Saturday, May 1, 2010

The RusCrypto’2010 Conference

Last month, the 12th international conference RusCrypto’2010 devoted to the modern cryptology methods, digital signature technologies, and information security systems and tools went off.

The RusCrypto conference represents a place where cryptography and information security experts can communicate. Developers and their potential customers, scientists and officers, specialists of business corporations and public institutions take part in this event. The RusCrypto covers theory and practice, includes presentation of innovative technologies and exchange of views.

This year, the company has extended the cooperation format: in addition to organization of "the Internet and Information Security" breakup group and informational support of the RusCrypto’2010 conference, the Positive Technologies team has arranged a CTF competition, which was held for the first time within the bounds of the conference, and participated in the new breakup group called "Penetration testing internal".

At the conference, the Positive Technologies experts Sergey Gordeychik, Dmitry Evteev, and Sergey Rublev made reports for the following breakup groups: "The Internet and Information Security", "Penetration testing internal", "Reversing. Executable Code Analysis and Protection Methods".

The moderator of "The Internet and Information Security" breakup group Sergey Gordeychik (the Positive Technologies technical director and a Web Application Security Consortium director) made an overview of current and prospective WASC projects and analyzed the examples of applying the developed documents and taxonomies to real projects.

The speech by Dmitry Evteev, a security expert of the Positive Technologies company, was devoted to penetration testing, which is a world-popular service in the field of information security. Dmitry analyzed the main issues of penetration testing in the terms of organization, methodology, and techniques. The examples of real projects were given and their application within the bounds of enterprise strategies of information security development was considered.

Sergey Rublev, a security expert of the Positive Technologies company, considered general issues of the PDF structure and markup, as well as the problems of PDF security: the potential of active document contents and injection of malicious code. Special attention was paid to the efficiency of various modern methods of antivirus protection bypassing; statistical data on malicious code detected in PDF documents by antivirus products that are most popular at the Russian market were given.

Within the bounds of the RusCrypto’2010 conference, a RusCrypto CTF competition was held for the first time. The RusCrypto CTF is an open student competition in information security based on the Capture The Flag (CTF) principles. The Positive Technologies company was one of the competition organizers.

Over 30 students representing six teams participated in this competition. The first place was taken by the CIT team (St. Petersburg State University of Information Technologies, Mechanics and Optics). The second and the third places were taken by the HackerDom team (Ural State University named after A.M. Gorky, Yekaterinburg) and the Bushwhackers team (Moscow State University), respectively.
The event organizers were satisfied by the results and intend to develop this initiative in the future.

According to Sergey Gordeychik, the Positive Technologies technical director, the chief aim was attained, because the competition took place and was held at a high level: "The competition tasks were based on real vulnerabilities and incidents. It is gratifying to understand that the participants managed to detect more than half the bugs in such severe and even stressing conditions. This indicates excellent practical skills of the participants in the field of information security". Sergey also noted that the level of the teams’ attainment was very high and exceeded the organizers’ expectations.

1 comment: