ZeroNights is one of the main conferences on practical aspects of cybersecurity in Europe.

It is meant for technical specialists, heads and members of security teams, heads of IT departments, programmers, and all those interested in the applied aspects ofcybersecurity.

Since its foundation, the conference has welcomed more than 8000 participants and 300 speakers from 20 countries. It has been supported by more than 200 partners and received over4000 mentions in the field-oriented media.

Saint Petersburg, Prospekt Medikov 3, А2 Green Concert club.

The scene that has seen many legendary rock bands: Limp Bizkit, Smashing Pumpkins, Fall Out Boy, New Order, and others.

• Check your ticket for the conference (e-ticket or a printed one)

• Take your documents with you (passport, driver’s license, student ID).

• Save all important emails, phone numbers, and maps.

• Subscribe to ZeroNights’ social media to receive all important updates and conference news (Telegram, Twitter, Instagram).

November 12-13, 9:30-20:00

WHEN

WHERE

IMPORTANT THINGS TO DO BEFORE THE CONFERENCE

November 11, 15:00-21:00. A2 Green Concert club.

The first 250 participants to register will get a pleasant gift from the ZeroNights organizers.

Participants are allowed to bring gadgets, food, soft drinks.

November 12, 10:30. A2 Green Concert club.

1. If you are a student, do not forget to bring your student ID. Otherwise, you will not be able to register and participate in the event.

2. We also recommend that all participants have an ID: a passport or a driver’s license. You will need them to borrow a headset for simultaneous translation. And, of course, our bartenders might want to check your age at the bar.

November 12, 09:30. A2 Green Concert club

REGISTRATION

IDS

PRELIMINARY REGISTRATION

WHAT YOU MAY TAKE TO THE VENUE

GRAND OPENING OF THE CONFERENCE

Participants are not allowed to bring alcoholic beverages, bladed articles, explosive substances.

WHAT YOU MAY NOT TAKE TO THE VENUE

You certainly know that we have a market with branded apparel. Anything you ordered there, you can purchase and get during the first day of the event. You can find ZeroNights Market on theclub’s 1st floor in front of the Sberbank stand. Please, prepare your order number in advance. We accept cards and cash.

On November 12, there will be a party for those who have special bracelets. If your ticket reads “party entrance”, you’ll get one. The party starts at 19:00 at the “Sputnik” hall.

HOW TO GET TO THE VENUE

PARTY

• From the airport using public transport, you need buses #39 and #39Э. Those will take you to the nearest metro – Moskovskaya (Blue line).

• You can also take a taxi. An Uber to the city center will cost you 600-800 rub.

• If you arrive at the Moskovsky railway station (Red line), you can take the metro (Ploschad Vosstaniya – Green line), or one of the many buses that go anywhere in the city.

Your destination is Petrogradskay metro station, Prospekt Medikov 3.

You can also keep track of potential changes init in our official Telegram channel.

PROGRAM

DAY 1NOVEMBER 12

TIME MIN HALL MIR*

09:30

10:30

11:00

12:00

13:00

14:00

15:00

15:40

16:20

60

30

45

45

45

45

30

30

30

Registration

Opening ceremony

“Hardware Security is Hard:how hardware boundaries define platform security”

“From JDBC URI to a New RemoteCode Execution Attack Surface”

“app setAsDefaultRCE Client:Electron, scheme handlers and stealthy security patches”

“Dark sides of Java remote protocols”

“Trusted Types & the end of DOM XSS”

“CiscoASA: From Zero to ID=0”

“Launching feedback-driven fuzzing on TrustZone TEE”

Alex Matrosov (@matrosov)

Yongtao Wang

Juho Nurminen (@jupenur)

An Trinh (@_tint0)

Jakub Vrana (@jakubvrana),Krzysztof Kotowicz (@kkotowicz)

md4

Andrey Akimov (@e13fter)

TIME

TIME

MIN

MIN

HALL MIR*

HALL SPUTNIK* (DEFENSIVE TRACK)

17:00

09:30

17:25

12:00

16:00

17:50

13:00

18:15

14:00

15:00

15

60

15

45

30

15

45

15

45

45

“Hacking Medical Imaging with DICOM”

“(Why) We Still Fail atCryptography in 2019”

“Threat hunting in сall trace”

“Single byte write to RCE:exploiting a bug in php-fpm”

“crauEmu - your IDE for code-reuse attacks”

