Loading…
NoNameCon has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Thursday, May 17
 

09:30

Conference Opening
Joint statement of representatives of Cyber Security community, Academia, and Government.

Speakers
avatar for Oleksii Baranovskyi

Oleksii Baranovskyi

Kyiv Polytechnic Institute
avatar for Kostiantyn Korsun

Kostiantyn Korsun

Chairman, NGO UISG
avatar for Dmytro Shymkiv

Dmytro Shymkiv

Deputy Head, Administration of the President of Ukraine
avatar for Volodymyr Styran

Volodymyr Styran

Coordinator, NoNameCon
General coordination of NoNameCon crew. 
avatar for Anastasiia Voitova

Anastasiia Voitova

Product Engineer in Security and Cryptography, Cossack Labs
A software engineer with a wide background, I started as a mobile developer. Then I focused on cryptography/applied security, and now I'm building security tools for protecting data during the whole life cycle, not depending on a platform.I maintain open source security libraries... Read More →


10:00

Counter Cyber-terrorism 101
"Counter Cyber-terrorism 101" will cover recent actions of Russian Ministry of Defense and Special Operations groups against Ukraine, and how Ukrainian civil hacktivists counter state-sponsored cyber terrorism. As the part of the UCA, Sean has has knowledge of the most notorious Russian cyber-operations against Ukraine, including attacks on the objects of critical infrastructure, such as Ivano-Frankivsk and Kyiv-Severnaya power stations, Advanced Persistence Threat espionage operations, and the most destructive act of cyber-terrorism in history dubbed the "notPetya attack". The talk will cover tactics and techniques used by the aggressor country, and defensive recommendations that can be efficiently used by its opponents.

Speakers
avatar for Sean Brian Townsend

Sean Brian Townsend

Spokesperson, Ukrainian Cyber Alliance


10:00

Chasing the Crypto Workshop: Tracking Financially Motivated Actors DNS Style
Attention! The workshop is provided in English only. To take part you have to register and be accepted by the speaker(s). Registration form: https://goo.gl/forms/cgOVit362uam6xaM2

In February 2018 Cisco released details of a 6-month investigation into the use of phishing in Bitcoin wallet thefts and malware campaigns. The investigation, named COINHOARDER, provided insights into these new methods by utilizing whois data and domain registration patterns.

Using live access to Cisco’s OpenDNS threat intelligence interface, this workshop will provide an overview of the investigation. Then attendees will apply similar tools and hunting patterns to find new attacker constructions.

Prerequisites and tools needed:
1.     Basic knowledge of DNS, HTTP, and HTTPS.
2.     A laptop with Python installed.
3.     Attendees will receive a temporary OpenDNS API key for threat hunting during the class.

Speakers
avatar for David Maynor

David Maynor

Cisco Talos
avatar for Jeremiah O'Connor

Jeremiah O'Connor

Senior Research Engineer, Cisco Security


10:00

Partners Exhibition
Our partners will run an exhibition of their products and services for two days. Come over and say hi!

11:00

Car Hacking 101
CAN шина используется в автомобилях, промышленной автоматизации, авиации, беспилотниках, спортивном оборудовании, медицине. Контроллер CAN шины доступен в чипах стоимостью меньше доллара, а cтоимость полноценной ноды сети – меньше $4. Ровно столько же стоит и сниффер, который можно собрать самостоятельно, подключить и анализировать (управлять?) CAN-шиной автомобиля...

Speakers
avatar for Andrey Voloshin

Andrey Voloshin

Co-founder & CTO, Théa
There is something, which inspires us to improve the way people use and interact with the vehicles.


11:00

CTF Finals
NoNameCon CTF finals: classic attack-defense team competition. Prize fund: 100,000 UAH.
To take part in CTF, you have to qualify: https://ctf.nonamecon.org.
Qualifications online: April 22 00:00 EEST – April 23 23:59 EEST.
Finals on-site: May 17, NoNameCon, Kyiv, Ukraine.
Top four teams of up to five players will be invited to the finals. Finalists will get free admission to the conference.

