PARTNERS AND SPONSORS 2011
PHD 2011 Forum master classes
Participants should bring their own laptops. For the majority of the master classes, a Windows system is required (or a Windows virtual machine). The precise platform requirements are specified separately for every master class.
Automatic Search for Vulnerabilities in Programs Without Source Code
Dmitry Oleksyuk, eSage Lab
A participant will become familiar with theoretical basics and will acquire practical skills of detecting vulnerabilities in real programs via fuzzing. Attention will be given to both popular frameworks and the development of one's own tools for specific tasks. The master class also considers advanced and promising technologies of code analysis, which are only waiting for their turn to be applied in the day-to-day work of vulnerability researchers.
Automatic search for vulnerabilities in programs without source code:
The main concepts of fuzzing; mutation-based and generation-based fuzzing;
An overview of popular tools for fuzzing network applications, file formats, ActiveX components and kernel- mode drivers; in-memory fuzzing;
The fine points of writing one's own fuzzer, search for vectors, and optimal realization of data generation algorithm.
About the benefits of dynamic code analysis when searching for vulnerabilities:
Dynamic analysis instruments: debuggers, emulators, and dynamic binary instrumentation engines;
Analysis of code coverage, its role in the assessment and in the increase of the efficiency of fuzzing;
Future: data tracing and taint analysis as its particular variant;
Future: white-box fuzzing and automatic exploit generation.
Conducting Forensic Examination and Analysis of Rootkits (by the Example of TDL4)
By Alexander Matrosov, Director of Center for Virus Research and Analysis, ESET
A participant will acquire the skills of analyzing complex malware and, with their own hands, will conduct forensic examination of an instance of the high-tech TDL4 rootkit (also known as Win32/Olmarik).
The master class covers the following topics:
Ways of the TDL4 rootkit deployment and functioning;
Tools and methods of data retrieval for conducting forensic examination of an infected system;
Debugging of the bootkit component on the early stage of system booting, using the Bochs emulator;
Analysis of an infected system via WinDbg;
Removing the rootkit the system after gathering all necessary data.
Network Infrastructure Security Assessment
By Sergey Pavlov, Information Security Expert, Positive Technologies
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The master class will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
Web Vulnerabilities: Difficult Cases
By Yury Goltsev, Information Security Expert, Positive Technologies
A participant will acquire the following skills: detecting complex vulnerabilities in web applications, manually analyzing the results of scanning web application security, assessing efficiency of specialized means of protection, such as a web application firewall.
Competitive Intelligence in the Internet
By Andrey Masalovich, DialogueScience
Studying practical examples, a participant will acquire the skills of applying analytical technologies in real tasks of competitive intelligence, including:
techniques of quick detection of sensitive information leaks;
techniques of quick detection of exposed server partitions;
techniques of intrusion to FTP servers without breaking their protection;
techniques of detection of password leaks;
techniques of accessing sensitive documents via bypassing DLP systems;
techniques of intrusion to partitions, protected by the 403 code.
The techniques are demonstrated by the examples of portals of certainly well-protected companies (e.g., leaders of the information technology and information protection markets, large state structures, intelligence services, etc.).
Zero Day Vulnerabilities
By Nikita Tarakanov, CTO, CISS RT
A participant will acquire practical skills of conducting detailed analysis of Buffer Overflow vulnerabilities in Windows operating systems, and will also become familiar with basic and advanced methods of exploiting vulnerabilities.
This master class covers the following topics:
Common vulnerabilities in client software: Stack Overflow, Heap Overflow, Use-after-Free, etc.;
Basic exploits (by the example of Windows XP), DEP bypass;
Advanced exploits (by the example of Windows 7), DEP+ASLR bypass;
Common vulnerabilities in Windows kernel (Stack Overflow, Pool Overflow, etc.);
Peculiarities of kernel-level vulnerabilities;
Pool Overflow exploits;
Binary analysis of security fixes;
Static methods of searching for 0-day vulnerabilities: writing IDA pro plugins.
Attacks in Wireless Networks
By Vladimir Lepikhin, Informzaschita Training Center
A participant will acquire practical skills of analyzing 802.11 wireless networks security, will become familiar with basic and advanced methods of exploiting vulnerabilities, main tools and methods of monitoring Wi-Fi security.
Investigation of Incidents
By Maxim Sukhanov, Expert in Computer Forensics, Group-IB
A The master class covers the issues of reaction to and investigation of remote banking incidents. The following topics will be examined:
General information on incidents in remote banking systems; remote banking fraud techniques;
Transferring payment orders using remote management facilities;
Practical section: traces of attackers setting and using remote management facilities (Windows RDP server, RAdmin, TeamViewer);
Malicious applications copying digital signature keys and passing them to attackers;
Practical section: traces of functioning of specialized malicious software (Shiz, Carberp);
Practical section: search for forensically relevant data after reinstalling the operating system (scenario of an incorrect initial reaction to an incident).
SCADA Security Analysis
By Andrey Andreevich Komarov, CTO, Stankoinformzaschita Research and Development Center
A participant will acquire practical experience of searching for vulnerabilities and analyzing SCADA security. The master class will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
VOIP Infrastructure Security Assessment
By Gleb Gritsai, Information Security Expert, Positive Technologies
A participant will be introduced into IP telephony basics, and will acquire general skills of searching for vulnerabilities by studying the examples of common IP PBXs and extensions. The master class will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
__________________________________ __________________________________ __________________________________ __________________________________