Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Welcome to OFFZONE 2.0
June 17–18, 2019
Report tracks
AppSec.ZoneAll about application security
Hardware.ZoneAll about hardware, hardware attacks and radiowave analysis
Finance.ZoneAll about financial service security
Tool.ZoneLive demonstrations from the developers of offensive / defensive-tools to be used by all security experts
Moscow 2049Half a year has passed. Around the world, the surviving scientists and experts inside their shelters create special laboratories where technologies are being revived. The surviving remnants of hardware serve as trophies for the restoration of computers, the Internet is non-existent, the most popular specialists are those who know how to work in a console. One of these places is in Moscow, on the premises of CDP. This is the OFFZONE lab. Welcome!
Keynote-speakers
June 17
June 18th
CTF-based Side-Channel Attacks Introduction Training:
Alexander MatrosovLeading Offensive security research HW/FW, NVIDIA
Sergey Ivanov
Independent security researcher
Rodrigo Branco Chief Security Researcher, Strategic Offensive Research & Mitigations (STORM) Team
Roman Korkikyan
Security Expert, Kudelski Group
1st Track
2nd Track
Crash course for exploit development
Fast track
Offcoin
How to earn OFFCOIN points:
We have prepared a number of activities for participants and guests to take part in and earn OFFCOIN points.
CTFZONE: Hackquest A big quest from the authors of CTFZONE
IoT.Zone Tearing apart smart devices
Craft.Zone Soldering the conference badge to solve new tasks
Game.ZonePlaying consoles, participating in e-sports tournaments
Tattoo.ZoneGet a post-apocalyptic style tattoo
BI.ZONE Solve problems of different complexity and participate in “Hacked in 10 (15) minutes” at the BI.ZONE stand
Shop
Rules
Points are credited to the conference badge, which the participant receives at the registration desk in exchange for a ticket.
The OFFCOIN balance can be checked at a special terminal. OFFCOIN points cannot be transferred to other participants.
If the guest violates any of the rules of participation in activities, the balance of their badge with accumulated OFFCOIN points will be annulled, and the badge itself will be blocked.
Earned OFFCOIN points can be exchanged for souvenirs with the conference logo in our store.
About the competitions in detail https://offzone.moscow/offcoin/
Map OFFZONE
2nd Floor
1st Floor
2
4 56
67
10 1st Track
Convention
AppSec.Zone
Tattoo.Zone
Speaker.Zone
Hardware.Zone
Lounge.Zone
Game.Zone
IoT.Zone
CTFZONE: Hackquest
Tool.Zone
Finance.Zone
Craft.Zone
Offcoin
1
1
2
3
3
4
5
6
7
8
8
9
9
10
11
11
2nd Track
June 17 1st Track 2nd Track Hardware.Zone AppSec.Zone Tool.Zone Finance.Zone
11:00 Opening ceremony
11:10 The Advanced Threats Evolution: REsearchers Arm RaceAlexander MatrosovNVIDIA
12:00 Break Crash course for exploit developmentSergey IvanovIndependent security researcher
Introduction to circuitry. Synthesis of electronic circuitsAnton KanyshevHardware designer
Making the Case for DevSecOpsMark Miller Sonatype
Raw-packet projectVladimir IvanovDigital Security
13:00 Hunting for abusing of PowerShell Teymur KheirkhabarovBI.ZONE
Side-channel attack to every homeYuri KupashevBI.ZONE
SAST и Application Security: how to fight code vulnerabilitiesSergey KhrenovPVS-Studio
14:00 RED TEAMplate. Build your own RED ArmySofia Marakhovich Igor Motroni Vitaliy MalkinInformzaschita
Break Break
Defending Cloud Infrastructures with Cloud Security SuiteJayesh Singh Chauhan Sprinkl
15:00 RIDL: Rogue In-flight Data LoadStephan van Schaik Sebastian OsterlundVUSec (VU University)
Short waves in practiceAleksander Alekseev (R2AUK) Independent researcher
A fresh view on product securityDmitry DesyatkovWrike
16:00 Practical fuzzing for modern web and APIs Ivan NovikovWallarm
CTF-based Side-Channel Attacks Introduction TrainingRoman KorkikianKudelski Group
Amateur radio: what, how and why …Daniil PogorelovIndependent researcher
Attacks on Android Activity & Intents or where to start learning about attacks on Android apps Egor BogomolovWallarm
One Framework to rule them all: A framework for Internet-connected Device CensusAntoniy NikolaevBI.ZONE
17:00 BackSwap — The Future of Banking Malware?Michal Poslušný Peter KalnaiESET
The art of lockpickingDanila ZgonnikovIndependent researcher
Open Source & Secure develop — myth or reality?Artem BachevskyAlexey GuskovIndependent researchers
