The concept of Positive Hack Days 2022 is the entrance to a new digital era of IN-dependence. The main question is: is it realistic to be independent - that is, independent - under the current conditions without full control over the virtual environment? Experts and participants will try to find the answer to this question during the forum.
According to the organizers of the event, the Positive Technologies company, «cybersecurity in Russia is now at the forefront of the agenda. In recent months, a flurry of hacker attacks has swept across all industries: the public sector, banks, the mass media, the military-industrial complex, the fuel and energy complex, IT, science ... The number of requests for cyber protection has increased significantly. Almost all foreign IS vendors left the country. An unprecedented transformation of the Russian cybersecurity market has begun. Now more than ever, it is important to combine our experience and expertise to protect companies from unacceptable events and ensure the digital independence of the country». When preparing PHDays 11, the organizers focused on import independence. This is in line with current trends in the development of domestic business.
Positive Technologies promises Forum participants the excitement of pioneers during cyber battles, a huge testing ground for experiments at hacker competitions, unique expertise of speakers, professional conversation on the merits with speakers, informal communication with hackers and lots and lots of practice.
Russian and foreign developers, information security experts and hackers, security researchers, key experts, opinion leaders, business leaders, government officials, CIOs and CISOs of the largest domestic and international companies, leading specialists from banks, telecommunications, oil and gas producing, industrial and IT companies, young scientists and journalists will meet at the site.
Participants of Europe's largest Forum will come together to discuss the most pressing issues of information security, new technological challenges and research in the field of cybersecurity, the most acute problems of business and government, ways to solve them using information security, as well as establish new business contacts.
More than 100 interesting reports and presentations by more than 130 speakers will be seen by thousands of information security stars not only from Russia. As part of the business program there will be plenary sessions, closed and open round tables, master classes, laboratory workshops, technical tracks and hacker hacking competitions. This year the program is divided into 5 tracks: Development, AI Track, Fast Track, technical and business tracks.
Oleg Skulkin, Head of the Group-IB Digital Forensics and Malicious Code Laboratory, will analyze a limited list of techniques based on real attack scenarios that are used by almost all attackers of various skill levels. This gives defenders the ability to detect an attack even when there is very little data.
When working with indicators of compromise, it is important for an analyst to quickly understand how dangerous this or that object is. For this, the calculated by the provider the threat intelligence number is used - score. Often, exactly how and on the basis of what such a calculation takes place is a trade secret. RST Cloud co-founder Nikolai Arefiev will show how scoring can work using the example of open indicators.
When infecting a computer with viruses at the user level, you can use well-known countermeasures that rely on the kernel API. And if the OS kernel itself or firmware is compromised? Anton Belousov, Senior Specialist of the Positive Technologies Malware Detection Department, will consider potential vectors for bootkits infecting systems based on BIOS and UEFI, will tell you how to use the Xen-LibVMI-Drakvuf bundle to monitor the behavior of malware and what events or signs at the same time make it possible to judge an injection attempt bootkit.
Independent information security researcher Andrey Konovalov in his report will analyze the internal structure and practical use of KASAN and other sanitizers - the main tools for detecting bugs in the Linux kernel. KASAN detects unsafe memory accesses: memory usage errors after freeing (use-after-free) and out-of-bounds (out-of-bounds) in slab, page_alloc, vmalloc memory, on the stack and for global variables.
Andrey Masalovich, General Director of Inforus, in his report will present 20 practical OSINT techniques using new features of the digital world, including photo search using neural networks, collecting information from the darknet, detecting leaks in cloud storages and fixing a user’s digital footprint based on data from his gadgets .
Vulnerabilities in BootROM, an essential component of hardware and software security, allow an attacker to gain complete control over the device. Independent researcher Dmitry Artamonov will review the role of BootROM in the Android smartphone boot chain, BootROM vulnerabilities of various mobile device vendors, talk about the experience of obtaining JTAG in a Qualcomm-based smartphone and how to use it to extract a BootROM image from a modern device, and also demonstrate a successful exploitation of the 1-day vulnerability in BootROM.
It is commonly believed that phishing uses fake sites. What if the site is real? What kind of problems can lead to such consequences as hacking the site? Independent information security researcher Alexander Kolchanov will give a number of examples where not only small organizations, but also large banks and airlines easily become victims of such phishing attacks. He will talk about both common problems and a number of lesser known ones, including subdomain takeover, attacks on external service administrators and link shorteners.
