/* No speaking simultaneous interpretation is available , however, we try to show the slides in both english & japanese as much as we can. */

/* [en] means English speaker, [ja] means Japanese speaker. */

[ja] "A New Era of CSS Injection"


In the vulnerability testing/ bug bounty activities, I rarely but sometimes see a situation that any css can be successfully inserted (“CSS injection”) while XSS cannot. Due to the expressiveness and limitation of CSS itself, it’s considered more difficult to exploit than XSS. To let people understand the realistic wonders of CSS injection, various methods including CSS recursive import are proposed. Among them, I invented the applied CSS recursive import method that is more efficient, better performance and more convenient, which I named as “quasi-class chain.”

Today I will show you the background of technology and implementation detail.



Ierae security new intrusion staff

[en] "WiFi Analysis with the WiFiCactus and WiFiKraken"

Mike Spicer (d4rkm4tter)

There has never been a better time to scan the wireless around us thanks to the number of internet connected devices and IoT craze. D4rkm4tter created the WiFiCactus and WiFiKraken and will discuss how they are used to capture and analyze large portions of the WiFi spectrum to provide insights, troubleshoot and look for leaking information. He will discuss data captured at hacker conferences throughout the world as well as demonstrate his process for analysis so that anyone can start capturing WiFi on their own.

Mike Spicer (d4rkm4tter):

Mike Spicer (d4rkm4tter) is a mad scientist hacker who likes to meddle with hardware and software. He is particularly obsessed with wireless. He has a degree in computer science from Southern Utah University which he has put to use building and breaking a wide array of systems. These include web application pentesting, wireless monitoring and tracking as well as good old fashioned reverse engineering. He is the creator of the #WiFiCactus and has been seen presenting at conferences around the world. He is a Kismet cultist and active in the wireless and wardriving communities.

[ja] "Find the Right Target: Recent Watering-Hole Attack Case Study and Analysis"

YuehTing Chen

In our presentation, we would like to talk about a recent attack perpetrated against Chinese speaking targets using a Watering-Hole attack. In April 2019, while monitoring a Chinese-targeted Trojan, we began to observe a Chinese news website being used by a Watering-Hole attack. Our presentation would dig deep and describe the infection chain and the actor activities about this recent case. The criminals behind this attack decided to use this site, despite it being banned by the Chinese government, and equipped it with different malicious contents, such as web shells, phishing links and even full-blown malware. This campaign used a custom Trojan, delivered by different exploit files, posing as a normal document. Within the domain analysis, we found out that one of the C2 IPs is used by another ongoing Android mobile malware campaign targeting Chinese speakers that deploys malicious ELF malware inside the APK file. The actor behind those campaigns abused different legitimate Chinese ISPs as C2 servers for his malware including both Windows and Android. Our analysis provides the infection chain of a watering-hole attack and the actor activities to steal information from Chinese speakers. We will dig more deeply to find out the actor and the actor’s purpose.

YuehTing Chen:

Analyst at Fortinet's FortiGuard Labs. Works at Japan but researches security accidents around the world. Graduated from Graduate School of Environment and Information Science of Yokohama University.

[en] "Bug-Bounty-Boosters – Scanning for exploitable vulnerabilities at scale"

Karsten Nohl

This talks bridges the visibility and tool gap between security researchers and corporate vulnerability managers.

Security researchers are typically interested in fully understanding the potential of a few exploits on a global scale. Corporate vuln managers, on the other hand, need to understand the prevalence of thousands of vulnerabilities and hardening gaps for a single company.

The tools used by the two groups are distinctly different: Researchers create tests for specific issues, while corporate teams use comprehensive collections of test cases.

We explain how researchers can leverage open-source tools, tap the community pool of security knowledge, and find a large range of security issues on a global scale.

We then dive into some of the most commonly found issues, that might just earn you a bug bounty reward.

Karsten Nohl:

Karsten is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them. His professional work includes support of Reliance Jio, the fastest growing company in the world.

[ja] "Obfuscation shell technique using Variation Selector"


On this talk, I will explain steganography technique using special Unicode functions.

Some malware use steganography in C2 communication for hiding communication content.

This time, I discovered a new concealment method using Unicode that has never been seen before.

