More speakers will be up on later!!!
APT DNA Clustering and Defense Kungfu
by Anthony LAI & Benson Wu & Birdman
We are always busy with malware analysis, simply close our door and work on deep reverse engineering and behavior analysis, however, does the analyst know the enterprise/organization suffering from APT (Advanced Persistent Threat) or we call "Targeted" attack? We have carried out research against Mila's sample archives to show you our latest APT "gangs" clustering analysis and our engine to decide whether the attachment is an APT and application about digging them out from the mailbox instead of depending on those "built-in" anti-virus engine. If you believe Anti-virus software could save you from this threat, please come and join our session, dudes.
Chip & PIN is Definitely Broken: Protocol and Physical Analysis of EMV POS Devices
by Andrea Barisani & Daniele Bianco
The EMV global standard for electronic payments is widely used for inter-operation between chip equipped credit/debit cards, Point of Sales devices and ATMs. Following the trail of the serious vulnerabilities published by Murdoch and Drimer’s team at Cambridge University regarding the usage of stolen cards, we explore the feasibility of skimming and cloning in the context of POS usage. We will analyze in detail EMV flaws in PIN protection and illustrate skimming prototypes that can be covertly used to harvest credit card information as well as PIN numbers regardless the type/configuration of the card. Our updated research also explores in depth the design, implementation and effectiveness of tamper proof sensors in modern and widely used POS terminals, illustrating different techniques for bypass and physical compromise. As usual cool gear and videos are going to be featured in order to maximize the presentation.
The Story Behind The Story of "Cyber Crime"
by Daiki Fukumori
The book "Cyber Crime" covered enough Cyber Crime at all? My session will cover following "The Behind The Story of Cyber Crime" - Is Russia really the top countries for Cyber Crime? - Is China currently playing major Cyber Crime? - Is Japan's countermeasure against Cyber Crime still behind?
How can we safely use Facebook?
by Eiichi Moriya
Facebook contains a significant amount of information; real names, personal history, family structure etc. However, making a mistake configuring your profile could result in privacy violations or your personal information being leaked. For that reason, I will explain how to use Facebook safely while describing some stories of failure.
This talk is recommended for:
People who fear personal information being leaked from Facebook
People interested in Facebook's security measures
People who just started using Facebook
SQL Injection from Past to Now
SQL Injection is a problem in Web Security for more than 10 years. But people or scripting kids use the same way or use automatic tools to attack websites. My topic is major in MySQL, especially in
some tricks in SQL Injection which are less well known for people. In my presentation, part-1 is introduction of some tricks on obtaining data in SQL Injection. It is a better way in some situations which only Blind Injection allowed. Part-2 is introduction of how to exploit MySQL triggers. It perform an injection that contains multiple SQL sentence, such as UPDATE, INSERT, even a system command.
Privacy in Sensor Data
by Yuichi HATTORI (Eidwinds)
In these days, as smartphones get popular, GPS, accelerometer, and gyro also became easy to use for us because we can get sensor data easily today. Smartphone's application with sensors are very useful as you know. and, what do we know from these sensor data? In this presentation, we will present owner's actions which sensor data shows.
PART1: Sleephacking: how to optimize your sleep for CTF games
by Benny K.
Humans are the only creatures that have adapted a mono-phasic sleeping cycle. Humans used to have a multi-phasic sleep pattern as well. People try to compensate their busy lives by sleeping less and compensating with caffeine. This presentation will talk about how sleep works and the different types of multi-phasic sleeping cycles plus other sleephacks and their benefits. Useful for CTF players (Capture the Flag) players on how to improve their concentration and performance and learn to balancing time and sleep during a competition.
PART2: Hitchhikers' guide to honeypots
by Benny K.
Honeypots are a great way to capture malware. This talk will talk about some of the great tools of the Honeynetproject and how to run a sensor in a cloud environment. We will discuss what you can do with the captured malware and how to contribute to a safer internet. Last but not least, a few words about the new Honeynet Japan Chapter.
