::: left till the conference

Main Stage Talks. Final Set

The main stage program comprises talks related to the security of firmware, desktop, mobile devices and OS, as well as issues of searching for vulnerabilities, their exploitation, and elimination.

Read more:

Trojans and backdoors in feature phones sold in Russia

You bought your grandma a cell phone, and someone registered a Telegram account to her SIM card? The market of cheap feature phones in 2021 has it all: from arbitrary internet connections and sending paid text messages to backdoors in firmware.

Lateral movement without pivoting

In a corporate network, lateral movement is a great way to escalate privileges and find necessary information. But it is hindered when we face filtering between network segments. Sometimes, we have to open multiple embedded tunnels, which is hard to automate. In other words, lateral movement is rarely possible without pivoting.

In an attempt to find the solution to this problem and move away from pivoting, an interesting solution was found – a recursive shell, i.e., a shell that can be opened from another shell. In fact, it is a proxy-based on DCOM and available through the MSRPC pile built into the victim. As a result, we can forward ports exclusively through port 445/tcp.

This kind of lateral movement significantly hinders active countermeasures because it happens through a chain of MSRPC proxies and the real source of the attack is hard to identify. 

The speaker is Andrey Zhukov.

Apache 0day bug, which still nobody knows of, and which was fixed accidentally

This talk by Max Dmitriev is about critical Apache+Modsecurity vulnerability, which allows anyone to read the source code of any PHP file on a server.

Thank you for using URL shorteners: I know everything about your clients now

Url shorteners are popular: people from the sales team, marketing team, support, blogs authors use shorteners to create more attractive links. But several URL shorteners provide special tools to track users, who use this link, so URL shorteners may be interesting for hackers. The speaker is Aleksandr Kolchanov


Attention! At ZeroNights and the day before, you can purchase a ticket onsite (Sevkabel Port) with a 30% surcharge. So it’s better to get your ZeroNights ticket online now.

Other news
ZeroNights X Format
Let’s make ZeroNights better
That’s how it happened, ZeroNights The Ninth