Schedule

17–18 June 2019

Download the program in PDF format
  • June 17
  • June 18
Filter
×
from 
till 

June 17

June 17
11:00 — 11:10
Opening ceremony
First Track
Russian
More ...
June 17
11:10 — 12:00
The Advanced Threats Evolution: REsearchers Arm Race
First Track
Russian
The evolution in defensive software is really connected to the evolution of the modern threat landscape. Each new iteration of evolution is focused to cover specific gaps in detection methods or algorithms of data collection. ...
June 17
12:00 — 13:00
Making the Case for DevSecOps
APPSEC.ZONE
English
The move to incorporate security into the DevOps pipeline has gotten world wide attention. DevSecOps has become an essential consideration for DevOps transformation initiatives. ...
June 17
12:00 — 13:00
June 17
12:00 — 16:00
Crash course for exploit development
Second Track
Russian
A course for those who have long though about but have not gotten round to exploiting binary vulnerabilities. ...
June 17
12:00 — 14:00
Raw-packet project
TOOL.ZONE
Russian
I’ll tell you how to launch man-in-the-middle attacks using scripts from this project, including non-trivial attacks on Apple devices. And what to do in the era of ubiquitous https after you managed to carry out this attack. ...
June 17
13:00 — 14:00
Side-channel attack to every home
HARDWARE.ZONE
Russian
The objective of this talk is to explain listeners what the Side-channel attack is and demonstrate that everyone can make first attack without expensive equipment and special lab. ...
June 17
13:00 — 14:00
SAST and Application Security: how to deal with security vulnerabilities
APPSEC.ZONE
Russian
In this talk I will tell about finding errors and weaknesses (CWE) in code using static code analysis (SAST) that prevents their transformation into vulnerabilities (CVE). I will give real examples. ...
June 17
13:00 — 14:00
Hunting For PowerShell Abuses
First Track
Russian
In the presentation author is going to show how adversaries can use PowerShell for malicious purposes and what SOC/Threat Hunters can oppose to them. ...
June 17
14:00 — 16:00
Defending Cloud Infrastructures with Cloud Security Suite
TOOL.ZONE
English
CS Suite is a one stop tool for auditing the security posture of the AWS/GCP/Azure infrastructures along with server audit feature. CS Suite leverages capabilities of current open source tools and has plethora of custom checks into one tool to rule them all. ...
June 17
14:00 — 15:00
June 17
15:00 — 16:00
A fresh view on product security
APPSEC.ZONE
Russian
Frequently Product Security term is mixed with Application Security approach and processes, which certainly play key roles in security development process and the development of product functionality. ...
June 17
15:00 — 16:00
June 17
15:00 — 16:00
RIDL: Rogue In-flight Data Load
First Track
English
Speculative execution bugs in modern CPUs popped up out of nowhere, but the worst of the nightmare seems to be mitigated. ...
June 17
16:00 — 17:00
Amateur radio: what, how and why …
HARDWARE.ZONE
Russian
From this report you will learn what amateur radio is (amateur radio, ham radio), why you might be interested in this activity, where to start, how to choose the first transceiver and where to get a license. ...
June 17
16:00 — 19:00
CTF-based Side-Channel Attacks Introduction Training
Second Track
Russian
This course provides knowledge, skills and tools to apply side-channel attacks to cryptographic algorithms. ...
June 17
16:00 — 17:00
Attacks on Android Activity & Intents or where to start learning about attacks on Android apps
APPSEC.ZONE
Russian
This report is designed for professionals who want to find something interesting in the field of security analysis of Android applications. ...
June 17
16:00 — 18:00
One Framework to rule them all: A framework for Internet-connected Device Census
TOOL.ZONE
Russian
At the present time, an Internet-connected devices search engine is an extremely popular topic in all kind of researches. ...
June 17
16:00 — 17:00
Practical fuzzing for modern web and APIs
First Track
Russian
In this talk, I’ll sum up our 10 years experience in web application security audits, that covers more than 200 projects worldwide to give the audience practical examples and receipts of fuzzing web applications and APIs to find new issues. ...
June 17
17:00 — 18:00
June 17
17:00 — 18:00
Open Source & Secure development — myth or reality?
APPSEC.ZONE
Russian
Rewrite code for each update of your favorite framework or keep track of vulverability database of NIST? Delete vulnerable component from internal repository or understand is vulnerability applicable for us? How to start scan 500 kkloc and keep teams informed about vulnerabilities of components used by them? ...
June 17
17:00 — 18:00
BackSwap – The Future of Banking Malware?
First Track
English
Presentation about an innovative banking trojan that appeared in 2018 and surprised the security industry with its new techniques. We will present analysis of the malware, its cybercrime scheme and behind-the-scenes details about cooperation with law enforcement agencies. ...
June 17
18:00 — 19:00
EvilParcel vulnerabilities and exploiting them in-the-wild in Android.InfectionAds.1
First Track
Russian
Recently disclosed EvilParcel vulnerabilities (CVE-2017-13287 and others) detected in the Android OS allow performing arbitrary actions in context of the privileged system_server process. ...