“Stories and lessons from dailyincident response practice”

“Malign Machine Learning Models”

“Building CyberSecurity Platformbased on Open Source”

“Improving application securityand exploitation detection withAppArmor & Osquery”

Maria Nedyak (@mariya_ns)

Andrey Belenko

Andrey Skablonsky

Emil Lerner

Registration

Alex Kovrizhnykh (@a1exdandy)

Pavel Kargapoltsev

Roman Palkin (@chicken_2007)

Kirill Demyanov

Igor Grachev, Evgeny Sidorov

TIME MIN HALL SPUTNIK* (DEFENSIVE TRACK)

16:40

19:00

30“Blue Team’s approach todiscovering ‘secrets’ in code”

Andrey Abakumov, Andrew Krasichkov

Speaker party (VIP tickets only)

PROGRAM DAY 2NOVEMBER 13

TIME MIN HALL MIR*

10:00

11:00

12:00

13:00

14:00

15:00

60

45

45

45

45

45

Registration

“From Memory Forensics toCloud Memory Analysis”

“Fatal Fury on ESP32: Time torelease Hardware Exploits”

“Two Bytes to Rule Adobe ReaderTwice: The Black Magic Behindthe Byte Order Mark”

“A Monkey in the Sandbox:Exploiting Firefox Through IonMonkey JIT and Kernel Sandbox Escapes”

“Opwnsource: VNC vulnerability research”

Matt Suiche (@msuiche)

LimitedResults (@LimitedResults)

Ke Liu (@klotxl404)

Hossein Lotfi (@hosselot)

Pavel Cheremushkin

There may be time changes and updates to the program.* Attention! Simultaneous translation is available in the Hall Mir only!

(RU - EN, EN - RU)

TIME

TIME

MIN

MIN

HALL MIR*

HALL SPUTNIK* (WEB VILLAGE)

10:00

12:00

12:30

13:00

13:30

60

25

25

25

25

“From misconfigs to severe consequences”

“GraphQL applications securitytesting automatization”

“Principles in software testingand some bugs that others did not notice”

“Blind SSRF”

Aleksei “GreenDog” Tiurin (@antyurin)

Registration

Pavel “sorokinpf” Sorokin (@sorokinpf)

Valeriy “krevetk0” Shevchenko(@Krevetk0Valeriy)

Alexei “SooLFaa” Morozov (@xSooLFaa)

17:00

18:00

18:40

19:30

45

30

30

30

“Practical LoRaWAN auditingand exploitation”

“Cisco to Disco!”

“Oldschool way of hackingMicroDigital ip-cameras”

Cesar Cerrudo (@cesarcer),Esteban Martinez Fayo (@estemf),Matias Sequeira

CiscoPangPang

Ilya Shaposhnikov (@drakylar)

Closing ceremony

16:00 45

“qiling.io: Advanced BinaryEmulation framework”

Kai Jern Lau (@sgniwx),Nguyen Anh Quynh (@capstone_engine)

TIME MIN HALL SPUTNIK* (WEB VILLAGE)

14:30

15:00

15:30

17:30

18:00

16:00

17:00

25

25

25

25

25

45

25

“Operation of injections in ORM libraries”

“The future without passwords”

“ZN PWN Challenge”

“Phoenix hunting”

“Doing AWS Zoo Audit”

“Misusing oop in mvc frameworks.How to conveniently develop broken apps”

Ramazan “r0hack” Ramazanov

Sergey “BeLove” Belov (@sergeybelove)

Paul Axe (@Paul_Axe)

Anton “Bo0oM” Lopanitsyn (@i_bo0om)

Kahoot Quiz

Denis “ttffdd” Rybin (@_ttffdd_)

Andrei Plastunov

14:00 25 Kahoot Quiz

There may be time changes and updates to the program.* Attention! Simultaneous translation is available in the Hall Mir only!

(RU - EN, EN - RU)

During the conference, the partners of ZeroNights2019 will hold quests and quizzes. The winnerswill get valuable prizes and souvenirs. The fulllist of activities can be found here.

We recommend installing the Kahootapplication before the conference.

ACTIVITIES

ATTENTION!

VENUE MAP

STAGE

BARBAR

STAGE

photobooth 180

1st Floor

Ticket office

VENUE MAP 2ST FLOOR

STAGE

BAR

STAGE

2st Floor

2st Floor

2st Floor

PARTNERS