/* No speaking simultaneous interpretation is available , however, we try to show the slides in both english & japanese as much as we can. */

/* [en] means English speaker, [ja] means Japanese speaker. */

[en] China is a victim, too :-)

Anthony LAI ,Zetta KE

China is always taken as an attacker to attack others, let us take a look who is attacking China, what kind of attacks China is suffering from and the possible reason, moreover, we would like to take APT research report published from other famous agency how they "deduce" the attacks from China, commenting on their "logic".

In addition, we have got Knownsec to provide captured and identified Web attack data to VXRL for analysis, hopefully, we could get a much more clearer picture.

Of course, we got a hidden agenda as well.

It would be a fun session and let us enjoy it..

Anthony LAI :

Researcher, Valkyrie-X Security Research Group (VXRL)

Anthony Lai who has hybrid experience in application development, code security, penetration test, threat analysis and audit areas for 14 years. He has done vulnerability assessment, penetration, IT audit and training for government and various corporates. He is now a lead consultant and threat advisor of several MNCs. He acts as a researcher in Xecure Lab and Knownsec for APT research and Web security respectively.

Anthony has spoken in Blackhat USA 2010, DEFCON 18-20, AVTokyo 2011-2012, HITCON 2010-2011 as well as Codegate 2011. He has set up a security research group called VXRL (www.vxrl.org) in Hong Kong, which connects various whitehats and security researchers.

Zetta KE :

Researcher, Valkyrie-X Security Research Group (VXRL)

Zetta is a PhD student in Information Security area in HKUST. He has given Web security workshops in university and spoken at VXCON and OWASP (Hong Kong Chapter). Zetta is one of the core CTF and MVP players in VXRL. His interest is on Web Hacking and Cryptography.

[en] Wanna stop a botnet that distributing malware as service? Drag its botherder into the law..

Hendrik ADRIAN

Secret :)

Hendrik ADRIAN :

day work:

K-Series Security Filter Appliance Maker: K-PROX & K-SHIELD

KLJTECH.Co.ltd./CEO http://www.kljtech.com


Security Research:

(International)MalwareMustDie, NPO Anti CyberCrime Research Group

www.malwaremustdie.org / Founder & team leader.

Web http://malwaremustdie.org

Research blog: http://malwaremustdie.blogspot.com

Wiki & Code: http://code.google.com/p/malwaremustdie/

Report Pastes: http://pastebin.com/u/MalwareMustDie

(Japan) 0day.jp

Japan Specific Malvertisement Research & Incident/Response

Analysis: http://blog.0day.jp

[ja] Dynamic Analysis and Visualization Techniques of Malware

Masaki Katayama

In recent years, We need to use dynamic analysis for analysis of malware such as drive-by-download. I will introduce the simple dynamic analytical technique. Also I will demonstrate for the actual process..

Masaki Katayama :

Asgent, Inc. Security Plus Lab Executive researcher


Than two years ago, articles posted on various media.

I'm researching malware and malware analysis technic of simplification and visualization.

[ja] That's weird! Many security measures have few effect in Japan. --Light & Shadow--


Security measures have negative sides to sacrifice huge costs and convenience.

But, huge costs does not make any effect, and inconvenience do not mean secured.

I will explain the light and the shadow of those measures.

AIDO&Manaka :

My love broke through the wall between dimensions!

I successfully took my girlfriend out from the virtual game world.

Let us explain the security measures with maaaaaximum love!

[ja] Smartphone game vulnerabilities and cheats, and countermeasures

Seo Seunghyun

With a spread of smartphone, smartphone games grow in use and popularity. But these also has security risks. Let think about tricks and countermeasures thought popular smartphone game vulnerabilities and cheat cases.

Seo Seunghyun :

At 2002 he started his security career in Korea HackersLab .

At 2008 came to Japan, he worked as a security researcher at NHN Japan(currently LINE co.ltd).

Now he is researching about game security in social network company.

[ja] XSS on porn websites


I will talk about XSS situation and struggling of fixing it on major porn websites..

ma.la :

ma.la is a programmer working in Shibuya Hikarie.

He has found and reported much vulnerability in well-known web sites.

(This talk is personal work, has nothing to do with my organization)

[ja] a Data broadcasting that (may be) fun (provisional)


This talk shows backside of data broadcasting on digital terrestrial TV broadcasting.

Fun depends on the person..

murachue :

I am a Hexarian(?), like a Binarian. It seems I am famous at Eye-grepping.

[ja] I wanna be a bug bounty hunter

Yuji Tounai

The talk is Bug Bounty circumstances that have raised at 2013.

And the detail of vulnerability that we got a reward..

Yuji Tounai :

Former Editor/Writer in "Hacker Japan"magazine and Get bug bounty

rewords from Google,Mixi,and Yahoo!.

[ja] wabi-sabi Assembla Tanka

Hiroaki Sakai,Yoshinori Takesako,Kneji Aiko,Kazuki Matsuda,Takeyasu Sakai

"Assembler Tanka" is the neo-futuristic cultural hobby of writing programs made by 31 byte (5+7+5+7+7 total 31) machine code.

