/* No speaking simultaneous interpretation is available to make the participation fee as low as possible, however, we try to show the slides in both english & japanese as much as we can. */

/* [en] means English speaker, [ja] means Japanese speaker. */

[ja] Analyze PLC code used on Stunxnet


Widely-analyzed Stuxnet has not been analyzed in Japan well-enough thus most likely analysis is focused on its earlier stage such as an infection against PC, and there is almost no information regards to an infection against PLCs. As PLC is a primary device to control centrifuges, analyzing an infection code against PLCs is full of Stuxnet essentials.

I will show you how I did for the analysis of PLC code as well as what I have found out.

ucq : Security Engineer AKA "BINARIAN". A member of sutegoma2.

[ja] Anguish of a first year forensic engineer


I have been surprised by that the knowledge that I have been acquired in the security monitoring work could not respond enough to the incidents since I became a forensic engineer this year...

I can not talk the technical stuff since I'm a newbee, but I will explain about my anguish I had experienced this year with some case examples.

amaterasu : A forensic engineer from this year.

[ja] Why don't you have fun?

- Fun of Basic Research and I as a Security Researcher -

Tsukasa #01 (@a4lg_en)

There are many kinds of people in information security industry and I -personally- think the basic research is important in many ways. So, I will talk about the fun of basic research field along with my Black Hat experience. Stay tuned!

Tsukasa #01 (@a4lg_en) : is a security researcher at Fourteenforty Research Institute, Inc. The main research fields are virtualization and mobile security. He has been a speaker at Black Hat USA 2012, Black Hat Abu Dhabi 2011 and PacSec 2010.

[ja] Spears and Shields on Online Game

Seo Seunghyun

While online game is getting more popular in Japan, its risk is also getting higher. So that, it will present how game hackers compromise online games and how we protect these techniques ( for instance, memory search, position hack, speed hack, wall hack ... ) in addition, it will also talk about why chinese hackers attack Japanese online game companies

Seo, Seunghyun : he won in the security CTF named "2nd World Information Security Olympiad" in 2001 as Team Syrinx. After that competition, he started his security career in HackersLab where all Korean hackers got together. He was also interested in game security and transferred to global online game company Webzen and NHN Japan. Now he is working for GREE as a security researcher.

[en] Surprising behaviors in Japanese mobile apps

Anthony Bettini

Mobile apps have changed our every day lives. We see what happens in the app on the small screen, but what happens behind the scenes? In this talk, we will focus on uncovering what happens behind the scenes, particularly on very popular Japanese mobile apps on both Apple iOS and Android. We will examine apps that are primarily popular only in Japan and discuss some very surprising findings.

Anthony Bettini : Anthony Bettini is the CEO and part of the founding team at Appthority, the leader in Mobile App Risk Management solutions and winner of the "Most Innovative Company of the Year" award at the Innovation Sandbox held at the RSA Conference 2012. His professional security experience comes from working for companies like Intel, McAfee, Foundstone, Bindview, and Netect. He specializes in growing early-stage enterprise security companies, innovative security research, and mobile security. Anthony’s presentations have been delivered at such conferences as RSA, FOCUS, NISSC, FIRST, SyScan, InformationWeek 500, and the CARO Workshops. Anthony has published new vulnerabilities found in Microsoft Windows, ISS Scanner, PGP, Symantec ESM, and other popular applications. In addition to contributing to a handful of security books, Anthony was also the technical editor for Hacking Exposed 5th ed., the best-selling computer security book of all time, which has been used in courseware at universities such as MIT, Harvard, and Carnegie Mellon.

[ja] Won't call it APT!!

Norihiko Maeda & Suguru Ishimaru

We're going to introduce about detail of targeted attack for the Defense Industry, HR and HC with real samples.

Norihiko Maeda : Chief Security Evangelist, Information Security Labo, Kaspersky Lab, JAPAN

Engaged in research and enlightenment activities for Internet threats focused on malwares at Kaspersky Lab JAPAN from 2007. Before joining to Kaspersky Lab, working as network/UNIX sever engineer for ISP related company and system integrator.

Suguru Ishimaru : Junior Researcher, Information Security Labo, Kaspersky Lab, JAPAN

Suguru joined Kaspersky Labs as a junior researcher for IT security Lab in 2008. His responsibilities include analyzing malware, research for internet threats and develop some tools for research.

[ja] Malware similarity analysis on binary using approximate string matching

Shirou Maruyama & Shuzo Kashihara & Shingo Orihara & Hiroshi Asakura

We introduce a novel approach to static analysis of malware. We use latest techniques in approximate search on strings to binaries and extract similar modules to evaluate their relationships.

Shirou Maruyama : Research engineer at Preferred Infrastructure, Inc. He received his Ph.D. in Information Science from Kyushu University. His research interests includes design of algorithms and data structures, especially in string data compression and information retrieval.