Moderators
avatar for Ihor Blum

Ihor Blum

Game Master, NoNameCon
Ihor leads the competition program of NoNameCon. You can address all CTF and Quiz related question directly to him and his team.

11:00

Hacking Villages

What about some Quests @NoNameCon Villages?

Think you can achieve much with your laptop? Come and prove it!

Interactive Automotive Mobile App Penetration Quest [Non stop activity]

This baby was not pwnd @ OWASP Lviv Meetup, hope engine will be started by you!
Try harder to enable hidden functions! Closer you are – more control over the car features you have.

Hardware equipment and software for hacking connected car mobile application is prepared by CyberSecurity geek, passioned about hacking, electronics and microprogramming Yuriy Bilyk, engineer passioned about CyberSecurity Bohdan Serednytskyi and CyberSecurity engineer and geek Igor Beliaiev.

Router GUI Attack [Non stop activity]

DVAR is an emulated Linux based ARM router running a vulnerable web server that you can sharpen your ARM stack overflow skills with.
Your goal is to write a working stack overflow exploit for the web server running on the DVAR tinysploit ARM target.

P.S.Can be treated as a homework;)

The ARM IoT Exploatation Lab for security assessment  prepared by enthusiastic  self-taught InfoSec dude Kyrylo Hobrenyak
Villages as they are:

Car Hacking Village [Demo will be conducted after "Car Hacking 101" presentation @12:00]

How to control your car programmatically? OBD-II for dummiez, we will get couple layers deeper! Demonstration of direct access to internal ECU via CAN bus. Cheap interface hardware and free Kali Linux are key components everyone can afford to repeat demo on practice by themselves. Fans of CAN bus hacking, you will be surprised, so BYOD for more fun and experience!

Village will be conducted by experienced IoT|Car|Hardware|Embeded Systems hackers teaching at TechMaker :  Aleksander Olenyev and Andrey Voloshin

Lock Picking Village [Non stop activity]

Still think that your apartments are safe when you leave? What about equipment your company bought and store at warehouse behind that huge lock? Come to our experienced and enthusiastic professional, he will show and teach you how locks can be unlocked.  Moreover you will be able to get free consultancy how to select proper locks in order to sleep well after practice you seen. Different types of locks, security pins, lockpicks, practical challenges and  prizes.  
We have nothing more to add up here. You know what it is, come over and meditate over a task or two.

Village will be conducted by enthusiastic self-taught professional with wide experience in the field Alex Shmelev and Anonymous guests.

MFA born in Ukraine! [Non stop activity]

Understanding the features of two-factor authentication: one-time passwords generating algorithms, advantages and disadvantages of different types of tokens, what can be protected by MFA, and what can not, answers to questions and much more.

Village will be conduct by specialist of Protectimus:

Bohdan Rezanov - likes to find hidden opportunities both in information systems and in real life. Responsible for the integration of Protectimus with third-party services. He will explain in details how to make your infrastructure MFA-friendly.

Denys Shokotko - responsible for technical development and the presence of extra cool features in the system, likes tokens and cycling. Will describe the features of OTP generation algorithms and about the development of two-factor authentication systems in Ukraine.

Maxim Oliinik, co-founder and CEO of Protectimus, pass the way from developer and administrator to the Head of the Company. He will closely monitor that these two above mentioned behave well.

Wi-Fi Networks Hacking Basics [Non stop activity]

In modern world amount of Wireless traffic exceeding Ethernet, so is it possible to pass near Wi-Fi and do not play with it? Sure "No way!!!!" for our format!

Autonomous stand for playing with Wi-Fi hacking equipment and tools prepared by enthusiastic  self-taught InfoSec dude Kyrylo Hobrenyak

Moderators
AA

Aleksandr Abramenko

Hacking Village Mayor, NoNameCon

Speakers
avatar for Andrey Voloshin

Andrey Voloshin

Co-founder & CTO, Théa
There is something, which inspires us to improve the way people use and interact with the vehicles.


