Conference materials



Rodrigo Rubira Branco (BSDaemon)

“A praise for hackers”

Main program

Jeremy Brown

"Hacking Virtual Appliances" (pdf, 24Mb)

"Browser Fuzzing with a Twist (and a Shake)" (pdf, 14 Mb)

Georgi Geshev

"Warranty Void If Label Removed - Attacking MPLS Networks" (pdf, 22Mb)

Jakub Kaluzny 

“Big problems with big data - Hadoop interfaces security”

Ivan Novikov

“Mathematical theory of input validation vulnerabilities and attacks”

George Nosenko

«Cisco IOS shellcode – all-in-one»

Nikolaos Naziridis, Zisis Sialveras

"Introducing Choronzon: an approach to knowedgebased evolutionary fuzzing"

Sergey Belov

"Samsung SmartTV: how-to to creating insecure device in today’s world"

Daniel & Azure

"Did you get your token?”

Nikolaj Schlej

"Fix it yourself: resolving UEFI vulnerabilities single-handedly"

Alexander Matrosov

"Attacking hypervisors using firmware and hardware"

Nikita Tarakanov

"Direct X – direct way to Microsoft Windows kernel"

Marina Krotofil

"Hack like a movie star: Step-bystep guide to crafting SCADA payloads for physical attacks with catastrophic consequences"

Alexander Ermolov

"Modifying the firmwares of industrial switches"

Sergey Shekyan

“Getting The Most Out Of CSP: a Deep Dive”

Alfonso De Gregorio

"illusoryTLS: Nobody But Us Impersonate, Tamper, and Exploit"

Timur Yunusov

"How to build your own Echelon system? Attacks at 3G modems"

Anton Kochkov

"EESIL – universal IL (Intermediate Language) for Radare2"

Andrey Plastunov

"S[c]rum is all around. How to stop continuous integration"

Yegor Litvinov

"KNX security or how to steal a skyscraper"

Matteo Beccaro, Matteo Collura

"Extracting the painful (blue) tooth"

Alexander Asimov, Artyom Gavrichenkov "The [Real] State of BGP Security"


Ole André Vadla Ravnås

“Cross-platform reversing with Frida”

Alexander Matrosov, Evgeny Rodionov

"Practical Object-Oriented Code Reverse Engineering"

Ivan Yolkin, Igor Bulatenko

"Enlarge your Burp, or How to stop fearing Javadocs"

Alexander Bolshev, Boris Ryutin

“Practical exploitation of AVR MC-based devices”


“On the way to (wrong) anonymity. Basic techniques of digital contraception and private data hygiene”

Fast Track

Mikhail Firstov

“Software vulnerabilities of Yota communication equipment”

Alexander Matrosov, Evgeny Rodionov

“Distributing the reconstruction of high-level intermediate representation for large scale malware analysis”

Denis Kolegov, Oleg Broslavsky, Nikita Oleksov

“Hooked browser network based on BeEF and Google Drive”

Mikhail Egorov, Sergey Soldatov

“ORM2Pwn: exploiting injections in Hibernate”

Andrey Soldatov, Mikhail Egorov

“What should a hacker know about WebDav? Vulnerability review in WebDav implementations”

Sergey Ignatov, Omar Ganiev

“Knowledge based approach for fast Internet resource discovery or Data Mining in the service of nmap”

Defensive Track

Nikolai Klendar

“Correlating security events with Esper”

Daniil Svetlov

“Analyze it – assembling modern SIEM based on Open Source components for large-scale logs analysis”

Andrey Kovalev, Konstantin Otrashkevich, Evgeny Sidorov

“Fighting against Flash 0-day: a hunt for a tainted vector”

Alexey Levin

“Banking Trojans: a look from the new perspective”

Eldar Zaitov

“Automation of web applications scanning: experience of Yandex”

Yuri Shabalin 

“Do-it-yourself banking SDL”

Kirill Ermakov

“Let’s play the game: One more way to perform penetration test”

RuCTFE 2015


MC Jeremy