ZeroNights 2014: spy games in a big city

Friends, all good things have to end. Our ZeroNights 2014 is over. This year, more than 1000 people visited the conference, 54 practical information security experts from 11 countries delivered their talks. Both in quantity and quality of activities and content, ZeroNights has again confirmed its status of a largest infosec event.

"Thank you so much for the opportunity to speak at ZeroNights. This was definitely the best technical conference I attended so far!

It has been an honour to meet you and speak with your peers."

Fabien Duchene (more speakers' feedback here)

We were true to our concept: no marketing, only technical aspects. The conference featured in-depth technical research, unique workshops, sessions conducted by world-class information security specialists. Our guests got the cutting-edge information about the latest cryptography trends, the state of web security and web technology affairs, latest ICS security findings, mobile security news, discussed various vulnerabilities in detail.

(more photos here)

This year, we had decided to arrange a special ZeroNights session dedicated to real, practical defense, called Defensive Track. This section featured talks delivered by the specialists who work on the frontlines every day and are responsible for the security of hundreds of thousands user accounts. Defensive Track also hosted a live discussion of practical usage issues for various security technologies: RPKI, DNSSEC, DANE, etc. The participants tried to understand together why, despite so many useful and modern standards and technologies, everyone uses the old and insecure ones.

(more photos here)

The Hardware Village open space operated at ZeroNights again. At HWV, anyone had the opportunity to touch and test any hardware they liked along with professional advice on the tips and tricks of using it. Embedded system and wireless network security workshops were held.

A special contest section by QIWI Group was launched this year and hosted a Jeopardy-style CTF. Team More Smoked Leet Chicken, a winner of international tournaments, prepared several tasks especially for this contest: Reverse / PWN / Web / Crypto / Misc. According to QIWI statistics, almost 400 people and teams registered to participate, 43 teams submitted at least one flag, and 12 teams participated locally. The prize pool for the 1st, 2nd, and 3rd places was 60000, 30000, and 15000 rubles respectively. QIWI also arranged an ATM hacking contest, but nobody managed to beat the task completely. Protectimus and Kaspersky Lab also held contests of their own.

(more photos here)

Talk descriptions, speakers’ biographies, agenda, activity reports, feedback, photos, and presentations are available online. Stay tuned for updates! Although any good thing does come to an end, the best things return in a while. So we will see you next year at the jubilee ZeroNights event!

News
12.11.2014 Good news from Kaspersky Lab

Tomorrow and the day after, you can get a dose of vitamins and check your karma in an Internet game, thanks to the contribution of Kaspersky Lab to the ZeroNights conference. The conference will also feature a most interesting hacking contest and a contest for the best photo with Kaspersky’s logo posted in a social network! You will be able to ask our infosec experts any questions at Kaspersky Lab’s booth. If you are interested, we will also be pleased to teach you how to join Kaspersky’s team. At the conference wrap-up, at 7 PM, we will reward the coolest photos and the cleanest karmas :) The best 30 reversing enthusiasts will be invited to the office of Kaspersky Lab and rewarded with valuable prizes!




11.11.2014 The winners of Moscow CTF School 2014 are invited to ZeroNights!

Friends, we are glad to inform you that the ZeroNights conference has supported the infosecurity Capture the Flag (CTF) event which was organized by the faculty of Computational Mathematics and Cybernetics of MSU on November 9, 2014 for the school students of Moscow city and Moscow Region: http://ctf.cs.msu.su/.

The CTF offered different tasks in cryptography, steganography, web application vulnerabilities, and other aspects of computer and information security for the teams to solve. The winners are listed here: http://ctf.cs.msu.ru:9911/scoreboard.

The three winners - teams Shadow servants, Flaming Tomatoes, and 1336 h4x0rz - are invited to be honored guests at the ZeroNights conference, which will be held right this week, in two days, in Moscow!




