/* No speaking simultaneous interpretation is available , however, we try to show the slides in both english & japanese as much as we can. */
nishimu-lla-makko (nishimunea & @llamakko_cafe)The data: scheme is an URL scheme originally designed to embed small
images in a HTML document inline, that was standardized as RFC 2397 in
1998. However, the RFC has no mention regarding how web browsers
should handle resources with data: scheme, therefore browser vendors
have been determining its practical behavior respectively. Those gaps
have been a cause of various vulnerabilities on the web for a long
time. In 2015, it’s now still going on… In this session, we’ll first
introduce differences in handling of data: scheme among the major
browsers, and we’ll show you some real attack techniques abusing them.
nishimunea (cv: Muneaki Nishimura):
Weekend bug hunter / Lecturer of Security Camp (2014~)
(Im)mature bug hunter / Gehirn Inc.
This year, Stagefright vulnerabilities shocked many Android users(and caused many confusions).
He seems obsessed with talking about mobile OS security.
For priviledge escalation attack on Windows system, write-what-where vulnerability in the kernel land is commonly used.
An indecisive security engineer. The author of the weblog "momoiro technology."
A few years ago I did disturb the security cluster with my incident, that I had not been able to use my internet access because of my vulnerability reports to some companies. I will talk about it and the hard luck story at which a bug hunter nods unconsciously blow by blow. There are not only fun thing in bug hunter's life, the joy side is:http://www.slideshare.net/codeblue_jp/cb14-masato-kinugawaen
Bug hunters that appeared to Japanese. My hobbies are listening to music and XSSing. Twitter:@kinugawamasato
Have you ever spread a malware widely? I have. I wrote a malware simulator which called ShinoBOT and deployed it *legally* to 100 countries, 3000+ hosts. As expected, my malware was black-listed. So the next thing I did was to evade not only those blacklists but also other security solutions, antivirus, IPS, URL filter, sandbox. This talk will cover how the attackers observed the security device and how they handle it, based on my experience.
Security researcher in Macnica Networks Corp. Presenter of Black Hat USA 2013, 2014, 2015.
Tor is widely used as the largest anonymous communication system.
There are many websites using CMS, but it is increasing attacks
Yoshinori Matsumoto. A Security researcher at Kobe.
Advanced persistent threat(APT) has become a critical problem. This talk will introduce you a new APT campaign and related malware. This campaign has targeted Asian countries for more than 5 years. They developed several kinds of malware. Based on my investigation and monitoring, I am going to share their attribute and stealthy tactics with you.
Focus on APT investigation, also a drummer and cyclist / Trend Micro Inc.
Malware authors sometimes target embedded devices for their benefit
Information of targeted attacks includes malwares, tools, C2 servers, e-mail and so on.
Yuichi HATTORI & takahoyo
We provide Attack and Defense trial event of Web service.
OWASP Kyushu Chapter Leader / Member of SECCON executive committee
Member of "CTF for Beginners". Twitter: @takahoyo
unixfreaxjp vs ucq