Information security

Section curator: Roman Ananev

Hacking methods are constantly being improved, so you need to keep up with new technologies and get as much information about the types and methods of hacker attacks as possible. For this particular purpose I've gathered the best experts in the Information Security section. Their reports will be interesting for everyone - from an ordinary user to an IT specialist because information security concerns everyone. We will learn how hackers work, how to protect your sensitive data and why a slight paranoia in data security isn't a bad thing. See you at Stachka!

You can contact me here: ¯ \_(ツ)_/ ¯

Arthur Gainullin
Head @ Cryptogramm
  • What is a digital imprint and why it is important to take care of it since young age.
  • How corporations and cybercriminals get and use our data, and how we can prevent it (if we need it at all).
  • Why everything that happens on the Internet stay there forever.
  • A bit of history, real cases and practices.
  • By tradition: tips for paranoiacs.

Kyrill Shipulin
Researcher @ Positive Technologies
Nizhny Novgorod
  • Why IDS is like a Swiss knife for protecting the network.
  • Signatures vs Heuristics.
  • Case study: write signatures for exploits and malware.
  • Many practical examples.
  • Bypassing IDS systems

Nikita Baksalyar
Rust-developer @ MaidSafe
Nizhny Novgorod
  • Introduction: what is Ethereum and how it works (blockchain, P2P network, transactions, smart contracts and virtual machine).
  • Solidity, ABI and function calls.
  • Security and non-strict typification in Solidity.
  • Logic errors in Solidity.
  • Case study: removal of the system library from the Ethereum network.
  • Case study: hacking Parity MultiSig.
  • Decompilation of Solidity (Porosity).
  • Serpent and vulnerability in the Compiler.

Badin Mikhail
WAF-master @ Wallarm
  • Why do we need fast WAF?
  • The stages of package processing in WAF.
  • Why is asynchronous query processing better than others?
  • Tokenization at the max.
  • Fast filtering on slow regexes.
  • What do you need to know about traffic while post-processing?

Alexandr Emelyanenkov
iOS developer @ Redmadrobot
Fedor [WireSnark]
@ DEF CON Nizhny Novgorod
Nizhny Novgorod
Roman Ananev
Head of some departments @ Simtech Development

We’ll consider the ways to get the MITM-position, conduct classical attacks on HTTPS in the browser (SSLStrip +).
We will learn to detect vulnerabilities of HTTPS-clients at the example of an Android application. We will also speak about mistakes in client-server communications.

For the workshop you will need:
  • The laptop from which you will hack the application;
  • The phone on which you will hack the applications.

Android part of the workshop will require phone with Android and such programs as bettercap, mitmproxy, openssl, adb and Android Studio (optional). It is recommended to use Kali Linux (can be live).

Ruslan Zhafyarov
Project manager @ UNITS

- Vulnerability of SSL / TLS-certificate checking.

- Vulnerable software, libraries and their safe alternatives.

- Some information for paranoiacs :)

Maxim Beloenko
Marketing @ Google

In 2017, many had the impression that the problem of DDoS attacks went to IoT as everyone took such great interest in botnets on video cameras. But a year later the situation changed. Attacks broke another bar. We will discuss these changes, their causes, assumptions and consequences, as well as their relationship with the development of the IoT and how to fight it.

Egor Podmokov
@ Positive Technologies
Nizhny Novgorod
  • What is AD and why it should be protected
  • How to classify AD attacks
  • How to build attack and to get foothold in the net
  • Is it possible to bypass ids?- How to protect properly?