🎉議程介紹文🎉 這次即將將帶大家來看的議程有
✨ Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
✨ Earth Lusca: Revealing a Worldwide Cyberespionage Operation
✨ CRAX++: Modular Exploit Generator using Dynamic Symbolic Execution
✨ Settlers of Netlink: Exploiting a limited kernel UAF on Ubuntu 22.04 to achieve LPE
✨ 關鍵報告 - 網域 AD 的風險量化與防禦策略
—
🔥 趕緊購票一起來參與這場年度盛會 🔥
▌HITCON PEACE 2022
日期:2022.08.19 (五) - 2022.08.20 (六)
地點:南港展覽館 2 館 7 樓
購票連結:https://hitcon.kktix.cc/events/hitcon-peace-2022
—
🎉 We're announcing part 2 of our sessions sneak peek! 🎉
✨ Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
✨ Earth Lusca: Revealing a Worldwide Cyberespionage Operation
✨ CRAX++: Modular Exploit Generator using Dynamic Symbolic Execution
✨ Settlers of Netlink: Exploiting a limited kernel UAF on Ubuntu 22.04 to achieve LPE
✨ Critical Report - Active Directory Risk Quantification and Defense Strategy
—
🔥Book your tickets to join this grand annual event🔥
▌HITCON PEACE 2022
Time:August 19-20 2022
Location:Online/Onsite in Taipei Nangang Exhibition Center, Hall 2, 7F, Taiwan
Ticket:https://hitcon.kktix.cc/events/hitcon-peace-2022
—
主辦單位:經濟部工業局、社團法人台灣駭客協會
執行單位:社團法人台灣駭客協會、工業技術研究院
#HITCON #HITCON2022 #HITCON_PEACE_2022 #HITCON2022_AGENDA
【 HITCON PEACE 2022 Agenda|CyberWeapon: ZeroDay Vulnerability Discovery】
▍Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
2022 最強檔輕議程
❗️《在大學演算法被當的我在 HITCON 講 Hash Table 是否搞錯了什麼?》❗️
議程描述了大學時演算法被死當到二修才過的主角-Orange 🍊,以及全球市占率最高的作業系統 Microsoft Windows 所提供的網路相關服務-IIS (Internet Information Services)。在 25 年前,Microsoft 研發出了「動態雜湊演算法」並且放在每一版的 IIS 裡,為了避免攻擊者們的雜湊碰撞攻擊
在某個風和日麗的午後,一如往常正在挖掘漏洞的 Orange 遇見了 IIS 中的動態雜湊演算法
究竟是 Orange 可以擺脫過去、成功攻破演算法這道高牆?還是 IIS 完美抵禦對於 Hash Table 的攻擊?讓我們在 HITCON PEACE 2022 中一同來見證!
在議程中,Orange 將使用逆向工程深入研究動態雜湊演算法,並透過做出雜湊碰撞、快取污染等高階手法以達成高 CPU 使用率、任意修改 HTTP Response 以及繞過認證的攻擊!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/3ef935a1-74d6-44bf-be62-588845123a84
▍Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS
Microsoft Windows, an operating system with the most market share in the world. A bundled internet service, Internet Information Services (IIS), implemented "HashTable" with a dynamic hashing algorithm to mitigate hash collision attacks. However, did it really work out as intended?
In this session, it will tell stories on journeys of reverse engineering IIS's dynamic hashing algorithm, and finding vulnerabilities such as using hash collision and cache pollution to exhaust computation resources, modifying HTTP Responses, and bypassing authentication.
Link ➡️ https://hitcon.org/2022/sessions/3ef935a1-74d6-44bf-be62-588845123a84
【 HITCON PEACE 2022 Agenda|CyberWar: APT Groups Research】
▍Earth Lusca: Revealing a Worldwide Cyberespionage Operation
APT 攻擊族群 Earth Lusca 攻擊對象鎖定在政府、學術單位、新聞媒體以及 COVID-19 研究單位等對中國具有戰略意義的組織,自 2019 起已經成功針對全球數十個組織進行攻擊
而這份研究,將針對 Earth Lusca 是如何使用 Winnti, ShadowPad 等大家熟悉的惡意程式,偽裝成另一個來自中國的攻擊族群-APT41 進而誤導研究人員,同時也將詳細分析 Earth Lusca 的攻擊結構及 TTP,包含他們用來橫向移動和竊取資料的方法
對於 APT 攻擊族群生態相關研究有興趣的各位,這場議程絕不容錯過!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/0972e0f9-5906-4642-a188-697c98b27f91
▍Earth Lusca: Revealing a Worldwide Cyberespionage Operation
APT Group Earth Lusca has been targeting victims with a focus to gain tactical advantage for China, such as: government sector, institutes, press and research facilities focused on COVID-19. The group has already succeeded in numerous campaigns around the world.
The research will introduce how Earth Lusca used ShadowPad malwares families from APT41 (Winnti) in an attempt to misguide researchers. Moreover, it will go through the infrastructure of Earth Lusca, their TTPs, including how they commence lateral movement and data exfiltration.
