Menu
Buy a ticket

Program

The schedule is being hatched.

The program comes in several formats:

Download program in PDF

17 november

10:00 – 11:00 Registration of participants
Track 1
11:00 – 11:30 The opening ceremony
11:30 – 12:20

Welcome to the Physical Layer

Michael Ossmann

12:30 – 13:20

The UEFI Firmware Rootkits: Myths and Reality

Alex Matrosov and Eugene Rodionov

13:30 – 14:20

Excite project: all the truth about symbolic execution for BIOS security

Alex Matrosov and Ilia Safonov

14:20 – 16:00 Lunch
16:00 – 16:50

Safeguarding Rootkits: Intel BootGuard

Aleksandr Ermolov

17:00 – 17:50

JETPLOW is dead. Long live the JETPLOW!

Roman Bazhin and Maxim Malyutin

18:00 – 19:00

Gateway Internals of Tesla Motors

Sen Nie and Ling Liu

Track 2
12:30 – 13:20

Breaking Crypto for Dummies

Nikita Abdullin

13:30 – 14:20

Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets

Matthias Deeg and Gerhard Klostermeier

14:20 – 16:00 Lunch
16:00 – 16:50

Hacking ElasticSearch

Ivan Novikov

17:00 – 17:50

Hadoop safari – Hunting for vulnerabilities

Thomas DEBIZE and Mahdi BRAIK

18:00 – 19:00

Advanced Web Application Fuzzing

Michael Stepankin

Workshop 1
12:30 – 15:00 Beyond OWASP Top 10
14:20 – 16:00 Lunch
16:00 – 19:00

Workshop: Modern fuzzing of C/C++ Projects

Max Moroz

Workshop 2
12:30 – 14:20

Workshop: Reverse engineering of binary data files using Kaitai Struct

Mikhail Yakshin

14:20 – 16:00 Lunch
16:00 – 16:50

Workshop: Reverse engineering of binary data files using Kaitai Struct

Mikhail Yakshin

17:00 – 19:00 Community:
1) R0-Crew – Community of reverse engineers (Sergey Kharyuk)
2) Defcon Moscow – “Uncommon MiTM in uncommon conditions” (Oleg Kupreev)

18 november

Track 1
11:00 – 11:50

You’re off the hook: blinding security software

Jeffrey Tang and Alex Matrosov

12:00 – 12:50

I know where your page lives: Derandomizing the latest Windows 10 Kernel

Enrique Nissim

13:00 – 13:50

The approach to developing LPE exploits on Windows 10 with allowances to the latest security updates

Yuri Drozdov and Ludmila Drozdova

14:00 – 16:00 Lunch
16:00 – 16:50

Defeating Pin Control in Programmable Logic Controllers

Ali Abbasi and Majid Hashemi

17:00 – 17:50

DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes

Rodrigo Rubira Branco and Rohit Mothe

18:00 – 18:50

Poking on Macs Recovery OS and Local OS Update Process

Patrick Wardle

19:00 – 19:30 Closing ceremony. Winner’s reward ceremony.
Track 2
11:00 – 11:50

CICS Breakdown: Hack your way to transaction city

Ayoub Elaassal

12:00 – 12:50

Dissecting complex code-reuse attacks with ROPMEMU

Mariano Graziano

13:00 – 13:50

FIRST: Changing How You Reverse Engineer

Angel Villegas

14:00 – 16:00 Lunch
16:00 – 16:50

Cisco Smart Install. Pentester’s opportunities

Alexander Evstigneev and Dmitry Kuznetzov

17:00 – 17:50

How to circumvent AD converter, part 3, or tools for attacking converting analog data to digital

Alexander Bolshev

18:00 – 18:50

Stories about hacking low-cost phones

Alexey Rossovsky

19:00 – 19:30 Closing ceremony in the hall “Track 1”
Workshop 1
Defensive Track
11:00 – 11:20

A threat hunter himself

Teymur Kheirkhabarov and Sergey Soldatov

11:25 – 11:45

Fear and rage of two-factor authentication

Igor Bulatenko

11:50 – 12:10

How to manage digital apps signatures in a big company

Evgeniy Sidorov and Eldar Zaitov

12:15 – 12:35

Automating iOS blackbox security scanning

Mikhail Sosonkin

12:40 – 13:00

Monitoring and analysis of emails or a primitive tool to detect a cyber attack

Alexey Karyabkin and Pavel Grachev

13:05 – 13:25

Enterprise Vulnerability Management

Ekaterina Pukhareva and Alexander Leonov

13:30 – 13:50

20% of investment and 80% of profit. How to implement security requirements and maintain internal freedom

Natalia Kukanova and Igor Gotz

14:00 – 16:00 Lunch
FastTrack
16:00 – 16:15

HexRaysPyTools

Igor Kirillov

16:20 – 16:35

Neurotechnology for Security

Ksenia Gnitko

16:40 – 16:55

You are not the same as…

Andrey Kovalev

17:00 – 17:15

A blow under the belt. How to avoid WAF/IPS/DLP

Anton Lopanitzyn

17:20 – 17:35

F5 BIG-IP vulnerabilities: detection and remedying

Denis Kolegov

17:40 – 17:55

Entity provider selection confusion attacks in JAX-RS applications

Mikhail Egorov

18:00 – 18:15

Reversing golang

Georgy Zaytzev

18:20 – 18:35

Diving into Malware’s Furtive Plumbing

Or Safran and Omer Yair

19:00 – 19:30 Closing ceremony in the hall “Track 1”. Winner’s reward ceremony.
Workshop 2
11:00 – 13:50

Workshop: Workshop: Searching for vulnerabilities in the Computer-Aided Process Control System (CAPCS) with blackbox analysis under tight deadlines

Boris Savkov

14:00 – 16:00 Lunch
16:00 – 18:50 Сommunity
19:00 – 19:30 Closing ceremony in the hall “Track 1”