How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Friday, June 22, 2012

Presentations from Positive Hack Days 2012 Published

It's finally happened! When videos of reports and hands-on-labs from Positive Hack Days were published, we decided to move on. So now you have an opportunity to view presentations of the forum’s reports.
For your convenience we provide links not only to the slides but to the videos of the reports as well (if they were made).

Keynote Reports

Video of Bruse Schneier's report is available here from 01:00 p.m. The guru of cryptography told about his own security philosophy that surprised most of visitors. He thinks that law breakers (hackers) may not only cause harm but be useful as well.

Datuk Mohd Noor Amin is the Chairman of the International Multilateral Partnership Against Cyber Threats (IMPACT), he leads the first United Nations-backed public-private partnership against cyber threats with UN’s International Telecommunication Union (ITU) as its partner, and with 137 countries as members, IMPACT is also recognized as the world’s largest cybersecurity alliance [video], [presentation ENG].


Report: Sergey Gordeychik. How to hack a telecom and stay alive 2. Owning a billing [video], [presentation ]

Where to look for the keys to a technological network? How to obtain the billings without interfering with the main business of a company? The speaker answered these questions and shared new illustrative and funny examples of penetration testing performed for telecommunication networks.

Report: Roman Kaplya. Operators' cooperation against fraud [presentation RUS]

State Sector

Report: Mikhail Yemelyannikov. Why it is impossible to comply with Russian private data protection law? [video], [presentation RUS]

Report: Andrey Fedichev, FSTEK of Russia. Why state secrets leak to the Internet? [video], [presentation RUS]

Report: Alexey Lukatsky. How presidential election in Russia influences information security market, or Trends in regulations. Video is available here from 04:00 p.m [presentation RUS].

Network Protection

Report: Vladimir Styran. The truth about the lie. Social engineering for security experts [video], [presentation RUS]

Hands-on-lab: Andrey Masalovich. Internet competitive intelligence. Video is available here from 04:08 p.m [presentation RUS].

By using practical examples, participants of the workshop acquired the skills of using analytical technologies in solving real problems of competitive intelligence, including methods for rapid detection of confidential information leaks, fast-detection of open partitions on servers, methods of penetration on the FTP server without hacking protection; password leak-detection methods; methods of access to confidential documents via bypassing DLP; means of penetrating into sections behind 403 error messages. Techniques were demonstrated on examples of portals in certainly well-protected companies (such as the leaders of the IT and IS markets, large state organizations, intelligence, etc.).

Hands-on-lab: Dmitry Ryzhavsky. Wireless network security. How your network was hacked and how it could be avoided [video], [presentation RUS]

In the course of the report the most relevant methods of obtaining unauthorized access to WiFi-network were considered, and the mechanisms, proposed by Cisco Unified Wireless Network to protect against the described attacks, were demonstrated.

Hands-on-lab: Nikhil Mittal. Breaking havoc using a Human Interface Device [video], [presentation]

This hands-on-lab focused on a highly dangerous and yet widely neglected computer security issue — vulnerability of Human Interface Devices (HIDs).

Report: Sylvain Munaut. Abusing Calypso phones [video], [presentation]

Report: Andrei Costin. PostScript: Danger ahead! Hacking MFPs, PCs and beyond [video], [presentation]

Videos of demonstrations: 

Report: Sergey Klevoghin. CEH. Ethical hacking and penetration testing [video], [presentation RUS]

Visitors of the hands-on-lab learnt typical vulnerabilities of network protocols, operating systems and applications. The speaker described the sequence of different types of attacks on computer systems and networks and made recommendations to strengthen the security of computer systems and networks Students were immersed in a practical environment, where they saw how to really hack the system to subsequently be able to anticipate possible actions of a hacker and successfully resist them.

Report: Travis Goodspeed. Exploiting radio noise with packets in packets. Video is available here from 03:10 p.m.

This talk showed peculiarities of PIP writing, including working examples for IEEE 802.15.4 and the Nordic RF low-power radios.


Report: Alexey Yudin. ERP as viewed by attackers. Video is available here from 03:00 p.m.
 [presentation RUS].

Report: Evgeniya Shumakher. A lazy way to find out your fellow worker's salary, or SAP HR security [video], [presentation RUS]

Report: Alexander Polyakov. SAP insecurity: the new and the best [video], [presentation]

This report focused on ten most interesting vulnerabilities of SAP systems from problems with encryption to bypassing authentication, and from easy mistakes to sophisticated attack vectors. A large proportion of vulnerabilities were presented to the public for the first time.

