The presentation would contain information about modern methods of user uniqueness and their further identifying, such as WebRTC Fingerprint, WebGL Fingerprint, Canvas Fingerprint, ClientRect Fingerprint, AudioContext Fingerprint, Ubercookies Fingerprint, GPU fingerprint and many other matching methods. Would be described a fraud-preventing using these methods, detecting multi-account usage, explained forensics usage and cybercrime investigation methods, and of course ad-targeting. Practical part...
This research provides an insight to bypassing two factor authentication mechanisms in multiple ways. The goal is to demonstrate theoretically as to how common two factor authentication protected systems can be bypassed using simple techniques. This has been done by examining many systems and a practical approach has been utilized in order to dig out realistic methodologies which can...
During the session we will go through different methods of exploiting file upload pages in order to trigger Remote Code Execution, SQL Injection, Directory Traversal, DOS, Cross Site Scripting and else of web application vulnerabilities with demo codes. Also, we will see things from both Developers and Attackers side. What are the protections done by Developers to mitigate file...
Every large enterprise company makes external penetration tests and security audits. There are a lot of different drivers for such projects and corresponding approaches for it. We will go through the whole assessment lifecycle from the pre-engagement activities till the final report delivery in 120 minutes.
In the wake of one of the most destructive cyber attack in the history of Ukraine, NotPetya / EternalPetya, we will analyze the factors that contributed to the rapid infection growth, and why security solutions, including antiviruses, could not stop the attack. We will consider the cyber attacks of the cryptolockers XData and WannaCry.NET, which preceded the attack on...
Ukraine is usually listed in the top 10 countries, where hacking attacks are sourced from. However, Ukrainian enforcers are far from being in the top 10 best hacker's catchers. There are funny, sad, very well known, interesting and boring cyber-crimes cases in Ukraine. Dima was engaged in the few of them: as attorney-at-law for victim CitiBank and a Swiss...
Many companies rely on IT Security technologies that focus on detecting attacks, rather than preventing them. This fragmented approach focuses on remediation - after the damage has already been done! It’s time to change the course of action and apply a new architecture that is focused on prevention.
Nowadays almost every organization in addition to the official web site has mobile applications to provide services to mobile users. At the same time, unlike traditional web sites, which mostly use ready-made frameworks, with patched vulnerabilities, the mobile API is often designed separately for each project. This approach inevitably leads to various kinds of errors and the lack of...
Blockchain is a new technology that emerged with Bitcoin appearance in 2008. In recent years it gained significant popularity and nowadays considered as disruptive for the financial world. However, with the growth of popularity, the amount of various attacks on blockchain systems has also increased. In the talk it is given a blockchain technology overview, discussed the most significant innovations...
I will demonstrate a procedure to perform Bitcoin transactions using Electrum wallet on a personal computer booted into Tails live system, switching to offline mode before entering the private key. While it's not as secure as airgapped machine, it doesn't require having a separate device for a wallet, and more secure than using Bitcoin on a typical desktop OS.
Is it possible that a software bug could kill a man? The role of software security and reliability in man-made world is growing every day. This importance is highlighted in this speech. Today software and computers used in every part of our life: healthcare, finance, transport, logistics, and more. Is it possible to lose money due to insecure and...
Security Requirements Engineering The software security depends largely on how the system was designed, developed and deployed, so at this time it is necessary to take into account the security requirements already at the stage of requirements development and software design. There are some different approaches to security requirements engineering, each of them has its
Preventing Loss of Personal Data on a Mobile Network   Short bio 5+ years in Corporate IS Security
Every day hundreds of millions of people are immersed in a virtual space for exchange of the various kinds of information. How safe are popular networks for instant data exchange and what threats do they contain? What are the consequences of using mass networks without observing information hygiene? New generation of decentralized encrypted networks as a reliable solution for...
Now I'm only engaged in system marketing and growth hack experiments at OneBox company group. Built stream 1200-1800 leads per day. Billing system developer for telecoms and hosting providers at the past. Then the architect and product manager at OneBox CRM + ERP. I put his hand, leg, brain and kidneys to about 1200 different ecommerce and CRM projects.
Possible ways to earn money, advantages of cryptocurrency Hacken.
The main protection issues of state and private enterprises. The role of cybersecurity within the framework of recent events