🎉議程介紹文🎉 這次即將將帶大家來看的議程有
✨ Understanding the Chinese underground card shop ecosystem and becoming a phishing master
✨ How we use Dirty Pipe to get reverse root shell on Android Emulator and Pixel 6
✨ 藍隊新曙光 - 以語意感知之的啟發式符號引擎挫敗在野勒索軟體
✨ Cybersecurity operation and management bird's-eye view from Japanese financial industry experience.
✨ Active Directory 安全:有時候真實比小說更加荒誕
想更加了解今年還有哪些議程嗎🔎
我們將與大家一同來搶先看更多精彩議程,請務必鎖定粉絲專頁👀
—
🔥 趕緊購票一起來參與這場年度盛會 🔥
▌HITCON PEACE 2022
日期:2022.08.19 (五) - 2022.08.20 (六)
地點:南港展覽館 2 館 7 樓
購票連結:https://hitcon.kktix.cc/events/hitcon-peace-2022
—
🎉 We're announcing part 2 of our sessions sneak peek! 🎉
✨ Understanding the Chinese underground card shop ecosystem and becoming a phishing master
✨ How we use Dirty Pipe to get reverse root shell on Android Emulator and Pixel 6
✨ A New Trend for the Blue Team - Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
✨ Cybersecurity operation and management bird's-eye view from Japanese financial industry experience.
✨ Active Directory Security: Sometimes truth is stranger than fiction
Do you want to know more about HITCON 2022's sessions? 🔎
We will be announcing them in upcoming weeks. Make sure to subscribe to our page. 👀
—
🔥Book your tickets to join this grand annual event🔥
▌HITCON PEACE 2022
Time:August 19-20 2022
Location:Online/Onsite in Taipei Nangang Exhibition Center, Hall 2, 7F, Taiwan
Ticket:https://hitcon.kktix.cc/events/hitcon-peace-2022
—
主辦單位:經濟部工業局、社團法人台灣駭客協會
執行單位:社團法人台灣駭客協會、工業技術研究院
#HITCON #HITCON2022 #HITCON_PEACE_2022 #HITCON2022_AGENDA
【 HITCON PEACE 2022 Agenda|Systemized Enterprise Cyber Security Management】
▍Understanding the Chinese underground card shop ecosystem and becoming a phishing master
個資外洩所導致的信用卡盜刷事件逐年攀升,2021 年台灣及日本的信用卡網路盜刷金額來到歷史新高,但嫌犯究竟是從哪取得這些資料的呢?
暗網 (Dark Web) 是泛指僅能夠透過 Tor 協定進入未公開在一般網路上的網站,且具有極高隱私及匿名性,因此也存在許多犯罪活動
這場議程將由匿名的研究員分享自己在暗網中與個資賣家交涉的過程,且著重在中國賣家販售日本、台灣的個資,以及整個產業鍊的生態,進而分析這類型駭客的 TTPs
希望能透過此研究讓大家重新思考如何有效減少盜刷等詐欺案事件的發生
官網議程連結 ➡️ https://hitcon.org/2022/agenda/e41da3bf-8cbe-4c1d-ae7d-ab9fe127789f
▍Understanding the Chinese underground card shop ecosystem and becoming a phishing master
Personal Identifiable Information (PII) leaks have become more frequent in recent years, and losses from credit card fraud in 2021 have set records respectively in Taiwan and Japan. Where did this information get leaked and sold in the first place?
The term "Dark web" refers to websites inaccessible without the use of Tor protocol, and given added privacy and anonymity while using Tor, and marketplaces in it are proven to be very attractive to criminals.
An anonymous researcher will share experiences of dealing with vendors from card shops on marketplaces among dark web, focused on insights of shops selling Taiwanese and Japanese PIIs, and therefore, TTPs of hackers from these card shops.
We hope to inspire audiences to rethink how to reduce credit card frauds.
Link ➡️ https://hitcon.org/2022/agenda/e41da3bf-8cbe-4c1d-ae7d-ab9fe127789f
【 HITCON PEACE 2022 Agenda|IoT and IIoT Security】
▍How we use Dirty Pipe to get reverse root shell on Android Emulator and Pixel 6
2022 上半年廣為人知的漏洞-DirtyPipe (CVE-2022-0847) ,此漏洞能使攻擊者於 Linux 上任意的覆寫唯獨檔案,且發現此漏洞可在 Android 12 上重現!
在一般的 Linux 使用此漏洞進行提權相對容易,但在一般 Android 系統上會預設開啟 SELinux 這個權限管理機制,因此讓取得 root 權限這件事變得困難重重
這場議程講者將帶著我們來看在 Android 12 上,利用 DirtyPipe 取得 root 權限的過程,並深入探討期中遇到的問題,例如繞過 SELinux 的保護機制
對於想要了解實務上的本機提權漏洞應用的會眾們,千萬不要錯過這場議程!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/4b9ac6ce-dcbf-43ef-a570-ad1d27b9d68c
▍How we use Dirty Pipe to get reverse root shell on Android Emulator and Pixel 6
A well known vulnerability in the first half of 2022 - DirtyPipe (CVE-2022-0847), a vulnerability that allows overwriting any read-only files on Linux, and we've just found out that it also affects Android 12!
It's relatively easy to exploit this issue on Linux and gain elevated privileges, but as SELinux is enabled as default on Android, that adds more difficulties in gaining root shells.
In this session, we'll take a glance at how to gain root privileges on Android 12 with DirtyPipe, and look deeply into details of the exploit chain, such as bypassing SELinux.
Don't miss this session if you're interested in exploiting local privilege escalation.
Link ➡️ https://hitcon.org/2022/sessions/4b9ac6ce-dcbf-43ef-a570-ad1d27b9d68c
【 HITCON PEACE 2022 Agenda|Automated vulnerability discovery & malware research】
▍藍隊新曙光 - 以語意感知之的啟發式符號引擎挫敗在野勒索軟體
惡意程式的逆向分析,往往是需要大量人力、曠日費時的工作,尤其是那些被混淆過後的複雜記憶體檔案,在進行分析時更是棘手。為了分析大量的惡意程式,自動化的分析方式一直是重要的研究議題。
在這份研究中,講者將使用自行開發的啟發式符號引擎解析程式執行路徑,並透過分析函數解決識別混淆後的函數呼叫,較為準確的判別程式行為,進而達到偵測惡意程式的成效!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/30b698b9-662c-46f7-a8a0-4c44804c468b
▍A New Trend for the Blue Team - Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
In the past, reverse engineering malwares was a tedious, time consuming task, especially malwares under heavy obfuscation, which is even harder to analyze. It has become a trend to seek methods to automate malware analysis.
In this research, the team will introduce a method they've proposed - using a symbolic engine to analyze malware's execution, and even detect API calls in obfuscated functions, which allows a precise method to determine behaviors of programs, thus allowing detection of malwares.
Link ➡️ https://hitcon.org/2022/sessions/30b698b9-662c-46f7-a8a0-4c44804c468b
【 HITCON PEACE 2022 Agenda|Systemized Enterprise Cyber Security Management】
▍Cybersecurity operation and management bird's-eye view from Japanese financial industry experience
隨著數位金融發展,行動裝置上的網路銀行成為趨勢,進而衍生出的資安技術與管理問題也不勝枚舉
當我們注重軟硬體、物聯網安全時,是否曾去關注這些金融機構如何透過技術與管理來強化其網路安全呢?
日本金融資安資訊分享與分析中心(ISAC)的専務理事鎌田敬介,將在此場議程中結合技術與管理的角度與大家分享日本金融業的資安運作經驗,以及金融 ISAC 組織是如何集結各家金融機構的資源並分享,使得整體產業安全性得以上升!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/d3bbcc9a-ffd0-4354-a2f1-7a767e43b2cc
▍Cybersecurity operation and management bird's-eye view from Japanese financial industry experience
As the trend of digital transformation in the finance industry goes, it also brings issues related with information security governance and information security.
Did we ever think about digital risks that could result from digital transformation, and how financial institutions mitigate such risks and countering active threats?
Keisuke Kamata, executive director and CTO from Financials ISAC Japan, will combine his experiences in Japanese financial industry, share his insights on efforts to mitigate risks from both a technical and management viewpoint, and how Financials ISAC Japan improve cybersecurity of the entire Japanese financial industry by sharing resources and information gathered from individual institution.
Link ➡️ https://hitcon.org/2022/sessions/d3bbcc9a-ffd0-4354-a2f1-7a767e43b2cc
【 HITCON PEACE 2022 Agenda|Systemized Enterprise Cyber Security Management】
▍Active Directory 安全:有時候真實比小說更加荒誕
Windows AD (Active Directory) 安全性是最近相當熱門的資安議題之一,然而有時真實比小說更加荒誕,畢竟現實中總是有各種意外狀況發生
在這場議程之中,講師將帶著我們來看企業所遇到的真實案例,並分享他們所見過的奇聞軼事,最後講師也會跟大家分享要如何才能讓自家的 AD 場域更加安全
推薦給想聽各種神奇案例分享以及相關統計資訊的聽眾!
官網議程連結 ➡️ https://hitcon.org/2022/sessions/9bf1cde9-50ee-46e5-b72d-6fbff1466482
▍Active Directory Security: Sometimes truth is stranger than fiction
Securing Active Directory (AD) is always a hot topic, but sometimes truth is stranger than fiction - as things might fall through via unexpected ways.
In this session, we'll go through real world cases the speaker encountered in enterprise environments, bizarre encounters, and lastly, how to make your Active Directory safer.
We recommend this session for audiences interested in hearing stories and statistics regarding AD.
Link ➡️ https://hitcon.org/2022/sessions/9bf1cde9-50ee-46e5-b72d-6fbff1466482
#HITCON #HITCON2022 #HITCON_PEACE_2022 #HITCON2022_AGENDA
No comments:
Post a Comment