10.11.2014 Registration goes on!

Attention everyone! Due to a lot of participants registering in these last few days, we have decided to prolong registration until 4 PM Moscow time on November 12. However, please note that the registration rate will change on 20:01 MSK of November 11 to constitute 11000 rubles. Hurry up to pay the standard fee for your ticket in time! You can register right now here: http://2014.zeronights.org/registration.html




05.11.2014 The schedule of ZeroNights 2014 is finalized

We hasten to inform you that the agenda of ZeroNights 2014 is completed and finalized. You can see the event schedule and the venue plan, note interesting and must-see activities here: http://2014.zeronights.ru/assets/files/schedule_eng_fin.pdf

The main topics of this year’s conference will be: latest cryptography trends and news, web technologies and web security, mobile security, industrial infosecurity threats, various vectors for applied hacking and methods for finding vulnerabilities, reverse engineering, and also the practical aspects of defense. This year has a record number of contests with valuable rewards in the entire history of the project: from a classic CTF to hacking payment terminals.

The keynote speaker will be Alexander Peslyak, also known as Solar Designer, the creator of John the Ripper, a popular password-cracking tool, the founder of Openwall Project and Openwall, Inc. Among other speakers are famous researchers and hackers from 11 countries , including Patroklos Argyroudis (Greece, Census S.A.), Jean-Philippe Aumasson and Roman Korkikyan (Switzerland, Kudelski Security), Rene Freingruber (Austria, SEC Consult), Marco Grassi (Italy, viaForensics), Georgi Geshev (UK, MWR InfoSecurity), Jake McGinty (USA, Open Whisper Systems, University of Illinois). Talk descriptions and speaker bios are available online. Bilingual interpretation will be available at the conference.

Please note that online registration for ZeroNights 2014 ends on November 11 at 8:00 PM Moscow time!




24.10.2014 Charge it up

Friends, our agenda is almost planned out, the talk schedule is tighter and tighter. Choose and decide which topic is closer, more attractive and interesting for you. You can see talk descriptions here: http://2014.zeronights.org/conference/agenda.html

And we continue introducing the newcomers.

So, the main program features:

  1. Jason Larsen (USA) and his talk Miniaturization (Fitting a full process control attack into a small microcontroller). Not only will the speaker ponder the fashionable topic of PCS hacking, but he will also propose his own scenario. What do you do after achieving control over the process? How do you efficiently insert the attack code into the microcontroller’s firmware? Will he really speak about this? Oh yes, don’t you doubt ;)
  2. Rahul Sasi (India) will talk about Security vulnerabilities in DVB-C (cable TV) networks and describe various DVB-C attack scenarios.
  3. Workshop by Boris Ivanov (Russia) is dedicated to computer forensics used on a mobile banking Trojan.

One of our favorite research stand-up genres: FastTrack:

  1. Roman Bazhin (Russia) will conduct Rude Oracle experiments to provide a pentester’s view of Oracle Database Communication Protocol. To be precise: the talk is dedicated to analyzing the proprietary protocol of Oracle Database (TTC, OraNet, TNS) for subsequent fuzzing, interception, and spoofing the data transmitted by an application which uses OCI. All demonstrated tools will be uploaded to the public domain.
  2. Artem ShishkinMark Ermolov (Russia) will deliver a track called Bypassing kernel patch guard on Windows 8.1 and Windows 10. In this talk, the researchers will describe the ways to bypass the Windows patchguard mechanism, its anti-debugging tricks, and the principles of reversing its future versions. This is the feature that does not let you hook and splice the hell out of the OS kernel.
  3. Anton Cherepanov (Russia) and his talk Roaming tiger will educate you on the recent attacks on PCs located in Russia and CIS. One of their features was using malware which was allegedly created and used by various Chinese cyber attackers. These attacks also used office documents containing exploits. 



22.10.2014 Your defensive fighter’s kit at the Defensive Track

Dear friends, we want you to know that a Defensive Track will run at this ZeroNights. Yes, our conference is slightly broadening its scope. This is because we are not just worried about everything being lousy and vulnerable in practice, but we are also interested in real, practical defense. This section will feature talks from the guys who are actually concerned about practical defense rather than giving it lip service or pointlessly theorizing. While vendors, integrators, and consultants promote their products, common engineers in common companies deal with actual threats, not marketing. The purpose of this section is not to present defense technologies or ideas, let alone advertise any products. We want to show you how live infosec battles are won in real companies.