18:00 EvilParcel vulnerabilities and exploiting them in-the-wild in Android.InfectionAds.1Kirill LeyferDr.Web
1st Track 2nd Track Hardware.Zone AppSec.Zone Tool.Zone Finance.Zone11:00 Opening ceremony
11:10 The Advanced Threats Evolution: REsearchers Arm RaceAlexander MatrosovNVIDIA
12:00 Break Crash course for exploit developmentSergey IvanovIndependent security researcher
Introduction to circuitry. Synthesis of electronic circuitsAnton KanyshevHardware designer
Making the Case for DevSecOpsMark Miller Sonatype
Raw-packet projectVladimir IvanovDigital Security
13:00 Hunting for abusing of PowerShell Teymur KheirkhabarovBI.ZONE
Side-channel attack to every homeYuri KupashevBI.ZONE
SAST и Application Security: how to fight code vulnerabilitiesSergey KhrenovPVS-Studio
14:00 RED TEAMplate. Build your own RED ArmySofia Marakhovich Igor Motroni Vitaliy MalkinInformzaschita
Break Break
Defending Cloud Infrastructures with Cloud Security SuiteJayesh Singh Chauhan Sprinkl
15:00 RIDL: Rogue In-flight Data LoadStephan van Schaik Sebastian OsterlundVUSec (VU University)
Short waves in practiceAleksander Alekseev (R2AUK) Independent researcher
A fresh view on product securityDmitry DesyatkovWrike
16:00 Practical fuzzing for modern web and APIs Ivan NovikovWallarm
CTF-based Side-Channel Attacks Introduction TrainingRoman KorkikianKudelski Group
Amateur radio: what, how and why …Daniil PogorelovIndependent researcher
Attacks on Android Activity & Intents or where to start learning about attacks on Android apps Egor BogomolovWallarm
One Framework to rule them all: A framework for Internet-connected Device CensusAntoniy NikolaevBI.ZONE
17:00 BackSwap — The Future of Banking Malware?Michal Poslušný Peter KalnaiESET
The art of lockpickingDanila ZgonnikovIndependent researcher
Open Source & Secure develop — myth or reality?Artem BachevskyAlexey GuskovIndependent researchers
18:00 EvilParcel vulnerabilities and exploiting them in-the-wild in Android.InfectionAds.1Kirill LeyferDr.Web
June 18 1st Track 2nd Track Hardware.Zone AppSec.Zone Tool.Zone Finance.Zone
11:00 Inside the Machine: How Offensive Security is Defining the Way we Compute DataRodrigo BrancoIntel
12:00 Static analyzer for Dart or how to scan new JavaScript Dmitry DesyatkovGrisha StreltsovWrike
Burp Suite pluginsDenis RybinDigital Security
Hackerspaces: Forges of the FutureArtyom PoptsovCADR Hackerspace
Simple about complicated. Typical vulnerabilities in the ASP.NET familyAlexey Morozov Independent researcher
Mr.SIP: SIP-Based Audit and Attack ToolMelih TasNeslisah Topcu Independent researchers
War. War never changes. How to steal fraudsters credentials and fight with fraudBoris IvanovBI.ZONE
12:30 Fishnet Cases: How Microsoft Azure Helps with a Phishing AttackOlga KarelovaM-13
13:00 Logical Vulnerabilities in Web BrowsersXiaoyin LiuIndependent researcher
The Anatomy of Spoofing in EmailsAlexey EgorovKaspersky Lab
Signal Integrity. Transmitting a signal without errorsAnton KanyshevIndependent researcher
Rise of The MachinesLeon MaisterCheckmarx
Merchant portfolio risk and fraud monitoring for payment gateways and acquirer banksSergey VeltsCybertonica
13:30 STO security audit methodologyTatiana MikhailovaDeiteriy
14:00 Break Secure webhook collector: search for passwords in existing git repos and push requestsGeorgiy SidorovskiyHome credit and finance bank
Break Break Break ATM or it never happenedOlga OsipovaAlexey OsipovKaspersky Lab
14:30 Security analysis of alarm systemsAnton OstrokonskiyDeiteriy Lab
15:00 Intel VISA: Through the Rabbit HoleMaxim GoryachyMark ErmolovPositive Technologies
Hunter HuntedPavel KannNikolai ToporkovSwordfish Security
Power Integrity. Quality power from source to destinationAnton KanyshevIndependent researcher
How to build Secure SDLC without SDLCIvan AfanasievBi.ZONE
KuboltAnton BulavinKseniya AbramovaSEMrush
POS payment terminal hacking basicsAleksei StennikovPositive Technologies
15:30 Access control vulnerabilities in GraphQL APIsNikita StupinMail.Ru Group
16:00 Take a leak …Aleksey ChernykhRostelecom
Using of Microsoft Advanced Threat Analytics «Features» During RedTeamKonstantin EvdokimovM-13
One more time about ICS vulnerabilitiesBoris SavkovRostelecom
How to scan?Omar GanievDeteAct
Payment cards 101Ekaterina PukharevaQIWI
16:30 LambdaGuard: AWS Serverless SecurityArtёm TsvetkovSkyscanner