Shuzo Kashihara (a.k.a. suma) : Software engineer at Preferred Infrastructure, Inc. He had developed packer and code obfuscator before joining Preferred Infrastructure. Now he is interested in application of machine-learning techniques for security.

Shingo Orihara: Researcher at NTT Secure Platform Laboratories. His research interests includes information security, machine learning and natural language processing.

Hiroshi Asakura : Research Engineer at Mikaka Secure Platform Labs. His research interests include data processing, information retrieval, people's behavior.

[ja] Couldn't they understand "porno"?

Kenji Aiko

I tryed to teach computer about "porno" with Machine Learning.

Kenji Aiko :



[ja] Playing with sandbox ---AVTokyo style

Daiki Fukumori

What if hackers like us use malware analysis sandbox such as VirusTotal? Probably, we would gone away from its designated purpose (i.e. malware detection,) and would gone wild instead. In fact, sandbox vendors have already implemented various countermeasures, and there have been fierce battles everywhere between us. I will show you some of the intersting case studies that I've been through, and how to play with sandbox in an AVTokyo ways.

Daiki Fukumori :

Speaker of AVTokyo 2008, 2010 (AVTOKYO meets HackerJapan), 2011

[ja] JavaScript Security from hell


JavaScript is now used for the application development in a wide variety of platforms, we've seen the typical vulnerabilities such as XSS in web sites are now found even on mobiles and the desktop applications. Javascript embeded to outside and the XSS issues in popular libraly will affect a very wide range of websites.

Regarding to the vulnerability cases in the popular applications caused by Javascript and the libraly widely used but not realized vulnerabilities, we'll discuss how to fix these problems and what kind of measurements to mitigate the effect with the actual cases.

And I will talk about the undesireble specifications in browsers and plugins even those have a significant impact but have being left for a long time.

ma.la : Born in Japan in 1982. UI engineers.

He has been actively posting information about how to create web applications with JavaScript from the early days of Ajax. Because he's been working on the web application development and JavaScript, he has a detailed knowledge of security & privacy issues regarding to the web applications and the specifications of browsers. He has reported a large number of vulnerabilities in well-known domestic and international service applications.


[ja] Android Malware Heuristics

Masata Nishida

After analizing the certification used for digital signature in 15,000 Android malwares, I found so many of those malwares were using the same certifications. In this talk, we'll discuss the possibility that we may be able to detect the Android malware heuristically.

Masata Nishida : He works for SecuriBrain Corporation mainly on R&D for the Android anti-malware. Rubyist.

[en] Explaining Geopolitical Cyber Security with Arms Race Theory

Eli Jellenc


Eli Jellenc : iDefense Head of Strategic Analysis and International Cooperation.

Eli Jellenc created and for 5 years developed the International Cyber Intelligence Team at VeriSign-iDefense, during which time the team developed the security industry's first comprehensive cyber risk assessments of over 20 major nations. He has also established iDefense's capability in Europe and originated the team's research program in East Asia. Prior to working with VeriSign, Mr. Jellenc received a Master's in International Relations from Georgetown University and a BA in International Studies and Political Sociology from the University of Mississippi. He worked as a researcher at the Royal Institute of International Affairs (Chatham House) in London and the Center for Defense Information in Washington DC. He has authored articles on the cyber risk environments of Indonesia, Brazil, and Russia in Cybercrime and Security, an Oxford University Press journal, and his current research focuses on the cross-national statistical analysis of cyber threats and on the international governance of cyber security.

[en] DDoS Black Kungfu "Revealed" (Japan edition)

Anthony LAI & Tony Miu & Anan Chung & Kelvin Wong

DDoS is readily an easy way to ransom some money from the site owner or trading companies. Meanwhile, zombies in China are cheap and it is readily an easy way to set up a DDoS "test" business there. However, how could we deal with it? Are those organizations ready and preparing themselves on DDoS defense?

In the first part of presentation, we have carried out a research and studies over some big organizations and firms in Japan and check whether they are vulnerable to DDoS attack. We will show you some stupid and smart case studies.

In the second part, we have provided ideas how to launch DDoS attacks against multiple targets without high resources consumption. If time permits, we could discuss about our proposed defense model.

We believe it would be a fun and comprehensive session and hopefully you guys could enjoy it.

Anthony LAI(aka Darkfloyd) : Anthony focuses on reverse engineering and malware analysis as well as penetration test.

He has spoken in Blackhat USA 2010, DEFCON 18, 19 and 20, AVTokyo 2011, Hack In Taiwan 2010 and 2011 and Codegate 2012.

Recently, he has worked with MT on the DDoS research projects. Meanwhile, he is always studying attacks from mainland China and it would be fun for him to partner with MT in this session.

Tony "MT" Miu : (Senior Researcher, Nexusguard) As one of the pioneers of Nexusguard - who specializes in offering premium anti-ddos mitigation services to high-profile, web-mission critical businesses - Tony "MT" Miu has been at the forefront of the ddos battlefield - monitoring, identifying, mitigating and pre-empting attackers' every move. Over the past years, MT has garnered invaluable experiences and secrets of the trade which has contributed to his successful roles as a leader in VXRL DDoS kungfu and defense model initiatives.

He was spoken at DEFCON 20 with topic DDoS Black and White Kungfu Revealed (DEF CON 20).

Alan Chung(aka Avenir) : (Security Researcher, VXRL) Alan has more than 8 years working experience on Network Security. He currently is working as a Security Consultant for a Professional Service provider. Alan specializes in Firewall, IDS/IPS, network analysis, pen-test, etc. Alan’s research interests are Honeypots, Computer Forensics, Telecommunication etc. He has just spoken at DEFCON 20 for DDoS Black and White Kungfu.

Kelvin Wong(aka Captain) : (Security Researcher, VXRL) Kelvin works in law enforcement over 10 years responsible for digital forensics examination; criminal investigation; research and analysis. He has handled various criminal cases related to hacking, DDoS; network intrusion and cyber crime. He is also one of the authors of Facebook Forensics paper and a co-speaker of DDoS Black and White Kungfu in DEFCON 20.

[en] Social engineering is not dead, long live social engineering!!


UGNazi did it for the lulz. This hactivism group made their name by compromising cloudflare and by redirecting 4chan to their own twitter account amongst other hacks.

But these attacks were not performed by 0-day exploitation. Too much time do we security professionals spend on the technical aspects of security while turning a blind eye to social engineering attacks. We will show that social engineering attacks are still being actively used in the field to compromise networks today!!

This presentation will detail social engineering attacks performed by Cosmo the God (UGNazi), how companies like Amazon and Apple had lacking procedures, how this lead to the cloudflare compromise and how (Japanese) companies can improve their own procedures to not be vulnerable to these attacks.

@security4all : has been working in IT security for 10 years and recently moved to Tokyo. He is a co-founder of BruCON, a Belgian security conference and frequents hacker conferences and hackerspaces around the world. He believes in building bridges in the security and hacker community and is a Twitter addict. You can find him online under @security4all

[en/ja] Panel Discussion - Challenge "CTF operation -

Panelist > Daniele Iamartino & Marat etc.,

Starting from "Security Camp" last year and "SECCON" this year, it seems like CTF in Japan has been finally launched, however, we have yet a tons of things to learn from other countries. CTF Participants are just solving challenges, but the collectives who provide the stage need a tons of jobs of adjusting, operating, making cool challenges, fun game planning. Having Marat from Russia, Daniele from Italy as the panelists, and we are gonna share the CTF experiences in this discussion.

<Panelist 1> Daniele Iamartino : is computer engineering student at Politecnico di Milano, Italy and now exchange student at Doshisha University (Kyoto) for 6 months. His main interests are: network security, network architectures and computer security. He is taking part in CTF competitions since 2009. He is a big fan of free and open source software.

<Panelist 2> Marat : is a member of the Volema security research team. The major areas of expertise: banking applications and networks, credit cards, secure coding, offensive security.

Blog: http://t.co/thCF3y4

CTF Team: More Smoked Leet Chicken

[ja] Panel Discussion - The Eye-grep reloaded -

Panelist > murachue & ucq etc.,

After the sensational debut , "eye-grep" is now a term well know to all. However there seems that some people misunderstand the term and use it to refer to other skills. Although the goal is not to set an absolute in definition or be a fundamentalist in this session,we will revisit the true meaning and show the true "eye-grep" skills by the masters of the skills ,the world class "eye-grep" brothers of Japan.

<Panelist 1> murachue : He is commonly known as the "eye"grep man. A member of Team Sutegoma2. He contributed to the winning of HITB2012 CTF in Malaysia.

<Panelist 2> ucq : Security Engineer AKA "BINARIAN". A member of sutegoma2.

[en] How south korea makes white-hat hackers


South Korea is known for having a well organized and activated info-sec community. For example, we have over 10 information security conferences and 10 hacking contests. And it's somehow surprised that South Korea has over 200 computer security companies.

In this talk, we'll introduce some cases that how the government, army, academy, industry and community are trying to make white-hat hackers. Each of them has a different strategy for that, and they have different goals. We'll cover a variety of cases briefly as this talk has only 30 minuets, but it should be ok for getting a hunch how the country is preparing for the future.

Beist : Beist has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and first focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University.

He has won more than 10 global CTF hacking contests in his country as well as passed DefCon quals 5 times. He has sold his research to major security companies like iDefense and ZDI (Recon ZDI contest). He has run numerous security conferences and hacking contests in Korea. Hunting bugs and exploiting them are his main interest. He does consulting for big companies in Korea and is now a graduate student at CIST IAS LAB, Korea University.