Traditionally, the participants will take part in the competitive program, which has been developed by leading experts in the field of cybersecurity. The largest open cyberbattle in the world will take place at The Standoff, during which participants will be able to demonstrate hacking and defense skills, legally attack a payment system, hack a smart contract, learn about machine learning techniques in game CTF services and test them for strength, try their forces in competitive intelligence and other hacking tasks as part of online contests.
For more than 30 hours of hands-on The Standoff, professional attack teams show what threats the resources of any big city are exposed to, while teams of information security specialists and security centers of excellence demonstrate effective countermeasures. Events on the site are as close to reality as possible, the game site is a large-scale emulation of urban infrastructure.
One of the organizers of the PHDays forum, The Standoff product manager Yaroslav Babin spoke about the innovations of the cyberpolygon: «This time we want to show the interdependence of economic sectors, when even a slight impact on one of the systems can have large and unpredictable consequences in a completely different place. Everyone will be able to observe this butterfly effect in real time, which makes The Standoff cyber-teachings more relevant than ever. Knowing which systems and objects malfunction can lead to unacceptable consequences is one of the main goals of cyber exercises».
This year, more than 160 white hat hackers (17 teams) and 5 defense teams will meet at The Standoff. Among the attackers there are teams from Russia, France, Belarus, Kazakhstan. In total, attackers will try to implement 99 invalid events. Five teams of defenders will investigate incidents, track the movements of attackers within the infrastructure, study attackers' techniques and tactics, and gain experience in preventing unacceptable events.
Anton Kuzmin, Head of the CyberART Cyber Threat Prevention Center says: «The nature and intensity of cyber threats have changed dramatically in recent years: their number has quadrupled. And right now it is important to pay more attention to information security. First of all, train people involved in defense. The purpose of the cyberpolygon is precisely to improve practical skills in conditions that are closest to real ones. The model of the State F is getting closer and closer to real infrastructure every time. This year, the organizers have laid down unacceptable events that trigger the domino effect: that is, conditional attackers can disable companies in one sector of the economy by performing sequential actions in another. In this we see another value of The Standoff: here you can reach the end».
For those who cannot attend PHDays in person, an online broadcast will be available.
In addition, the updated The Standoff Digital Art will take place at PHDays 2022: gambling researchers will again try to take possession of the crypto art of real artists right in the metaverse, and forum guests will visit London without leaving Moscow.
Arseniy Reutov, Head of the Positive Technologies Application Security Research Department, noted: «Most of the vulnerabilities in smart contracts are associated with the generation of a new collection. At this stage, each of its items receives a set of characteristics, and if you learn how to «predict» them, you can intercept the rarest and most expensive NFTs outside the pricing rules. At PHDays 2022, participants will have to solve problems even more complicates and interesting than last year, and our competition will go global: in cooperation with Arcona, we will place digital art objects in augmented reality.”
Paintings by Russian artists have already appeared in Arcona XR Metaverse virtual art galleries. With the help of the application, the digital exhibition can be visited from anywhere in the world. At the Forum itself, a thematic AR project will be remotely launched directly from Moscow to London - an interactive installation generated in the Moscow studio will unfold before the eyes of the audience in the British capital.
During all two days of the Positive Hack Days, a large-scale exhibition will be held, where companies will present the best technological practices, analytical and technical expertise, products and services that help businesses and government organizations around the world to confidently resist current cyber threats and ensure reliable information security management, as well as share cases and experience in implementing domestic solutions.
Also, guests and participants of the Forum will enjoy the HackerToon Experimental Animation Festival and the finals of the first All-Russian open-source project competition for schoolchildren and students. In addition, the finalists of the Positive Wave festival will perform at PHDays, and a famous Russian musician will perform tracks written by artificial intelligence.
Last year PHDays was visited by more than 2,500 guests offline and 35,000 online. Ten strongest teams of white hackers took part in The Standoff competition at that time, which tested the city-state systems for 35 hours non-stop. The cyber confrontation between attackers and defenders was followed by 65,000 people from dozens of countries. In pre-Covid 2019, the forum had more than 11 thousand participants and 100 reports.