All-Ukrainian Hackers Battle and
Cybersecurity Forum

Date

October, 7th

Venue

Kharkov, Fabrika.space

Time

9:00 - 19:00

About

HackIT - the most prominent event for hackers and highly qualified computer specialists. The goal of the event is to identify problems and solutions in a constant information warfare, and to prepare highly qualified specialists, which is an important strategic direction for both private organizations and for Ukraine as a whole.

IT Specialists

Hackers

Security Professionals

Companies that care about their security

Speakers

Nick Bilogorskiy at HackIT-2016

Nick Bilogorskiy

Founding team at Cyphort

Andrew Auernheimer at HackIT-2016

Andrew Auernheimer

Wandering prophet

Alfonso De Gregorio at HackIT-2016

Alfonso De Gregorio

Founder of Zeronomicon

Alex Starov at HackIT-2016

Alex Starov

Security & Privacy Researcher, PragSec Lab

Nick Klymenko at HackIT-2016

Nick Klymenko

CTO, Spinbackup

Aleksey Yasinskiy at HackIT-2016

Aleksey Yasinskiy

Head of Cyber Lab / ISSP

Video Invitations

Hackers Battle

Hackers battle will take place in the format of CTF(capture the flag) game in 2 stages:

23.09 - 02.10

Quals

task-based/jeopardy

06.10.2016

Final

task-based/jeopardy + online quests

The game will be team-based. The team should consist of 2-5 people. The best 10 teams will be invited to the Final. The winners will receive valuable prizes.

Startup Competition

The first Ukraine's startup competition in the field of information security

This is your unique opportunity to show your professionalism and receive further support for the development of your project

Applications are due to September 30, the best teams will be selected on October, 1st, and will be given the opportunity to show their projects to the mentors. The best participants will receive prizes and further support.

APPLY

WHY CYBERSECURITY
MATTERS To EVERYONE NOWADAYS

Ukraine is at the stage of information warfare

A lot of people become developers just for the money, not many of them care about the security issues

Informatization is just on its rise
Even people lives depend on IT these days

Losses caused due to hacking are rising in a geometric progression

Program

HALL

09:00 - 10:00
Registration

RED HALL

10:00 - 10:30
Opening Remarks
10:30 - 11:00

Andrew Auernheimer

Wandering prophet

Kharkov, Ukraine

Hacktivism for profit and glory

Using technology offensively and profitably against world powers and major corporations. Highlighting real world attacks against Fortune 500 companies like AT&T, Apple, and Amazon and world governments.

11:00 - 11:30

Nick Bilogorskiy

Founding team at Cyphort

San Francisco, USA

Silicon Valley Days. Nick's story, fighting hackers and inventing cybersecurity products.

Nick will cover the war stories of a security researcher in Silicon Valley. He will discuss how enterprise companies fight malicious hackers trying to penetrate their networks. He will tell his own story on how he went from defending world's largest social network to inventing cybersecurity products. Also he will touch on the latest top trends in cybersecurity.

11:30 - 12:00
COFFEE BREAK
12:00 - 12:30

Alfonso De Gregorio

Founder of Zeronomicon

Milan, Italy

Узнать подробней

Vulnerabilities and Their Surrounding Ethical Questions - A Code of Ethics for the Private Sector

Zero-­day vulnerabilities — weaknesses in software that are unknown to the parties who can mitigate their specific negative effects — are gaining a prominent role in the modern­-day intelligence, national security, and law enforcement operations. At the same time, the lack of transparency and accountability in their trade and adoption, their possible overexploitation or abuse, the latent conflict of interests by entities handling them, and their potential double effect may pose societal risks or lead to breach of human rights. If left unaddressed, these usage-related challenges call into question the legitimacy of zero-day vulnerabilities as enablers of national security and law enforcement operations and erode the benefits that their proportionate use have for the judiciary, defence, and intelligence purposes. This work explores what the private sector involved in the trade of zero-day vulnerabilities can do to ensure the respect human rights and the benign and societally beneficial use of those capabilities. After reviewing what can go wrong in the acquisition of zero-day vulnerabilities, the article contributes the first code of ethics focused on the trade of vulnerability information, where the author sets forth six principles and eight corresponding ethical standards aimed respectively at guiding and regulating the conduct of this business.

12:30-12:40 COFFEE BREAK
12:40 - 13:10

Aleksey Yasinskiy

Head of Cyber Lab / ISSP

Kyiv, Ukraine

Узнать подробней

Modern cyber attacks investigation experience. BlackEnergy

24/10/2015, the "Company" was attacked, during the investigation of this incident some malicious activity was detected not only at this company. The presentation covers analyzed methods and tactics of penetration into the victim's infrastructure. Also the results of this investigation is covered in the report.

13:10-13:20 COFFEE BREAK
13:20 - 13:50

Alex Starov

Security & Privacy Researcher, PragSec Lab

New York, USA

Узнать подробней

How to do Research in Cybercrime? Part 1

Cybercrime is a special direction in computer security and privacy research. It unites works that investigate different attack or fraud scenarios, analyze malicious ecosystems, detect attackers and study their methods with the aim to develop effective countermeasures. In the current talk I will provide guidelines on how to do research in such a detective field, based on examples from our papers. For instance, I will describe our large-scale study of malicious web shells and how we could detect victims and attackers around the globe, how we used social engineering skills to investigate the ecosystem of technical support scams, and more. My goal is to encourage InfoSec people to brainstorm ways of investigating and preventing cybercrimes, to show that such valuable research does not always require enormous resources and collaborations, but just understanding the technology and connecting dots. The talk is planned to have a light workshop style with elements of collective brainstorming (laptop is not required). We will cover 3 lessons, each highlighting useful methods, tools and skills. Language: Russian.

13:50-14:00 COFFEE BREAK
14:00 - 14:30

Alex Starov

Security & Privacy Researcher, PragSec Lab

New York, USA

Узнать подробней

How to do Research in Cybercrime? Part 2

Cybercrime is a special direction in computer security and privacy research. It unites works that investigate different attack or fraud scenarios, analyze malicious ecosystems, detect attackers and study their methods with the aim to develop effective countermeasures. In the current talk I will provide guidelines on how to do research in such a detective field, based on examples from our papers. For instance, I will describe our large-scale study of malicious web shells and how we could detect victims and attackers around the globe, how we used social engineering skills to investigate the ecosystem of technical support scams, and more. My goal is to encourage InfoSec people to brainstorm ways of investigating and preventing cybercrimes, to show that such valuable research does not always require enormous resources and collaborations, but just understanding the technology and connecting dots. The talk is planned to have a light workshop style with elements of collective brainstorming (laptop is not required). We will cover 3 lessons, each highlighting useful methods, tools and skills. Language: Russian.

14:30 - 15:30
Lunch
15:30 - 16:00

Larisa Matveeva

Head of Legal Center "Alfa-Omega

Kharkov, Ukraine

Узнать подробней

Hackers and criminal responsibility: how to avoid negative consequences

The report is discussing possible recognition of the illegal actions of individual IT-specialists, giving the real practical advice on how to protect themselves during the investigation and analyzing the current judicial practice in this area.

16:00-16:10 COFFEE BREAK
16:10 - 16:40

Andrei Avădănei

CEO BIT SENTINEL

Bucharest, Romania

Узнать подробней

Turning Honeypots into an Offensive Toolkit to Secure Critical Assets

When you deal with critical information, wealth, complex infrastructures or you're a product provider for casual users, you must be ready for worse and take proactive measures in order to defend and prevent incidents from damaging your network, assets, reputation or leak sensitive information. In any kind of attack, there is a short amount of time when attackers are most vulnerable. The talk will introduce several perspectives and also examples of how we can fingerprint, misguide or counter-attack the intruder. We will also discuss about IoT, honeypots, offensive approaches, APTs, malware and multi-layered counter-attacks and minimal requirements to protect your devices against "cyber slavery".

16:40-16:50 COFFEE BREAK
16:50 - 17:20

Dmitriy Momot

Independent researcher

Kharkov, Ukraine

Узнать подробней

Modern ways of cellular networks hacking, possible consequences and protection methods. Exploitation of SS7 network vulnerabilities and cellular site mimicry. Part 1

"During my presentation I’ll describe some modern ways of cellular networks hacking, such as exploitation of SS7 network vulnerabilities and cellular site mimicry. Unfortunately, first designers of cellular networks who developed them in 80-th of the last century were thinking about quality, about cost and accessibility, but not about security at all. Very few of cellular network user know that nowadays any more or less experienced hacker is able to access your calls, text messages and your GPS location. Usually the purpose of these attacks is getting some private information about calls and messages and a user location tracking. Besides of the passive information collection these attacks could be the a part of accessing victim’s bank accounts credentials and data, or some confidential information linked with the phone number, e.g. popular instant messengers. If I’ll be allowed I would like to demonstrate one of typical attacks on other conference participants. The cellular site mimicry attack requires being placed in the came cell with the victim, however, attacks using SS7 network vulnerabilities could be performed even from the different country. Also, the typical end-user could do nothing with SS7 network vulnerabilities, but really efficient defence methods against cellular site mimicry exist, which also will be described in my presentation. In conclusion, I’ll tell about protected alternatives to SS7 networks."

17:20-17:30 COFFEE BREAK
17:30 - 18:00

Dmitriy Momot

Independent researcher

Kharkov, Ukraine

Узнать подробней

Modern ways of cellular networks hacking, possible consequences and protection methods. Exploitation of SS7 network vulnerabilities and cellular site mimicry. Part 2

"During my presentation I’ll describe some modern ways of cellular networks hacking, such as exploitation of SS7 network vulnerabilities and cellular site mimicry. Unfortunately, first designers of cellular networks who developed them in 80-th of the last century were thinking about quality, about cost and accessibility, but not about security at all. Very few of cellular network user know that nowadays any more or less experienced hacker is able to access your calls, text messages and your GPS location. Usually the purpose of these attacks is getting some private information about calls and messages and a user location tracking. Besides of the passive information collection these attacks could be the a part of accessing victim’s bank accounts credentials and data, or some confidential information linked with the phone number, e.g. popular instant messengers. If I’ll be allowed I would like to demonstrate one of typical attacks on other conference participants. The cellular site mimicry attack requires being placed in the came cell with the victim, however, attacks using SS7 network vulnerabilities could be performed even from the different country. Also, the typical end-user could do nothing with SS7 network vulnerabilities, but really efficient defence methods against cellular site mimicry exist, which also will be described in my presentation. In conclusion, I’ll tell about protected alternatives to SS7 networks."

12:00 - 12:30

Vladimir Kravchenko

JSC "Institute of Information Technology

Kharkov, Ukraine

Узнать подробней

Practical aspects in listening devices search

The report will be considered modern listening devices and ways of protection against them, the risks and the application trends, as well as methods for their detection. Also the actual equipment itself and the search process of embedded devices will be demonstrated.

12:30-12:40 COFFEE BREAK
12:40 - 13:10

Oleksii Misnik

Security Engineer, Tonic Health

Kyiv, Ukraine

Узнать подробней

USB devices for pentest. Part 1

USB devices such as keyboards and mice can be used to hack into personal computers in a potential new class of attacks that evade all known security mechanisms. I will show all types of usb attacks and you will see usb attacks effectiveness on practice .

13:10-13:20 COFFEE BREAK
13:20 - 13:50

Oleksii Misnik

Security Engineer, Tonic Health

Kyiv, Ukraine

Узнать подробней

USB devices for pentest. Part 2

USB devices such as keyboards and mice can be used to hack into personal computers in a potential new class of attacks that evade all known security mechanisms. I will show all types of usb attacks and you will see usb attacks effectiveness on practice .

13:50-14:00 COFFEE BREAK
14:00 - 14:30

Oleksii Baranovskyi

CEO, Kyiv Cyber Academy

Kyiv, Ukraine

Узнать подробней

CyberSecurity education in Ukraine: problems, issues, goals, perspectives

"This track is devoted to consideration of cybersecurity and related professions educational process in Ukraine. Issues of university programs, vendor certification programs, international certification programs, such as the EC Council, ISC2, ISACA, etc. Speech focused on the student audience and involves a large number of live communication in the form of a panel discussion."

14:30 - 15:30
Lunch
15:30 - 16:00

Vladislav Andrusenko

Head of Digital Technology @ Kyivstar

Kyiv, Ukraine

Узнать подробней

Digital-transformation in telecom: Experiences and Future

About the experience of Kyivstar in the transformation of its Web-heritage, the balance between user experience and security improvement, and which role the mobile operator will play within a few years, and what new challenges will appear in IT and security

16:00-16:10 COFFEE BREAK
16:10 - 16:40

Vitaly Balashov

Head of Digital Forensics lab

Kharkov, Ukraine

Узнать подробней

Assured information destruction. Part 1

Full process of guarentee data erasure from start to end will be examied at the worksop. All participants will learn about data erasure standards for some countries, including Ukraine, will understand their differents. For those who is really interested will be able to try to erase data by themselves with guarantee erasure and without, will try to recvover it, will learn basics of manual data recovery. As a result everyone will be able to get answer about number of cycles, that is needed to sleep calmly and ask the speaker about remanent magnetization.

