AVTOKYO2016‎ > ‎


1. /* HIVE */  by Emilio

The HIVE, this year AVTOKYO will have a dedicated #space# where IT Security researchers can show/demo tools to the community, giving you the opportunity to directly interact and exchange ideas & drinks with them
We provide a stand/kiosk with internet, power, and monitor. You will have 30-40 minutes to demo the tool including Q&A and beers

Provide:stand/kiosk with internet, power, and monitor
Time Slot:30-40min 
Submission: please submit this form(close 30th Sep.) Closed!
etc: may early close of submmision.

Timeslot Title  Description
16:00 - 16:40 [ja] Vuls-kotakanbe https://github.com/future-architect/vuls
17:00 - 17:40 [ja] StreamRelay.NET.exe and StreamRelay.jar - @tomoki0sanaki StreamRelay.jar
18:00 - 18:40 [en] Faraday- Emilio Couto  

1.[ja] Vuls - kotakanbe
This is a vulnerability detection tool for Linux/FreeBSD.  This agent-less tool  is connected by SSH to find vulnerabilities which may reside in a server and is possible to send a report to Slack etc. of detailed information by matching with vulnerability database such as NVD and JVN.  It is also possible to detect vulnerabilities in non-OS packages by specifying individual CPE.

In the corporate systems, OS package updates tends to be neglected and it seems in many cases that the system administrators never perceive vulnerabilities which resides in their systems.  By running Vuls with a job scheduler, it will tell you which servers are affected by newly detected vulnerabilities on a daily basis, which will help you automate the vulnerability management activities and allow you to use as information source for all the vulnerabilities.   

When it’s released as OSS on 4/1/2016, it became a hot topic as ranked in 4th of GitHub Trending in all languages. This also became popular in Japan these days and draw attentions insomuch as 140 participants attended at the first workshop held on 9/26/2016.      

I’d like to introduce this to security professionals to have a discussion at AV Tokyo. 

Reference: https://thinkit.co.jp/article/10092

    2.[ja] StreamRelay.NET.exe and StreamRelay.jar - @tomoki0sanaki
As the next generation of netcat, such as between the console ⇔TCP, tried to make a tool to flow data to the output source from a variety of input sources in Java and .NET Framework (C #).
Further processing of data (encoding and compression Toka encryption, such as a hash calculation) or script data processing can also be caused by.
In addition, over the socks and http connect, the connection is also possible to output source, also available as a proxy tool.

[en] Faraday - Emilio Couto
Since collaborative pentesting is more common each day and teams become larger, sharing the information between pentesters can become a difficult task. Different tools, different formats, long outputs (in the case of having to audit a large network) can make it almost impossible. You may end up with wasted efforts, duplicated tasks, a lot of text files scrambled in your working directory. And then, you need to collect that same information from your teammates and write a report for your client, trying to be as clear as possible.

The idea behind Faraday is to help you to share all the information that is generated during the pentest, without changing the way you work. You run a command, or import a report, and Faraday will normalize the results and share that with the rest of the team in real time. Faraday has more than 50 plugins available (and counting), including a lot of common tools. And if you use a tool for which Faraday doesn't have a plugin, you can create your own.

During this presentation we're going to show you the latest version of the tool, and how it can be used to improve the effectiveness of your team during a penetration test.

2. Open xINT CTF by Team pinja

It's time to exercise your OSINT skills! Probe onsite/Internet/SNS for clues, gather the intel, follow the leads, until you find "the answer". Have you ever wanted to be James Bond? Well, here's your chance.

Eligible for: AVTOKYO attendees
Competition Time: throughout the event till 19:30
Registration: booth onsite (one-player game)

3. Let's play with hardware logic bomb ! by Low Level Study Society

Demonstration of the attack tool that was disguised as a USB charging stand and USB memory .
Create a USB device in the Arduino. With keyboard and mouse are auto moving in the timer trigger.
It will demonstrate the threat to take over to start PowerShell , and the like.

On the PC
• In HEX dump code file generation
• HEX2BIN script generation → run
• And execute a binary file

Also connected to the smartphone of the visitors , the first in but timer triggered looks like a charging cable ???

Simple and effective can be disguised in various devices are overwhelming technique .
To help quarantine & forensics, let us know the playing characteristics !

Target: Anyone can participate if AVTOKYO participant (individual competition)
Time: during the event till 19:30
Location: venue in the booth

4. Real world Crime Scene by VXRL 香港

With our incident response and investigation experience, we will get the realist attack, malware and memory dump how attackers have done before against the targets.

Your mission is to carrying out the analysis, investigation and find out what the attackers have done and write a brief report in simple English.

We will only give you 4 hours to complete 4 - 6 challenges.

Prize Reward(From VXRL):
1. 20000 Yen
2. 15000 Yen
3. 10000 Yen

1: report could hit all our evidence and flags as many as possible 
2: time 
3: each team as most 2 persons

Registration: booth onsite 
Duration(full time booth or some partical slot):4 hours
Remark: No Encase 😎
Location: venue in the booth