Link ➡️ https://hitcon.org/2022/sessions/0972e0f9-5906-4642-a188-697c98b27f91
【 HITCON PEACE 2022 Agenda|Automated vulnerability discovery & malware research】
▍CRAX++: Modular Exploit Generator using Dynamic Symbolic Execution
用人工智慧自動挖掘漏洞、產生攻擊程式,一直是許多駭客及研究員心中的理想
雖然直接使用機器學習達成這個目標依舊遙不可及,但 Automatic Exploit Generation (AEG) 的相關研究說明了可以透過將程式執行的過程正規化後進行數學運算,進而推算出攻擊程式的可能性,而在過去這部分的開源研究比日本製的壓縮機還要稀少🤔️
此場議程將承襲 HITCON 2014「CRAX: An Automatically Exploit Generating System」與聽眾介紹 CRAX++,這套由講者研究開發的 AEG 系統是如何符號化程式執行過程以及如何擬真執行建出 exploit,此外,也將分享在開發過程中所遇到的困難及未來發展方向
而目前此研究成果也已開源,希望能有更多研究員投入這個領域!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/2f555bd4-06cd-44b8-a854-08cec0dc30aa
▍CRAX++: Modular Exploit Generator using Dynamic Symbolic Execution
Using AI to find vulnerabilities automatically and generating exploit payloads is a holy grail among hackers and researchers.
Although using machine learning for this purpose is still far-fetched, recent works regarding Automatic Exploit Generation (AEG) have indicated possibilities on modeling a program's execution and probabilities on generating an exploit payload.
The session will take the mantle from HITCON 2014, "CRAX: An Automatically Exploit Generating System" and introduce "CRAX++", a automatic exploit generator, and how it uses symbolic execution and then generate a corresponding exploit payload. Also, the author will share the journey of developing "CRAX++", and how it will be developed in the future.
The authors has open-sourced "CRAX++" and looking forward for more researchers to join them in the field of automatic exploit generation!
Link ➡️ https://hitcon.org/2022/sessions/2f555bd4-06cd-44b8-a854-08cec0dc30aa
【 HITCON PEACE 2022 Agenda|CyberWeapon: ZeroDay Vulnerability Discovery】
▍Settlers of Netlink: Exploiting a limited kernel UAF on Ubuntu 22.04 to achieve LPE
KASLR (kernel address space layout randomization) 透過將核心記憶體位置隨機化,來增強針對核心攻擊的難度,是 Linux 中非常重要的安全機制之一
而此研究將介紹作者是如何在 Netlink 中找到,能利用低權限的 Namespace 在最新版的 Ubuntu LTS 上成功提權的漏洞!
除了介紹漏洞本身的細節以外,更會深入介紹如何把一個 UAF (Use-After-Free) 漏洞發展成可以穩定提權的漏洞。團隊不只有辦法組合多個不同的漏洞以外、更找到方法能夠繞過 KASLR 保護,並使用 ROP (Return-Oriented Programming) 技術來執行提權
非常適合對於 Linux Kernel 保護機制及運作有深入研究的各位!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/d8bed1d8-3cbf-4703-a0a6-ee731b1a7021
▍Settlers of Netlink: Exploiting a limited kernel UAF on Ubuntu 22.04 to achieve LPE
KASLR is a Linux kernel security feature that mitigates vulnerabilities and increases difficulties of exploiting it by randomizing the base address value of the kernel.
The research will introduce how authors find a vulnerability that bypasses it and are able to gain elevated privileges on the latest Ubuntu LTS systems, with unprivileged user namespaces enabled!
Besides vulnerability itself, they will go deep on how they went from a Use-After-Free (UAF) to a stable privilege escalation. Not only could they combine different vulnerabilities, and they found ways to bypass KASLR, and used ROP gadgets for their exploit.
We highly recommend this session for audiences with interests in Linux Kernel and its protection mechanism!
Link ➡️ https://hitcon.org/2022/sessions/d8bed1d8-3cbf-4703-a0a6-ee731b1a7021
【 HITCON PEACE 2022 Agenda|Systemized Enterprise Cyber Security Management】
▍關鍵報告 - 網域 AD 的風險量化與防禦策略
在針對企業的網路戰中,Active Directory (AD) 網域服務不僅是重要的基礎服務,隨著更多服務的串接,更成了對於攻擊者們的兵家必爭之地,只要能打下 AD,在組織內部環境中幾乎就是暢行無阻
然而,在這樣被普及使用、且具有企業內部高度權限的的網域服務,不少企業在 AD Server 上的防護所為甚少,這樣的使用情境下,何嘗不是替攻擊者開啟一道友善的大門呢?
這篇研究將將透過企業資安管理的角度,全面性盤點 AD 設定上常見的問題,讓網管們能夠系統性的去檢視自家 AD Server 的配置有哪些問題,進而強化 AD 的防守!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/dca0d7e8-dd83-4980-9b30-ea9fd831d8bf
▍Critical Report - Active Directory Risk Quantification and Defense Strategy
In enterprise networks, Active Directory (AD) service is not only an important infrastructure, but also an important target in attack campaigns. Through compromise of Active Directory, attackers could gain total control of the network.
Even with its importance, enterprises barely took enough cautions while setting up AD servers. Wouldn't it be like painting a huge target on it?
The session will introduce common security issues in enterprise networks, and will call for blue teams to strengthen their AD setups through an examination of their own network.
Link ➡️ https://hitcon.org/2022/sessions/dca0d7e8-dd83-4980-9b30-ea9fd831d8bf
#HITCON #HITCON2022 #HITCON_PEACE_2022 #HITCON2022_AGENDA
No comments:
Post a Comment