On the second day of the conference Sergey Krasnov, the the head of the USSC Safety analysis department, will speak on the topic "Work of pentesters team".
He will tell about everyday work of a pentester: what problems he faces, what interesting is in his work. Also he will answer the main question: why should you do it?
The format of the speech is several interesting life stories with technical peculiarities and other inside details!
He will tell about everyday work of a pentester: what problems he faces, what interesting is in his work. Also he will answer the main question: why should you do it?
The format of the speech is several interesting life stories with technical peculiarities and other inside details!
We continue to introudce you our speakers! On the first day of the conference Denis Rybin and Ilja Bulatov from Digital Security will tell us about security in web.
During his talk "Useful Burp Suite plugins and another tips and tricks" Denis will show us how we can use Burp Suite in 2019 effectively, quickly tells us about base functionality and delve into the most interesting, in his opinion, fresh plugins.
During the speech you will learn what useful checks cover the plugins which were mentioned, how they let you optimize the work with the area of the attack, and also what drawbacks they have.
During the speech you will learn what useful checks cover the plugins which were mentioned, how they let you optimize the work with the area of the attack, and also what drawbacks they have.
Right after Denis, Ilja will give a speech "From memory leak to RCE: how dangerous can be processing of mediafiles".
The speech is devoted to the analysis of attacks on web apps, which process media files. You will learn what unsafe processing of images, video/audio files, documents and archives may lead to, and also you will see the examples of exploitation of vulnerabilities.
You will see XXE-attacks in XML-documents, why ImageMagick and ffmpeg are security holes, attacks through MetaData of media files, tools for exploitation of vulnerabilities in processing media files.
The speech is devoted to the analysis of attacks on web apps, which process media files. You will learn what unsafe processing of images, video/audio files, documents and archives may lead to, and also you will see the examples of exploitation of vulnerabilities.
You will see XXE-attacks in XML-documents, why ImageMagick and ffmpeg are security holes, attacks through MetaData of media files, tools for exploitation of vulnerabilities in processing media files.
After lunch they will go to room 2077 to give speeches "Comfortable SSRF exploitation" and "Deserialization vulnerabilities and their exploitation in various programming languages".
Only a week left until RuCTF starts! Today we’re going to tell you about how information security is not just web, cryptography, reverse engineering, incident investigation, social engineering and pentesting but also a lot of different hardware! Most hardware-oriented talks in compilation from Alex-EXE.ru
https://teletype.in/@ructf/SyBA6YP54
https://teletype.in/@ructf/SyBA6YP54
Teletype
RuCTF 2019: low-level security
Only a week left until RuCTF starts! Most hardware-oriented talks in compilation from Alex-EXE.ru
What happens when you type google.com in a browser and press Enter? And what happens when you press the button "Sign in with Google" in the browser? Two of our speakers - Mauro Tempesta from the team bacaro_tour and Nikita Stupin from Mail.ru - know well the answer to the second question. Nikita will tell us about vulnerabilities OAuth 2.0 on moble devices and also he will show the most common and crucial vulnerabilities of usual OAuth 2.0, the mechanisms of defense and typical mistakes of developers. Mauro will present WPSE - a browser-side security monitor for web protocols which helps to prevent attacks on OAuth and SAML and to find vulnerabilities in different implementations of OAuth and its analogues.
In case you need it, the answer to the first question is here:
https://github.com/alex/what-happens-when
And you can register for the conference here:
https://ructf.org/registration/
In case you need it, the answer to the first question is here:
https://github.com/alex/what-happens-when
And you can register for the conference here:
https://ructf.org/registration/
We now have a hotline!
+7 999 565 55 35
You can call us at any time of night and day and ask us anything that may concern you.
Mobile connection for foreign teams in Russia and our hotline is provided by MegaFon, we really appreciate that!
+7 999 565 55 35
You can call us at any time of night and day and ask us anything that may concern you.
Mobile connection for foreign teams in Russia and our hotline is provided by MegaFon, we really appreciate that!
We will spend first two days of RuCTF in Ural Hi-Tech Park! This place is great for conferences: big hall, separate rooms for workshops and round table.
We understand that it is quite far away from city center, and have a solution to this problem. We've set up free buses going from the center.
You can get on it in the morning at Ural Opera Theater and Square 1905 station and get back in the evening.
Exact position of the bus stops is on the map: ruc.tf/map. There will be volunteers waiting on them with RuCTF signs.
We understand that it is quite far away from city center, and have a solution to this problem. We've set up free buses going from the center.
You can get on it in the morning at Ural Opera Theater and Square 1905 station and get back in the evening.
Exact position of the bus stops is on the map: ruc.tf/map. There will be volunteers waiting on them with RuCTF signs.
In the middle of the day you can use bus №25 from the city center. It costs 28₽, you can pay with cash or PayPass/PayWave/Apple Pay/Google Pay.
Good morning!
RuCTF will starts today! You can get badge from 10:00 till the end of the day.
Opening ceremony will take place at 11:00 in Conference Hall, full timetable is here: https://ructf.org/events
Just to remind you: hotline is +7 999 565 55 35 and buses’ timtable is here: https://news.1rj.ru/str/RuCTF_En/432
RuCTF will starts today! You can get badge from 10:00 till the end of the day.
Opening ceremony will take place at 11:00 in Conference Hall, full timetable is here: https://ructf.org/events
Just to remind you: hotline is +7 999 565 55 35 and buses’ timtable is here: https://news.1rj.ru/str/RuCTF_En/432
The opening ceremony of RuCTF in conference hall on the second floor is already in motion!
Tour around technopark, launches of workshops and start of the conference awaits you after several welcoming words.
If you still aren't here, pick up your badge at registration table and hurry over here!
Tour around technopark, launches of workshops and start of the conference awaits you after several welcoming words.
If you still aren't here, pick up your badge at registration table and hurry over here!
Right now, a tour of the Hi-Tech Park for the participants of the event from Nuriev Marat Ravilovich!
Await in the coffee break area.
Await in the coffee break area.
If you could not come to our conference, watch the broadcast on YouTube!
Link: https://www.youtube.com/watch?v=udcQ6Kaz_Ho
First report is at 12.30.
Link: https://www.youtube.com/watch?v=udcQ6Kaz_Ho
First report is at 12.30.
First talk of the conference is "Useful Burp Suite plugins and another tips and tricks", Denis Rybin, Digital Security
It will happen in the conference hall
Or watch the stream: https://www.youtube.com/watch?v=udcQ6Kaz_Ho
It will happen in the conference hall
Or watch the stream: https://www.youtube.com/watch?v=udcQ6Kaz_Ho