About the conference
Agenda
ACTIVITIES
Press center
info@offzone.moscow

Schedule

August 25–26, 2022

August 26

August 26
11:00–12:00
Hi! Can I charge my phone?
Track 1
Russian
Nowadays, USB cables are not so simple and harmless as you may think. Some of them may be hiding secrets. Really dangerous secrets. Are you sure this USB cable connected to your laptop is only for charging that kind dude’s phone ...
Nikita Panov

Independent expert, digital forensics specialist, community leader at 4n6.ru

Video Presentation
August 26
11:00–12:00
Machine learning security
Track 2
Russian
This report focuses on attacks that target machine learning systems. What are the dangers of such attacks? How difficult is it to prevent them? The speaker will talk about some of the things required from a security expert, and why this is so fascinating ...
Danila Emelyanov

Leading Mathematician at the Information and Network Security Lab, Kryptonite Research and Production Company

Video Presentation
August 26
11:00–12:30
LockPick: the autopsy will tell
DC&HW.Zone
Russian
The report consists of three parts, in which the construction of locks, attacks on them, and defense mechanisms are analyzed step by step. We will also talk about the different tools used by lockpickers and go a bit deeper into the history ...
ostara

Independent IS researcher, B4CKSP4CE

Video
August 26
11:30–14:30
Take me to LPE. DLL hijacking, side‑loading and other
Workshop
Russian
You will learn how adversaries can use standard utilities (LOLBAS) and legitimate applications to attack Windows devices in 2022 ...
Vladislav Burtsev

Threat Intelligence Analyst, Kaspersky

August 26
12:00–13:00
APT attacks on Russian companies in H1 2022: highlights
Track 1
Russian
Since the beginning of 2022, PT ESC analysts have been recording a surge in targeted attacks on companies in Russia. Based on the data acquired as a result of incident response activities and threat intelligence gathering, the report examines the most interesting attacks out of those detected. It also ...
Aleksandr Grigorian

Threat Researcher, Positive Technologies Expert Security Center (PT ESC)

Daniil Koloskov

Malware Researcher, Positive Technologies Expert Security Center (PT ESC)

Video Presentation
August 26
12:00–13:00
Developing UEFI modules and debugging them without NDA
Track 2
Russian
The report focuses on the firmware that is built into the motherboard—namely, UEFI (unified extensible firmware interface)—and the development of modules with subsequent debugging ...
Mars

Independent security researcher

Alx14

Independent security researcher

Video Presentation
August 26
12:00–13:00
Threat modeling without the headache
AppSec.Zone
Russian
The classical approach to threat modeling has long proved inefficient. Then again, developers never execute the requirements for the threat model. The reasons behind that and the ways to streamline the process are explored in Svetlana’s report ...
Svetlana Gazizova

Head of Application Security Audit, Swordfish Security

Video Presentation
August 26
12:30–14:00
RFID
DC&HW.Zone
Russian
Electronic pass cards are a staple of our everyday lives, especially in the corporate segment. Find out in practice what lies under the hood of RFID and why most of the electronic passes are vulnerable ...
nipnull

Independent researcher

soxoj

DC7495

Video
August 26
13:00–14:00
Microsoft cloud authentication tokens—there are no more secrets
Track 1
Russian
The lecture is about authentication and authorization in Microsoft Office 365. You will learn how the office applications such as Outlook, OneDrive, Teams, Word, Excel, and the Windows operating system as such are authorized on cloud servers. Specifically, where and how they store their access tokens, what DPAPI (Data Protection API), ...
Konstantin Evdokimov

Researcher, pentester, redteam specialist; Head of MIS‑Team, "M 13"

Nikolay Dolbin

Senior Researcher, Cybersecurity Department, Sber

Video Presentation
August 26
13:00–14:00
Missed Opportunity: Detecting Legitimate Third-Party Tools Abused by the Threat Actors
Track 2
Russian

Threat actors are known to use various features of operating systems to achieve their goals. However, sometimes it is not enough, so they may employ legitimate third‑party tools that are most unlikely to be detected by security solutions. For example, to perform Active Directory reconnaissance, an adversary may ...

