FastTrack
FastTrack allows to the reporters to have a 15 minutes speech for the research presentation. Section is in formation.

Participation requests are to be sent to fasttrack@zeronights.org. Participation at Fast Track is a good opportunity to tell about important questions.

“Physical (In)Security – it’s not –ALL– about Cyber”

Speaker: Inbar Raz

Today's threat landscape has cyber threats, cyber security, cyber warfare, cyber intelligence, cyber espionage... Cyber is almost unanimously identified with the Internet, but sometimes, it's not -all- about the Internet. The focus on Internet access leads to some wrong assumptions and the overlooking of some simpler, yet just-as-dangerous attack vectors. Specifically, physical access to your network and devices.

“Advanced exploitation of Android Master Key Vulnerability (bug 8219321)”

Speaker: Viktor Alyushin

At BlackHat USA 2013, Jeff Forristal presented a way of bypassing the digital signature of OS Android applications and replacing some files of any applications with the attacker’s own files. This vulnerability can be used to retrieve and modify application data: for example, to read stored credentials (without rooting the smartphone and consequently losing warranty), to modify saved game files (to cheat without rooting), to get “system” rights (by replacing the system application) and use them to get root rights (by adding the string “ro.kernel.qemu=1\r\n” into the file “/data/local.prop”). But the suggested exploitation method implies several restrictions, which can be a big problem in some cases. A new way to exploit the vulnerability has been found which allows wider opportunities of bypassing digital signature check. Moreover, Bluebox Security Scanner does not detect the .apk files which exploit this bug. Google Security Team was notified of the new exploitation method. Turns out that the patch for the bug 8219321 also closes this vulnerability, but the malware filter of Google Play Market was updated. In this talk, a new way of exploiting the 1-day vulnerability will be presented. This talk has not been delivered at any other event.


“HexRaysCodeXplorer: make object-oriented RE easier”

Speakers: Aleksandr Matrosov, Eugene Rodionov

HexRaysCodeXplorer — Hex-Rays Decompiler plugin for easier code navigation. Here are the main features of the plugin:

  • Automatic type REconstruction for C++ objects.
  • C-tree graph visualization — a special tree-like structure representing a decompiled routine in c_itemt terms. Useful feature for understanding how the decompiler works.
  • Navigation through virtual function calls in HexRays Pseudocode window.
  • Object Explorer — useful interface for navigation through virtual tables (VTBL) structures.

In this presentation, the authors of HexRaysCodeXplorer will be discussing main functionality of the plugin and its application for reverse engineering. The authors will be presenting the algorithm for C++ type REconstruction. Also a special version of HexRaysCodeXplorer (ZeroNigths edition) will be released with new features developed specially for ZeroNights conference. New features will be committed to GitHub from the stage.


“Practical application of math methods and image recognition in attack detection. With novel case studies :)”

Speakers: Vladimir Kropotov, Vitaly Chetvertakov

Image recognition and other interesting math methods can yield quite interesting results in practice. In this presentation, the speakers will share their practical experience of rolling algorithms in network traffic and speak about using wavelets, image recognition theory and other interesting things for detecting and categorizing suspicious traffic. We will explain how some methods work on the example of modern threats, show some cases of searching for patterns and fingerprints in malicious traffic, of educating the system with true-life case studies and much more. The talk is based on the speakers’ own experience with the actual traffic of 2012-2013, with no stale stuff. We will also release (sp?) some of our open-source code creations.

“Web under pressure: DDoS as a service”

Speaker: Denis Makrushin

Any web project has one important efficiency metric: maximum load. This talk will utilize a nontrivial look at stress testing services: we will see how a harmless instrument can be turned into a DDoS tool.

“Hosting dashboard web application logic vulnerabilities”

Speaker: Dmitry Boomov

This talk is dedicated to vulnerabilities in the logic of dashboard web applications of hosting providers. Those vulnerabilities are as likely to cause unauthorized access to domain control as simple negligence of users who control accounts. The author tries to trace the thin line between the human error of account user and the logic vulnerabilities of hosting provider.

“Session management errors in cloud solutions and in classic hosting systems”

Speaker: Andrey Danaw

The problem of separating sessions on virtual hostings has been known for long. To isolate the session contexts of different users, file system restrictions are typically used, i.e. access rights to different directories. The sessions of different hosting clients are stored in different files. With the development of cloud technologies, the question is rising once again, but from the other side. It is now necessary to isolate the contexts of sessions which are currently executed on a given cloud node when it is used by several clients simultaneously. Security audit experience shows that session context isolation is implemented incorrectly in most modern cloud solutions. This talk is dedicated to the methods of exploiting this kind of issues.

This talk considers different mechanisms of storing sessions, identifying them, and defending them from access restriction bypass for modern cloud services. Additional attention is paid to categorizing the session keys that are used in popular PHP web applications to find where these keys intersect. The results are interesting with respect to practical application in information security audits. Special attention is paid to the technique of finding and preventing this kind of issues.

“Hesperbot: analysis of a new banking trojan”

Speaker: Anton Cherepanov

In August, 2013, ESET experts discovered a campaign directed against internet banking users in Czech Republic, Turkey, and Portugal. Research showed that a previously unknown banking trojan was used for this attack, called Win32/Spy.Hesperbot. The distinctive features of this malware family are its module architecture, its unique web content spoofing technique, and its usage of a mobile component for various platforms: Android, Symbian, Blackberry.

“NGINX Warhead”

Speaker: Sergey Belove

Account data leak? Phishing through a similar domain with logger. JS injection without XSS? DNS rebinding. Content spoofing? A lot of approaches. But all of this is superfluous when you have NGINX.

“Testing of password policy”

Speaker: Anton Dedov

Too often developers chose third-party password quality checkers or implement their own in a naive way. In our work we have tested some of existing password quality checkers and tried to measure their security and psychological acceptance. Main pathos of the talk is emphasis on empirical vs. compliance approach. The result is numerical comparison between several password checkers related to security and psychological aspects.

Organizers:
Official support:
With participation of:
Gold sponsor:
Silvers sponsor:
Official beverage:
General Media Partner:
Gold Media Partner:
Media Partners:
Information Partners: