RuCTF 2019: low-level security
Only a week left until RuCTF starts! Today we’re going to tell you about how information security is not just web, cryptography, reverse engineering, incident investigation, social engineering and pentesting but also a lot of different hardware! Most hardware-oriented talks in compilation from Alex-EXE.ru
We’ll start with the biggest part: Lev @shadowsoul from Hardware Village will take room 2021 for both days of the conference. He will talk about, show and tinker (along with you) with a lot of devices and technologies: from copying encrypted RFID-chips to hacking into barcode scanners.
What’s inside devices which we use every day? What do they hold, how can you look at it and understand it? G@l9 will tell you about it and show how you can change the firmware on the example of legendary Wi-Fi board TP-LINK 722n and Thinkpad T440p.
How about quests? This is the next point of this recommendation, and one of interactive ways to get acquainted in the topic. Quests in HackZone by Zen and Tuo from zenembed.com will help you understand what the heck those hardware things doing, solve puzzles, surpass others and payback for previous failures. And also, this is a great way to flex your muscles (and brain ones too).
Mechanical Keyboards… Sounds like something outta eSports? Then you definitely need to listen to a talk or two about them, since anyone who presses them buttons 24/7 gonna need them. from basic classifications, concepts, mechanisms and types to making your own from scratch with custom design, engineering, blackjack and hoo.. holes. For buttons. Anyway, on the stand you could see good and rare exemplars several of which you could touch and feel the difference between them and your run-of-the-mill keyboard. @THe2lb3oz4dr10grOfHedgehogs and @nipnull form MechCult and DC7495 will tell you about custom keyboards: why you need them, main principles of design, and how you can make one, with examples.
Egor @Xarlan Litvinov will take the stage for 3 (actually even more) talks! On the first day of the conference he will tell you about ZigBee protocols family, on the second day he will have talk about reverse engineering of Android apps for beginners and then will move to room 2118 where on 16:00 his talk about microcontrollers, device designing and even show you how to make software USB 2.0 sniffer!
Egor specializes on ICS and embedded devices security and is interested in development of different hardware things, intended for IoT security research.
He was programming manufacturing PLCs and have been in smart home projects for several years. If you’re interested in security of IoT (but of course, we all know that the S in IoT stands for Security), then go and take a look!
Besides, we are also interested in locks — the lowest-level security. You will have the chance to hear about lockpick, and try to pick a lock yourself. @nipnull, author of the Lockpick section will answer following questions: how the first famous lock break-in was made? Which types of lock there are and how they work? Backdoors, technical features, legality of physical pentest - it’s all there.
Also there will be a lot about Web by Digital Security, Mail.ru and c00kies, social engeneering by pranker Lexus, a bit about simplification of work with Hex Rays from Groke, Lockpick-section and quests in HackZone, non-technical talks by Dmitriy Sklyarov from Positive Technologies and Sergey Krasnov from USSC. And, of course, traditional battles and discussion about future of CTF in Russia! Full timetable is available on RuCTF.org
During the conference you can get spectator's badge at the entrance to Technopark, but to speed up the process, we've opened a way to register in advance. It's easy: enter your personal data on the site https://RuCTF.org/registration and just show the bar-code and immediately get the badge.