The HIVE, this year AVTOKYO will have a dedicated #space# where IT Security researchers can show/demo tools to the community, giving you the opportunity to directly interact and exchange ideas & drinks with them
We provide a stand/kiosk with internet, power, and monitor. You will have 30-40 minutes to demo the tool including Q&A and beers
This is a vulnerability detection tool for Linux/FreeBSD. This agent-less tool is connected by SSH to find vulnerabilities which may reside in a server and is possible to send a report to Slack etc. of detailed information by matching with vulnerability database such as NVD and JVN. It is also possible to detect vulnerabilities in non-OS packages by specifying individual CPE.In the corporate systems, OS package updates tends to be neglected and it seems in many cases that the system administrators never perceive vulnerabilities which resides in their systems. By running Vuls with a job scheduler, it will tell you which servers are affected by newly detected vulnerabilities on a daily basis, which will help you automate the vulnerability management activities and allow you to use as information source for all the vulnerabilities.When it’s released as OSS on 4/1/2016, it became a hot topic as ranked in 4th of GitHub Trending in all languages. This also became popular in Japan these days and draw attentions insomuch as 140 participants attended at the first workshop held on 9/26/2016.I’d like to introduce this to security professionals to have a discussion at AV Tokyo.
2.[ja] StreamRelay.NET.exe and StreamRelay.jar - @tomoki0sanaki
As the next generation of netcat, such as between the console ⇔TCP, tried to make a tool to flow data to the output source from a variety of input sources in Java and .NET Framework (C #).
Since collaborative pentesting is more common each day and teams become larger, sharing the information between pentesters can become a difficult task. Different tools, different formats, long outputs (in the case of having to audit a large network) can make it almost impossible. You may end up with wasted efforts, duplicated tasks, a lot of text files scrambled in your working directory. And then, you need to collect that same information from your teammates and write a report for your client, trying to be as clear as possible.
It's time to exercise your OSINT skills! Probe onsite/Internet/SNS for clues, gather the intel, follow the leads, until you find "the answer". Have you ever wanted to be James Bond? Well, here's your chance.
Demonstration of the attack tool that was disguised as a USB charging stand and USB memory .
Create a USB device in the Arduino. With keyboard and mouse are auto moving in the timer trigger.
It will demonstrate the threat to take over to start PowerShell , and the like.
On the PC
• In HEX dump code file generation
• HEX2BIN script generation → run
• And execute a binary file
Also connected to the smartphone of the visitors , the first in but timer triggered looks like a charging cable ???
Simple and effective can be disguised in various devices are overwhelming technique .
To help quarantine & forensics, let us know the playing characteristics !
Target: Anyone can participate if AVTOKYO participant (individual competition)
Time: during the event till 19:30
Location: venue in the booth
With our incident response and investigation experience, we will get the realist attack, malware and memory dump how attackers have done before against the targets.
Your mission is to carrying out the analysis, investigation and find out what the attackers have done and write a brief report in simple English.
We will only give you 4 hours to complete 4 - 6 challenges.
Prize Reward(From VXRL):
1. 20000 Yen
2. 15000 Yen
3. 10000 Yen
1: report could hit all our evidence and flags as many as possible
3: each team as most 2 persons