Machine learning with "Moe"
by Kenji Aiko
I'll do the presentation that can computer understand about "Moe" using Machine learning.
What's "Moe"? Look at http://en.wikipedia.org/wiki/Mo%C3%A9
Panel 1: Anonymous and APT, How did we get this?
by Takuji Kitagawa & Masafumi Negishi
Enigmatic group and organization are wriggling in the modern network society. The new type of activities that can not ever be applied, might have shaken the traditional media for their concept of values. And the word "APT" now has wings. Is "Stunxnet" really APT?
In this session, Masashi Negishi and Takuji Kitagawa, very known as security incident watcher, will talk about chaotic Internet social situation, incidents, and any security news report.
PANEL 2: An In Depth Discussion on Developers and Browsers
by Amachang & Hoshikuzu & Hasegawa
Creating secure web applications is an endless battle between developers and the Browser. To what extent must developers know about every Web Browser's idiosyncracies? With attackers who are highly skilled and hold in depth knowledge of the Browsers and how to abuse them, is it really possible for developers to protect their applications without being experts in every browsers' quirks or idiosyncracies? In this session we will be discussing what we can do now for securing web applications; with developer's who are working the front lines Amachang and the famous Hoshikuzu and Hasegawa.
Drive Forward the Domestic Security
by AIDO & Manaka
Focusing attention to the industry where the highest security is required, and investigating it eight years with my original methods, I reached one answer that should drive forward the domestic security.
Backdoor found by "eye"grep
In this presentation, some wireless AP backdoor has been found around 2005 is introduced with demo and how it is been found.
Android Application Obfuscation
by Yoshitaka Kato
In recent years more and more applications in the Android Market are being subjected to obfuscation techniques. This most likely means more and more companies are using these obfuscation tools during their development of Android applications. However, we must deal with the code these tools produce as well as reverse engineer them to an effective degree, even if we may not know or be familiar with them. In this talk I will discuss a tool called Proguard and it's obfuscation methods and effectiveness for obfuscating Android applications.
Differences of the TSC behavior between The Virtual Machine and The Real Machine
There is many differences between the virtual machine environment on virtual machine monitor(VMM) and the real machine, even though these environments looks same.
These differences is caused by many factors including the differences of CPUs, VMM implementations, and so on.
In this presentation, I show differences of the Time Stamp Counter(TSC) behavior on the VMM and the real machine, and make demonstration to use these differences.
Android Phone Security
by Hideaki Kawabata
In 2011, Android malware as well as personal information being leaked or stolen has become more active and as such has attracted a lot of attention.
In this presentation, I will explain malware infections, personal information leakage and the differences of these issues on the Android, feature phone and desktop PC platforms.
Additionally, using demonstrations I will introduce methods of defending against android attacks as well as examine safe use of Android systems.
How to build a CTF dream team for dummies
by Marat Vyshegorodtsev
CTF-like contests are becoming more and more popular games in white hat/student environment. In this presentation I will describe how to build a team of players to get high rankings in the international competitions.
necessary programming tools used in CTF games
essential knowledge and skills required by a team player in particular
the way to communicate inside of the team during the preparation and the play
and the way how to win “Russian roulette WAF triggering contest” aka “Nalivayka”
AVTOKYO CTF Project repots
Back in AVTOKYO2008, our CTF group "Team sutegoma2" which was born from AVTOKYO, set a goal for "Going to DefCon CTF Final stage from Japan". After that, we have been participating any international CTF contests all over the world for about three years. Then this year, finally we accomplished our goal!
In this session, I will talk about our team results and missions for future.
A Primer On Last Branch Recording
by Ryan MacArthur
I will introduce the audience to tracing execution on x86 through Debug MSR's (Last branch recording), Go from single stepping to basic block jumping like a pro!