Workshops

OFFZONE 2022 will feature several workshops:

  • Exploiting the Linux kernel. August 25, 12:00–20:00; Andrey Konovalov, a security researcher (xairy).
  • Take me to LPE. DLL hijacking, side‑loading and other. August 26, 11:30–14:30; Vladislav Burtsev, Threat Intelligence Analyst, Kaspersky.
  • Finding vulnerabilities in image parsers in practice. August 26, 15:30–18:30; Egor Bogomolov, Founder of Singleton Security.

For details, click the tabs below.

Why you might find this interesting

The workshop will guide you into the basics of Linux kernel security. In a series of exercise‑driven labs, you are going to explore the process of exploiting kernel bugs in modern Linux distributions on the x86‑64 architecture.

The agenda covers:

  • Handling the Linux kernel: navigating the source code; running the kernel in virtual machines; debugging the kernel and its modules.
  • Linux kernel internals: address space separation; interaction with userspace; security guarantees.
  • Linux kernel bugs: difference from userspace; memory corruptions; stack, global, and slab buffer overflows; use‑after‑free bugs.
  • Exploiting the Linux kernel: privilege escalation techniques; foundational kernel mitigations and their bypasses; basic slab exploitation techniques; how to learn advanced techniques.

You should ideally have

  • Working C knowledge.
  • Familiarity with the x86 architecture and x86 assembler.
  • Familiarity with GDB.
  • Familiarity with common types of vulnerabilities and exploitation techniques for userspace applications (recommended but not a must).

(No knowledge about Linux kernel internals is required.)

Your machine should have

  • 100+ GB free hard disk space.
  • 8+ GB RAM.
  • VMWare Workstation Player installed.

You will be provided with

  • Virtual machine images with the required tools and exercise files.
  • Presentation slides.
  • Lab guides with step-by-step instructions.

Trainer's bio

Andrey Konovalov is a Managing Director at Xairy Labs and a security researcher focusing on the Linux kernel.

He found multiple zero‑day bugs in the Linux kernel and published proof‑of‑concept exploits to demonstrate their impact. Andrey is a contributor to several security‑related Linux kernel subsystems and tools: KASAN—a fast dynamic bug detector, syzkaller—a production‑grade kernel fuzzer, and Arm Memory Tagging Extension—an exploit mitigation feature.

Andrey spoke at security conferences such as OffensiveCon, Android Security Symposium, Linux Security Summit, LinuxCon North America, and PHDays. He also maintains a collection of Linux kernel security—related materials and runs a dedicated channel.

How to attend

The entry fee is ₽30,000 (includes a Standard OFFZONE ticket).

Why you might find this interesting

You will learn how adversaries can use standard utilities (LOLBAS) and legitimate applications to attack Windows devices in 2022.

The workshop will delve into DLL hijacking, DLL side-loading, and other methods of adversaries. Additionally, you are going to gain a practical understanding of how to detect such threats.

You should ideally have

  • Basic Windows knowledge.
  • Familiarity with MITRE ATT&CK.
  • Elementary programming skills.

Your machine should have

  • Windows 7/10/11.
  • Internet connection.
  • Visual Studio Community edition.
  • Sysmon.
  • Procmon (or similar).

You will be provided with

  • Samples: Hello world DLLs, drivers, and executable files or source codes.
  • Configuration files.

Trainer’s bio

Vladislav Burtsev is a Threat Intelligence Analyst at Kaspersky.

He started his career as a SOC analyst. After that, he became a technical expert, which helped him to understand the ins and outs of security systems administration. All this past experience comes in handy in his current position.

How to attend

The workshop is free, you only need to buy an OFFZONE ticket and register.

Why you might find this interesting

Everyone knows about popular vulnerabilities in media content parsers like ImageMagick or such novelties as vulnerabilities in librsvg. But most experts do not examine these vulnerabilities broadly or persistently enough. All because it is not always obvious and you need to predict the behavior of a vulnerable library for every situation, and that leaves very little time for parsing.

As part of the workshop, Egor will explain how to identify cases with vulnerable media content parsers and conduct some attacks.

You will definitely need

  • Laptop.
  • Brain.

Your machine should have

  • Browser.
  • Burp Suite.
  • Docker.

You will be provided with

  • Tactics.
  • Exploits.

Trainer's bio

Egor is the CEO of CyberEd, the Founder of Singleton Security, and an expert in security analysis.

He has dedicated himself to working as a penetration tester for over 7 years, focused on researching the insecurity of web and Android mobile apps. Egor is a multiple‑time winner and medalist of The Standoff tournament at PHDays as a member of the True0xA3 team, a speaker at both Russian and international conferences, and various security meetups.

How to attend

The workshop is free, you only need to buy an OFFZONE ticket and register.