RU | EN

PARTNERS AND SPONSORS 2011

 

 

 

 

PHD 2011 Forum master classes

Participants should bring their own laptops. For the majority of the master classes, a Windows system is required (or a Windows virtual machine). The precise platform requirements are specified separately for every master class.

Expert Level Medium Level Basic Level

Automatic Search for Vulnerabilities in Programs Without Source Code

Conducting Forensic Examination and Analysis of Rootkits (by the Example of TDL4)

Web Vulnerabilities: Difficult Cases

Zero Day Vulnerabilities

Network Infrastructure Security Assessment

Attacks in Wireless Networks

SCADA Security Analysis

VOIP Infrastructure Security Assessment

Investigation of Incidents

Competitive Intelligence in the Internet

Automatic Search for Vulnerabilities in Programs Without Source Code

Dmitry Oleksyuk, eSage Lab

A participant will become familiar with theoretical basics and will acquire practical skills of detecting vulnerabilities in real programs via fuzzing. Attention will be given to both popular frameworks and the development of one's own tools for specific tasks. The master class also considers advanced and promising technologies of code analysis, which are only waiting for their turn to be applied in the day-to-day work of vulnerability researchers.


Automatic search for vulnerabilities in programs without source code:

The main concepts of fuzzing; mutation-based and generation-based fuzzing;

An overview of popular tools for fuzzing network applications, file formats, ActiveX components and kernel- mode drivers; in-memory fuzzing;

The fine points of writing one's own fuzzer, search for vectors, and optimal realization of data generation algorithm.

About the benefits of dynamic code analysis when searching for vulnerabilities:

Dynamic analysis instruments: debuggers, emulators, and dynamic binary instrumentation engines;

Analysis of code coverage, its role in the assessment and in the increase of the efficiency of fuzzing;

Future: data tracing and taint analysis as its particular variant;

Future: white-box fuzzing and automatic exploit generation.

Required Skills Equipment Requirements Level of Knowledge

Good understanding of the nature of source code vulnerabilities

Skills in handling debuggers and disassemblers

Knowledge of an x86 assembler

A Windows laptop with VMware Workstation 6.x or higher installed. Expert
to the top of the page

Conducting Forensic Examination and Analysis of Rootkits (by the Example of TDL4)

By Alexander Matrosov, Director of Center for Virus Research and Analysis, ESET

A participant will acquire the skills of analyzing complex malware and, with their own hands, will conduct forensic examination of an instance of the high-tech TDL4 rootkit (also known as Win32/Olmarik).


The master class covers the following topics:

Ways of the TDL4 rootkit deployment and functioning;

Tools and methods of data retrieval for conducting forensic examination of an infected system;

Debugging of the bootkit component on the early stage of system booting, using the Bochs emulator;

Analysis of an infected system via WinDbg;

Removing the rootkit the system after gathering all necessary data.

Required Skills Equipment Requirements Level of Knowledge

Experience of working with the IDA Pro disassembler;

Experience of using the OlyDbg and WinDbg debuggers;

Basic knowledge of an x86/x64 assembler;

Experience of reverse engineering of programs for the MS Windows platform;

Understanding of the internal organization of MS Windows operating systems.

A laptop under Windows with a Windows XP virtual machine prepared in advance, 4 GB of RAM or more and 20GB of free space on the hard drive. The following programs should be installed on the laptop:

IDA Pro (5.0 Freeware or higher), OlyDbg or Immunity Debugger, the HexRays decompiler (preferably) (on the VM);

WinDbg x86 (installed on the host OS);

Wireshark (installed on the host OS);

Hiew or any other hex editor (on the VM);

Sysinternals Process Explorer (on the VM).

Expert
to the top of the page

Network Infrastructure Security Assessment

By Sergey Pavlov, Information Security Expert, Positive Technologies

A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The master class will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.


Required Skills Equipment Requirements Level of Knowledge

Ability to work with Windows and Linux operating systems at the level of system administrator;

Knowledge of the TCP/IP stack and network security basics;

Knowledge and experience of applying main penetration testing tools.

A laptop with the following software installed:

VMware Player: at least 2 GB of RAM;

Wireshark;

Cain&Abel;

Putty.

20 GB of free space on the hard drive.
Medium
to the top of the page

Web Vulnerabilities: Difficult Cases

By Yury Goltsev, Information Security Expert, Positive Technologies

A participant will acquire the following skills: detecting complex vulnerabilities in web applications, manually analyzing the results of scanning web application security, assessing efficiency of specialized means of protection, such as a web application firewall.


Required Skills Equipment Requirements Level of Knowledge

Understanding of the HTTP protocol and contemporary web applications architecture;

Experience of searching for vulnerabilities in web applications;

Knowledge and experience of applying main penetration testing tools.

A laptop with VMware Player installed: at least 2 GB of RAM, 20 GB of free space on the hard drive. Expert
to the top of the page

Competitive Intelligence in the Internet

By Andrey Masalovich, DialogueScience

Studying practical examples, a participant will acquire the skills of applying analytical technologies in real tasks of competitive intelligence, including:

techniques of quick detection of sensitive information leaks;

techniques of quick detection of exposed server partitions;

techniques of intrusion to FTP servers without breaking their protection;

techniques of detection of password leaks;

techniques of accessing sensitive documents via bypassing DLP systems;

techniques of intrusion to partitions, protected by the 403 code.