12:00

Passing Security By
Любая уязвимость информационной безопасности - это всего лишь еще один вариант
использования предоставленного функционала. RCE, LFI, XSS, SQL injection - все
они появились из-за особенности написания кода и выполняют именно те функции,
которые написал разработчик. Серверу без разницы, включать в страницу файл
footer.php или /etc/passwd, зовут вас "Max" или "><script>alert()</script>.
В попытках обезопасить свой код от "неправильного" использования разработчики не
всегда руководствуются лучшими практиками и пытаются ограничивают возможности
потенциального злоумышленника проексплуатировать существующую уязвимость.
Проблемы начинаются там, где разработчик начинает думать как человек, а не как
интерпретатор кода. Bash одинаково успешно выполнит "sudo cat /etc/shadow" и
"$(CMD=$‘cat\x20/etc/shadow’;sudo$IFS$CMD)", но разработчики не устают
придумывать велосипеды и отсекать теги <script>, экранировать кавычки, заменять
точки и отсекать пробелы.
В этом выступлении я хочу поговорить о так, как нам, пентестерам, говорить с
сервером на его языке. Обсудим популярные и не очень хаки по обходу фильтров,
как они придуманы, от чего они спасают и почему просто набор 1000+ пейлоадов в
Burp Intruder не достаточно для качественного пентеста.

Speakers
avatar for Serhii Korolenko

Serhii Korolenko

Pentester, Ciklum


13:00

14:00

Hacking Robots Before Skynet
Robots are going mainstream. In the very near future robots will be everywhere, on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, as sex partners, cooking in homes, and interacting with our families.
While robot ecosystems grow and become more of a disrupting force in our society and economy, they pose more of a significant threat to people, animals, and organizations if the technology is not secure. When vulnerabilities are exploited in robots, physical features can be utilized by attackers to damage property, company finances, or cause unexpected consequences where human life can be endangered. Robots are essentially computers with arms, legs and wheels, so the potential threats to their physical surroundings increase exponentially and in ways not widely considered before in computer security.
In recent research, we discovered multiple critical vulnerabilities in home, business and industrial collaborative robots from well-known vendors. With responsible disclosure now completed, its time to reveal all the technical details, threats, and how attackers can compromise different robot ecosystem components with practical exploits. Demos will showcase different exploitation scenarios that involve cyber espionage, harmful insider threats, property damage, and more.
Through realistic scenarios we will unveil how insecure modern robot technology can be and why hacked robots could be more dangerous than other insecure technologies. The goal is to make robots more secure and prevent vulnerabilities from being exploited by attackers to cause serious harm to businesses, consumers, and their surroundings.

Speakers
avatar for Lucas Apa

Lucas Apa

Senior Security Consultant, IOActive
Lucas Apa is an information security expert and entrepreneur. He currently provides comprehensive security services with cutting-edge firm IOActive (Seattle, USA), both onsite and remotely, for most of Global 500 companies and organizations. | Focused on offensive security, he publicly... Read More →


14:00

Night in Defense Workshop: Hunting for a needle in a haystack
Attention! To take part in the workshop you have to register first! Registration: https://goo.gl/forms/VoaXdmL450Usj5QR2.
To download VM for the workshop: https://nnc.underdefense.com/HAYSTACK.zip

Penetration testers as well as criminals are really good in breaking legacy and vulnerable IT components, apps, getting a reverse shell on the server and think that they won a battle. But, often they stuck and in many cases are easily detected and blocked, because of lack skill-set and knowledge about latest protection techniques and tools. Not always, but often. And often the reason of successful defense is the right combination of people skills, response processes, and simple tools. So we want to help you practice in modern Incident detection and Response.