Our little talks:

  1. Igor Bulatenko of Qiwi will speak about the hardships of managing roles and groups in network access segregation. To solve this task, the guys use NGFW, DPI, and their own magic. Indisputably, access management is one of the major basic tasks in any company. Well, let’s see how Qiwi does it?
  2. Karim Valiev, head of Information Security Team in Mail.Ru Group, will share some secrets of monitoring Internet resources, including forums and social networks, to identify security threats.
  3. Alexey Sintsov (Here) will tell us how to use the simple and familiar ModSecurity to create an automated web attack monitoring system for a huge perimeter. How to support and develop such a system with a small workforce, and what the company will gain as a result.
  4. Alexey Karyabkin and Pavel Kulikov will showcase a practical implementation of a mail monitoring system based on OpenSource solutions.
  5. Nikolay Goncharov and Denis Gorchakov will talk about a makeshift anti-virus laboratory within one of the Big Three communication service providers.

Wait, there’s more! The section will also feature a live discussion of practical issues concerning the usage of various defense technologies: RPKI, DNSSEC, DANE, etc. There are lots of useful and modern standards and technologies, so why are we still using the old and insecure ones? Why are advanced technologies adopted slowly or ignored? Come listen to or participate in the discussion, it promises to be interesting and useful! Moderators: Anton Karpov (Yandex) and Alexander Lyamin (Qrator Labs)!




22.10.2014 PWN 2 PAY

At the ZeroNights conference, anyone will be welcome to participate in the hunt for vulnerabilities in QIWI payment terminals. Two completely functional terminals will be available during the entire event.

DON’T:

  • perform destructive actions which can physically damage the terminal
  • attack the bill acceptor sensors (fake banknotes, fishing)

DO:

  • use lockpicks for physical access to the terminal equipment
  • connect additional equipment to the terminal

We are interested in vulnerabilities which allow escaping into Windows layer or executing fake payments using data retrieved from the terminal. Depending on the criticality of a discovered vulnerability, the reward can amount to 150 thousand rubles and will be paid under the established bug bounty program.




20.10.2014 Unexpected expected exceptions to rules

The laws of logic, rules, guidelines, and standards – all of this simplifies our life significantly.  But a moment may come when – bang! – your skillfully constructed protection system will crack or even crash under a hacker’s assault.

Meet the talks that will change your view of the reality!

Our main program features:

  1. Kirill NesterovAlexey OsipovTimur Yunusov (Russia) will present a talk called 4x4G: from SIM to GGSN about their research of 4G network security. In several situations, they were able to attack SIM cards, “update” USB modem firmware remotely, change the self-service portal password via SMS, and even get through to the operator’s internal technological network.
  2. Ivan Novikov (Russia) will speak about Unexpected expected exceptions and challenge you to think different about web-related vulnerabilities. This talk reviews the logic and design vulnerabilities of web applications which exist because of incorrect code exception processing and non-atomicity of operations.
  3. Jake McGinty (UK) will teach you to *really* piss off the surveillance state with your privacy tool. He promises to combine psychology, cryptography and political/technical evidence from Snowden's leaks to identify what makes for effective defenses against blanket nation-state surveillance – for the first time at a hacker con. If you are confused: the speaker is going to cover the state-of-the-art approaches in the new asynchronous landscape as implemented by the axolotl protocol via TextSecure.
  4. Alexander BolshevGleb CherbovSvetlana Cherkasova (Russia) will present their talk DTM components: shadow keys to the ICS kingdom. They’ll present the results of their research where they’ve analyzed the components for hundreds of field devices based on low-level protocols. Many of them are exposed to insufficient filtration of user-supplied data, XSS, XML injections, RCE, SSRF, DoS, and other vulnerabilities. 
  5. Sergey SoldatovMikhail Egorov (Russia) will surprise you with their Non-cryptographic research of orthodox cryptographic media, or, in other words, tell you how they tested the security of key data storage on tokens and present a self-developed utility which allows extracting key data containers out of some token types.
  6. Finally, Nikita Tarakanov will describe The past, the present and the future of software exploitation techniques and what we will see in the nearest future.

You’ll be amazed, but even this is not all of them. Stay tuned ;)




16.10.2014 The winners of ZeroNights HackQuest are announced!

It is our tradition to conduct a hackquest a month before each conference, where we offer the contestants various tasks to complete (break web, reverse, analyze, write a binary exploit). The reward is a free conference pass and a place in our hall of fame.

Rules:

  • The quest lasts for 7 days, starting on October 1 at 8:00 PM and ending on October 8 at 8:00 PM (Moscow time). We had decided to add a bonus day this year, so the quest ended on October 9
  • One task for one day. Each task lasts for 24 hours
  • First one to solve a task gets a free invite (7+1 invites overall this year)

During the quest, 3302 unique IP addresses have visited http://hackquest.zeronights.org/, and solution attempts have amounted to 1135, but few of them were correct.

And the winners are:

1 – BECHED & OKOB

2 – BECHED

3 – Denis Fajustov

4 – GiftsUngiven

5 – Roman Bondarenko

6 – Torn

7 – Dmitry Ananyev

8 – Sergey Bobrov

All of them get a personal conference invite. See you at ZeroNights!

P. S. A pleasant bonus: the participants are going to post their solutions to HabraHabr (in Russian) soon.

Follow us ;) 




15.10.2014 Brief and clear: the FastTrack section

Friends, today we give you the FastTrack section of the upcoming ZeroNights. The speakers are up for a difficult task: to describe their research/findings/tool concisely, skillfully, and impressively.

Welcome our first swift trackers:

  1. Eldar ‘kyprizel’ Zaitov in his talk Fast (and almost automatic) SSRF detection will describe some common examples of SSRF vulnerabilities, automated detection methods, and real life exploitation scenarios.
  2. Dmitry Vyukov in his track Kernel AddressSanitizer: searching for vulnerabilities in Linux kernel will present a tool for finding errors in the Linux kernel.
  3. Denis Makrushin and Stas Merzlyakov will conduct a Parkomagic séance featuring a substandard look on parking terminals. They will explain how devices in parks and other public spaces, which we often pass without giving them a second thought, may be vulnerable and therefore dangerous.
  4. Boris Ryutin will deliver a track Go in a virmaker production, describing the pros and cons of writing viruses in Go (cross-platform issues, creation and execution speed, how antiviruses treat such executables, etc.) and some know-hows of analyzing them with real samples used as an example.
  5. Vlad ‘vos’ Roskov will present a talk called +22: reversing 64-bit binaries using Hex-Rays x86 Decompiler. He will release a tool to extract pseudo code from 64-bit compiled files using the good old 32-bit version of Hex-Rays Decompiler.
  6.  Victor Alyushin will speak about unsafe factory settings and firmwares. In part, he will talk about the most common vulnerability types found in default (out-of-the-box) wireless equipment configurations and the ways of resolving them.
  7. Denis KolegovOleg Broslavsky and Nikita Oleksov will give a track called Hidden timing channels based on HTTP caching headers. They will review the software implementation issues of these hidden channels depending on the HTTP header, attacker model, programming language (C, JavaScript, Python, Ruby), and runtime environment (web browsers, malware).

And even this is far from all! Wait for more news :)




14.10.2014 QIWI will hold a CTF at ZeroNights 2014

A special contest section by QIWI Group will launch this year at ZeroNights and host a Jeopardy-style CTF.

The team More Smoked Leet Chicken, a winner of multiple international contests, has prepared several tasks in different categories: Reverse / PWN / Web / Crypto / Misc. You can solve the tasks in any order. The cost of a solution depends on the task complexity.

Anyone is welcome to participate in the competition on November 13, at noon. To win, receive maximum points for solved tasks (in case of a draw, the result scored earlier wins). The prize pool for the 1st, 2nd, and 3rd places is 60, 30, and 15 thousand rubles respectively.




13.10.2014 Veni, vidi, PWN

Think you are as true as a hacker can be? Break systems and devices in two or three steps? And maybe, beyond hacking, you can also assemble an interesting device and present it to the hacking community? Welcome to ZeroNights! This year, we have designed a whole load of contests with valuable prizes.

Three contests are planned at the ZeroNights Hardware Village especially for hacking device lovers:

1)       Embedded system hacking

This contest will go on during the entire conference. The first one to break a hacking device designed by the organizers will get this device as a gift. There will be several unique devices.

2)       Stand up and Hack – a mini talk contest

This contest encourages every aspiring researcher to deliver a public talk with no bureaucracy involved. During the entire conference, anyone who wishes to participate can post an application with their talk topic to a special whiteboard. Upon every third application, the workflow of HW Village will interrupt for a short time to deliver the mini talks. We promise to reward the best presenters.

3)       HackDev – develop and present your own hacking device

For people who stay up all night tinkering and assembling their hacking devices, this contest is the opportunity to bring their creations to light and present them ZeroNights-wide. Authors of the best devices are up for valuable prizes.

There are so many contests that we have even made a special page with their detailed descriptions: http://2014.zeronights.org/hwv/hwv-contests.html




09.10.2014 Spy secrets at ZeroNights!

Prepare for the long-awaited technical security saturnalia called ZeroNights in mid-November! Star hackers from several countries will be our guests, and we are displaying more hot talk details.

Meet or newest additions to the main program:

  1. Dmitry Boomov (Russia) will reveal the secrets of de-anonymization and total Internet espionage, and show you how various resources track their users
  2. Dmitry Schelkunov and Vasily Bukasov (Russia) will talk about the obfuscation techniques used in common solutions and consider the use of symbolic equation systems for deobfuscation
  3. Georgi Geshev (UK) of MWR Labs will present a research of vulnerabilities in MQ (Message Queue), including ActiveMQ (Apache), Qpid (Apache), Apollo (Apache), HornetQ (Red Hat), JBoss A-MQ (Red Hat), FioranoMQ (Fiorano), OpenMQ (Oracle), and others
  4. Roman Korkikyan will deliver a workshop called “Deriving cryptographic keys via power consumption”. You’ll be surprised to learn that by simply measuring the voltage decrease it is possible to break modern FPGA-based cryptographic algorithms, either hardware or firmware. How? Welcome to the world of ZeroNights!



02.10.2014 ZeroNights 2014: new stars among us!

Our international star team of ZeroNights 2014 is growing! Today, we give you three new leet speakers from three different countries.

Meet the main program speakers:

  1. Peter Hlavaty (Slovakia) will race Droids to the root
  2. Rene Freingruber (Austria) will tell you all about EMET 5.0
  3. Marco Grassi (Italy) will share his experience of using steroids (runtime modifications) to assess the security of iOS and Android applications

Also, our HackQuest is in full swing: http://hackquest.zeronights.org/

By the way, hurry up and register! We are awaiting a record number of guests this year.




01.10.2014 Agenda updates

Friends, only 44 days are left until we meet. And we continue pulling new and new aces out of our sleeves. Meet the recent additions to our main program! :)

  1. Peter Kamensky (Russia) will give you some examples of hardware assisted virtualization in antiviral software not doing any good.
  2. Then, Nicolas Gregoire (France) will tell you how he manages to make good money with bug bounty programs.
  3. Lastly, Fabien Duchene (France) will showcase the evolutionary approach to black-box fuzzing and its results.



24.09.2014 Practice, practice, practice

Come to ZeroNights to witness the best specialists in their professional fields share their knowledge and skills. Don’t miss the chance to learn from them hands-on.

  1. The workshop from Andrey Belenko (Russia) will teach you to acquire data from iOS devices (jailbroken and not) using OpenSource tools.
  2. During the workshop “Fuzzing practical applications”, Omair (India) will teach you to fuzz with love but stay grounded.
  3. Anton Kochkov (Russia) and Julien Voisin (France) will enlighten you about using the radare2 framework to reverse and debug malware and firmware at their workshop.

PS: CFP is still in progress ;)




23.09.2014 Python Arsenal Contest

There are plenty of bug bounty programmes now, where hackers are paid for finding vulnerabilities or patching software. There are also exploit contests. In the end, all of this is done for the vendor's benefit.

But the drive behind it is the hacker's prowess and tools.

This is a contest of tools which help solve complex RE tasks. We believe that the whole security community will benefit here because all of your plugins will be available to everyone for the sake of experience exchange.

Rules

  • Project/script/plugin/extension must use a library from the site (http://pythonarsenal.erpscan.com/).
  • New (never published before) or some major update for already known project/lib/plugin with some interesting new features.
  • Need description, requirements, installation guide.
  • Send to pythonarsenal@zeronights.org.
  • Results announced at the ZeroNights conf (November 14, 2014).
  • Prizes: unique leet t-shirt & souvenir (personal badge of steel), Hall of Fame, stickers (we will be grateful for sponsorship support!). Multiple nominations to win.

Nominations

  • Best exploit dev tool/plugin/lib
  • Best forensics tool/plugin/lib
  • Best reversing tool/plugin/lib
  • Best fuzzing tool/plugin/lib
  • Best malware analysis tool/plugin/lib

Committee

  • Aaron Portnoy (Exodus Intelligence)
  • Alexander Matrosov (Intel)
  • Dmitry 'D1g1' Evdokimov (Digital Security)
  • Halvar Flake (Google Inc.)
  • Justin Seitz (Immunity Inc.) 



