s one of the main conferences on practical aspects...ZeroNights is one of the main conferences on...
Transcript of s one of the main conferences on practical aspects...ZeroNights is one of the main conferences on...
ZeroNights is one of the main conferences on practical aspects of cybersecurity in Europe.
It is meant for technical specialists, heads and members of security teams, heads of IT departments, programmers, and all those interested in the applied aspects ofcybersecurity.
Since its foundation, the conference has welcomed more than 8000 participants and 300 speakers from 20 countries. It has been supported by more than 200 partners and received over4000 mentions in the field-oriented media.
Saint Petersburg, Prospekt Medikov 3, А2 Green Concert club.
The scene that has seen many legendary rock bands: Limp Bizkit, Smashing Pumpkins, Fall Out Boy, New Order, and others.
• Check your ticket for the conference (e-ticket or a printed one)
• Take your documents with you (passport, driver’s license, student ID).
• Save all important emails, phone numbers, and maps.
• Subscribe to ZeroNights’ social media to receive all important updates and conference news (Telegram, Twitter, Instagram).
November 12-13, 9:30-20:00
WHEN
WHERE
IMPORTANT THINGS TO DO BEFORE THE CONFERENCE
November 11, 15:00-21:00. A2 Green Concert club.
The first 250 participants to register will get a pleasant gift from the ZeroNights organizers.
Participants are allowed to bring gadgets, food, soft drinks.
November 12, 10:30. A2 Green Concert club.
1. If you are a student, do not forget to bring your student ID. Otherwise, you will not be able to register and participate in the event.
2. We also recommend that all participants have an ID: a passport or a driver’s license. You will need them to borrow a headset for simultaneous translation. And, of course, our bartenders might want to check your age at the bar.
November 12, 09:30. A2 Green Concert club
REGISTRATION
IDS
PRELIMINARY REGISTRATION
WHAT YOU MAY TAKE TO THE VENUE
GRAND OPENING OF THE CONFERENCE
Participants are not allowed to bring alcoholic beverages, bladed articles, explosive substances.
WHAT YOU MAY NOT TAKE TO THE VENUE
You certainly know that we have a market with branded apparel. Anything you ordered there, you can purchase and get during the first day of the event. You can find ZeroNights Market on theclub’s 1st floor in front of the Sberbank stand. Please, prepare your order number in advance. We accept cards and cash.
On November 12, there will be a party for those who have special bracelets. If your ticket reads “party entrance”, you’ll get one. The party starts at 19:00 at the “Sputnik” hall.
HOW TO GET TO THE VENUE
PARTY
• From the airport using public transport, you need buses #39 and #39Э. Those will take you to the nearest metro – Moskovskaya (Blue line).
• You can also take a taxi. An Uber to the city center will cost you 600-800 rub.
• If you arrive at the Moskovsky railway station (Red line), you can take the metro (Ploschad Vosstaniya – Green line), or one of the many buses that go anywhere in the city.
Your destination is Petrogradskay metro station, Prospekt Medikov 3.
You can also keep track of potential changes init in our official Telegram channel.
PROGRAM
DAY 1NOVEMBER 12
TIME MIN HALL MIR*
09:30
10:30
11:00
12:00
13:00
14:00
15:00
15:40
16:20
60
30
45
45
45
45
30
30
30
Registration
Opening ceremony
“Hardware Security is Hard:how hardware boundaries define platform security”
“From JDBC URI to a New RemoteCode Execution Attack Surface”
“app setAsDefaultRCE Client:Electron, scheme handlers and stealthy security patches”
“Dark sides of Java remote protocols”
“Trusted Types & the end of DOM XSS”
“CiscoASA: From Zero to ID=0”
“Launching feedback-driven fuzzing on TrustZone TEE”
