“Fuzzing Practical Applications” Speaker: Omair The workshop is for people starting up in fuzzing. It highlights how finding bugs through fuzzing is rather easy and doesn't require high amount of skill. It is oriented in a way to encourage fuzzing, for better Softwares(Yea, Right!).
Requirements for participants in the workshop:
|
||
“Timing analysis” Speaker: Roman Korkikyan During the workshop we will recover secret keys of DES and AES software implementations by measuring its execution time. This cryptanalytic method is called Timing analysis. Timing analysis is the simplest method among all Side Channel Attacks. Mastering Timing analysis would allow you to understand advanced Side Channel Attacks that include Electromagnetic analysis, Differential Photonic Emission Analysis, and Differential Power Analysis. Key topics:
Requirements:
What you get before the workshop:
|
||
“An introduction to the use SMT solvers for software security” Speaker: Georgy Nosenko This workshop aims to acquaint students with the results of recent research in the area of code analysis using SMT-solvers. During the training, participants will have the theoretical knowledge of the principles that underlie the techniques that researchers use to find vulnerabilities, exploit development, and reverse engineering. Then consolidate this knowledge into practice. The goal The goal of this workshop is to interest the students to SMT, give the basic knowledge necessary for the effective use of tools based on SMT-solvers. Some topics:
Participant will receive:
Requirements for student to workshop:
|
||
“BlackBox analysis of iOS apps” Speaker: Dmitry 'D1g1' Evdokimov As the popularity mobile application grows, so grows the demand for their security assessment and vulnerability search. Apple iOS devices are among the most popular products on the market. A lot of software of all kinds is created for those devices, from entertainment to banking and business applications. In this workshop, we will acquaint ourselves with the structure of iOS applications, with the approach to searching for iOS vulnerabilities without source code analysis, and with the tools that can help us. Features:
Participants will receive:
Requirements for participants in the workshop:
|
||
“Advanced Threats Reverse Engineering” Speakers: Aleksandr Matrosov, Eugene Rodionov The workshop is devoted to analysis of malware created using object oriented programming languages. In recent time we see a large spike of complex threats with elaborate object-oriented architecture among which the most notorious examples are: Stuxnet, Flamer, Duqu. The approaches to analysis of such malware are rather distinct compared to the malware developed using procedural programming languages. The authors will consider the examples written in C++ and compiled with MS Visual C++. In the workshop the authors will share with participants experience of reverse engineering object-oriented code which they’ve accumulated over the recent years while performing analysis of complex threats. Topics:
Participants will receive:
Requirements for participants in the workshop:
|
||
“Hacking HTML5” Speaker: Krzysztof Kotowicz HTML5 is here, introducing ton of advanced functionality and plethora of new quirks. Novel web application are created, browser vendors compete implementing cutting-edge features. History shows that whenever new technology is rapidly adopted, security suffers, and it is not different this time. This workshop will introduce you to HTML5 technology stack, giving you solid understanding of modern web applications and exploiting them. Focus is given to practical solutions, demonstrating tools, bypasses and offensive techniques. It's not yet another OWASP TOP 10 & XSS with «img src=x onerror» type of thing. This course teaches brand new techniques — to name the few, you will need to bypass browser XSS filters, hijack communication, exploit FTP servers through browsers and prepare your own clickjacking campaign. Plan:
Target audience:
Requirements for participants to workshop:
|
||