16:40-16:50 COFFEE BREAK
16:50 - 17:20

Vitaly Balashov

Head of Digital Forensics lab

Kharkov, Ukraine

Узнать подробней

Assured information destruction. Part 2

Full process of guarentee data erasure from start to end will be examied at the worksop. All participants will learn about data erasure standards for some countries, including Ukraine, will understand their differents. For those who is really interested will be able to try to erase data by themselves with guarantee erasure and without, will try to recvover it, will learn basics of manual data recovery. As a result everyone will be able to get answer about number of cycles, that is needed to sleep calmly and ask the speaker about remanent magnetization.

17:20-17:30 COFFEE BREAK
17:30 - 18:00

Nestor Dubnevych

Associate in Juscutum Attorneys Association

Kyiv, Ukraine

Узнать подробней

Human Resources Helping Soft in the Fight Against Cybercrime

According to the IBM research, 95% of successful cyber attacks and hacking had been committed with the use of the human factor. Social engineering and informational sanitation of staff became the main vulnerabilities for the business. IT business is no exception. The speaker will tell you about why it is necessary to sign cyber security policy with the staff and what they should contain. How to elaborate such policies without crossing the line between the security and paranoia, and how not to cause allergy in employees of IT-companies. How the IT-business structure affects the development of rules of conduct of the enterprise developer with a commercial secret of the enterprise (work with individual entrepreneurs and salaried employees, use of contractors groundworks and creation of the unique software, use of personal and corporate equipment, data storage on computers or remote servers). Why is it important to conduct compliance, not only of customers but also of employees, and how to properly build a policy of internal investigations in the company.

12:00 - 12:30

Nick Klymenko

CTO, Spinbackup

Odessa, Ukraine

Узнать подробней

Public cloud: How you can lose or leak critical data in the cloud

We are going to show commonly used cases of Data Leak and Data Loss in the Google Apps cloud and consider how public cloud changes basic data risk scenarios and how new technologies may be used by insiders or attackers to steal data in the cloud.

12:30-12:40 COFFEE BREAK
12:40 - 13:10

Andrei Polkovnychenko

Reverse engineer team lead, Check Point

Dnepr, Ukraine

Узнать подробней

Android adware. Who profits from it and why is it harmful for you?

Very often, talking about Android malware, we talk about traffic generation for ad-networks. For several reasons they're the most complicated from a technical point of view and also the most wide-spread. In my talk I'll tell how they work, who's behind them and how harmful they can be for the user.

13:10-13:20 COFFEE BREAK
13:20 - 13:50

Denis Shokotko

Head of R&D, Protectimus Solutions LLP

Kharkov, Ukraine

Узнать подробней

Experience of creation of the cybersecurity product.

The report will be about the personal experience of creation, development, and promotion of B2B product in the field of information security. We will discuss the process of development and preparation of the project before bringing it to life, the peculiarities of the market, and the client's approach to the choice of the cybersecurity solution provider, as well as some tips for the product promotion and the organization of sales.

13:50-14:00 COFFEE BREAK
14:00 - 14:30

Vadym Kovkin

Project leader, Telesens International

Kharkov, Ukraine

Узнать подробней

Secure messenger: a myth or reality?

Key vulnerabilities of messaging apps. Requirements for user authentication in a secure messenger. Implementation of end-to-end encryption in the True Secure Messenger product. Ways to protect against «man-in-the-middle» attacks in messengers.

14:30 - 15:30
Lunch
15:30 - 16:00

Volodymyr Makhitko

Software Engineer, Global Logic

Kyiv, Ukraine

Узнать подробней

Automotive Security. New challenges

The main target of this report is to show automotive security as a new branch of cyber security. To present a current state of automotive security, the main concerns, some use cases, potential solutions, and automakers attitude to security questions.

16:00-16:10 COFFEE BREAK
16:10 - 16:40

Denis Garmash

Deputy chief of Slobojanskiy department of cyberpolice department of the National police of Ukraine

Kharkov, Ukraine

Узнать подробней

Cyberpolice: basic functions, tasks and achievements

T.B.A.

16:40-16:50 COFFEE BREAK
16:50 - 17:20

Andrew Dodson

Lead research engineer for Elysium Industries

Arkansas, USA

Узнать подробней

Smart grids are stupid ideas. Part 1

Topics would flow as follows: Motivations behind green energy and smart grid rollout, scale of investments in US, Europe, and Australia. Why smart grids are more vulnerable, how utility infrastructure has been attacked, consequences of major attacks. Mathematical basis for understanding grid dynamics and specific classifications of threats. Threats of compromised embedded systems coming out of southeast Asia. Characteristics of reliable, dumb, and secure grids.