During this workshop we allows our students to hack organization with a common architecture, infect hosts with ransomware and run few exploits to get privileged access, establish persistence and clean-up to cover our tracks.
Then we will let them hunt down for logs collected to SIEM. You will feel how it is to be a SOC Analyst, utilizing Splunk as SIEM tool, it's best tips and tricks, using open-source and commercial defense arsenal and trying to meet 30 min initial incident detection and response SLA. Also during next exercises, we will practice automation for Adaptive response and divide on red and blue team play more games to polish both - offense and defense techniques & tactics.

Speakers
OS

Oksana Safronova

UnderDefense
avatar for Nazar Tymoshyk

Nazar Tymoshyk

UnderDefense
DZ

Daniel Zhuravchak

UnderDefense


15:00

Tactics, Techniques, and Procedures Used by APT in Practice
Доклад посвящен обзору нескольких атак, имевших место в Украине в 2017 году и к исследованию которых был причастен спикер. В процессе презентации рассмотрим пример реализации атаки «по шагам» – от первонального проникновения и lateral movement, до момента достижения атакующими цели – хищения информации. Также, частично будут освещены меры, которые могут предприниматься исследователями при изучении инфраструктуры атакующих и ликвидации самой угрозы.

Speakers
avatar for Nikolay Koval

Nikolay Koval

CEO, Cys-Centrum
Коваль Николай, бывший сотрудник CERT-UA (2010-2015... Read More →


16:00

Tips and tricks for the efficient white-box security audit – from blue and red team perspective
Hiring a professional red team for security audits is not enough for finding the most critical vulnerabilities. A good level of collaboration between pentesters, company’s blue team, developers, managers is required in order to make this process efficient for both sides. Achieving it requires good planning, preparatory work, continuous improvement and a good understanding of the desired outcomes. This talk will evaluate goals, methods and typical tasks of red and blue teamers in a white-box application security audits and offer practical solutions for the most efficient collaboration of both parties.

Speakers
avatar for Igor	Andriushchenko

Igor Andriushchenko

Application Security Lead, Snow Software
Application Security Lead at Snow Software - an international company based in Stockholm creating world-leading products for Software Asset Management. | | Igor leads the product security strategy, drives improvements and manages security audits of applications. Previously, worked... Read More →


17:00

Hacking Quiz
Hacking Quiz will be held in Russian.
Hacking Quiz – это командная викторина, которая чем-то похожая на игры "Что? Где? Когда?" и "Брейн-Ринг". Вас ждут 6 увлекательных раундов с текстовыми и медиа-вопросами на около-хакерскую тематику. Вам понадобятся знания из разных сфер информационной безопасности и умение логически мыслить. Объединяйтесь в команды составом не более 6 человек. Если у вас нет команды, всё равно регистрируйтесь и мы сформируем её случайным образом.

Ссылка для регистрации: https://goo.gl/forms/U6FuA8J3AqYzWC653

Speakers
avatar for Ihor Blum

Ihor Blum

Game Master, NoNameCon
Ihor leads the competition program of NoNameCon. You can address all CTF and Quiz related question directly to him and his team.


17:00

Mentor/Mentee Session
Mentor/Mentee session is a social event within the NoNameCon conference, inspired by the session of the same name at BruCon 0x9 in 2017.
During the event, which will take place in the venue courtyard, participants will be provided with a choice of sticker identifying them either as a “n00b” or a “l33t”. Mentors (or "l33ts") are more experienced professionals who are willing to share their professional or career advice with younger colleagues – Mentees (or “n00bs”). Whatever role you choose, we expect this to be a great opportunity to exchange your unique experience, build new professional relationships, and have lots of fun.
Mentor/Mentee session is sponsored and organized by Berezha Security.

 
Friday, May 18
 

10:00

Technical Insights for the SOC as Technical Centre for IT Security Defense
Speakers
avatar for Bert Heitink

Bert Heitink

Bert Heitink (NL) CISSP - CISMStarted in IT security in 1997 with VPN’s and Firewall for business and first Internet adopters after being IT manager for several years. Co-Founder of Sincerus in 2004 an IT security company.Specialized in Ethical Hacking and Security Operations Center... Read More →


10:00

Car Hacking Workshop
Attention! This workshop will NOT be provided in English. You have to speak Ukrainian or Russian to attend.

Внимание! Для посещения воркшопа вам нужно зарегистрироваться и получить допуск от спикеров. Форма регистрации: https://goo.gl/ZJZc6P.

Мастер-класс по созданию и использованию оборудования для подключения к CANbus автомобиля.
План занятия
  • Собираем USB <-> CAN преобразователь из доступных компонентов на рынке (без паяльника, навесной монтаж).
  • Создаем проект для программирования и прошивки микроконтроллера преобразователя (32bit ARM Cortex-M4 with FPU, C project, Eclipse-based IDE). Используется протокол slcan для совместимости с наибольшим количеством Open Source тулзовин.
  • Готовим окружение для работы с CAN (canutils + socketcan + wireshark + other).
  • Снифаем макет CANbus после чего допускаем к реальному автомобилю и выполняем несколько боевых заданий на реальной тачке.
  • Готовый набор железяк можно выкупить себе, стоимость ~$20-$25.
Требования к участникам
  • Знание/понимание синтаксиса С.
  • Опыт в работе с микроконтроллерами и хардварью на уровне Ардуино и выше.
  • Laptop with *nix-based OS, recommended 8Gb RAM, SSD, Core i5.

Speakers
avatar for Andrey Voloshin

Andrey Voloshin

Co-founder & CTO, Théa
There is something, which inspires us to improve the way people use and interact with the vehicles.


10:00

Partners Exhibition
Our partners will run an exhibition of their products and services for two days. Come over and say hi!

11:00

Threat Intelligence particularities world-wide. Real life use-cases.
This talk will give a definition of “Threat Intelligence”, explain Threat Intelligence Cycle and how collection and research efforts should be prioritized. Then we’ll talk on what’s common and what’s different based on the region in understanding on what exactly Threat Intelligence should deliver. Speaker is going to demonstrate couple real life use-cases on how threat intel discoveries enhanced security capabilities of organizations or launched investigations to remediate the threat.
Please see below couple use case that I will cover.
  • DOC exploit builder identification within underground, was proven to be used by one of sophisticated fincrime groups in their operations as an initial vector of getting into victims’ environment. Knowing exactly which vulnerabilities should be prioritized for patching will help organizations in this threat mitigation.
  • Will give an example of web-injects development to show the targeting of financial institutions in countries outside of TOP-regions that are under attack. Being aware of the exact timeline, and the fact it was developed and available will indicate the need of financial institution to enhance their defense practices such as incorporating 2FA, raising awareness of its customers, etc.
  • Overview of incorporation of a newer exploit by one of notorious APT-groups targeting US, Western and Eastern Europe, recommendation will be in proper patch management.
  • Examples of access to infrastructure or database of your organization is being offered at cybercriminal underground, first of all organization should develop their own capabilities or have a CTI provider to be timely aware about this fact, also additional information on TTPs used to gain an unauthorized access reveal what actions should be done to minimize chances for compromise going forward.

Speakers
avatar for Oleg Bondarenko

Oleg Bondarenko

Head of International Threat Research, FireEye
Oleg Bondarenko is Head of International Threat Research at FireEye. He supervises international collection and research capabilities with a goal of delivering raw threat data from numerous sources from across the globe—including human intelligence, open sources, active community... Read More →


11:00

Hacking Villages

What about some Quests @NoNameCon Villages?

Think you can achieve much with your laptop? Come and prove it!

Interactive Automotive Mobile App Penetration Quest [Non stop activity]

This baby was not pwnd @ OWASP Lviv Meetup, hope engine will be started by you!
Try harder to enable hidden functions! Closer you are – more control over the car features you have.

