey to you that from the moment you start using iCloud backup, all your data belongs to Apple or to anyone who knows your Apple ID and password.

About fuzzing in detail and with taste

Atte Kettunen is an IS researcher at the Oulu University Secureamming Group (OUSPG). In 2011 and 2012, he successfully conducted the fuzzing campaign Firefox and Chromium. As a result, a dozen vulnerabilities were discovered - this allowed the author to become the leader in vulnerability detection programs from both manufacturers.
Miaubiz is a developer and independent security researcher who has discovered more than 50 vulnerabilities in WebKit over the past two years. In his spare time he collects four-leaf clover.

Warming up your home is an important task, but you need to approach it wisely. Our speakers will show you how they find vulnerabilities, create cases, use grammar, collect and track failures, start, monitor, stop and update browsers, minimize bug repetitions, resort to Redis, coordinate clusters and plan resources.

SSRF Attacks and Sockets: Vulnerability Buffet

Vladimir Vorontsov is the founder and leading expert of ONsec. Has been researching web application security since 2004. Head and Leading Expert at ONsec. He is the author of many studies on web application security. He was awarded Yandex for winning the "Vulnerability Search Month" contest, Google for Chrome browser vulnerabilities, Trustwave for ModSecurity SQLi Challenge, 1C Bitrix for the proactive defense bypass contest and many others. Currently, he is actively developing the web application firewall system.

Together with ONsec’s leading expert, Alexander Golovko, he will tell us about the vulnerabilities of Server Side Request Forgery (SSRF) in terms of their practical application for various attacks. Various vulnerabilities and attacks with the use of sockets are described, ranging from managing HTTP response of a web server, operations with a DBMS, and to executing arbitrary code. Special attention is paid to the attacks described above that are relevant for the PHP interpreter. The above attack methods and techniques were developed and successfully used during security audits of real web applications.

Security Features of ADS-B and Other Airborne Technologies

Andrey Kostin was born and raised in Moldova and graduated from the Faculty of Computer Engineering at the Polytechnic University of Bucharest, where he was engaged in scientific work in the field of biometric technologies and image processing. He began his career in the development of computer games, but also worked in the field of telecommunications and was a senior developer in a company specializing in programming a variety of GSM / UMTS / GPS subsystems. He is the author of the MiFare Classic Universal toolKit (MFCUK), the first publicly available key hacking tool for the MiFare Classic RFID card family, and also received the nickname Mr. Printer for his series of reports on hacking MFPs and PostScript at various international conferences. He is a security enthusiast in the broadest and most global sense. Сейчас он готовится к получению степени PhD в институте EURECOM в области безопасности встроенных устройств.

At ZeroNights, Andrei will highlight the issue of aviation technology-related security. Now they are at the peak of technological development and advancement, that is, about the same place where there were cellular networks and smartphones 5-10 years ago. Practice shows that this technological development opens up new opportunities for both innovations and more productive work, and for exploiting vulnerabilities.

Andrew will consider the (in) security of ADS-B from a practical point of view. He will talk about what and how attackers can do with the generated and implemented aviation traffic and how likely such attacks are. You will learn about new vectors of attacks on air traffic control systems.

In a world of limitless possibilities, I became BAh7BkkiDHVzZXXfafaQQggZFVGkG

joernchen from Phenoelit loves to read. He especially likes to read the source codes of other people, as well as to study interesting binary data in the hope of expanding the functionality of the system under study to unexpected limits.

In this presentation, he will talk about the results of his research in the field of internal mechanisms for managing a user session Ruby on Rails. joernchen will give you an overview of the classic authentication and authorization patterns. He will then reveal the typical authentication and authorization weaknesses in Ruby on Rails applications and demonstrate how many Ruby on Rails free software developers have a casual attitude to security, and the ability to gain administrative privileges in many of these web applications is just one of the consequences of this negligence. And also you will see the consequences of their dishonesty in the real world - using

Read more:


Workshop is a practical master class lasting 2-4 hours, where you can try to use this or that technique, technique or tool with your own hands and immediately ask all your questions.

Workshop: Exploit Development with Metasploit

Rick Flores is a senior security consultant and researcher at Rapid7. Rick has ten years of experience in the field of hacking and protection. Rick specializes in penetration testing, focusing on the PTES methodology, developing exploits for the Windows i386 architecture, and especially on developing Metasploit modules. He is also familiar with static and dynamic analysis of malicious code, strengthening Unix / Linux / Windows, managing and installing intrusion detection systems, and is also partial to nanoelectronics, teaching, and stories about his research. Rick worked as a pentester and security auditor with a variety of public, private, antivirus, educational, financial and energy companies, as well as with the government and the Department of Defense. When Rick is not busy learning Ruby, ASM, C ++ or math, разработкой эксплойтов или модулей Metasploit, он любит проводить время со своим сыном, женой, матерью и вообще с семьей – ведь эти люди придают его жизни смысл.

With Rick's help, you will learn how to bypass modern memory protection methods in Windows 7, NX / DEP / ASLR. The Metasploit framework is rapidly capturing the world, and many researchers and pen testers are able to use browser_autopwn, db_autopwn, or Meterpreter, but they get stuck trying to read the source code of the exploit used. You will learn how to write custom modules for this framework and learn how to easily import the exploits you use from various programming languages ​​into the native Metasploit language Ruby. Professional knowledge, self-mastery, patience and the time needed to create an exploit from scratch - these are what distinguish a true master from a beginner. With my introductory Ruby exploit development course, you will be able, step by step, to overcome the pain, to comprehend the dark secrets of this highly sought after art.

Workshop: Everything You Wanted to Know About BeEF

Michele "antisnatchor" Orru is an IT specialist from Italy. Michelle is a leading BeEF developer, focusing mainly on application security and related operational practices. He often speaks at hacker conferences such as CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, HackPra, OWASP, 44Con, Ruxcon, and many others that we cannot mention here.
In addition to his passion for hacking and serving as the “senior spider” (at Trustwave SpiderLabs), he sometimes likes to leave his Mac alone, go fishing in the sea water and pray for the resurrection of Stanley Kubrick.

BeEF is a powerful platform for hacking the client side, post-exploiting XSS vulnerabilities and abuse of the victim’s browser in general. From a security point of view, each browser is different: the type and version of the browser and operating system, installed plug-ins, binding to specific domains can lead to various security holes. Imagine Internet Explorer 8 on Windows XP-SP3, without patches, vulnerable to the Aurora exploit, or, say, Firefox with the latest updates, but with a vulnerable Java plug-in. The BeEF framework allows the pen tester to select (in real time) specific modules for attacking each browser, and therefore its security features.

If you would like to love BeEF and you like application security, a visit to the master class is required.

And this is only the beginning, so stay tuned for updates on the site and in our blog on Habré!