More speakers will be up on later!!!
APT DNA Clustering and Defense Kungfu
by Anthony LAI & Benson Wu & Birdman
We are always busy with malware analysis, simply close our door and work on deep reverse engineering and behavior analysis, however, does the analyst know the enterprise/organization suffering from APT (Advanced Persistent Threat) or we call "Targeted" attack? We have carried out research against Mila's sample archives to show you our latest APT "gangs" clustering analysis and our engine to decide whether the attachment is an APT and application about digging them out from the mailbox instead of depending on those "built-in" anti-virus engine. If you believe Anti-virus software could save you from this threat, please come and join our session, dudes.
Anthony Lai (aka Darkfloyd) has worked on code audit, penetration test, crime investigation and threat analysis and acted as security consultant in various MNCs.
Anthony has worked with researchers to convey talks about Chinese malware and Internet Censorship in Blackhat 2010 and DEFCON 18. His interest falls on studying exploit, reverse engineering, analyse threat and join CTFs, it would be nice to keep going and boost this China-made security wind in malware analysis and advanced persistent threat areas.
He has found VXRL (Valkyrie-X Security Research Group) in Hong Kong and keep themselves to connect to and work with various prominent and respectable hackers and researchers. (Anthony Lai Twitter:: anthonation / Facebook: Anthony Lai)
Benson Wu focuses research on detect and counter advanced persistent threat, code review, secure coding and SDLC process implementation.
He graduated from National Taiwan University with PhD in Electrical Engineering and National Chiao-Tung University with MS in Computer Science; and held ECSP, CEI, CSSLP certifications. Currently, he is with Xecure Lab as Lead Security Researcher, and Research Center for Information Technology Innovation, Academia Sinica as Postdoctoral.
He had spoken at NIST SATE 2009, DEFCON 18 (with Birdman), OWASP China 2010, BoT (Botnets in Taiwan) 2011, HIT (Hacks in Taiwan) 2011, and wrote the "Web Application Security Guideline" for the Taiwan government since year 2007.
Jeremy Chiu (aka Birdman) has more than ten years of experience with host-based security, focusing on kernel technologies for both the Win32 and Linux platforms.
In early 2001 he created Taiwan's first widespread trojan BirdSPY. And now, he is also a contract trainer for law enforcements, intelligence organizations, and conferences such as DEFCON 18 19, SySCAN (09 08), Hacks in Taiwan (07 06 05), HTICA(06 08) and OWASP Asia (08 07).
In 2005, Jeremy founded X-Solve Inc. and successfully developed forensics and anti-malware products. In July 2007, X-Solve was acquired by Armorize Technologies. In Oct 2010, he left Armorize and created a new research team, Xecure-Lab.
Chip & PIN is Definitely Broken: Protocol and Physical Analysis of EMV POS Devices
by Andrea Barisani & Daniele Bianco
The EMV global standard for electronic payments is widely used for inter-operation between chip equipped credit/debit cards, Point of Sales devices and ATMs. Following the trail of the serious vulnerabilities published by Murdoch and Drimer’s team at Cambridge University regarding the usage of stolen cards, we explore the feasibility of skimming and cloning in the context of POS usage. We will analyze in detail EMV flaws in PIN protection and illustrate skimming prototypes that can be covertly used to harvest credit card information as well as PIN numbers regardless the type/configuration of the card. Our updated research also explores in depth the design, implementation and effectiveness of tamper proof sensors in modern and widely used POS terminals, illustrating different techniques for bypass and physical compromise. As usual cool gear and videos are going to be featured in order to maximize the presentation.
Andrea Barisani is a security researcher and consultant. His professional career began 10 years ago but all really started when a Commodore-64 first arrived in his home when he was 10. Now, 18 years later, Andrea is having fun with large-scale IDS/Firewalls deployment and administration, forensic analysis, vulnerability assessment, penetration testing, security training and his Open Source projects. He eventually found that system and security administration are the only effective way to express his need for paranoia.
Being an active member of the international Open Source and security community he’s maintainer/author of the tenshi, ftester projects as well as the founder and project coordinator of the oCERT effort, the Open Source Computer Emergency Reponse Team. He has been involved in the Gentoo project, being a member of the Gentoo Security and Infrastructure Teams, and the Open Source Security Testing Methodology Manual, becoming an ISECOM Core Team member. Outside the community he has been a security consultant for Italian firms and he’s now the co-founder and Chief Security Engineer of Inverse Path Ltd.