18.09.2014 Attention! New contest

We aim to present a lot of exciting and challenging contests to the participants of this ZeroNights event. Note that the winners will be rewarded with monetary prizes as well as souvenirs.

The first contest is announced by our silver sponsor Protectimus. The competition will last for the duration of the conference, and anyone except the judges can participate. The goal, tasks, scope, timeframe, and other details will be revealed on the opening day of ZeroNights 2014.

Prize pool:

  • 1st place: $ 8000 + $ 1000 to your Protectimus account
  • 2nd place: $ 5000 + $ 500 to your Protectimus account
  • 3rd place: $ 2000 + $ 350 to your Protectimus account

The fun has just begun. Stay tuned and follow the news ;)




18.09.2014 Protectimus Solutions is a silver sponsor of ZeroNights 2014

We are glad to inform you that our event has a new silver sponsor. It is Protectimus Solutions, a two-factor authentication system developer.

It is good to know that, on top of providing modern efficient services, Protectimus also holds a high bar for security. Their support of a truly hardcore conference for the technical crowd and infosec enthusiasts speaks for itself.

About Protectimus Solutions

The creators of a two-factor authentication cloud solution. The solution supports all the standard algorithms (HOTP, TOTP and OCRA) and is certified by the industry’s OATH Initiative.

Protectimus has been launched in the cloud and is ready for immediate use, or it can be deployed in your project’s infrastructure as a white-label solution with a complete brand identity and guaranteed SLA.

Learn more at http://protectimus.com/en/




15.09.2014 First ZeroNights 2014 speakers are revealed

Back when we were contemplating our possible keynote speakers, we realized that there has never been a Russian keynote at a ZeroNights event. Which is arguably strange for a Russian conference, right?

We conferred and decided unanimously that our man is Alexander Peslyak, better known as Solar Designer! Everybody knows him as a great professional with a wide range of skills and knowledge in multiple areas, including defense as well as attack.

Many of you are familiar with Alexander’s in-depth technical research, but for all his 20 years in infosec, it is the first time to deliver a keynote talk! And this keynote talk will be like nothing you are accustomed to hearing ;)

So, updates to the main program:

  1. Alexander Peslyak (Russia) will dwell upon the question: “Is infosec a game?
  2. Patroklos Argyroudis (Greece) will present a project to help you research and exploit heap vulnerabilities
  3. Dmitry Nedospasov (Russia) will describe chip reversing and common chip bugs
  4. Jean-Philippe Aumasson (Switzerland) will acquaint you with the implementation errors made by crypto algorithm developers and teach you not to repeat them in the future

This is just the beginning, so stay tuned!




05.09.2014 For those who like to party hard

Rejoice, hardware and hacking device geeks: the open Hardware Village space will operate at ZeroNights again this year. At HWV, anyone can touch, use, or test any hardware they like as well as ask for usage tips and tricks. There will be workshops dedicated to the security of embedded systems and wireless networks.

For DIY enthusiasts, we will deliver an overview of modern hardware DIY based on these platforms:

  • Teensy 2.0, 3.1
  • Dragino V2
  • mbed LPC1786
  • Spark Code
  • Arduino (multiple versions)
  • Radxa Rock Pro
  • Raspberry Pi (B+)

Radio fans, SDR users, and wireless hackers will have the opportunity to practice with these devices:

  • HackRF
  • BladeRF
  • Ubertooth
  • Proxmark3

For embedded platform reverse engineers and everyone interested, we will demonstrate and teach working with this hacking hardware:

  • Facedancer
  • Die Datenkrake
  • Bus Pirate, Bus Blaster
  • JTAGulator
  • Papillio Pro FGPA
  • USB IR Toy
  • Open Workbench LogicSniffer

We’ve also planned contests with prizes for the winners:

  • Embedded system hacking
  • Stand up and Hack – mini talks by prior registration at the conference
  • HackDev – develop and present your own hacking device

There will also be a flea market at HW Village, where everyone can sell or exchange their devices by prior assignment.