Hardware equipment and software for hacking connected car mobile application is prepared by CyberSecurity geek, passioned about hacking, electronics and microprogramming Yuriy Bilyk, engineer passioned about CyberSecurity Bohdan Serednytskyi and CyberSecurity engineer and geek Igor Beliaiev.

Router GUI Attack [Non stop activity]

DVAR is an emulated Linux based ARM router running a vulnerable web server that you can sharpen your ARM stack overflow skills with.
Your goal is to write a working stack overflow exploit for the web server running on the DVAR tinysploit ARM target.

P.S.Can be treated as a homework;)

The ARM IoT Exploatation Lab for security assessment  prepared by enthusiastic  self-taught InfoSec dude Kyrylo Hobrenyak
Villages as they are:

Car Hacking Village [Demo will be conducted after Car Hacking Workshop @13:00]

How to control your car programmatically? OBD-II for dummiez, we will get couple layers deeper! Demonstration of direct access to internal ECU via CAN bus. Cheap interface hardware and free Kali Linux are key components everyone can afford to repeat demo on practice by themselves. Fans of CAN bus hacking, you will be surprised, so BYOD for more fun and experience!

Village will be conducted by experienced IoT|Car|Hardware|Embeded Systems hackers teaching at TechMaker :  Aleksander Olenyev and Andrey Voloshin

Lock Picking Village [Non stop activity]

Still think that your apartments are safe when you leave? What about equipment your company bought and store at warehouse behind that huge lock? Come to our experienced and enthusiastic professional, he will show and teach you how locks can be unlocked.  Moreover you will be able to get free consultancy how to select proper locks in order to sleep well after practice you seen. Different types of locks, security pins, lockpicks, practical challenges and  prizes.  
We have nothing more to add up here. You know what it is, come over and meditate over a task or two.

Village will be conducted by enthusiastic self-taught professional with wide experience in the field Alex Shmelev and Anonymous guests.

MFA born in Ukraine! [Non stop activity]

Understanding the features of two-factor authentication: one-time passwords generating algorithms, advantages and disadvantages of different types of tokens, what can be protected by MFA, and what can not, answers to questions and much more.

Village will be conduct by specialist of Protectimus:

Bohdan Rezanov - likes to find hidden opportunities both in information systems and in real life. Responsible for the integration of Protectimus with third-party services. He will explain in details how to make your infrastructure MFA-friendly.

Denys Shokotko - responsible for technical development and the presence of extra cool features in the system, likes tokens and cycling. Will describe the features of OTP generation algorithms and about the development of two-factor authentication systems in Ukraine.

Maxim Oliinik, co-founder and CEO of Protectimus, pass the way from developer and administrator to the Head of the Company. He will closely monitor that these two above mentioned behave well.

Wi-Fi Networks Hacking Basics [Non stop activity]

In modern world amount of Wireless traffic exceeding Ethernet, so is it possible to pass near Wi-Fi and do not play with it? Sure "No way!!!!" for our format!

Autonomous stand for playing with Wi-Fi hacking equipment and tools prepared by enthusiastic  self-taught InfoSec dude Kyrylo Hobrenyak

Moderators
AA

Aleksandr Abramenko

Hacking Village Mayor, NoNameCon

Speakers
avatar for Andrey Voloshin

Andrey Voloshin

Co-founder & CTO, Théa
There is something, which inspires us to improve the way people use and interact with the vehicles.


12:00

Getting Secure Against Challenges vs Getting Security Challenges Done
A typical scenario of implementing security within infrastructures and software products looks fairly simple (and sad): just slap a few pieces of software and practices together from the ever-changing landscape of common wisdom, close your eyes and hope for good. What do typical consumers of security products and services miss when looking for solutions? What do we, as people who solve security problems, do wrong?