He has been a speaker and trainer at PacSec, CanSecWest, BlackHat and DefCon conferences among many others, speaking about TEMPEST attacks, SatNav hacking, 0-days, LDAP and other pretty things.
Daniele Bianco began his professional career during his early years at university as system administrator and IT consultant for several scientific organizations.
His interest for centralized management and software integration in Open Source environments has focused his work on design and development of suitable R&D infrastructure.
One of his hobbies has always been playing with hardware and electronic devices. At the time being he is the resident Hardware Hacker for international consultancy Inverse Path where his research work focuses on embedded systems security, electronic devices protection and tamperproofing techniques.
He presented at many IT security events and his works have been quoted by numerous popular media.
The Story Behind The Story of "Cyber Crime"
by Daiki Fukumori
The book "Cyber Crime" covered enough Cyber Crime at all? My session will cover following "The Behind The Story of Cyber Crime" - Is Russia really the top countries for Cyber Crime? - Is China currently playing major Cyber Crime? - Is Japan's countermeasure against Cyber Crime still behind?
Daiki Fukumori began his career as an engineer specialized in IDS, IRT, and Web application security. He also started his extensive investigation behind Cyber Crime beyond malware analysis. He has addressed distinctive security-related conferences such as RSA CONFERENCE JAPAN, POC(Korea), Security Solution, Shibuya.pm, AVTOKYO, and supervised the book "Cyber Crime" (original title: "Fatal System Error" by Joseph Menn).
How can we safely use Facebook?
by Eiichi Moriya
Facebook contains a significant amount of information; real names, personal history, family structure etc. However, making a mistake configuring your profile could result in privacy violations or your personal information being leaked. For that reason, I will explain how to use Facebook safely while describing some stories of failure.
This talk is recommended for:
People who fear personal information being leaked from Facebook
People interested in Facebook's security measures
People who just started using Facebook
Eiichi Moriya: In 2001 he joined Internet Security Systems; for ten years he was the head of their Security Operations Center. Here he conducted monitoring using IPS/FWs as well as handled incident response for enterprise companies. Starting in 2011, he has been in charge of handling internal security incidents and ISMS internal audits.
His specialties include research as it relates to; computer security, incident response, investigating international security trends etc.
Outside Activities: Member of Information Technology Promotion Agency's (IPA) 2011 "Threats and Counter Measures" Study Group, member of National Information Security Center's 2010 "Analyzing Virus Behaviour" study, member of IPA's "Top 10 Threats" study and member of Cyber Clean Center's "Bot/Virus Research Survey" group.
Written Articles: Nikkei ITPro's "Security Check of the Week" as well as contributed to Nikkei's Personal Computer Online site.
SQL Injection from Past to Now
SQL Injection is a problem in Web Security for more than 10 years. But people or scripting kids use the same way or use automatic tools to attack websites. My topic is major in MySQL, especially in
some tricks in SQL Injection which are less well known for people. In my presentation, part-1 is introduction of some tricks on obtaining data in SQL Injection. It is a better way in some situations which only Blind Injection allowed. Part-2 is introduction of how to exploit MySQL triggers. It perform an injection that contains multiple SQL sentence, such as UPDATE, INSERT, even a system command.
Cheng-Da Tsai (aka Orange) is a security research assistant in Net-Hack (http://www.net-hack.com) Vulnerability Research LAB and a college student. Also a member of CHROOT security group in Taiwan. Major in Web Security and Windows Vulnerability Exploitation research.
Enjoy interesting things such as Penetration Test, Web application security, Reversing and Fuzzing.
Want to know more about me? Visit http://about.me/Orange.tw.
Privacy in Sensor Data
by Yuichi HATTORI (Eidwinds)
In these days, as smartphones get popular, GPS, accelerometer, and gyro also became easy to use for us because we can get sensor data easily today. Smartphone's application with sensors are very useful as you know. and, what do we know from these sensor data? In this presentation, we will present owner's actions which sensor data shows.