Oleg Skulkin

Head of Digital Forensics and Malware Analysis Lab, Group‑IB

Video Presentation
August 26
13:00–14:00
Knowledge is power or How to build your own AppSec competence center
AppSec.Zone
Russian
In the course of our work, we often encounter a negative attitude of developers toward the security department, and sometimes there’s hardly anyone aware of its existence. How to foster the relationship between security and development? How to make developers our allies and get them interested in safe coding? How to remind ...
Yury Shabalin

Senior Information Security Architect, Swordfish Security

Video Presentation
August 26
14:00–15:00
Chasing Evil: Modern Approaches to Anomaly Detection in Windows Infrastructures with LDAP and RPC Monitoring
Track 1
Russian
Once a user account is compromised, an intruder has a foothold to attack the Active Directory domain. One of the primary tasks of the attacker at this stage is to collect information about domain objects for privilege escalation. While there is a great variety of enumeration tools, all of them, however, ...
Maxim Tumakov

Principal Analyst of Cyber Defense Center, BI.ZONE

Video Presentation
August 26
14:00–14:30
Malicious browser extensions
Track 2
Russian
An excursion into what browser extensions can conceal based on the analysis of malicious samples. How do hackers use extensions? Why are the efforts of browser developers insufficient to address this problem? And how to avoid taking the bait ...
Ilsaf Nabiullin

Penetration Tester, Innostage

Video Presentation
August 26
14:00–14:30
Why you should NOT hire DevSecOps engineers
AppSec.Zone
Russian
Everybody knows that building and maintaining SDLC (Software Development Life Cycle) can be done by a DevOps engineer. Many would think that a DevSecOps engineer can turn SDLC into SSDLC (Secure SDLC), but these expectations are somewhat unrealistic ...
Ilya Polyakov

Head of Source Code Analysis, Angara Security

Video Presentation
August 26
14:00–15:00
How to write killer content
Press.Zone
Russian
Being a qualified professional, at some point, you will need to be able to put your experience into words. Where to get the motivation to start your article? How to overcome your fear ...
Andrei Pismennyy

Editor‑in‑Chief Xakep.ru

August 26
14:30–15:00
Attacks on AI made easy
Track 2
Russian
The results produced by AI are more often than not astonishing, but nevertheless, machines are not flawless. The cost of mistakes increases when dealing with security—for hackers, AI can be just an additional high‑impact attack vector ...
Elizaveta Tishina

Security Analysis Specialist, DeteAct

Video Presentation
August 26
14:30–15:00
Do you really want to know what happens inside your dependencies?
AppSec.Zone
Russian
Building software on top of open‑source libraries and packages has become the norm. Modern languages and frameworks, like Python, Node.js, Go, Rust encourage developers to just “download and execute” whatever is offered by third‑party repositories without thinking much about the consequences ...
Leonid Bezvershenko

Junior Security Researcher, Kaspersky

Igor Kuznetsov

Chief Security Researcher, Kaspersky

Video Presentation
August 26
15:00–16:00
Local privilege escalation on Apple devices
Track 1
Russian
Apple has been introducing various security mitigations for years. Since macOS Big Sur / iOS 14, exploiting kernel memory corruption has been made a lot more difficult by introducing memory sequestering and kernel heaps. Apple continued to sabotage attackers’ efforts by introducing more mitigations against memory corruption vulnerabilities ...
Nikita Tarakanov

Independent security researcher

August 26
15:00–15:30
Secure ML modeling
Track 2
Russian
The report talks about improving the security of machine learning models at various stages of development. It introduces a list of adversarial attacks and their use in model training and testing, as well as the security of the environment when training and running models ...
Vitaly Bolokhovtsev

AppSec Engineer, Sber

Video Presentation
August 26
15:00–16:00
Grand DevSecOps myths and legends: the experience of a bank
AppSec.Zone
Russian
This report is about the experience of introducing and developing DevSecOps in three domains: technology, processes, and people. The speakers are going to talk about the things you can expect while implementing the Sec part of DevOps, which is applied to thousands of applications. Furthermore, you will see what ...
Karina Petrova

DevSecOps Analyst, Sber

Nikita Tazhbenov

DevSecOps Engineer, Sber

Video Presentation
August 26
15:00–16:30
Classics of Wi‑Fi pentest
DC&HW.Zone
Russian
Although it seems that the Wi-Fi network has been completely explored inside and out, it is still full of vulnerabilities. At the DC stand, you can practice finding and exploiting current vulnerabilities ...
Sergey Ivashchenko

