Ru
En

April 19–25, 2025

Cybersecurity Week

Hosted by Department 41,
National Research Nuclear University
MEPhI (Moscow Engineering Physics Institute)
About the Event

Join us for the annual Applied Cybersecurity Week, "CyberFox," organized by the Department of Cryptography and Computer System Security at MEPhI. This event is held in collaboration with the Institute of Intelligent Cybernetic Systems at MEPhI and features participation from Kaspersky Lab.

Our goal is to promote practical aspects of cybersecurity. The lectures cover a diverse range of topics, including:

  • Fuzzing testing methodologies
  • Practical aspects of hardware attacks
  • Blockchain vulnerabilities
  • Challenges in implementing attack-resistant stack canaries
  • Security issues in trusted mobile platforms

These sessions will be valuable for both beginners and seasoned professionals.

Speakers

CyberFox Cybersecurity Week offers a unique opportunity to hear from renowned experts in the field. In 2025, the event takes on an international dimension, opening with a lecture by the esteemed cryptographer Karsten Nohl from SRLabs. The week will also feature lectures from leading professors of the University of Applied Sciences Western Switzerland (HES-SO), the Department of Computer and Information Security at RTU MIREA, the Department of Cryptography and Computer System Security at MEPhI, and leading experts from Kaspersky Lab.

  • Karsten Nohl

    Karsten has been challenging technology since 2010. As the Chief Scientist of SRLabs, he helped a hundred global clients and built a dozen security teams in Europe and Asia.

    Karsten has spoken at all major security conferences. The research of his team discovered issues in critical infrastructure ranging from mobile networks and SIM cards to payment system take-overs and BadUSB.

  • Roland Sako

    Roland is a lecturer at the University of Applied Sciences Western Switzerland, teaching courses on networks, Java, cybersecurity, and fuzzing. He previously spent seven years as a security researcher with Kaspersky ICS CERT in Geneva, collaborating with the Moscow-based team. Roland co-founded Winsl0w.io, an educational cybersecurity initiative. He holds a master’s degree in legal aspects, cybercrime, and information security from the University of Lausanne, with a focus on mobile forensics.

  • Maria Nedyak

    Maria is a developer of KasperskyOS, specializing in fuzz testing for the kernel. Her past work includes developing an EDR system. She has a strong interest in low-level programming, fuzzing, and software reliability techniques.

  • Alexander Kozlov

    Alexander is a principal security researcher at Kaspersky ICS CERT. With more than 10 years of experience in securing software-hardware solutions, he has worked with systems ranging from wearable tech to complex industrial setups. He also explores lightweight cryptography and the development of trusted hardware systems. Since 2016, he has taught at Bauman Moscow State Technical University, and since 2022 at MEPhI.

  • Sergey Anufrienko

    Sergey has over 20 years of experience in software and hardware development, as well as reverse engineering. He regularly shares his knowledge at conferences and lectures at MEPhI's Department of Cryptography and Computer System Security.

  • Ilya Pugachev

    Ilya is a graduate of Bauman Moscow State Technical University’s Information Security Department (IU-8). He currently lectures at RTU MIREA’s Department of Computer and Information Security. His interests include electronics, circuit design, and low-level programming for security applications.

Programme
19 April 12:00
Crypto Hacker Handbook: Hunting Bugs in Blocks
Karsten Nohl, Chief Scientist, SRLabs
Love it or hate it, crypto has become a playground for techies. As a side effect, the chains fuel criminal ecosystems.

Drawing from several hundred bugs, we identified five common blockchain bug types. We discuss the potential impact of each and provide practical tips for finding them. To help you get started, we released a suite of fuzzers.
21 April 19:00
Fuzzing Methods: From Random Data to Structured Testing
Roland Sako, Lecturer, HES-SO
What does it take to break software — intelligently? This workshop shows how fuzzing can be approachable for everyone. Beginning with random inputs, the session walks through to more intelligent, structure-aware mutations that offer deeper insight into software robustness.
22 April 19:00
Is the stack canary really that simple?
Maria Nedyak, Developer KasperskyOS, Kaspersky Lab
Stack canary is considered one of the simplest hardenings of a system that everyone knows how to attack. But few people know how to make a canary as resistant to these attacks as possible. How to implement a stack canary, drawing conclusions from implementations in other systems and their evolution?

Let's figure out how a canary protects against a stack overflow attack and whether it is as simple as it seems at first glance. Let's consider the implementations of stack canaries of the user space of various operating systems. We will answer the questions "What should a canary be like in 2025?" and "Can you rely only on a stack canary to mitigate stack overflow attacks?"
23 April 19:00
(Un)Trusted Mobile Platforms: Overview and Trends
Alexander Kozlov, Principal Security Researcher, Kaspersky Lab
Data leaks from mobile devices are becoming increasingly common. Today, it’s not shocking to hear of attackers intercepting calls or reading messages. This talk introduces the concept of a trusted mobile platform — a system designed with built-in security from the ground up. Topics include:
  • Core components of modern smartphones and their role in security
  • How data flows within a phone — and where it’s vulnerable
  • Building a trusted platform in practice and mitigating related risks
24 April 19:00
Introduction to Hardware Attacks: From Theory to Practice
Sergey Anufrienko, Head of Vulnerability Research Team, Kaspersky Lab
From smart home devices to industrial controllers, we're surrounded by hardware with embedded software. Historically, hardware-level security has lagged behind, making attacks easier. Though protections have improved, side-channel attacks remain powerful. This talk covers:
  • Power analysis
  • Electromagnetic and glitch attacks
  • Tools and setup strategies
  • Defense methods (hardware and algorithmic)

Ideal for security professionals and researchers working with hardware.

25 April 17:30 (in person at MEPhI)
Ghidra: Life After IDA
Ilya Pugachev, Senior Lecturer, RTU MIREA
IDA Pro has long been the gold standard for reverse engineering. But since the NSA released Ghidra in 2019, a viable open-source alternative has emerged. Six years later, many still ask: is it worth switching?

Having used both tools extensively, the speaker compares their features, transition hurdles, and personal takeaways — offering an honest look at what life is like after IDA.

Registration Download programme
Contacts:
cryptofox@mephi.ru