Program En — ZeroNights 2019
Program
TIMEMINHALL MIR*
9:3060Registration
10:3030Opening ceremony
11:0045Alex Matrosov (@matrosov)
"Hardware Security is Hard: how hardware boundaries define platform security"
12:0045Yongtao Wang
"From JDBC URI to a New Remote Code Execution Attack Surface"
13:0045Juho Nurminen (@jupenur)
"app setAsDefaultRCE Client: Electron, scheme handlers and stealthy security patches"
14:0045An Trinh (@_tint0)
"Dark sides of Java remote protocols"
15:0030Jakub Vrana (@jakubvrana), Krzysztof Kotowicz (@kkotowicz)
"Trusted Types & the end of DOM XSS"
15:4030md4
"CiscoASA: From Zero to ID=0"
16:2030Andrey Akimov (@e13fter)
"Launching feedback-driven fuzzing on TrustZone TEE"
17:0015Emil Lerner
"Single byte write to RCE: exploiting a bug in php-fpm"
17:2515Maria Nedyak (@mariya_ns)
"Hacking Medical Imaging with DICOM"
17:5015Alex Kovrizhnykh (@a1exdandy)
"crauEmu - your IDE for code-reuse attacks"
18:1515Roman Palkin (@chicken_2007)
"Malign Machine Learning Models"
TIMEMINHALL SPUTNIK* (DEFENSIVE TRACK)
9:3060Registration
12:0045Andrey Belenko
"(Why) We Still Fail at Cryptography in 2019"
13:00 45Pavel Kargapoltsev
"Stories and lessons from daily incident response practice"
14:0045Kirill Demyanov
"Building CyberSecurity Platform based on Open Source"
15:0045Igor Grachev, Evgeny Sidorov
"Improving application security and exploitation detection with AppArmor & Osquery"
16:0030Andrey Skablonsky
"Threat hunting in сall trace"
16:4030Andrey Abakumov, Andrew Krasichkov
"Blue Team's approach to discovering 'secrets' in code"
19:00Speaker party (VIP tickets only)
TIMEMINHALL MIR*
10:0060Registration
11:0045Matt Suiche (@msuiche)
"From Memory Forensics to Cloud Memory Analysis"
12:00 45LimitedResults (@LimitedResults)
"Fatal Fury on ESP32: Time to release Hardware Exploits"
13:00 45Ke Liu (@klotxl404)
"Two Bytes to Rule Adobe Reader Twice: The Black Magic Behind the Byte Order Mark"
14:0045 Jayson E. Street
"I PWN thee, I PWN thee not!"
15:0045Pavel Cheremushkin
"Opwnsource: VNC vulnerability research"
16:0045Kai Jern Lau (@sgniwx), Nguyen Anh Quynh (@capstone_engine)
"qiling.io: Advanced Binary Emulation framework"
17:0045Cesar Cerrudo (@cesarcer), Esteban Martinez Fayo (@estemf), Matias Sequeira
"Practical LoRaWAN auditing and exploitation"
18:0030CiscoPangPang
"Cisco to Disco!"
18:4030Ilya Shaposhnikov (@drakylar)
"Oldschool way of hacking MicroDigital ip-cameras"
19:3030Closing ceremony
TIMEMINHALL SPUTNIK* (WEB VILLAGE)
10:0060Registration
12:0025Aleksei "GreenDog" Tiurin (@antyurin) : "From misconfigs to severe consequences"
12:3025Pavel “sorokinpf” Sorokin (@sorokinpf) : "GraphQL applications security testing automatization"
13:00 25 Valeriy “krevetk0” Shevchenko (@Krevetk0Valeriy) : "Principles in software testing and some bugs that others did not notice"
13:30 25Alexei “SooLFaa” Morozov (@xSooLFaa) : "Blind SSRF"
14:0025Kahoot Quiz
14:3025Ramazan "r0hack" Ramazanov : "Operation of injections in ORM libraries"
15:0025 Sergey "BeLove" Belov (@sergeybelove) : "The future without passwords"
15:3025Paul Axe (@Paul_Axe) : "ZN PWN Challenge"
16:0045Denis “ttffdd” Rybin (@_ttffdd_) : "Doing AWS Zoo Audit"
17:0025Andrei Plastunov : "Misusing oop in mvc frameworks. How to conveniently develop broken apps"
17:3025 Anton "Bo0oM" Lopanitsyn (@i_bo0om) : "Phoenix hunting"
18:0025 Kahoot Quiz
There may be time changes and updates to the program.
* Attention! Simultaneous translation is available in the Hall Mir only! (RU- EN, EN - RU)