Pentester, Jet Infosystems

Evgeny Artemyev

Pentester, Jet Infosystems

Video Presentation
August 26
15:30–16:00
Osinter's Notes
Track 2
Russian
The report contains information about OSINT techniques for penetration testing. The cases presented illustrate the benefits of these techniques for different specialists ...
Alexander Goncharov

Engineer and Pentester, Innostage

Video Presentation
August 26
15:30–18.30
Finding vulnerabilities in image parsers in practice
Workshop
Russian
Everyone knows about popular vulnerabilities in media content parsers like ImageMagick or such novelties as vulnerabilities in librsvg. But most experts do not examine these vulnerabilities broadly or persistently enough. All because it is not always obvious and you need to predict the behavior of a vulnerable library ...
Egor Bogomolov

Security Expert, Founder of Singleton Security, CEO of CyberEd

August 26
16:00–17:00
А small mistake. A story of 5G router research
Track 1
Russian
The report is dedicated to the OPPO 5G router security research. It explores the steps to getting RCE without having firmware and without physically manipulating the device. Other detected vulnerabilities will also be demonstrated ...
Georgii Kiguradze

Application Assessment Expert, Positive Technologies

Video Presentation
August 26
16:00–16:30
FreeIPA Pentesting
Track 2
Russian
It’s not uncommon that client infrastructures are deployed under a standard scheme that uses Active Directory. The algorithm for testing such infrastructures is continuously being perfected throughout the years: it’s now clear what steps to take, what to look out for, what types of attacks to run, how to evade ...
Olga Karelova

Independent security researcher, redteamer

Video Presentation
August 26
16:00–17:00
Vulnerability management for dummies or How to train your automation
AppSec.Zone
Russian
This report will talk about vulnerability management for SecOps and AppSec, specifically, how to automate the process in such a way as to achieve maximum efficiency in the end, and, at the same time, spend minimum resources of the information security team ...
Roza Abdullaeva

Infrastructure Security Engineer, PS Development

Dmitriy Sherstoboyev

Application Security Engineer, PS Development

Video Presentation
August 26
16:30–17:00
Undocumented features of some Burp Suite extensions
Track 2
Russian
This report looks at the known Burp Suite extensions, mostly by James Kettle. Since many of the known extensions have only a brief description, this sets a significant entry threshold for use. The presentation covers extensions such as Turbo Intruder, Hackvertor, and others with the purpose of reducing the difficulty ...
Ilya Danenkov

Pentester, Deiteriy

Video Presentation
August 26
16:30–18:00
Recovering encrypted data from damaged media
DC&HW.Zone
Russian
Quest report: during a counter‑terrorist operation, the special forces obtained some data carriers, which contain data that would compromise the activities of the terrorist group. The media includes a memory stick and a hard drive. Since the operation was carried out with the use of brutal physical force, the data ...
}{отт@бь)ч

DC78182

Jane Tehhi

DC78182

Video Presentation
August 26
17:00–17:30
Fishnet Framework—Intuitive Penetration Testing
Track 2
Russian
Fishnet Framework is a powerful and multitasking web‑based collaboration and automated penetration testing platform. The main goal of Fishnet is to provide an understandable set of tools that everyone, from an office clerk to a professional security researcher, can access ...
Ivan Nikolsky

Independent security researcher; Founder and leader of the EntySec team

Video Presentation
August 26
17:00–18:00
Current application security issues in the financial sector and how we solved them
AppSec.Zone
Russian
This report focuses on the security problems and real cases in financial organizations. Aleksey will talk about the current challenges of the last couple of years (how COVID‑19 changed our lives, what we did with Log4Shell and other). The speaker will use his own examples to demonstrate what AppSec processes look like ...
Aleksey Morozov

Head of AppSec, Tinkoff

Video Presentation
August 26
17:30–18:30
A brief look into CVE-2021-27223
Track 2
Russian
The current research deals with CVE-2021-27223 that was registered for some Kaspersky Lab products ...
Denis Straghkov

Researcher, Ivannikov Institute for System Programming of the Russian Academy of Sciences (ISP RAS)

Video Presentation
August 26
18:30–19:00
Closing and award ceremony
Track 1
Russian