In this session we invite Hiroaki Sakai(the founder of Assembler Tanka), and show you Japanese wabi-sabi culture of tanka and technique of reading assembler.

We introduce of each school tanka and various assembler technique

Kenji Aiko(ShinShicho-school):New realism to seek a new generation tanka

Kazuki Matsuda(Myojo-school):Romanticism not worry about tradition of ancient times, seek artistic

Takeyasu Sakai,Yoshinori Takesako(Araragi-school):Realism to full use stark instruction.

Hiroaki Sakai :


Founder of Assembler Tanka(Shirakaba-school)

Normaly he works for embedded processor, not familiar with x86.

This chance makes him know maniac code as ”cdq”.

My smash hit is Quine on Assembler tanka.

My favorite instruction is “xchg” it seems useful for tanka.

He keep trying to make new idea by using assembler.

Kenji Aiko:


Assembler Tanka poet(ShinShicho-school)

Developper of Assembler Tanka on Javascript.

Normaly work is security research and developing products.

Only familiar with x86 not good at other processors.

He says “seeing" Assembler Tanka is fun, but real fun time is “making" Assembler Tanka.

Kazuki Matsuda :


Extream Assembler Tanka poet(Myojyo-school)

Normaly he uses x86 and ARM. In the past few years, he was interested in retro machine and 8bit CPU.

Accidentally he got a Atari 2600 clone, he believes “real machine is best”, he has started to collect retro hardwares from auctions.

May he reach to a disabled person? :)

Now he has an eye to developing MegaDemo on retro hardwares.

Takeyasu Sakai :

Asembla Tanka poet(Araragi-school)

His computer life was started from PC-8001 as a child.

In the past time he writes assembler by using assembler, makes on chip microcomputer by original ROM writer.

His speciality is electric navigation, normal work is C language programming for GPS.

Yoshinori Takesako :

Assembler Tanka poet(Araragi-school)

Member of wirting Assembler Tanka by notepad.

His first computer is FM TOWNS(32-bit). Currently he uses 4bit microcomputer of magazine supplement.

He sais his hobby is seeing op-code of CPU.

His favorite is machine code programming by printable words, and pile up character to machine code by meaning.

[ja] Panel Discussion - End of Malware Forensics -

Panelist: Michio Sonoda,Hideaki Ihara,@cci_forensics,Tkashi Matsumoto

TThe technical area called Forensics has already taken root in practical business such as the crime investigation.

But in recent years, in the field of analysis of the malware, a technique to dump memory and to analyze it is becoming important.

Memory forensics is not effective way because of anti-forensics technique is complicated but sophisticated or we cannot answer this fundamental problem "How difference of malware to software?”

Alternatively ,evidence recording device size are increasing,Investigation work become complicated

Why forensics become this situation?

We will discuss about current problem ,posing of challenges, lack of technique and knowledges of forensics.

Michio Sonoda:

Associate professor of Cyber University. SECCON Committee member,Security Camp Committee member, Researcher of IPA, Researcher of JNSA.

He is interested in anti-forensics area since early days.

Hideaki Ihara :

Forensic investigation becomes complexity, he is currently ant-forensics clique, he often battles to Takashi Matumoto by negative comments.

Main work is supporting litigation using legal technology of U.S. lawsuit.

@cci_forensics :

Works at ISP, main work is supporting for security incident (Forensics analysis, malware analysis) especially malware infected case.

He talks some presentations of anti-forensics at such as conferences, Black Hat USA/Europe, SANS Digital Forensics and Incident Response Summit, The Computer Enterprise and Investigations Conference, FIRST Technical Colloquium, RSA Conference Japan, and provides hands-on training used by original memory forensic tools.

EnCase Certified Examiner.

Takashi Matsumoto:

Forensic evangelist at NetAgent inc. He works making International standard and domestic guidelines, researches next generation Network forensics at University.

[ja] Web Intrusion Detection with Bayesian Network


Bayesian Network is a technology that can be used to make decision. The model is constructed as a network(graph) and probabilities are calculated based on Bayes Theorem. We use Bayesian Network to detect intrusions on HTTP/HTTPS traffic. It is used on the production Web Application Firewall service in Japan.

Kanatoko :

Kanatoko is a CTO at Bitforest Co.,Ltd. Born 1975 in Japan. He have been developing Web Application Firewall for 12 years. He founded SaaS WAF Service on 2009 in Japan and now more than 450 web sites are protected by his WAF. His current interest is data science.

[ja] Malicious Connection Prevention by Faking DNS Response


I hate the attack that uses malicious host like Drive-by-Download.

I Introduce the defense mechanism using DNS fake response (with demonstration, if possible)..

wakatono :

Ph.D in Informatics, Security Camp Committee member, SECCON Committee member(2012,2013), an employee of a company.

Usually, I think the defense mechanism with the view point of attackers..

[ja] Detail of CVE-2013-4787(Master Key Vulnerability), source code and subtle implementation of zip on Android

Masata Nishida

TI will expound on the subject of Android "Master Key Vulnerability" that got a lot of attention in 2013, also explain Android app installation and subtle implementation of zip on Android in that connection.

Masata Nishida :

I belong to SecureBrain Corporation. Rubyist.