<style type="text/css"> .wpb_animate_when_almost_visible { opacity: 1; }</style>
Header Image

P0SCON 2018

11 August 2018, Urmia, Iran

  • 0

    Days

  • 0

    Hours

  • 0

    Minutes

  • 0

    Seconds

WHAT IS P0SCon ?

Conference for Security Researchers

P0SCon stands for Protective and Operational Security which is held by Urmia University of Technology. The P0SCon conferences are a set of one-day conferences for security researchers, security geeks, hackers, and whom interested in security. The international conference targets for gathering the latests techniques, tools, projects, frameworks, and fields of attack/defense of computer and mobile systems.

Academic Researchers

Academic Researchers make a great part of audiences which can share their researchers and meet other active members of security community.

Industrials and Companies

Security is a great concern of different industrials and companies. Knowing the latest attack/defense techniques are a vital requirement of these section.

White Hat Security Researches

White hat researchers can share their knowledge and findings with other audiences.

Banks

Beside other audiences, banks concerns on security related subjects precisely. Knowing the latest attacks methods and tools are crucial for banks.

TOP SPEAKERS

LOOK WHO'S SPEAKING
Nikita Tarakanov
Nikita Tarakanov
IISR

Independent information security researcher

Nikita Tarakanov
Kenan Abdullahoglu
IISR

Crypto Trader, Ex Crypto Miner, IT Security Guy

Amir Rasouli
Amir Rasouli
Offsec

Offsec Research Co-Founder

Hossein Lajevardi
Hossein Lajevardi
Offsec

Offsec Research Core Member

Babak Amin Azad
Babak Amin Azad
Offsec

Offsec Research Core Member, Stony Brook University Ph.D. Student

Pouya Darabi
Pouya Darabi
Offsec

Offsec Research Core Member, Facebook’s Hall of Famer

Forough Fallahfar
Forough Fallahfar
Offsec

Offsec Research Core Member

Amir Kiyani
Amir Kiyani
IISR

INDEPENDENT INFORMATION SECURITY RESEARCHER

SCHEDULE

EVENT TIME TABLE
Reception
  • 08:00 - 09:00
Opening speech
  • 09:00 - 09:15
Amir Rasouli

Dealing with the New Generation of Cyber Attacks in Iran

An overview of the recent and major security threats that Iranian government firms and its infrastructure organizations have been facing. Taking a look at the security weaknesses in their technical policies (in design, implementation and service phases); Additionally, the role of utilizing modern defense technologies in Iran's cyber ecosystem, such as data security analysis while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). Unveiling lack of the real-time management of security events, efficiency of machine learning, AI and other statistically automated applications for unknown/sophisticated threat pattern analysis/detection and also, the explanation of its requirements against the new generation of cyber attacks.

Pouya Darabi

DOM-Based CSRF

While CSRF is a server-side problem, DOM-based CSRF issues in the user's browser. An attacker could perform arbitrary requests to a CSRF-protected end-point by modifying it so that the client-side code makes an HTTP request with a valid CSRF token. This could be a form submission or an XHR call. I will substantiate it in a sleight of hand.

Sponsor speech
  • 10:45 - 11:00
Coffee break
  • 11:00 - 11:30
Forough Fallahfar

Don’t trust the DOM!
Bypassing XSS Mitigations via Script Gadgets

A script gadget is a legitimate piece of JavaScript in a page that reads elements from the DOM via selectors and processes them in a way that results in script execution. I will present a novel web attack to bypass mitigation techniques and to explore the severity and prevalence of the underlying vulnerability pattern, then we will briefly apperceive the script gadgets and its different types, we will also utilize Sebastian Lekies's and his team studies regarding 16 popular JavaScript frameworks and libraries, with the focus on the contained script gadgets and mapping the found gadget instances to the affected XSS mitigations and then finally we will report on a large-scale study on the prevalence of the script gadgets in some Iranian web apps.

Nikita Tarakanov

Exploiting Kernel Pool Overflows on Windows 10

Noon break
  • 13:00 - 14:00
Sponsor speech
  • 14:00 - 14:15
Babak Amin Azad

Fingerprinting Users On The Web, The Good, The Bad and The Ugly.

Fingerprinting is a set of techniques used by websites to detect and track users as they surf the web, these methods range from tracking cookies to more sophisticated device fingerprinting features. This information can be leveraged by malicious and non-malicious parties. Advertisement networks fingerprint and track users to deliver more targeted ads, on the other side, security conscious websites may try to verify users' fingerprints as an additional security check at authentication step. In this talk we will become familiar with current user fingerprinting techniques by looking at both academic methods and those that are actually being used in the wild, we then have a look at how fingerprinting is used in action by both malicious and non-malicious parties and what its common use cases are.

Kenan Abdullahoglu

Ethereum: The Treasure and The Threat (TTTT)

Sponsor speech
  • 15:45 - 16:00
Coffee break
  • 16:00 - 16:30
Amir Kiyani

Hidden Crimes Beyond the Keyboard

Internet, since the invention, has provided very good utilities for both good and bad users. In 2000s new generation of tools have been introduced for protecting privacy: Anonymous Networks or more generally dark web, which are provided to keep the IP address of the user and servers from all over the world, thus make both invisible. In this talk I will discuss about how criminals work in the dark web. After, I will present the methods which are used by security forces in dark web in order to investigate crimes. Finally I will describe why the situation is better for cyber criminals in Iran.

UUCERT

Urmia CERT speech

Closing speech
  • 18:45 - 19:00
Offsec research group

How NetBaan can Detect DNS Data Exfiltration (DNS Tunneling)?

Morteza Ramazanzadeh

Traditional vs. New Generation Bots

Cyber-crimes encounter when special types of Trojan viruses are in use for security breach of several clients, resulting in loosing control of system by the clients. The infected machines are then reorganized to be parts of network of “bots” managed by criminals. Botnets posses the capability of infecting and controlling thousands, tens of thousands or in some cases millions of computers over the networks, with the power of managing very large zombie networks through several types of attacks including ransomware. Utilizing Botnets as cyber crime takes place in forms of network rentals or outright to other cyber-criminal groups, nowadays becoming a trade. Through this hands-on training, we will learn and analyze the mechanism of bots, see how they are detected, and practice the methods of mitigating the effects.

Mohammadreza Zamiri

Security and penetration testing in industrial control systems

LOCATION
Urmia, IRAN

Urmia is the capital of the north-west province of I.R. Iran with most interested see-sight in World. The city is a metropolis with its amazing natural see-sights. Beside see-sights, Urmia is a famous city because of its volleyball and volleyball players among the world. Urmia Lake is another attractive which spends hard days. (Photo by Sina Javanbakht)

Read more about Urmia

UUT
Urmia University of Technology

The founding broad of UUT was formed and started to work in summer 2005. Following the principled agreement of UUT establishment and with the special consideration of president Dr. Ahmadinejad and the officials attempts, an independent funding(budget) based on Iran government proposal and the Islamic parliament approval was allocated to the university. Obtaining educational and research activities permission in Information Technology (IT), Mechanical, and Industrial engineering, UUT officially started in February, 2007.

Read more about UUT

West Azarbayjan
Province with 2 International Ancient Attractive

By having the two world famous monuments, ST Thaddeus Church and Takht-e Soleymān, West Azarbayjan is a an historic city. Beside its history, West Azarbayjan is full of natural see-sights in which Urmia Lake is one of them, which suffers from drought in recent years.

Media Sponsors