The techniques are demonstrated by the examples of portals of certainly well-protected companies (e.g., leaders of the information technology and information protection markets, large state structures, intelligence services, etc.).

Required Skills Equipment Requirements Level of Knowledge

Understanding of the HTTP protocol and contemporary web applications architecture;

Experience of searching for vulnerabilities in web applications;

Knowledge and experience of applying main penetration testing tools.

A laptop with an ability to connect to the Internet. Basic
to the top of the page

Zero Day Vulnerabilities

By Nikita Tarakanov, CTO, CISS RT

A participant will acquire practical skills of conducting detailed analysis of Buffer Overflow vulnerabilities in Windows operating systems, and will also become familiar with basic and advanced methods of exploiting vulnerabilities.


This master class covers the following topics:

Common vulnerabilities in client software: Stack Overflow, Heap Overflow, Use-after-Free, etc.;

Basic exploits (by the example of Windows XP), DEP bypass;

Advanced exploits (by the example of Windows 7), DEP+ASLR bypass;

Common vulnerabilities in Windows kernel (Stack Overflow, Pool Overflow, etc.);

Peculiarities of kernel-level vulnerabilities;

Pool Overflow exploits;

Binary analysis of security fixes;

Static methods of searching for 0-day vulnerabilities: writing IDA pro plugins.

Required Skills Equipment Requirements Level of Knowledge

Skills of working with a disassembler;

Basic knowledge of IA-32 assemblers and architecture.

A Windows laptop (or a laptop with a Windows virtual machine): at least 2 GB of RAM, 20 GB of free space on the hard drive. Expert
to the top of the page

Attacks in Wireless Networks

By Vladimir Lepikhin, Informzaschita Training Center

A participant will acquire practical skills of analyzing 802.11 wireless networks security, will become familiar with basic and advanced methods of exploiting vulnerabilities, main tools and methods of monitoring Wi-Fi security.


Required Skills Equipment Requirements Level of Knowledge

Ability to work with Windows and Linux operating systems at the level of system administrator;

Basic knowledge of Ethernet, TCP/IP.

A laptop which is compatible with the BackTrack (http://www.backtrack-linux.org/) or Slitaz (http://www.aircrack-ng.org/doku.php?id=slitaz) distributions with at least 2 GB of RAM. Your wireless card should be compatible with the aircrack -ng program (http://www.aircrack-ng.org/doku.php?id=compatibility_drivers). Medium
to the top of the page

Investigation of Incidents

By Maxim Sukhanov, Expert in Computer Forensics, Group-IB

A The master class covers the issues of reaction to and investigation of remote banking incidents. The following topics will be examined:

General information on incidents in remote banking systems; remote banking fraud techniques;

Transferring payment orders using remote management facilities;

Practical section: traces of attackers setting and using remote management facilities (Windows RDP server, RAdmin, TeamViewer);

Malicious applications copying digital signature keys and passing them to attackers;

Practical section: traces of functioning of specialized malicious software (Shiz, Carberp);

Practical section: search for forensically relevant data after reinstalling the operating system (scenario of an incorrect initial reaction to an incident).

Required Skills Equipment Requirements Level of Knowledge
Basic skills of reacting to information security incidents; basic skills of forensic examination of Windows OS. A laptop with a VirtualBox virtual machine installed and with an ability to run the CAINE 2.0 guest operating system in graphical mode (1 GB of RAM available for the virtual machine is recommended), 15 GB of free space for the virtual machine drives. Basic
to the top of the page

SCADA Security Analysis

By Andrey Andreevich Komarov, CTO, Stankoinformzaschita Research and Development Center

A participant will acquire practical experience of searching for vulnerabilities and analyzing SCADA security. The master class will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.


Required Skills Equipment Requirements Level of Knowledge

Ability to work with Windows and Linux operating systems at the level of system administrator;

Knowledge of the TCP/IP stack and network security basics;

Knowledge and experience of applying main penetration testing tools.

A laptop with VMware Player installed: at least 2 GB of RAM, 20 GB of free space on the hard drive. Medium
to the top of the page

VOIP Infrastructure Security Assessment

By Gleb Gritsai, Information Security Expert, Positive Technologies

A participant will be introduced into IP telephony basics, and will acquire general skills of searching for vulnerabilities by studying the examples of common IP PBXs and extensions. The master class will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.


Required Skills Equipment Requirements Level of Knowledge

Ability to work with Windows and Linux operating systems at the level of system administrator;

Knowledge of the TCP/IP stack and network security basics;

Knowledge and experience of applying main penetration testing tools.

A laptop with the following software installed:

VMware Player: at least 2 GB of RAM;

Wireshark;

Cain&Abel;

Putty.

20 GB of free space on the hard drive.
Medium
to the top of the page
__________________________________ __________________________________ __________________________________ __________________________________
Copyright © 2011
Positive Technologies