17:00 (Mis)configuring page tablesArtem ShishkinIntel
0xh0731Artem BachevskyIndependent researcher
Another CORS bug: the aftermathSergey ShekyanShape security
Security of microprocessor payment cards. Looking into EMV and contactless payment card mechanismsNikita BulanovSberbank
18:00 Break
18:30 Closing Ceremony
1st Track 2nd Track Hardware.Zone AppSec.Zone Tool.Zone Finance.Zone11:00 Inside the Machine:
How Offensive Security is Defining the Way we Compute DataRodrigo BrancoIntel
12:00 Static analyzer for Dart or how to scan new JavaScript Dmitry DesyatkovGrisha StreltsovWrike
Burp Suite pluginsDenis RybinDigital Security
Hackerspaces: Forges of the FutureArtyom PoptsovCADR Hackerspace
Simple about complicated. Typical vulnerabilities in the ASP.NET familyAlexey Morozov Independent researcher
Mr.SIP: SIP-Based Audit and Attack ToolMelih TasNeslisah Topcu Independent researchers
War. War never changes. How to steal fraudsters credentials and fight with fraudBoris IvanovBI.ZONE
12:30 Fishnet Cases: How Microsoft Azure Helps with a Phishing AttackOlga KarelovaM-13
13:00 Logical Vulnerabilities in Web BrowsersXiaoyin LiuIndependent researcher
The Anatomy of Spoofing in EmailsAlexey EgorovKaspersky Lab
Signal Integrity. Transmitting a signal without errorsAnton KanyshevIndependent researcher
Rise of The MachinesLeon MaisterCheckmarx
Merchant portfolio risk and fraud monitoring for payment gateways and acquirer banksSergey VeltsCybertonica
13:30 STO security audit methodologyTatiana MikhailovaDeiteriy
14:00 Break Secure webhook collector: search for passwords in existing git repos and push requestsGeorgiy SidorovskiyHome credit and finance bank
Break Break Break ATM or it never happenedOlga OsipovaAlexey OsipovKaspersky Lab
14:30 Security analysis of alarm systemsAnton OstrokonskiyDeiteriy Lab
15:00 Intel VISA: Through the Rabbit HoleMaxim GoryachyMark ErmolovPositive Technologies
Hunter HuntedPavel KannNikolai ToporkovSwordfish Security
Power Integrity. Quality power from source to destinationAnton KanyshevIndependent researcher
How to build Secure SDLC without SDLCIvan AfanasievBi.ZONE
KuboltAnton BulavinKseniya AbramovaSEMrush
POS payment terminal hacking basicsAleksei StennikovPositive Technologies
15:30 Access control vulnerabilities in GraphQL APIsNikita StupinMail.Ru Group
16:00 Take a leak …Aleksey ChernykhRostelecom
Using of Microsoft Advanced Threat Analytics «Features» During RedTeamKonstantin EvdokimovM-13
One more time about ICS vulnerabilitiesBoris SavkovRostelecom
How to scan?Omar GanievDeteAct
Payment cards 101Ekaterina PukharevaQIWI
16:30 LambdaGuard: AWS Serverless SecurityArtёm TsvetkovSkyscanner
17:00 (Mis)configuring page tablesArtem ShishkinIntel
0xh0731Artem BachevskyIndependent researcher
Another CORS bug: the aftermathSergey ShekyanShape security
Security of microprocessor payment cards. Looking into EMV and contactless payment card mechanismsNikita BulanovSberbank
18:00 Break
18:30 Closing Ceremony
Where to go lunch-hunting?
1
4
2
6
5
3
Where to go lunch-hunting?
Brioche BarSadovaya-Chernogryazskaya str., 22/1
European cuisine, business-lunch from 250 RUR, 12:00 – 18:00
1
Silver’s Irish PubMashkova str., 28/20, bldg. 1
European cuisine, business-lunch from 370 RUR, 12:00 – 16:00
2
Chaikhona №1 Pokrovka str., 50/2
Eastern, European and Panasian cuisine, 30% off the main menu, 12:00 – 17:00
3
Steak Bar №7 Sadovaya-Chernogryazskaya str., 22/1
European cuisine, steaks and burgers, business-lunch from 450 RUR, 12:00 – 16:00
4
Smile art-cafe Pokrovka str., 48, bldg. 1
European cuisine, vegetarian business-lunch, 12:00 – 17:00
5
OdgukhariSadovaya-Chernogryazskaya str., 22/1
Georgian cuisine, 30% off the main menu, 12:00 – 17:00
6
Organiser
General partner
Tasks with the Sberbank Online mobile app on Android
VR game “Cybersecurity Agent”
VR Cybersecurity Lab Demonstration
Non-alcoholic bar
Game “Battle Ships”
Game «Where is the logic»
Telegram quest with winnable merchandise
Live broadcast from Finance.Zone and AppSec.Zone
Photo booth
Charging station
Strategic partner
Voice Attack contest with biometric tasks
Hacker quiz where participants can win elite pillows and promo codes for participation in the Bug Bounty
Partners
Tasks to bypass a facial recognition system
Instagram photo contest
Balance board competition
Demonstration of AppSec.Hub and Bishop tools
Affiliated communities
offzone.moscow