I will explain it ,may it will help you to use in your daily life.


CTF , Shell Technich and Hot spring lover. Crazy guy obfuscating shell technique.

[en] "Intelligence Powered Malware Hunting"

Brandon Levene , Julio Canto

VirusTotal was founded in 2004 as a free service that consisting files and URLs for viruses, worms, trojans and other kinds of malicious content.

Recently the classic VirusTotal service has been improved to "VirusTotal Intelligence (VTI)", has been called the “Google of malware, extracts and indexes sandbox behavior, network information, office macros, PE/ELF/Mach-o binary's imports / exports, authenticode signatures and a myriad of other file properties.

Mr. Brandon Levene (assisted by Mr. Julio Canto) from VirusTotal head quarter will directly explain to us in AVTOKYO about the recent functionalities of VTI integrated in one presentationn of "Intelligence Powered Malware Hunting", that will give you the up-to-date and in-depth explanation of what VTI and VirusTotal Enterprise is all about.

Brandon Levene:

Brandon is the Head of Applied Intelligence (Chronicle) at Google.

He is a blue-teamer, the former SOC Analyst and founding member of multiple Incident Handler, Incident Response, and Threat Research Organizations. Speaker at multiple BSides conferences and other, invite only, blue team events. Multiple threat focused publications. Alphabet Soup: OSCP, GCIH, GCIA, GPEN, GNFA, GCFA, Security+

Julio Canto:

Julio is currently a Senior Software Engineer at Google (involved in Chronicle and Google-X/Moonshot projects). Julio was working from early development of the VT, he was hired to design and develop the original Virus Total core, When VT has been acquired by Google, maintain current AntiVirus scanners and its integration. His crated antivirus updating application keeps elements in VirusTotal up to date. He also developed several tools in the VirusTotal Enterprise.

[ja] "Visualizes vulnerabilities in public container images"

Tomoya AMACHI (@tomoyamachi)

This talk will cover how to detect vulnerabilities in your container

images and how to fix it.

Tomoya AMACHI (@tomoyamachi)

Author of Dockle - Container Image Linter for Security.

And main committer of Trivy and Vuls.

[ja] "Deep Learn the Darkweb"

Yu Arai

In recent years, illegal goods such as illegal drugs, child pornography, guns, cyber attack tools and attack substitution services have been traded on virtual exchanges built on the dark web. This makes it possible for anyone to get these illegal items. In fact, the users of illegal goods trading site were arrested by law enforcement agencies. In this talk, I will explain how to detect illegal goods trading site using machine learning at an early stage.

Yu Arai:

Yu Arai is a malware analyst, and a researcher, working for NTT Data, a Japanese system integration company. He is working as Executive Security Analyst at his company. He is specializing in developing automated malware classifications by using machine learning. He also has a strong enough background in analyzing malware and vulnerability security research. He has over 19 years dedicated to the areas. He is a holder of the CISSP credential.

[en] "Card cloning doesn't have to be hard"

David M. N. Bryan

Many people use low-frequency and hi-frequency cards to control access to their offices, datacenters, and even hardware devices. I’ve created an open source web interface for the Proxmark3-rdv4 hardware that makes it easy for anyone to work with the tools. This could be easily deployed to something like a Raspberry Pi zero, and then any mobile device with a web browser can talk with it, making this a mobile tool for pentesting projects.

I will do a quick overview of the common types of access cards, and how you can easily clone some of these cards or even run brute force attacks against the readers. I will have a demo set up for people to check out the software/hardware and can do some real-time badge cloning in the space after the talk.

David M. N. Bryan:

David M. N. Bryan is an penetration tester with X-Force Red, IBM’s elite security testing team. Responsibilities include establishing standardized tools and processes for our consultants and working with clients on penetration testing projects.

David has well over a decade of experience. From being a defender of security at a top ten banks, to securing the DEF CON network. David has been a participant in the information security community for over two decades. David has been the attacker in many scenarios as a penetration tester covering: ATMs, embedded devices, network, wireless, web applications, and physical security. David has presented at many security conferences including: BlackHat, DEF CON, ToorCon, LayerOne, ToorCamp, BSides Events, AppSecUSA, Etc.