Buy a ticket

Defensive Track

20% of investment and 80% of profit. How to implement security requirements and maintain internal freedom

Speakers: Natalia Kukanova and Igor Gotz

This presentation will be about how to build control system for security compliance at the workplace in a dynamic network. The presenters will also talk in detail about how the NAC principles (Network Access Control) have been implemented in the Yandex network and what technical and administrative troubles the experts have faced.
The classic approach to security slows down business development, which is unacceptable for a modern company. However, cybersecurity risks are still relevant and need to be lowered. Our approach is to set up the most secure working environment for employees. Major problems we have faced include:
– Rapid technology development.
– A huge number of “intracorporate” developments.
– A strong need for automation and integration to the environment.
– Small security staff.
Our solution: to detect important discrepancies and cure them (NAC analogue).

Enterprise Vulnerability Management

Speakers: Ekaterina Pukhareva and Alexander Leonov

1. Choice of solution:
– Assessment of base completeness;
– Use of several scans from false negative mistakes;
– Vulnerability assessment without scanning
2. Inventory:
– Importance of Asset Management. “Find something anywhere”;
– Identification of new hosts in the perimeter.
3. Vulnerability management or vulnerability intelligence:
– Regular process and occasional checks;
– Critical vulnerabilities and noise-making vulnerabilities.
4. How to organize patch- and vulnerability- management process effectively:
– Scanning with and without authorization (risk, speed, efficiency);
– Agent scanning;
– Scanning of docker containers;
– Scanning of cloud services;
– Compliance scanning or how to quickly check configuration settings;
– Complexity of task-tracking;
– False positive analysis—who should process (security specialists or admins)?
5. Nessus customization:
– Plugins that are worth special attention;
– Right metrics;
– Automatic remediation further to the scan;
– Tracking closure of vulnerabilities (dashboards).
6. Vulnerability Scanner as a valuable asset
– What can be done by getting admin rights of Nessus/SC;
– How to find out that accounts are being used by a violator.

Monitoring and analysis of emails or a primitive tool to detect a cyber attack

Speakers: Alexey Karyabkin and Pavel Grachev

This presentation will look at one of the most popular attack vectors, mass mailing of malware, phishing, spearphishing (targeted attacks). Speakers will talk about how they built defense, what problems they faced and how they overcame them. They will focus on current issues of how to apply modern technologies and business solutions to detecting cyber attacks and fight against them. The practical part will show how they built their own bike (a solution for detecting cyber attacks). The development of the idea of ZeroNigths 0x04.

Automating iOS blackbox security scanning

Speaker: Mikhail Sosonkin

iOS App security is a hot topic these days. However, due to lack of tutorials and documentation, the bar to entry is still very high. In this presentation we will try to bring the bar down by exposing internals of CHAOTICMARCH, an automation tool, and techniques for instrumenting and observing Apps’ activities. If you’re interested in either jump starting your iOS assessment project or need help with automating your fuzzing, then this talk is for you.

How to manage digital apps signatures in a big company

Speakers: Evgeniy Sidorov and Eldar Zaitov

All mobile apps and almost all desktop applications must be signed with the electronic signature of the developer. When you try to unfold the control system of keys for apps signature, you may face a number of difficulties: many developers should be able to sign their assembly, but the signature keys should be kept in secret with restricted access to them. The former employees should not be able to sign application, etc. There is also a risk to sign malicious applications so that the signature keys will be revocated and the operation of all applications signed with that key will be disrupted. To solve these problems we have created our own solution that may sign the applications for Android, Windows (usermode, kernel mode), Java applications and applets, and would like to tell you about it. In general, our presentation will be devoted to:
– the structure of the app signature in each platform Windows, Android, iOS;
– the role of electronic signature in every platform security;
– the consequences of the signature key compromise;
– the creation of a convenient service for management of signature keys in a large company;
– the transformation of such service to check service of application security.

Fear and rage of two-factor authentication

Speaker: Igor Bulatenko

More and more companies are starting to think about implementing two-factor authentication systems. It is very important not to make a mistake when choosing a solution and implementation method, because you always need to strike a balance between usability and security. Market of 2fa solutions is very big from physical tokens to google authenticator. The report will discuss what factors should be considered in choosing solutions, and what difficulties you may face during implementation.

A threat hunter himself

Speakers: Teymur Kheirkhabarov and Sergey Soldatov

Completely customized compromise tools are becoming more and more popular as well as attacks performed without malicious software. Hence, the corporate security departments faced with the need to identify software and network attacks that are not detected using conventional safeguards, including intrusion detection system, malware protection system, leak control system etc. Now Threat hunting that find previously unknown threats is fashionable and offered as a product and as a service. We will tell you the truth about how you can do it yourself, what are the possible tools, how to configure and what they can do. Examples of configuration files and scripts will be available for self-experimentation after the report.