Конференция по ИБ — «ZeroNights» 2021.

Taras Ivaschenko – 2011_APP_SECURITY_2021:

Alexander Ermolov, Dmitry Frolov – Data-only attacks against UEFI BIOS:

Alexander Tarasikov – Exploring the Galaxy. Building emulators to find vulns in modern phones:

Alex Kovrizhnykh – Exploiting checkm8 with unknown SecureROM for the T2 chip:

Maxim Goryachy, Dmitry Sklyarov – How we achieved to execute arbitrary code inside Intel Atom CPUs:

Dima Turchenkov – LPE in Ring -3 / Intel ME:

Aleksei Tiurin – Weird proxies/2 and a bit of magic:

Andrey Zhukov – Lateral movement automation:

Ivan Agarkov – 8 ways to spy on your consoles:

Unnamed user, ValdikSS – Trojans and backdoors in feature phones sold in Russia:

Max Dmitriev – Apache 0day bug, which still nobody knows of, and which was fixed accidentally:

Pavel Sorokin – PD%00:

Nikita Stupin, Sergey Bobrov – New ways to alert: Prototype Pollution:

Paul Axe – JVMyachni Otake:

Denis Rybin – Metrics in practice:

Denis Efremov – CVEhound: check Linux sources for known CVEs:

Dmitriy Evdokimov – Container escapes: Kubernetes edition:

Ilya Zuev – IPMI backdoor not with your own hands:

Vatclav Dovnar – Open Source DevSecOps: Tempest in a teapot:—9Q

Alex Savelyev – Server exploitation of Prototype Pollution vulnerability:

Aleksandr Kolchanov – Thank you for using URL shorteners: I know everything about your clients now:

Dmitriy Teryoshin – The invisible hand of AppSec in release builds:

Alexander Barabanov – Attacking the microservice applications: methods and practical tips:

Alexander Popov – Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG:

Alexey Morozov – Hacker adventures on dating websites: