November 24–25 Online
A get-together for infosec experts and enthusiasts to talk and share their experience
Standoff Talks
A meetup with informal networking for cybersecurity practitioners, hackers, and enthusiasts
Talks by pros
Trending infosec topics, including OSINT, bug bounty techniques, pentesting, and red teaming
An open discussion
Analysis of real-life cases and vulnerability detection methods with interactive Q&A
A cyberbattle site tour
We’ll show you around the Standoff 12 venue and tell you all about the new Standoff 365 scope
A great chance to meet like-minded people, chat, exchange ideas, and have fun
New acquaintances, good conversation, and active networking
Hot cybersecurity topics delivered by pros
Location: cybersecurity hub Cyberdom, Moscow
The event will feature experts from top companies, Standoff participants, and professional bug hunters


Registration, welcome tea and coffee, networking. Standoff 12 site tour
Pre-Show. Standoff Talks exclusive!
Anton Isaev, Product Marketing Manager, Positive Technologies
Anton Tyurin, Head of Metaproduct Expertise, Positive Technologies
Anton Isaev and Anton Tyurin from Positive Technologies will dig into the most interesting attack vectors of the cyberbattle in the MaxPatrol O2 interface and summarize the metaproduct results at Standoff.

A survival guide to bug hunting

Artem Kulakov, Mobile Application Security Researcher, Positive Technologies
Participation in bug bounty programs is the best way to test your skills in real life and gain a deeper understanding of the problems facing bug hunters and businesses. We’ll break down the difficulties that arise from companies not understanding the difference between web apps and mobile apps, and give examples of vulnerabilities that are accepted in full, partially (with a smaller reward), or not accepted at all.
Q&A, quick break
Let's systematize bug bounty programs using anomalies
Anatoly Ivanov, Head of Standoff 365 Bug Bounty
You can learn how to find cool vulnerabilities and even develop a framework. Come to this talk to find out how to do it, and also what reconnaissance, RCE, and SQLi have in common.
Q&A, quick break
Advanced client-side attacks
Vsevolod Kokorin, Security Researcher, SolidLab
Client-side attacks happen when users visit a web server or application. Cybercriminals exploit vulnerabilities or flaws in the software in use. The talk will cover specific attack techniques that go beyond simple tag insertion, as well as attacks using XS-Leaks. The latter is a type of attack that targets embedded side channels of web platforms that allow an attacker to bypass the same-origin policy (SOP) in web browsers.
Q&A, quick break
Standoff awards ceremony
A bridge between IT and law: challenges of collaboration between information security teams and lawyers
Andrey Chechulin, Researcher, St. Petersburg Federal Research Center of the Russian Academy of Sciences
Due to different understandings of terminology, a lack of a unified approach to examining digital evidence, and different backgrounds, disputes often arise between infosec experts and lawyers. We’ll use case studies from the speaker’s personal experience to analyze problems that arise when information security engineers interact with investigators, lawyers, and judges.
Q&A, quick break
The cult of infrastructure: a look at the Cult team infrastructure
Alexandra Antipina, Red Team Lead
The captain of the Cult team (@n3m351da) will focus on developing a state-of-the-art infrastructure model for red teams participating in cyberexercises. You will learn about the model that was implemented by the DRT&Cult team to be used in cyberexercises, and is constantly being improved. According to Alexandra, their infrastructure has become legendary, and rivals falter when they encounter this level of sophistication.
Q&A, quick break

Purple teaming in practice: effective techniques for bypassing and neutralizing information security tools

Anton Kuznetsov, Information Security Researcher

A purple team is a team that ensures that defense and offense teams work together effectively to leverage the results of penetration tests, improving the security of IT systems. We’ll look at various systems and techniques used by red teams—in particular, widespread infrastructure misconfigurations and their exploitation, along with ways to bypass advanced sandboxes and antiviruses. You will learn how to bypass password protection and temporarily disable security tools masquerading as users with minimal system privileges, or shut them down for a long time using admin privileges.

Q&A, quick break
Tunnel thinking, or dissecting the pivoting
Sergey Zybnev, Pentester, Awillix , runs a channel called poxek on Telegram
Pivoting is a set of techniques enabling the attacker to bypass network security tools and gain access to internal assets. From the standpoint of a practical pentester, Sergey will share information on pivoting tools, correlation rules in SIEM systems, and classic mistakes made by hackers and red teams during attacks. He will also tell which security policies cause most alerts and how you definitely shouldn’t react to such alerts. Sergey will show a live demo of pivoting tools in a lab environment.
Malware development: cryptography
Zhassulan Zhussupov, Information Security Researcher, MSSP LAB
This talk is based on research on bypassing antivirus solutions, focusing on the role of cryptography in malware development. We will cover classic encryption algorithms used to conceal malicious payloads. Then we will dive into the results of the practical research that addresses Skipjack, TEA, Madryga, RC5, A5/1, DES, Kuznyechik, and many other encryption algorithms.
Q&A, quick break
Cracking firmware and exploring CVE vulnerabilities
Vladimir Razov, Web Application Security Expert, Positive Technologies
This talk is about finding vulnerabilities in the firmware of embedded network devices. We will cover firmware analysis, emulation frameworks, and launching of main components that can access the network. Additionally, you will learn how to debug a binary file and create an exploit for it. During the talk, we will examine a couple of D-Link devices and analyze their 1-day vulnerabilities.
Q&A, quick break
Wasm as a new solution to ensure cloud security
Mikhail Bessarab, Product analyst, Positive Technologies Container Security
WebAssembly, or wasm, is an open binary-code format for files that can be run in browsers and dedicated virtual machines. Wasm allows you to implant the code written in C, C++, C#, and Rust into assembler structures for launching it in supported environments. We will find out how to use wasm to ensure cloud security, specifically to protect the runtime environment with the help of eBPF and an API server with an admission controller.
Q&A, quick break
Changing the code and sneaking into production systems
Pavel Nikitin, Red Team Lead
The talk is based on the research of ways to compromise a TeamCity server, considering the latest vulnerabilities discovered in its security system. We will discuss the consequences of a TeamCity server compromise that businesses could face. In addition, we’ll tell you how attackers steal application secrets to access repositories and how to quickly change code during build time.
CyberEd awards ceremony.
Conference wrap-up
Talks committee
Standoff Talks. Review
Alexey Grishin. Big BB Brother is watching you
Anatoly Ivanov. How to find bugs and not get bored

Event photos