free portfolio web templates

DEFCON MOSCOW 12



The 12th meeting will take place in the heart of the Russian antivirus industry Kaspersky Lab, 21 April at 19:00 at: Leningrad highway, 39A, building 2.


During the opening of the spring season, we want to bring together an active part of the audience that came out of winter hibernation and decided to join in our big and friendly community. At the meeting you will find a lot of useful information!

Also on the eve of Positive Hack Days, Oleg Kupreev will talk about Hardware Village plans, where for two days, visitors will be able to attend master classes and lectures of experienced hackers, who will talk about their experiences. For everybody will be available a lot of hacking hardware, on which you can not only to look, but also to test. To register to the meeting, click the link.

Agenda:

Novikov Ivan - Key-Value injections.

Kirill Nesterov, Alexey Osipov - Adventures in the femto-world: 350 yuans of priceless fun.
Description:There are researches about getting a control of the femtocells. There is also a research that allows users to intercept calls and messages after receiving such kind of control. But all of these decisions are not flexible enough. We are still attached to the operator. We still have to connect to the VPN, then to the core network, should bypass the geolocation bind and so on. Maybe there's a much simpler solution? Will we be able to gather the UMTS-of-the-box from readily accessible femtocells without the need to connect to the operator? In fact - we already know the answer. In this report, we will tell the whole story - from unpacking femtocells to creating a working prototype and interception of the data - and we'll prove the existence of vulnerabilities in UMTS networks.

Michael Firstov - Vulnerabilities of client programs, personal office and equipment YOTA
Description: It will be a full story of how were found vulnerabilities and corrected in such a major 4G operator like Yota. Some part of this report was on ZN2015, but because of constraints of time it was not possible to tell all the details. In the same time it will be explained in detail, and even shows what and how I hacked. From XSS in your account to local RCE through client software.

Vasily Davydov - The evolution of the exploit packs and new methods of hiding them in on the web.
Description: Modern exploit packs - are a very effective method of propagation of malicious software that is used for targeted attacks, as well as for the installation different kinds of malicious software on computers of ordinary users. As it happens, there are always vulnerabilities in software, the number of vulnerabilities increases, the producers closing it are not always fast, users updated slowly, and hackers have enough time and opportunity for invisible exploitation of these vulnerabilities. In the last year in the use of the exploit packs had been introduced a variety of new technologies and "features" that enable very secretly infect computers of the victims.