Alex Matrosov (@matrosov)
Yongtao Wang
Juho Nurminen (@jupenur)
An Trinh (@_tint0)
Jakub Vrana (@jakubvrana),Krzysztof Kotowicz (@kkotowicz)
md4
Andrey Akimov (@e13fter)
TIME
TIME
MIN
MIN
HALL MIR*
HALL SPUTNIK* (DEFENSIVE TRACK)
17:00
09:30
17:25
12:00
16:00
17:50
13:00
18:15
14:00
15:00
15
60
15
45
30
15
45
15
45
45
“Hacking Medical Imaging with DICOM”
“(Why) We Still Fail atCryptography in 2019”
“Threat hunting in сall trace”
“Single byte write to RCE:exploiting a bug in php-fpm”
“crauEmu - your IDE for code-reuse attacks”
“Stories and lessons from dailyincident response practice”
“Malign Machine Learning Models”
“Building CyberSecurity Platformbased on Open Source”
“Improving application securityand exploitation detection withAppArmor & Osquery”
Maria Nedyak (@mariya_ns)
Andrey Belenko
Andrey Skablonsky
Emil Lerner
Registration
Alex Kovrizhnykh (@a1exdandy)
Pavel Kargapoltsev
Roman Palkin (@chicken_2007)
Kirill Demyanov
Igor Grachev, Evgeny Sidorov
TIME MIN HALL SPUTNIK* (DEFENSIVE TRACK)
16:40
19:00
30“Blue Team’s approach todiscovering ‘secrets’ in code”
Andrey Abakumov, Andrew Krasichkov
Speaker party (VIP tickets only)
PROGRAM DAY 2NOVEMBER 13
TIME MIN HALL MIR*
10:00
11:00
12:00
13:00
14:00
15:00
60
45
45
45
45
45
Registration
“From Memory Forensics toCloud Memory Analysis”
“Fatal Fury on ESP32: Time torelease Hardware Exploits”
“Two Bytes to Rule Adobe ReaderTwice: The Black Magic Behindthe Byte Order Mark”
“A Monkey in the Sandbox:Exploiting Firefox Through IonMonkey JIT and Kernel Sandbox Escapes”
“Opwnsource: VNC vulnerability research”
Matt Suiche (@msuiche)
LimitedResults (@LimitedResults)
Ke Liu (@klotxl404)
Hossein Lotfi (@hosselot)
Pavel Cheremushkin
There may be time changes and updates to the program.* Attention! Simultaneous translation is available in the Hall Mir only!
(RU - EN, EN - RU)
TIME
TIME
MIN
MIN
HALL MIR*
HALL SPUTNIK* (WEB VILLAGE)
10:00
12:00
12:30
13:00
13:30
60
25
25
25
25
“From misconfigs to severe consequences”
“GraphQL applications securitytesting automatization”
“Principles in software testingand some bugs that others did not notice”
“Blind SSRF”
Aleksei “GreenDog” Tiurin (@antyurin)
Registration
Pavel “sorokinpf” Sorokin (@sorokinpf)
Valeriy “krevetk0” Shevchenko(@Krevetk0Valeriy)
Alexei “SooLFaa” Morozov (@xSooLFaa)
17:00
18:00
18:40
19:30
45
30
30
30
“Practical LoRaWAN auditingand exploitation”
“Cisco to Disco!”
“Oldschool way of hackingMicroDigital ip-cameras”
Cesar Cerrudo (@cesarcer),Esteban Martinez Fayo (@estemf),Matias Sequeira
CiscoPangPang
Ilya Shaposhnikov (@drakylar)
Closing ceremony
16:00 45
“qiling.io: Advanced BinaryEmulation framework”
Kai Jern Lau (@sgniwx),Nguyen Anh Quynh (@capstone_engine)
TIME MIN HALL SPUTNIK* (WEB VILLAGE)
14:30
15:00
15:30
17:30
18:00
16:00
17:00
25
25
25
25
25
45
25
“Operation of injections in ORM libraries”
“The future without passwords”
“ZN PWN Challenge”
“Phoenix hunting”
“Doing AWS Zoo Audit”
“Misusing oop in mvc frameworks.How to conveniently develop broken apps”
Ramazan “r0hack” Ramazanov
Sergey “BeLove” Belov (@sergeybelove)
Paul Axe (@Paul_Axe)
Anton “Bo0oM” Lopanitsyn (@i_bo0om)
Kahoot Quiz
Denis “ttffdd” Rybin (@_ttffdd_)
Andrei Plastunov
14:00 25 Kahoot Quiz
There may be time changes and updates to the program.* Attention! Simultaneous translation is available in the Hall Mir only!
(RU - EN, EN - RU)
During the conference, the partners of ZeroNights2019 will hold quests and quizzes. The winnerswill get valuable prizes and souvenirs. The fulllist of activities can be found here.
We recommend installing the Kahootapplication before the conference.
ACTIVITIES
ATTENTION!
VENUE MAP
STAGE
BARBAR
STAGE
photobooth 180
1st Floor
Ticket office
VENUE MAP 2ST FLOOR
STAGE
BAR
STAGE
2st Floor
2st Floor
2st Floor
PARTNERS