Hands-on-lab: Alexey Yudin. DIY SAP security [video], [presentation RUS].

Participants of this workshop learnt how to perform security assessment of SAP R/3 and NetWeaver systems (including application servers and infrastructure) by means of available tools.

Report: Mikhail Afanasyev. SCADA security. Web vector [presentation RUS]

Web Security

Hands-on-lab: Vladimir Lepikhin. Web application attacks. The basics. Video is available here from 09:00 a.m.[presentation RUS].

The mechanisms of attack on web applications, techniques and tools (specialized scanners, security, utilities, using the results of their work during manual analysis) used by violators were provided in a systematic form. Practical examples clearly demonstrated major weaknesses of web applications that make it possible to conduct attacks, illustrated by the shortcomings of the means of protection in use and methods to bypass them.

Report: Miroslav ┼átampar. DNS exfiltration using sqlmap [video], [presentation].

The speaker represented DNS exfiltration technique using SQL injection, described its pros and contras, and provided illustrative examples.

Report: Vladimir Vorontsov. Attacks against Microsoft network web clients [video], [presentation 1], [presentation 2].

The report covered methods of attacks on Internet Explorer users functioning as part of Microsoft networks. The considered attacks are aimed at obtaining confidential information about users both on remote servers (bypassing access policy restrictions) and local PCs.

Hands-on-lab:  Andres Riancho. Web 2.0 security. Advanced techniques [video], [presentation]

The hand-on-lab covered protection techniques against attacks exploiting XML and HPP/HPC, as well as Click Jacking and Session Puzzling.

Report:  Sergey Scherbel. Not all PHP implementations are equally useful. Video is available here from 04:00 p.m. [presentation].

The reporter considered detected security problems and operational features of Web applications using third-party implementations of PHP and gave examples of 0-day vulnerabilities. 

Report:  Sergey Scherbel. Not all PHP implementations are equally useful. Video is available here from 04:00 p.m, [presentation]

Report: Thibault Koechlin. Naxsi, an open source and positive model based web application firewall [video], [presentation].

Report:  Aleksey Moskvin. On secure application of PHP wrappers [video], [presentation RUS].

Videos of demonstrations:

Report:  Vladimir Kochetkov. Hack an ASP.NET site? It is difficult, but possible! [video], [presentation]

The reporter presented examples of new 0 day attacks and possible exploitation techniques including a brand new type of Code Injection.

Mobile Security

Hands-on-lab:  Manish Chasta. Securing Android applications [video], [presentation 1], [presentation 2]

The talk briefed the audience on the techniques of discovering and mitigating vulnerabilities in any Android Mobile Application. In addition to this, the presentation covered Android rooting, SQLite database analysis, ADB and mobile server related threats. The audience also learnt about the proposed OWASP Top 10 for mobile applications.

Report:  Marcus Niemietz. Hijacking attacks on Android devices [video], [presentation]

Hands-on-lab:  Sergey Nevstruev. Practicalities of Mobile Security [video], [presentation RUS]

Report: Artyom Chaikin. Mobile device troyan in action [presentation RUS]
Videos of demonstrations: the first and the second.

Botnets Control

Report:  Maria Garnayeva. The techniques of putting a spoke in botmasters' wheels: the Kelihos botnet. Video is available here from 09:10 a.m. [presentation RUS].

Report: Alexander Lyamin. DDoS Surveillance HowTo. Part 2. Video is available here from 05:03 p.m.  [presentation].

Report:  Fyodor Yarochkin and Vladimir Kropotov. Life cycle and detection of bot infections through network traffic analysis [video], [presentation]

Hands-on-lab:  Pierre-Marc Bureau. Win32/Georbot. Understanding and automated analysis of a malware [video], [presentation]. 

It is the first hands-on-lab in the world related to this botnet.

Issues Of Password Protection

Report:  Alexey Zhukov. Lightweight cryptography: resource-undemanding and attack-resistant. Video is available here from 12:00 p.m. [presentation RUS].

Report:  Dmitry Sklyarov and Andrey Belenko. Secure password managers and military-grade encryption for smartphone: Huh, really? Video is available here from 10:15 a.m [presentation].

Report:  Alexander (Solar Designer) Peslyak. Password security: past, present, future [video], [presentation].

The report addressed the issues of password protection in a historical perspective, as well as the prospects of authentication technologies in the near future.

Report:  Benjamin Delpy. Mimikatz to restore passwords for Windows 8 [video] , [presentation]

Hackers And Money

Report:  Aleksandr Matrosov and Eugene Rodionov. Smartcard vulnerabilities in modern banking malware. Video is available here from 11:07 a.m. [presentation].

The speakers described the study of the most common banking malware, as well as the discovery of interesting vulnerabilities by using two-factor authentication and smart cards. The report also covered techniques and tricks used by hackers to conduct anti-forensics.

Report:  Micha Borrmann. Paying with credit cards in the Internet can result in headache [video], [presentation]

Report: Nikita Shvetsov. Three new stories about attacks on remote banking systems [presentation].

Report: Dmitry Kuznetsov. Payment application security [presentation].

Practical Security

Hands-on-lab:  Boris Ryutin. Security without antivirus software [video].

Presentations: [first ], [second], [third], [fourth] (RUS).

The participants of this four-hour master class got basic knowledge of detecting Trojans in OS, learnt most recent Trojan development techniques for Windows (SpyEye, Carberp, Duqu), considered Trojans for Android and got acquainted with actual exploits (PDF, Java).

Report:  Dmirty Evdokimov. Light and dark side of code instrumentation [video], [presentation]

The reporter told about methods of instrumentation (Source Code Instrumentation, Bytecode Instrumentation, Binary Code Instrumentation).

Report:  Nikita Tarakanov and Alexander Bazhanyuk. Automated vulnerability detection tool. Video is available here from 05:00 p.m. [presentation].

Report:  Igor Kotenko. Program agent cyberwars [video], [presentation RUS]

Report:  Ulrich Fleck and Martin Eiszner. From 0-day to APT in terms of favorite framework [video] , [presentation 1], [presentation 2]

Report: Alexey Lafitsky. Defense of industrial control systems – a factor of mankind survival [presentation RUS]

Report: Alexey Sintsov. How to hack VMWare vCenter in 60 seconds [presentation]

Anonymous and LulZ

Report:  Jerry Gamblin. What we can (and should) learn from LulzSec [video], [presentation].

Report:  Haythem El Mir. How Tunisia resisted attacks by Anonymous. Video is available here from 02:10 p.m. [presentation ENG].

Other topics

Report: Evgeny Tsarev. Fraud prevention the way it is done in Russia [presentation RUS]

Report: Vasily Pimenov. Application of quantitative risk assessment against fraud in communication network [presentation RUS]

Report: Konstantin Mytkin. Smart technologies. Developer's point of view [presentation RUS]

Report: Alexandr Dorofeev. Social engineering technologies — is it difficult to "hack" people? [presentation 1 RUS], [presentation 2 RUS]

Round table: Dmitry Ershov. Human resources. Assembly instruction [presentation RUS]

P.S. All presentations are available on SlideShare.
You may learn how it was going on in Twitter making use of our hashtag #PHDays.


  1. Like this effective electronic equipments said in this post......hid lights are are really necessary for our vehicles................

  2. Actually excellent info! I’m also an expert in this topic so I can understand your effort.
    Clash of Clans Hack

  3. It was really a nice post and i was really impressed by reading this post.... SAP Business Workflow

  4. Thank you very much for this article, I read carefully each part. I have to admit that it contains a lot of interesting information. The whole article is very unique. Jungle Heat Hack

  5. There is noticeably a bundle to know about this. I assume you made certain nice points in features also.

    gastric cancer symptoms

  6. Thanks for the writeup. I definitely agree with what you are saying. I have been talking about this subject a lot lately with my brother so hopefully this will get him to see my point of view. Fingers crossed!

    Jungle Heat Cheats

  7. very nice put up, i actually love this web site, keep on it

    University of Hackers

  8. Hello, Neat post. There’s an issue along with your website in web explorer, could check this? IE still is the market chief and a large section of other folks will leave out your wonderful writing due to this problem.
    Crossy Road Cheats

  9. good post. Ne’er knew this, thankyou for letting me know.
    animal voyage cheats

  10. Thank you for this great website. I am trying to read some more posts but I cant get your blog to display properly in my Firefox Browser. Thank you again!

    castle clash cheats

  11. Yay google is my world beater helped me to find this great web site ! .
    deer hunter 2014 cheats

  12. Thanks for the information provided! I was researching for this article for a long time, but I was not able to see a dependable source.
    cat drinking fountain

  13. Some genuinely nice stuff on this website , I it.
    head soccer hack

  14. Thanks for the information provided! I was researching for this article for a long time, but I was not able to see a dependable source.