03.09.2014 QIWI is the gold sponsor of ZeroNights 2014

A piece of news you want to share: the gold sponsor of the ZeroNights conference, which will be held on November 13-14 this year, is QIWI.

QIWI is a prominent payment service in Russia and CIS. More than 70 million customers use their services monthly, so transaction security is of course their top priority. It is remarkable of QIWI to support a conference where new and unusual infosecurity threats are discussed, impressive hacking methods are shown, and various defense techniques are suggested. Meet you at ZeroNights!

About QIWI plc.

QIWI is a leading provider of next generation payment services in Russia and the CIS. It has an integrated proprietary network that enables payment services across physical, online and mobile channels. It has deployed over 15,8 million virtual wallets, over 171,000 kiosks and terminals, and enabled merchants to accept over RUB 50 billion cash and electronic payments monthly from over 70 million consumers using its network at least once a month. QIWI’s consumers can use cash, stored value and other electronic payment methods to order and pay for goods and services across physical or online environments interchangeably.

 




03.09.2014 Qualys is a silver sponsor of ZeroNights

Friends, Qualys Inc., a provider of cloud security solutions, has decided to support ZeroNights 2014 by sponsoring the event. The practical infosec conference will be held in Moscow on November 13-14, 2014 and is expected to gather more than a thousand visitors from Russia and other countries.

At ZeroNights, experts, analysts, and hackers will present the results of unique research, share new hacking techniques, and make an impressive show. If you are a CISO, a software developer, an information security technical specialist, administrator, manager, or just an infosec enthusiast, register and participate!

About Qualys

QualysInc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 7,000 customers in more than 103 countries, including a majority of each of the Forbes Global 100 and Fortune 100.

The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and Web applications.

Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit http://www.qualys.com.




31.07.2014 ZeroNights invites friends again

The international practical infosecurity conference ZeroNights is held in Moscow for the fourth time. The preparations for this major event are already underway. Friends and allies, meet us on November 13–14, 2014 in Izmailovo Concert Hall!

This time, the estimated number of visitors exceeds 1500, so we have tried to make everyone as comfortable as possible. Agenda is the key. CFP is at full speed now, and we will soon reveal the star speakers to share their research and findings, demonstrate ingenious hacking skills, and surprise everyone.

Contests, gadget demonstrations, optical illusions, the joy of learning – all of this awaits you at ZeroNights. Stay tuned!




22.07.2014 Ready, steady, go! ZeroNights 2014 CFP is launched

We are glad to announce the start of ZeroNights 2014 CFP! We are looking forward to selecting the talks for our international practical infosec conference. We are waiting for your hardcore researches and workshops. The program committee of DCG#7812 will choose the best of them. CFP will last until 01.10.14 and will be held in several rounds.

What does interest us the most?

  • Mobile security
  • Exploiting stuff
  • Hardware security
  • Web security
  • Security of critical systems

Anything new and interesting can be discussed, though.

What do we need?

  • New technical research
  • In-depth discussion of the topic
  • Great technical hacking prowess
  • String imagination

What DON’T we need?

  • Marketing ruminations, APT, NSA. PRISM, and similar blah-blah
  • Cyber ghost stories
  • Unfounded allegations

In return, we promise you a two-day extravaganza of attack and defense, meeting the best practical infosecurity specialists from around the globe, and great vibes!

Please send all requests to cfp@zeronights.org.




11.02.2014 Happy New ZeroNights!

Friends, we wish you a happy New Year… and a happy new ZeroNights, which will take place in Moscow for the fourth time this year! The practical information security conference is traditionally held in November at one of the biggest event spaces of the Russian capital. The venue and exact date are held secret for now.

But we can already promise you the greatest hackers and researchers from around the globe, who will show you cutting-edge techniques, surprise you with their findings, provide state-of-the-art skills and make the audience explode! Expecting more than 1500 visitors at ZN 2014, we are doing our best to expand the event space, to ensure high-quality sound and flawless organization. This year, we have a new partner to make ZeroNights together. This is another surprise. We hope to amaze as well as please those who love applied hacking and practical information security. Stay tuned! The first details will be published by the beginning of spring :)




Organizers:
Official support:
Participating:
Gold sponsor:
Silver sponsor:
Silver sponsor:
Silver sponsor:
Title media partner:
Gold media partner:
Silver media partner:
Strategic media partner:
Strategic media partner:
Media partner: