Download schedule (PDF)

Fast (and almost automatic) SSRF detection

Speaker: Eldar ‘kyprizel’ Zaitov

Server Side Request Forgeries (SSRF) are still very dangerous and widespread.
Some common examples of SSRF vulnerabilities, automated detection methods, and real life exploitation scenarios will be described in this talk.
An opensource tool will be released and demonstrated.

Kernel AddressSanitizer: searching for vulnerabilities in Linux kernel

Speaker: Dmitry Vyukov

Dynamic memory errors (buffer overflow, use-after-free) are the most common cause for software vulnerabilities. To find such errors, our team has developed a tool called AddressSanitizer for user-space applications, and it has already found several thousand errors in such programs as Chrome, Firefox, Opera, ffmpeg, WebRTC, and MySQL. Last year, we began working on a similar tool for Linux. This talk will give an overview of the project status, a short description of its operation principles, and a demonstration of some found bugs.

Parkomagic: substandard look on parking terminals

Speakers: Denis Makrushin, Stas Merzlyakov

A video game called Watch Dogs offers a realistic view on our near future – our surroundings filled to the brim with digital devices, machines which accept and dispense cash, and a variety of other connected things ridden with all sorts of vulnerabilities, which a hacker can exploit. In the game, the main character successfully compromises a video surveillance system using a smartphone, gaining the ability to conduct surveillance and obtain additional information. The game’s fans are divided: some say this is too ‘dystopian’ – taking a smartphone and hacking into everything around you. Others are somewhat skeptical, saying that things really aren’t that great and the game world is in many ways a reflection of real life. Below, we argue that devices in parks and other public spaces, which we often pass without giving them a second thought, may be vulnerable and therefore dangerous, at least for our personal finances.

Go in a virmaker production

Speaker: Boris Ryutin

Malware developers, as well as your regular office software developers, constantly move forward and strive to use state-of-the-art industry technologies. For instance, as soon as news popped up about someone using Go in their production, there were also news about new malicious software written in this language. This talk features the pros and cons of writing viruses in Go (cross-platform issues, creation and execution speed, how antiviruses treat such executables, etc.) and some know-hows of analyzing them with real samples used as an example.

+22: reversing 64-bit binaries using Hex-Rays x86 Decompiler

Speaker: Vlad ‘vos’ Roskov

x64 + 22 = x86. At the conference, vos will release a tool to extract pseudo code from 64-bit compiled files using the good old 32-bit version of Hex-Rays Decompiler. +22 will make life easier for x64 binary researchers who do not have $ 2000 to buy Hex-Rays x64.

Unsafe factory settings and firmwares

Speaker: Victor Alyushin

This talk is dedicated to describing and resolving the most common vulnerability types found in default (out-of-the-box) wireless equipment configurations. We will discuss the insecure settings and implementations of the WPA, WPA2, and WPS protocols, advocate changing default passwords and using custom firmware. Special attention will be paid to random number generation vulnerabilities.

Hidden timing channels based on HTTP caching headers

Speakers: Denis Kolegov, Oleg Broslavsky, Nikita Oleksov

This talk describes hidden timing channels based on HTTP caching headers. We will review the software implementation issues of these hidden channels depending on the HTTP header, attacker model, programming language (C, JavaScript, Python, Ruby), and runtime environment (web browsers, malware). We will list the main characteristics of the resulting implementations. One of such hidden channels (based on the ETag header) is implemented as a BeEF framework extension.

A pentester’s view of Oracle Database Communication Protocol, or Rude Oracle experiments

Speaker: Roman Bazhin

The talk is dedicated to analyzing the proprietary protocol of Oracle Database (TTC, OraNet, TNS) for subsequent fuzzing, interception, and spoofing the data transmitted by an application which uses OCI. All demonstrated tools will be uploaded to the public domain.

Bypassing kernel patchguard on Windows 8.1 and Windows 10

Speakers: Artem Shishkin, Mark Ermolov

Surely you have heard about the Windows patchguard mechanism. This is the feature that does not let you hook and splice the hell out of the OS kernel. It first appeared in Windows 2003 and developed over time. In this talk, we will describe the ways to bypass this mechanism, its anti-debugging tricks, and the principles of reversing its future versions.

Roaming tiger

Speaker: Anton Cherepanov

In the beginning of this autumn, ESET experts discovered attacks on PCs located in Russia and CIS. One of their features was using malware which was allegedly created and used by various Chinese cyber attackers. These attacks also used office documents containing exploits. This presentation describes the attacks, used exploits and malware in detail.
Official support:
Gold sponsor:
Silver sponsor:
Silver sponsor:
Silver sponsor:
Title media partner:
Gold media partner:
Silver media partner:
Strategic media partner:
Strategic media partner:
Media partner: