ZERONIGHTS 2016 PROGRAM

17 november (thursday)

Track 1 Track 2 Workshop 1 Workshop 2

10.0011.00

Registration of participants

11.0011.30

The opening ceremony

11.3012.20

Welcome to the Physical LayerMichael Ossmann

12.3013.20

The UEFI Firmware Rootkits: Myths and RealityAlex Matrosovand Eugene Rodionov

Breaking Crypto for DummiesNikita Abdullin

BeyondOWASP Top 10

Reverse engineering of binary data files using Kaitai Struct Mikhail Yakshin

13.3014.20

Excite project: all the truth about symbolic execution for BIOS securityAlex Matrosov and Ilia Safonov

Of Mice and Keyboards:On the Security of Modern Wireless Desktop SetsMatthias Deegand Gerhard Klostermeier

14.5016.00

Lunch

16.0016.50

Safeguarding Rootkits: Intel BootGuardAleksandr Ermolov

Hacking ElasticSearchIvan Novikov

Modern fuzzingof C/C++ ProjectsMax Moroz

Reverse engineering of binary data files using Kaitai Struct Mikhail Yakshin

17.0017.50

JETPLOW is dead.Long live the JETPLOW!Roman Bazhinand Maxim Malyutin

Hadoop safari – Hunting for vulnerabilitiesThomas DEBIZEand Mahdi BRAIK

Community

18.0019.00

Gateway Internalsof Tesla MotorsSen Nie and Ling Liu

Advanced WebApplication FuzzingMichael Stepankin

Sixth annual international cybersecurityconference, devoted to practical

aspects of cybersecurity

www.zeronights.org

ZERONIGHTS 2016 PROGRAM

18 november (friday)

11.0011.50

You’re off the hook: blinding security softwareJeffrey Tang and Alex Matrosov

CICS Breakdown: Hack your way to transaction cityAyoub Elaassal

Defensive Track *(20 minutes)

Searching for vulnerabilities in the Computer-Aided Process Control System (CAPCS) with blackbox analysis under tight deadlinesBoris Savkov

12.0012.50

I know where your page lives: Derandomizing the latest Windows 10 KernelEnrique Nissim

Dissecting complex code-re-use attacks with ROPMEMUMariano Graziano

13.0013.50

The approach to developing LPE exploits on Windows 10 with allowances to the latest security updatesYuri Drozdovand Ludmila Drozdova

FIRST: Changing How You Reverse EngineerAngel Villegas

14.0016.00

Lunch

16.0016.50

Defeating Pin Control in Pro-grammable Logic ControllersAli Abbasi & Majid Hashemi

Cisco Smart Install. Pentester’s opportunitiesAlexander Evstigneevand Dmitry Kuznetzov

FastTrack **(15 minutes) Community

17.0017.50

DPTrace: Dual Purpose Trace for Exploitability Analysis of Program CrashesRodrigo Rubira Branco& Rohit Mothe

How to circumvent ADconverter, part 3, or tools for attacking converting analog data to digitalAlexander Bolshev

18.0018.50

Poking on Macs Recovery OS and Local OS Update ProcessPatrick Wardle

Stories about hackinglow-cost phonesAlexey Rossovsky

19.0019.30

Closing ceremony. Winner’s reward ceremony.

A threat hunter himselfTeymur Kheirkhabarov and Sergey Soldatov

HexRaysPyToolsIgor Kirillov

Fear and rage of two-factor authenticationIgor Bulatenko

Neurotechnology for SecurityKsenia Gnitko

How to manage digital apps signatures in a big companyEvgeniy Sidorov and Eldar Zaitov

You are not the same as…Andrey Kovalev

Automating iOS blackbox security scanningMikhail Sosonkin

A blow under the belt. How to avoid WAF/IPS/DLPAnton Lopanitzyn

Monitoring and analysis of emails or a primitive toolto detect a cyber attackAlexey Karyabkin and Pavel Grachev

F5 BIG-IP vulnerabilities: detection and remedyingDenis Kolegov

Enterprise Vulnerability ManagementEkaterina Pukhareva and Alexander Leonov

Entity provider selection confusion attacksin JAX-RS applicationsMikhail Egorov

20% of investment and 80% of profit. How to implement security requirements and maintain internal freedomNatalia Kukanova and Igor Gotz

Reversing golangGeorgy Zaytzev

Diving into Malware’s Furtive PlumbingOr Safran & Omer Yair

www.zeronights.org