ZeroNights Defensive track — ZeroNights 2019
ZeroNights Defensive track

On the first day of the conference, Nov. 12, there will be the Defensive track supported by Yandex. It will be presented in the «Sputnik» hall of the A2 Green Concert. 

Now, let’s move to the reports of this track.

Andrey Belenko — «(Why) We Still Fail at Cryptography in 2019» [45 min]

Companies big and small – and even those with security as their core business – regularly fail at doing cryptography right. In this talk, you will take a look at the most notable cryptographic failures of recent years, try to understand what typically goes wrong, and find out what can be done to prevent similar problems from occurring.

Pavel Kargapoltsev — «Stories and lessons from daily incident response practice»  [45 min]

Welcome — DFIR practice is shared! Two interesting incident response cases will be described with the lesson learned. The talk is about the outlines from the analyst report on DFIR practice through 2018.

Kirill Demyanov — «Building CyberSecurity Platform based on Open Source» [45 min]

Want to learn how to build a Cyber Security platform based on open source and what technology to use? Kirill will share his experience with you.

Igor Grachev, Evgeny Sidorov — «Improving application security and exploitation detection with AppArmor & Osquery» [45 min]

You’ll get an insight into how to successfully use AppArmor (Linux kernel level protection mechanism) in the production environment to protect both customers and the Yandex.Cloud platform and implement a «defense-in-depth» approach. 

Andrey Skablonsky — «Threat hunting in сall trace» [30 min]

Andrey will speak about call stack practical implementation in Windows and will demonstrate how to use it to get the additional context of software behavior. He will also give an insight into how to detect anomalous behavior and use this data for incident management with the help of the stack.

Andrey Abakumov, Andrew Krasichkov — «Blue Team’s approach to discovering ‘secrets’ in code» [30 min]

Any company uses a wide variety of both internal and external factors (aka «secrets»). Sooner or later, in a repository, their number per square byte of code exceeds all limits.

Researchers will share a blue team’s view on the problem as well as our successes and failures.

Following the Defensive track reports, the speaker party starts — at 7 p.m. Please, order your ticket in advance. You will be allowed to enter if you have “Standard tickets and entrance to speaker party” type of tickets.

Share on social networks