Only a few weeks remain until Positive Hack Days 11. The International Forum on Practical Security will be held on May 18–19 in Moscow. The attacking and defending teams for The Standoff have already been formed, and we are completing the preparation of the infrastructure cyberpolygon and programs conferences.
PHDays will traditionally feature three big tracks dedicated to repelling attacks (defensive), defense through attack (offensive) and the impact of cybersecurity on business. We present the first reports.
How to Detect 95% of Attacks Knowing 5% of Techniques
Oleg Skulkin, Head of the Group-IB Digital Forensics and Malicious Code Laboratory, will analyze a limited list of techniques based on real attack scenarios that are used by almost all attackers of various skill levels. This gives defenders the ability to detect an attack even when there is very little data.
Scoring indicators of compromise
When working with indicators of compromise, it is important for an analyst to quickly understand how dangerous this or that object is. For this, the number calculated by the threat intelligence provider is used – score. Often, exactly how and on the basis of what such a calculation takes place is a trade secret. RST Cloud co-founder Nikolai Arefiev will show how scoring can work using the example of open indicators.
If you have bootkits
When infecting a computer with viruses at the user level, you can use well-known countermeasures that rely on the kernel API. And if the OS kernel itself or firmware is compromised? Anton Belousov, Senior Specialist of the Positive Technologies Malware Detection Department, will consider potential vectors for bootkits infecting systems based on BIOS and UEFI, will tell you how to use the Xen-LibVMI-Drakvuf bundle to monitor the behavior of malware and what events or signs at the same time make it possible to judge an injection attempt bootkit.
Sanitizers for the Linux kernel
Independent information security researcher Andrey Konovalov in his report will analyze the internal structure and practical use of KASAN and other sanitizers – the main tools for detecting bugs in the Linux kernel. KASAN detects unsafe memory accesses: memory usage errors after freeing (use-after-free) and out-of-bounds (out-of-bounds) in slab, page_alloc, vmalloc memory, on the stack and for global variables.
Open source intelligence
Andrey Masalovich, General Director of Inforus, in his report will present 20 practical OSINT techniques using new features of the digital world, including photo search using neural networks, collecting information from the darknet, detecting leaks in cloud storages and fixing a user’s digital footprint based on data from his gadgets .
BootROM on Qualcomm
Vulnerabilities in BootROM, an essential component of software and hardware security, allow an attacker to gain complete control over the device. Independent researcher Dmitry Artamonov will review the role of BootROM in the Android smartphone boot chain, BootROM vulnerabilities of various mobile device vendors, talk about the experience of obtaining JTAG in a Qualcomm-based smartphone and how to use it to extract a BootROM image from a modern device, and also demonstrate a successful exploitation of the 1-day vulnerability in BootROM.
Phishing on the official website
It is commonly believed that phishing uses fake sites. What if the site is real? What kind of problems can lead to such consequences as hacking the site? Independent information security researcher Alexander Kolchanov will give a number of examples where not only small organizations, but also large banks and airlines easily become victims of such phishing attacks. He will talk about both common problems and a number of lesser known ones, including subdomain takeover, attacks on external service administrators and link shorteners.
The co-organizer of the PHDays 11 forum and the cyber battle The Standoff is GC Innostage. The business partners of the forum were the developer of information security solutions security visiona national provider of information security services and technologies “Rostelecom-Solar» and software distributor for any business MONT. Technology partner — «alphabet of taste“. PHDays 11 Partners – Companies Axoft, Fortis“ICL System Technologies“, InfoWatch“Marvel Distribution“, R Vision“Gazinformservice“,”Pangeo Radar“,”Jet InfosystemsLiberum Veritas, IBS Platformix, UCSB.
Follow our news!