inaz2 MasataNishida tessy

kyo_ago Mi

Security4all sonodam

hasemunea TIP

/* No speaking simultaneous interpretation is available , however, we try to show the slides in both english & japanese as much as we can. */
/* [en] means English speaker, [ja] means Japanese speaker. */

---

[ja] ROP Illmatic: Exploring Universal ROP on glibc x86-64 

Today, ROP (Return-oriented Programming) is widely used method for arbiraty code execution via program vulnerabilities.
In this talk, based on latest Ubuntu Linux on x86-64, I present some ROP techniques obtained through bypassing security mitigations and searching generic way for any executables.

[ja] HTML5 ApplicationCache Poisoning of horror
kyo_ago

ApplicationCachePoisoning is a hot topic these days. I suppose that many of you have problems as follows: "What kind of damage is coming out?", "I don't know how to attack.", "How can I protect against it?"
In this talk, I will provide and demonstrate specific attack technique, the actual anticipated damage, attack code and protection technique.

[en] The 100yen Cyber Analyst Toolkit
Security4all

Incident response and forensics is becoming more and more important for security teams across companies. We are seeing more and more databreaches every year.

Often IT (security) teams are not fully prepared or do not have the budget for security analysis tools or their own security analysis lab. This presentation will show how anyone without access to his own lab or tools can leverage online (crowdsourced) security tools and platforms for his own incident response. Call it the 100 yen Cybersecurity Toolkit.

[ja] Future of Web security opened up by CSP
hasemunea (nishimunea and HASEGAWA Yosuke)

Content-Security-Policy is implemented in modern browsers including Firefox for the purpose of eradication of XSS, and is improved continuously.
Although Content-Security-Policy is already used by the latest Web Service like Twitter or GitHub, since the feature of Content-Security-Policy is continuing growth avariciously, there is a remarkable hurdle in introduction to a general website.
This presentation will show the current state of CSP, and demonstrations of the merit demerit acquired by implementation of CSP.

[ja] Observation diary of VAWTRAK(tmp)
Masata NISHIDA

I will explain the attack methods of VAWTRAK which is a popular online banking malware in Japan.  I will also talk about my observation of the malware's behavior.


[ja] 'MOUSOU' tale - What will happen after Exploits or Security Incidents broke out?
Mi

There are many white papers and security advisories, but in Japan, we have little information about what will happen after Exploits or Security Incidents broke out.
I'd like to show you 'MOUSOU' tale. 'MOUSOU' is a very famous Japanese word, it means that some visions in one's mind, not a real thing.
This presentation will show 'MOUSOU' tale with  known information as a spice.: What will happen after Exploits or Security Incidents broke out?

[ja] Panel Discussion :"Security Incident History in Japan"

We have been overcome some Information security incident in Japan.
At this time we will look back about some past incident with panelers who is parties of the incident or observers of it.
And we will talk about recent engineer's runaway and "rule of game".