Yuichi HATTORI is Ph.D. candidate at Kyushu Institute of Technology, Japan. His research interests include human activity recognition with smart phones, healthcare application of web/pervasive/ubiquitous systems. He is a participant of Security Camp 2006, a tutor of Security & Programming Camp 2011, and the leader of Security Steel(http://www.security-steel.net/). His Twitter ID is @Eidwinds.
PART1: Sleephacking: how to optimize your sleep for CTF games
by Benny K.
Humans are the only creatures that have adapted a mono-phasic sleeping cycle. Humans used to have a multi-phasic sleep pattern as well. People try to compensate their busy lives by sleeping less and compensating with caffeine. This presentation will talk about how sleep works and the different types of multi-phasic sleeping cycles plus other sleephacks and their benefits. Useful for CTF players (Capture the Flag) players on how to improve their concentration and performance and learn to balancing time and sleep during a competition.
PART2: Hitchhikers' guide to honeypots
by Benny K.
Honeypots are a great way to capture malware. This talk will talk about some of the great tools of the Honeynetproject and how to run a sensor in a cloud environment. We will discuss what you can do with the captured malware and how to contribute to a safer internet. Last but not least, a few words about the new Honeynet Japan Chapter.
Benny K. has been working in IT security for 10 years and recently moved to Tokyo. He is a co-founder of BruCON, a Belgian security conference and frequents hacker conferences and hackerspaces around the world. He believes in building bridges in the security and hacker community and is a Twitter addict. You can find him online under @security4all
Itaru Kamiya: After joining NTT Software Laboratories, he engaged in the preparation of development standard, package development of social media and 3D image distribution, while he was on loan to one of the group company. After that, he became a member of NTT-CERT in 2008. AT CSIRT operation, he engaged in the vulnerability information distribution and contact point to other organizations. Representative of NTT-CERT at present.
Machine learning with "Moe"
by Kenji Aiko
I'll do the presentation that can computer understand about "Moe" using Machine learning.
What's "Moe"? Look at http://en.wikipedia.org/wiki/Mo%C3%A9
Security Engineer. Admin of http://ruffnex.oc.to/kenji/
Panel 1: Anonymous and APT, How did we get this?
by Takuji Kitagawa & Masafumi Negishi
Enigmatic group and organization are wriggling in the modern network society. The new type of activities that can not ever be applied, might have shaken the traditional media for their concept of values. And the word "APT" now has wings. Is "Stunxnet" really APT?
In this session, Masashi Negishi and Takuji Kitagawa, very known as security incident watcher, will talk about chaotic Internet social situation, incidents, and any security news report.
Takuji Kitagawa : Vulnerability Analyst at SOC. Besides of work, watching world security information.
Masafumi Negishi : A member of Nanorymous known as the anonymous watcher. Fighting with the rumor "Negishi is wearing a mask" always.
PANEL 2: An In Depth Discussion on Developers and Browsers
by Amachang & Hoshikuzu & Hasegawa
Creating secure web applications is an endless battle between developers and the Browser. To what extent must developers know about every Web Browser's idiosyncracies? With attackers who are highly skilled and hold in depth knowledge of the Browsers and how to abuse them, is it really possible for developers to protect their applications without being experts in every browsers' quirks or idiosyncracies? In this session we will be discussing what we can do now for securing web applications; with developer's who are working the front lines Amachang and the famous Hoshikuzu and Hasegawa.
Hoshikuzu : The general user who is trying to check the safety of his favorite web browsers and web services within his control. He says that he cannot become a hacker or a cracke, either
Yosuke Hasegawa :
NetAgent Co.,Ltd. R&D dept.
Secure Sky Technology Inc. technical adviser
Drive Forward the Domestic Security
by AIDO & Manaka
Focusing attention to the industry where the highest security is required, and investigating it eight years with my original methods, I reached one answer that should drive forward the domestic security.
AIDO studies at Towano High School enjoying fulfilling life. This is presented by me and my pure lover Manaka.
Backdoor found by "eye"grep
In this presentation, some wireless AP backdoor has been found around 2005 is introduced with demo and how it is been found.
murachue is commnly known as the "eye"grep man. A member of Team Sutegoma2, and he is strong at forensics.