Speakers
avatar for Eugene	Pilyankevich

Eugene Pilyankevich

Cossack Labs


13:00

14:00

Official Press-conference
Official NoNameCon press-conference. Speakers and Partner representatives will be invited to answer the questions of attendees and journalists.

14:00

Auto Scaling CloudFlare Recon Workshop
Attention! This workshop will NOT be provided in English. You have to speak Ukrainian or Russian to attend. To attend the workshop you have to register and be accepted by the speaker(s). Registration form: https://goo.gl/forms/lrEAWizTf5WHOTI63

Workshop Plan 
1. The aim of automation
2. Tools overview
3. CDN for security principles
4. Practical rollout of CloudFail recon tool
4.1. Building virtual infrastructure (digital ocean)
4.2. Preparing the requirements software
4.3. Scaling the domain list by VMs
4.4. Collecting results
5. Conclusions and potential strategy
6. Questions&Discussion session

Knowledge pre-requisites
  • *nix fundamentals
  • elementary shell scripting skills

What to have
  • any laptop with *nix OS (can be Mac OS with homebrew)

Speakers
avatar for Stanislav Kolenkin

Stanislav Kolenkin

Senior DevOps, SoftServer inc


15:00

Executable Code Protection in ARM Systems
На данный момент для Linux (в отличии от Windows) существует совсем немного инструментов для динамического и статического анализа исполняемого кода. Еще меньше инструментов, которые позволяют качественно выполнять эти задачи на архитектуре ARM. В тоже время, количество устройств на ARM-процессорах растет: это смартфоны, телевизоры, устройства IoT. В скором времени планируется также выход нескольких моделей ноутбуков.
Но при всем при этом, информации о том, как упаковывать и защищать исполняемые ELF-файлы для ARM практически нет, ровно как и популярных инструментов для выполнения этих операций. Идея доклада в том, чтобы продемонстрировать простой и быстрый упаковщик исполняемого кода, который работает с минимальным оверхедом, и обеспечит достаточный уровень защищенности от статического и динамического анализа.

Speakers
avatar for Pavel Kryvko

Pavel Kryvko

DevOps Engineer, Rallyware
avatar for Eugene Kulik

Eugene Kulik

r0 Crew


16:00

Remote Forensics of a Linux Server Without Physical Access
Доклад на основе кейса digital forensics компании RMRF Technology.
Описание подачи заявки на выполнение forensic-анализа. Постановка задачи и описание инцидента, предоставленные клиентом.
Удаленная диагностика для сбора дополнительных доказательств.
Сбор доказательств, включая дампы памяти и диска.
Анализ собранных доказательств.
Идентификация инструментов, используемых для внедренного RAT-агента.
Определение способа компрометации по SSH-ключам.
Идентификация источников внешнего доступа.
Подготовка таймлайна установленных событий и финального отчета.
Логика взлома будет представлена на докладе.

Speakers
avatar for Serhii Aleynikov

Serhii Aleynikov

RMRF Technology


17:00

Professional Debates
We will have professional debates in a format that is well known to PUB KEY members. A group of invited cyber security experts will be given a set of cyber security related statements and then someone will “defend” these statements and someone will “attack” them in an argument. It is almost irrelevant whether you support the statement or not: what matters is how you use your persuasion and presentation skills to convince the audience.

Moderators
avatar for Volodymyr Styran

Volodymyr Styran

Coordinator, NoNameCon
General coordination of NoNameCon crew. 

18:00

Conference Closure
Speakers
avatar for Volodymyr Styran

Volodymyr Styran

Coordinator, NoNameCon
General coordination of NoNameCon crew. 
avatar for Anastasiia Voitova

Anastasiia Voitova

Product Engineer in Security and Cryptography, Cossack Labs
A software engineer with a wide background, I started as a mobile developer. Then I focused on cryptography/applied security, and now I'm building security tools for protecting data during the whole life cycle, not depending on a platform.I maintain open source security libraries... Read More →