Event
1. HIVE by Emilio and bbr_bbq
We bring back HIVE for you to present and demonstrate security tools
This will give you the opportunity to share your work and gain feedback from the audience
// HIVE Schedule
15:30 - 16:00
Mr Rabbit
Title : P.A.K.U.R.I
"Penetration test Achive Knowledge Unite Rapid Interface"
Lang : Japanese
Overview :
Tools from over 300 tools installed in the penetration test Linux distribution called Kali Linux, OSS published on the Internet, and the standpoint of an active pen tester. A virtual environment based on the concept of “Everyone can do it easily.”
- Use OSS effectively to automate attack that can be automated to reduce manual errors
- Use Faraday to visualize the current situation and improve work efficiency as a team
- The front end can be operated only with the numeric keypad, improving operability
16:10 - 16:40
Yoshinori Matsumoto (@ym405nm)
Title : Hackl33t fighters II For WordPress
Lang : Japanese
Overview :
An open-source CTF-like security experience game specializing in WordPress. Each environment can be started easily with Docker Compose. Security engineers and WordPress administrators/developers can easily experience security and realize safer WordPress operations.
17:00 - 17:50
Isao Takaesu (@bbr_bbq) & Daiki Ichinose (@mahoyaya)
Title : 8vana
"The visualization tool of security incidents like retro games"
Lang : Japanese
Overview :
We have developed a tool “8vana” to “visualize security incidents in real-time like a retro game”. 8vana realizes "user-friendly UI" and "operable even with low specs" by making the UI and engine a retro game style based on the concept of "incident visualization tool to go to see", and "publish as OSS" So, we have made many ideas that anyone can use easily. We aim to make 8vana available to many people around the world, broaden the scope of incident response, and contribute as much as possible to incident handling in the world.
18:00 - 18:30
El Kentaro (@elkentaro)
Title : El Kentaro Stuff
Lang : Japanese/English
Overview : Kentaro will bring his gadgets to show!
18:40 - 19:30
Emilio (@ekio_jp)
Title : CIRCO
「Cisco Implant Raspberry Controlled Operations」
Lang : English
Overview :
Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in a stealth mode. Using a low-profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection from IDS/IPS or monitoring systems. This tool gathers information and use a combination of honeypots to trick Automation Systems to give us their network credentials! We will build a physical network & infrastructure lab to show how CIRCO works (live demo)
19:40 - 19:45
HIVE Kanpai and Group Photo
19:55 - 20:00
HIVE HIVE Lottery in the AVTOKYO Closing at the Main Stage
2. Ghidra Workshop by Allsafe (pinksawtooth, tkmru, rn0ch4, er28-0652)
Which do you think is stronger, Shield or Spear?
We can show you how to use Ghidra to analyze vulnerabilities and malware.
After this workshop, you'll be able to use Ghidra like NSA agents.
Training Time: around 2 hours
Outline:
- Introduction to Ghidra
- Can You BlueKeep A Secret? (Patch Analysis of BlueKeep)
- NSA vs NSA (Patch Analysis of MS17-010, and analysis of EternalBlue/DoublePulsar)
Requirements:
- Laptop with Ghidra (you can download it from https://ghidra-sre.org/)
References:
- Ghidra Official Document (https://github.com/NationalSecurityAgency/ghidra/tree/master/GhidraDocs/GhidraClass)
- Ghidra Pro Book (https://allsafe.booth.pm/items/1575255)
Time : 16:00-17:00 and 17:30-18:30(120 min)
Area : DIAMOND
3. nao_sec tools by pinksawtooth, nomuken and kkrnt
Introduction of tools for security analyst developed by the security research team "nao_sec". In addition to a demonstration of the tool, you may be able to bihind-the-scenes story that off the record.
Time : 15:00-15:30(30 min)
Area : DIAMOND
4. Open xINT CTF by Team pinja
It's time to exercise your OSINT skills! Probe onsite/Internet/SNS for clues, gather the intel, follow the leads, until you find ""the answer"". Have you ever wanted to be James Bond? Well, here's your chance.
Eligible for: AVTOKYO attendees
Competition Time: throughout the event till 19:30
Registration: booth onsite (one-player game)
Event Details: http://xintctf.wpblog.jp/
twitter: @pinja_xyz
5. Energy Drink Exchange by Team pinja
Let's exchange energy drinks! Bring one, and you can trade it with what we have on stock:
Ojo-sama Seisui, Awa-rise, some Akiba enegry drinks, and whatever exchanged by the attendees
RedBull and Monster Energy are not accepted. Something not sold in Japan, limited-time-only products, local items are welcome! Share your reviews on Twitter, Instagram, Facebook, etc. with #PinjaEnergyDrinkExchange
All the energy drinks collected will be presented to xINT CTF players after we announce the scores in the closing ceremony. First-come, first-served.
Competition Time: throughout the event till 19:30
Registration: booth onsite
6. Fun Badge Hack! by Low Level Study
We sell original electronic badges. Soldering at the booth can challenge assembly! Enjoy Enigma cryptography and USB keyboard making with logger with a badge equipped with a physical keyboard!
Competition Time: throughout the event
Registration: booth onsite
7. Hardware soldering village by Hackerware.io
How do we take "No Drink, No Hack" to next level?
Come to solder an innovative badge that celebrates the AVTokyo culture.
Its a easy beginner level soldering for everyone and anyone who want to learn soldering. Its time to put on all the badges and be the hardware soldering ninja. Let's make them all blink!
Registration: booth onsite
Competition Time: throughout the event
Event Details: http://Hackerware.io/
twitter: Twitter.com/TweetsFromPanda