Let’s talk about last year’s perspective research. Researchers have gathered a wealth of interesting material. Let’s go through the reports to see what can be applied in practice and what is worth deeper exploration.
Начало года — это еще и начало сезона подготовки дипломных работ. А это значит, что у меня наступает сезон формулирования тем для студентов факультетов и кафедр информационной безопасности в ведущих вузах. Я собрал свои рекомендации и лайфхаки для подготовки твоего первого ИБ‑исследования.
First photo from the circle keeps five years of difference: first presentation, hosted in Samara State Aerospace University campus for the audience full of CTF teams with firing eyes, at VolgaCTF – a “ for student, by student” event, organized by group of enthusiasts. 5 years later, VolgaCTF is full of sponsors and partners, hosted in conference halls and streamed worldwide. But still, an independent event, organized by the group of enthusiasts, keeping the same fire in the eyes.
We also keep our eyes shining there: last year our teammates occupied agenda of the event, this year our young Jedis occupied top of the competition scoreboard. Looking forward to next year @volga_ctf!
Payment systems are a tidbit for an attacker, but often it’s non-achievable scope for bug hunters outside the company. Bug bounty programs of financial organizations include resources that are on the surface of the attack, and it’s quite difficult for a researcher to dig deeper into the internal financial processes. So we have to limit ourselves with XSS, SSRF in a web-application of the payment system.
Organised within a separate section at PHDays for the first time, leading security researchers and bug hunters will share the results of their work, and owners of bug bounty programs can attract bug hunters by making an announcement. During the event, our sponsors and partners will announce the highest bounties for their vulnerability disclosure programs, and the most active bug hunters will be additionally awarded by organisers.
Submit your talk, workshop or just register yourself to participate here (for Russian-based submissions).