    Please visit to website to me :

  15. Thanks for your nice blog! Partnering closely with clients to custom design and implement comprehensive compensation and human resources Strategies that support an organization's culture and objectives.

  16. This comment has been removed by the author.

  17. Buy Custom Custom College Papers and experience unique Custom Essay Writing Company with your requirements or instructor’s instructions.

  18. kepuasan dalam bercinta bisa diraih oleh kedua pasangan asal selalu menjaga stamina sebelum beraktifitas seksual, namun akhir-akhir ini banyak wanita yang mengeluh karena banyak pria yang tidak bisa memberi kepuasan lantaran mereka mengalami disfungsi ereksi sehingga alat vital tidak dapat ereksi ketika mau berhubungan intim, dengan hadirnya pil biru asli cod di cikarang bisa memberikan segalanya bagi pasutri yang ingin mencapai klimaks ketika berhubungan badan baca seterusnya . kebutuhan biologis memang sangat penting untuk anda perhatikan karena jika sampai hal ini kita diamkan maka bisa mengakibatkan retaknya hubungan keluarga hingga dapat menimbulkan penceraian. jual permen soloco cod di karawang barat solusi terbaik bagi pria yang tidak bisa mengonsumsi jenis tablet karena rasanya yang pahit. permen soloco memiliki rasa coklat yang kebanyakan disuka oleh pria maupun wanita dengan rasa yang khas. klik disini . kini klg di semarang tengah banyak anda jumpai ditoko obat yang menjual obat-obatan khas untuk pria akan tetapi keaslian produk harus anda ketehaui sebelum anda membelinya ditempat tersebut info lebih lanjut .

  19. If you visit this website you will be able to hire the expert writers and editors who can provide you with an isntant help and can complete all types of papers.

  20. Watch online all the seriale online subtitrat in Romana in hd. daily share with you all the replays online in hd. clicksud

  21. Hi) This article helped me a lot in writing my essay. I work as a writer of academic texts and now I am writing this academic paper for the student and it was useful for me to read some more opinions. I think that you will be interested to read my text

  22. A person is inherent in passion, therefore, as soon as he turned into a social person free spins no deposit sign up, he immediately tasted all the charm of gambling entertainment. These entertainments brighten up the dull everyday life, supply an additional portion of adrenaline to the blood, add drive to life and tickle your nerves.


  23. This is file encryption software that uses the AES-256 standard.
    Encrypted files are available on all Windows, Android, and iOS devices, as well as Mac OS X and Linux.
    All files are individually encrypted and saved in a folder of your choice.
    Download it free from here:

  24. You will agree with me that women are generally synonymous to fashion. And one of the fashion Coach Handbags Clearance that women adore so much when they want to look fashionable and thus look beautiful, is fine looking attractive and quality New Air Jordan Shoes. Thus, in as much as women love putting on quality fine looking Cheap Air Force Ones, research has confirmed that women just don't throw money around like their opposite counterpart, so quality fine looking MK Outlet they prefer, but they also prefer buying them cheap. An increasing number of people these days are finicky about the kind of Air Jordan Sale they wear. While almost everyone wants to wear the latest Michael Kors Factory Outlet and trendiest Cheap Yeezys not many are prepared to shell out exorbitant amounts of money for these. Therefore, if you want to know insider secrets to buy cheap Coach Factory Outlet Online read on to know more. (Article Source From Coach Outlet Clearance Sale)

  25. It is important to seek perdisco accounting assignment help for students as these carry a lot of marks which is calculated in the final scorecard as well. The Perdisco accounting help service is quite affordable and the assignment experts, who provide perdisco accounting assignment help, have years of experience in their subjects and academic writing.

  26. Thanks for sharing this information. I have shared this link with others to keep posting such information to provide the best in class assignment help online at very affordable prices.
    Marketing Assignment Help
    Math Homework Help
    Nursing Assignment Help
    programming assignment help
    statistics homework help
    Finance Homework Help
    Business Plan Help

  27. This comment has been removed by the author.

  28. Now there are problems with pollution everywhere, people throw garbage anywhere and everywhere, without wasting our time cleaning and disposing of garbage, but we use a kind of service that quickly solves such problems and disposes of all garbage in the house and not only there, I think this what every person needs.

  29. Your work really inspires us. Keep up the good work and we will continue to support your web posts.

    Masonry Contractors Edmonton