About event

We're happy to announce that BSides Odessa Security Conference will NOT be happening.

Instead, we've prepared for you BSides Odessa HACKER PARTY 2017! The talks will be awesome, but if you're looking at them to decide whether to go or not, then you've missed the point! This party is about FUN and SO MUCH more than just the talks :)

If there ever was a time to get your shit together and travel to Odessa, it's now!

As some may remember, last year after the conference part of Bsides Odessa, the main event took place - an all-night long after party! We rented a 4-floor house with barbecue, billiards, sauna, two DJs and lots of booze to provide the relaxed environment where real quality time and communication happens.

Well, forget that lame event :) We've learned since then, and this year OWASP Odessa and SoftSeq have prepared something really special for the cyber-security community.

The Party will run for 24 hours non-stop - between noon of Saturday, July 1st and noon of Sunday, July 2nd.

BSides Odessa 2017 will be held at a bitchin' 1200 (!) square meter mansion, with radio-shielded underground cinema serving as a conference hall! (1.7 meters thick steel-reinforced concrete walls)

There's a sauna and the Black Sea is only 500 meters away, 10 minutes of relaxed walking, so grab your swimsuits - you'll have plenty of time to use them the next day, on Sunday.

It's expected to host no more than 50 attendees, making it small, warm and cosy for you introverts out there.

BSides Odessa strives to be an informal, community event where attendees may exchange and broaden their knowledge, as well as make some friends based on a common interest - computer security.

Entrance is free, conditional on your registration CTF progress. And it's easy - last year, 44 out of 50 attendees paid nothing. Registration process is anonymous and provides access to the event's address, as well as to the CTF.

As always, in an attempt to neutralize the gender imbalance in cyber-security field, entrance for girls is free and unobstructed. For the event's address, please write us at [email protected]

Registration





Talks

  • Max Max Pwning Apple Watch
    Max will demo a jailbroken Watch stealing user data - messages, contacts, GPS - from a non-jailbroken iPhone and without any indication. This talk will cover a sequence of vulnerabilities and exploitation details that were used for initial kernel memory dump, sandbox bypass, kernel level ASLR bypass and code execution, and finally setting up an SSH server on the watch. It will also focus on techniques used in the process of creating an Apple Watch jailbreak, including kernel symbolication tools, patchfinder and a kernel structures analyser.

    Max is a Staff Security Researcher at Lookout with more than 10 years of experience in mobile security, penetration testing, and reverse engineering of mobile/desktop applications and protocols.

  • Dima Dima Virtual iPhones: reversing and fooling Apple Push and iPhone activation services
    Ticketmaster, the largest ticket sales platform for musical and sports events in North America, replaced CAPTCHAs in its iOS app with an anti-bot mechanism based on Apple Push. This system was in use for a year.

    This talk will detail the successful bypass of this mechanism, and its two main steps - (a) reversing Apple Push and implementing it in Python; (b) making Apple servers believe we own a gazillion iPhones (with a demo, if we're lucky).


    Dima is a freelance researcher with over 20 years of experience in reverse engineering of applications and network protocols. As of late, he reverse engineers mobile applications and system components (Android/iOS), analyses Android malware, and successfully finds vulnerabilities in both iOS apps and the iOS itself.
  • Artem Artem Practical static and polymorphic exe protectors
    In this talk, Artem will share his experience researching and writing static and polymorphic exe protectors. If time permits, with a hands-on demo.

    Professional C/C++ developer working on embeded low-level systems and esoteric protocols. Keen on reverse engineering and generally finding holes in code and protocols.
  • ximerus ximerus EternalBlue - technical analysis
    This talk will sport a detailed technical breakdown of the NSA's hottest shadow-brokered exploit of 2017 yet - EternalBlue, including its applications and consequences. We'll also touch upon the future of government-funded security research, exploit development and weaponization.

    Ximerus is a freelance reverse engineer, former malware analyst, and an active security community member and an admin of reverse4you.org forum.
  • Sergei Sergei All your metadata are belong to us
    This talk will go into DPI and why powerful entities - governments, corporations and service providers - fight for the metadata about YOU, 1984 style.

    Sergey has got 20+ years of experience in low level programming, contributing code to Linux and OpenBSD as a pastime activity. Sergey is interested in security and works with high availability and high loaded web services.
  • Oleksii Oleksii Forensic analysis and how to foil it
    Have you ever left some tracks of your pentest or attack? Have you ever been tracked or searched by special services? Here you'll learn about about latest detection techniques and the ways to avoid them.

    Oleksii is a Dean of Kyiv Cyber Academy, Associate Professor at KPI and ISACA Academic Director. He has a lot of experience in penetration testing, forensic investigations, got related international certifications.
  • %username% %username% Lightning talks: 5 to 10 minutes long
    This section is open to everyone and does not require preparation in advance.

    Here YOU are invited to share some fun, success and, maybe even more importantly, failure stories you've had. The stories too short for a 1-hour slot that are still worth telling are welcome here!

Agenda

  • Talks

    • 12:00 - 13:00 Registration and welcome beer
    • 13:00 - 13:30 Ximerus
      EternalBlue - technical analysis
    • 13:30 - 14:30 Max
      Pwning Apple Watch
    • 14:30 - 15:30 Lunch time
    • 15:30 - 16:30 Artem
      Practical static and polymorphic exe protectors
    • 16:30 - 17:30 Dima
      Virtual iPhones: reversing and fooling Apple Push and iPhone activation services
    • 17:30 - 18:00 Beer break
    • 18:00 - 19:00 Alexei
      Forensic analysis and how to foil it
    • 19:00 - 20:00 Sergei
      All your metadata are belong to us
    • 20:00 - 23:00 noon Sunday Various alcompetition, sauna, beach party and quality time
    • 23:00 - 12:00 noon Sunday Beach party, sauna and quality time
  • Alcompetitions

    • 14:30 - 20:00 Hacker jeopardy - open qualifications
      An open to all algorithmic programming compo, whose idea has been shamelessly stolen kindly borrowed from DefCon and modified. Only C and Python submissions allowed.
    • 20:00 - 20:30 Hacker jeopardy - open qualifications results
      Winners will be celebrated, while the stage is set up for the 1x1 finals. Top 2 qualification round participants will advance.
    • 20:30 - 21:30 Hacker jeopardy - 1x1 finals
      Console-only coding in C and Python. Console streamed to main projector. Incorrect submissions are punishable with shots of alcohol.
    • 21:30 - 22:30 SQLi 1x1 blitz rounds
    • 22:30 - 23:00 Denial of Service 1x1 blitz rounds

Organizers

  • SoftSeq

About BSides

Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time.

BSides creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

© Odessa 2017