AVTOKYO2015‎ > ‎


nishimu-lla-makko (nishimunea & @llamakko_cafe)
Razor Huang

Tsukasa OI


Masato Kinugawa

/* No speaking simultaneous interpretation is available , however, we try to show the slides in both english & japanese as much as we can. */
/* [en] means English speaker, [ja] means Japanese speaker. */

nishimu-lla-makko (nishimunea & @llamakko_cafe)

The data: scheme is an URL scheme originally designed to embed small
images in a HTML document inline, that was standardized as RFC 2397 in
1998. However, the RFC has no mention regarding how web browsers
should handle resources with data: scheme, therefore browser vendors
have been determining its practical behavior respectively. Those gaps
have been a cause of various vulnerabilities on the web for a long
time. In 2015, it’s now still going on… In this session, we’ll first
introduce differences in handling of data: scheme among the major
browsers, and we’ll show you some real attack techniques abusing them.

nishimunea (cv: Muneaki Nishimura):
Weekend bug hunter / Lecturer of Security Camp (2014~)

llamakko_cafe (@llamakko_cafe):
(Im)mature bug hunter / Gehirn Inc.

[ja] Beginners' Guide on Stagefright Exploitation
Tsukasa OI

This year, Stagefright vulnerabilities shocked many Android users(and caused many confusions).
In this talk, we are going to revisit the basics of technical measures to exploit such heap-based buffer overflow and technical aspects of Android, along with actual Stagefright exploitation...

Tsukasa OI:
He seems obsessed with talking about mobile OS security.

[ja] Abusing Interrupts for Reliable Windows Kernel Exploitation

For priviledge escalation attack on Windows system, write-what-where vulnerability in the kernel land is commonly used.
The most known technique is overwriting halDispatchTable and then calling corresponding internal API such as NtQueryIntervalProfile.
But this technique is dependent with the implementation of the kernel, so it's not reliable for the future kernel changes.

Actually there is the more reliable target for overwriting, Interrupt Descriptor Table (IDT).

Trap handling mechanism by IDT is defined in the specification of x86 CPU, so it is ensured that IDT is used in the same manner on all versions of x86-based Windows.
I introduce how to abuse IDT for reliable priviledge escalation attack in detail.

An indecisive security engineer. The author of the weblog "momoiro technology."

[ja] Bug-hunter's Sorrow
Masato Kinugawa

A few years ago I did disturb the security cluster with my incident, that I had not been able to use my internet access because of my vulnerability reports to some companies. I will talk about it and the hard luck story at which a bug hunter nods unconsciously blow by blow. There are not only fun thing in bug hunter's life, the joy side is:http://www.slideshare.net/codeblue_jp/cb14-masato-kinugawaen

Masato Kinugawa:
Bug hunters that appeared to Japanese. My hobbies are listening to music and XSSing. Twitter:@kinugawamasato


Have you ever spread a malware widely? I have. I wrote a malware simulator which called ShinoBOT and deployed it *legally* to 100 countries, 3000+ hosts. As expected, my malware was black-listed. So the next thing I did was to evade not only those blacklists but also other security solutions, antivirus, IPS, URL filter, sandbox. This talk will cover how the attackers observed the security device and how they handle it, based on my experience.

Security researcher in Macnica Networks Corp. Presenter of Black Hat USA 2013, 2014, 2015.

[ja] Peeling Onions

Tor is widely used as the largest anonymous communication system.
In this session I will show research result about onion domains that only accessible by Tor, explain how to use Tor node safely.

[ja] Gathering attacks against WordPress

There are many websites using CMS, but it is increasing attacks
against websites using a popular CMS.
Especially WordPress websites are often be scanned. Some of them are
defaced or used to attack other victims.
I developed gathering tools optimizing attacks against WordPress, and
a portal website to visualize attacks.
I will talk about structure of tools and explain payloads.

Yoshinori Matsumoto. A Security researcher at Kobe.

[en] APT Malware: Attribute and Development
Razor Huang

Advanced persistent threat(APT) has become a critical problem. This talk will introduce you a new APT campaign and related malware. This campaign has targeted Asian countries for more than 5 years. They developed several kinds of malware. Based on my investigation and monitoring, I am going to share their attribute and stealthy tactics with you.

Razor Huang:
Focus on APT investigation, also a drummer and cyclist / Trend Micro Inc.

[ja] Malware in ATMs

Malware authors sometimes target embedded devices for their benefit
and ATMs (Automated Teller Machines) are no exception for them. I am
going to introduce about some ATM malware with the result of
reverse-engineering and demonstrate how to run them on your Windows


[ja] Collecting information of targeted attacks by OSINT

Information of targeted attacks includes malwares, tools, C2 servers, e-mail and so on.
Based on this information, you can investigate campaign by C2 servers used campaign and results obtained from malware analysis.
In addition, you can use the obtained information as indicators for protection.
In this session, I’d like to introduce about how to collect information about campaign and attacker of targeted attack by OSINT.

Malware analyst/Twitter:@Seraph39

[ja][evnet] Attack & Defense Web Trial
Yuichi HATTORI & takahoyo

We provide Attack and Defense trial event of Web service.
These challenges are used at CTF for Beginners.
If you want to join this event, please take a laptop pc with wireless adapter.
We provide 3 rounds. You can join 1 round only.

16:00-17:00 Round1
17:30-18:30 Round2
19:00-20:00 Round3

Need pre-registrations for this event.
Pre-registration will start later(1st Nov).

OWASP Kyushu Chapter Leader / Member of SECCON executive committee

Member of "CTF for Beginners". Twitter: @takahoyo

[ja][workshop] Swimming in the sea of ELF
unixfreaxjp vs ucq