17:20-17:30 COFFEE BREAK
17:30 - 18:00

Andrew Dodson

Lead research engineer for Elysium Industries

Arkansas, USA

Узнать подробней

Smart grids are stupid ideas. Part 2

Topics would flow as follows: Motivations behind green energy and smart grid rollout, scale of investments in US, Europe, and Australia. Why smart grids are more vulnerable, how utility infrastructure has been attacked, consequences of major attacks. Mathematical basis for understanding grid dynamics and specific classifications of threats. Threats of compromised embedded systems coming out of southeast Asia. Characteristics of reliable, dumb, and secure grids.

RED HALL
18:10 - 19:00
Awarding of the winners and participants of the Hackers Battle
19:00 - 21:00
Entertainment

How it was last time

HackIT-2015 Website
-

Feedback

  • Aleksandr Potii

    Deputy Chief Designer, JSC "Institute of Information Technology"

    HackIT-2015 is one of the brightest in the field of cyber security events in Kharkiv. The high level of organization, the right choice and the distribution of those good selection of speakers were the basis for online success. On the drive offline contracted all - professors and students. Presentations and workshops were held in the same breath. Organization of competitions in the \"white hacker\" has demonstrated a high level of training of students. The high and the social significance of the event - you need to drag the youth on the white side, show that the knowledge and skills necessary to use the benefit of society and the country. I have no doubt - from the forum a good future.

  • Vadym Chakrian

    Security Engineer at DataArt

    HackIT is a great security event, one of the biggest in Ukraine and the biggest in eastern part of Ukraine. I was lucky to work with its organizers. They are wonderful people and they know what they are doing. Speakers, listeners, CTF, atmosphere - everything was great. I'll definitely be there the next time!

  • Vitaly Balashov

    Head of Digital Forensics lab

    The event was bright, beautiful and was held at high level. Merging of representative hotel and hackers romanticism gave an excellent result: a lot of young and talented guys, sincere fans of the industry were drinking tea from cups and sparkling conversation about 0day together - this is a very cool atmosphere. As a speaker, I particularly liked the fact that I was listened to about a hundred people who really understand what I was saying and it was really interesting. It is a rarity.

  • Eduard Rubin

    Kharkiv has become the centre of IT development in Ukraine. Nowadays some other regions are trying to catch up with us, that’s why we have to be active in order to retain our position. While the technology level is developing further the need for cybersecurity specialists is growing as well. Being aware of this trend we have founded the global Olympiad, which is aimed to define perspective and able for this activity specialists. Last year both the cybersecurity forum and competition was organized at the highest level. They got around and the most talented specialists became famous among IT communities. I am sure that this year the event will be full of surprises and attract a new generation of perspective youth, which in the nearest future could defend our country during the information war and grant safety and security to our citizens in the world of digital technologies.

  • Sergey Kharyuk

    HackIT-2015 is one of the largest cybersecurity conferences in Ukraine. It was great to see such a high level of organization of the conference: 3 sections, excellent speakers, contests, CTF. Conference is capable to compete with the international events on the level of organization. Personally, I am pleased to see that the problems of information security are attracting more and more attention, event was widely reported in mass media. A lot of Ukrainian security guys helped to attract attention to this event last year. A small drawback was only short time to reports, in consequence of that, not all of the speakers had opportunity to fully describe their topics, but this was the first event and there is no need to judge. I am sure that the organizers of the new HackIT-2016 will fix all drawbacks and this event will be even bigger and more interesting than last year, given the already known names of speakers, this fact is not in doubt.

  • Alexey Bogdanov

    Head of "LikeIT Studio"

    All-Ukrainian Forum and the Olympic Games on cybersecurity HackIT - it's an exciting event. I liked the reports of international and Ukrainian experts on cybersecurity . The organization was at the highest level . Just unforgettable atmosphere. Also at such events want to come every time while it pass , and, of course , very important to keep track of new items of personal and corporate security.

Sponsors and Partners

ORGANIZERS


MAIN PARTNER

OFFICIAL PARTNER





TECH PARTNERS





EDUCATION PARTNERS


VIDEO PARTNERS


informbyro
EVENT PARTNER


informbyro




MEDIA PARTNERS





Become a partner

1 Blagovischenska str., Kharkov

 

Ticket price

Ends October 5

999 UAH

Ends October 7

1500 UAH

Buy Ticket
For students

199 UAH

Buy Ticket