Buy a ticket


Neurotechnology for Security

Speaker: Ksenia Gnitko

I will talk about the use of brain activity data in authentication systems and demonstrate how personal data can be extracted from electroencephalogram (EEG). My presentation will begin with a brief introduction to neurotechnologies. I will tell you about methods for registering brain activity, data processing and its application. I will describe in detail the construction of verification systems with EEG as a biometric parameter. I will prove the concept of extracting personal data from EEG using the example of obtaining the pin code of a bank card. I will also talk about attacks on neurointerfaces and the need to protect brain activity data.


Speaker: Igor Kirillov

The report will present the plugin for Hex-Rays Decompiler. The plugin is an attempt to resolve the issue of reconstruction and understand how complex structures work. It helps to analyse large amounts of code automatically, collect information about field reference names and visit places where the reference occurs. After structure finalization, its type is used anywhere the scan have reached. It also detects virtual tables, collects all classes in a separate menu and helps to rename and change the signature of virtual functions.
Moreover it helps to work with negative offsets, selecting a list of appropriate large structures and inserting CONTAINING_RECORD macro in listing. It builds a graph of the relationship between types of LocalTypes and has several opportunities for quick modification of a disassembly listing.

You are not the same as…

Speaker: Andrey Kovalev

2016 Hackers from Fancy Bears attack WADA, NSA gets a leak of backdoors for popular network equipment. In general, the industry is developing, and the progress does not stand still. However, ITW network has malware that sometimes surprisingly differs from typical and advanced examples of the malicious code. This report will discuss such programs, how they differ from others and what techniques they use to achieve the typical “virus” goals.

A blow under the belt. How to avoid WAF/IPS/DLP

Speaker: Anton Lopanitzyn

There are regular and smart firewalls. The regular ones are quite clear, it was a good report on the latest Black Hat. However, we need a completely different approach to come round advanced protection.

Entity provider selection confusion attacks in JAX-RS applications

Speaker: Mikhail Egorov

Using RESTful web services for building web application’s API is a common thing nowadays. Java EE includes JAX-RS API for building RESTful web services. There are several JAX-RS implementations exist. The most popular are RESTEasy and Jersey. In this research author will present entity provider selection confusion attack against JAX-RS applications. Red Hat assigned CVE-2016-7050 and acknowledged the author for reporting and describing entity provider selection confusion attack in JAX-RS application built with RESTEasy.

Diving into Malware’s Furtive Plumbing

Speakers: Or Safran and Omer Yair

According to ongoing malware research, one of the preferred methods of IPC between malware components flows through a Windows IPC mechanism known as Named Pipes. We will present a new open source tool for sniffing Named Pipes communication and show how it can be easily used to passively obtain malware’s decrypted configuration or actively clean infected machine with a single pipe command. We will also show how to manifest the tools abilities using Cuckoo Sandbox for automated analysis.

Reversing golang

Speaker: Georgy Zaytzev

The report will review how the compilator go (versions 1.2 to 1.7) store information about types used in the program, and how to get it on the case of ELF files. It will also be shown how to automatically get this information with IDAPython.

F5 BIG-IP vulnerabilities: detection and remedying

Speaker: Denis Kolegov

The presentation will be about the detected BIG-IP vulnerabilities of F5 Networks and methods for their detection and remedying. Exploitation of these vulnerabilities provides for the possibility to implement a variety of threats ranging from the disclosure of internal non-routable IP addresses of protected servers up to a complete blockage of users’ access to network resources.