Android Application Obfuscation
by Yoshitaka Kato
In recent years more and more applications in the Android Market are being subjected to obfuscation techniques. This most likely means more and more companies are using these obfuscation tools during their development of Android applications. However, we must deal with the code these tools produce as well as reverse engineer them to an effective degree, even if we may not know or be familiar with them. In this talk I will discuss a tool called Proguard and it's obfuscation methods and effectiveness for obfuscating Android applications.
Yoshitaka Kato: Has worked on a wide range of jobs as a Security Analyst on anything from web and smart phone application assessments to binary analysis. He is currently aiming for a position as a "security business' oxidized silver" and "master of communication."
Differences of the TSC behavior between The Virtual Machine and The Real Machine
There is many differences between the virtual machine environment on virtual machine monitor(VMM) and the real machine, even though these environments looks same.
These differences is caused by many factors including the differences of CPUs, VMM implementations, and so on.
In this presentation, I show differences of the Time Stamp Counter(TSC) behavior on the VMM and the real machine, and make demonstration to use these differences.
Dr. wakatono is one of researchers in an IT systems company. His private works and results are more than those of his company work. He has been interested in the security of OS or a network. And he started to research security technology about client computers and virtual machine monitors in early days, when many of engineers had been interested in server computers and networks. In Mar. 2011, he graduated some institute in Japan, and received degree of Ph.D. in Informatics. Twitter ID: @wakatono Website of my profile and works: http://www.pfsec.net/ (sorry in Japanese)
Android Phone Security
by Hideaki Kawabata
In 2011, Android malware as well as personal information being leaked or stolen has become more active and as such has attracted a lot of attention.
In this presentation, I will explain malware infections, personal information leakage and the differences of these issues on the Android, feature phone and desktop PC platforms.
Additionally, using demonstrations I will introduce methods of defending against android attacks as well as examine safe use of Android systems.
Kawabata is part of KDDI's research labs involved with security research. Primarily he performs research on smartphone's new security models and analyzes android malware. He was awarded for his excellent thesis at the Computer Security Symposium in 2011. He is a person fond of sweets who loves Starbuck's dark mocha chip cream frappachino.
How to build a CTF dream team for dummies
by Marat Vyshegorodtsev
CTF-like contests are becoming more and more popular games in white hat/student environment. In this presentation I will describe how to build a team of players to get high rankings in the international competitions.
necessary programming tools used in CTF games
essential knowledge and skills required by a team player in particular
the way to communicate inside of the team during the preparation and the play
and the way how to win “Russian roulette WAF triggering contest” aka “Nalivayka”
Marat Vyshegorodtsev (aka マラット) has worked in the Russian biggest security consulting company as a pentester and security analyst doing some project he could never tell to anyone ^_^. After coming to Japan to get his masters at the University of Tokyo Marat has started to work for Rakuten Computer Emergency Response Team. His research is focused on DNS architectural security issues. Also, Marat has more than 6 years of CTF playing experience. In 2011 within the team "IV" he took 4th place at the famous DEFCON 19 CTF. Twitter: @touzoku, Blog: maratto.blogspot.com
AVTOKYO CTF Project repots
Back in AVTOKYO2008, our CTF group "Team sutegoma2" which was born from AVTOKYO, set a goal for "Going to DefCon CTF Final stage from Japan". After that, we have been participating any international CTF contests all over the world for about three years. Then this year, finally we accomplished our goal!
In this session, I will talk about our team results and missions for future.
tessy：Leader of AVTOKYO, Team sutegoma2, and Team T-dori.
A Primer On Last Branch Recording
by Ryan MacArthur
I will introduce the audience to tracing execution on x86 through Debug MSR's (Last branch recording), Go from single stepping to basic block jumping like a pro!
Ryan MacArthur: Neophyte security researcher who has a penchant for booze. Tinkerer that has spiralled down into the kernel. Visionary Street Fighter IV player. I've no impressive list of CVE's and no string of acronyms after my name. Mere dwarf standing on the shoulders of giants. I've researched automated malware analysis while getting my masters in security informatics from Johns Hopkins. I then joined Symantec as a malware analyst where I reverse engineered malware and file formats to aid in detection of exploits. After that I joined iSIGHT Partners Lab to build/break things for our customers.