🎉議程介紹文🎉 這次即將將帶大家來看的議程有
✨Operation Cache Panda:深度解析針對臺灣金融業的組織型供應鏈攻擊
✨Every authorization has its black: tackling privilege escalation in macOS
✨Adventures in Cyber Space: An introduction to satellite cybersecurity
✨隔離網路,隔離了什麼?
想更加了解今年還有哪些議程嗎🔎
我們將與大家一同來搶先看更多精彩議程,請務必鎖定粉絲專頁👀
—
🔥 趕緊購票一起來參與這場年度盛會 🔥
▌HITCON PEACE 2022
日期:2022.08.19 (五) - 2022.08.20 (六)
地點:南港展覽館 2 館 7 樓
購票連結:https://hitcon.kktix.cc/events/hitcon-peace-2022
—
🎉 We're announcing part 6 of our sessions sneak peek! 🎉
✨Operation Cache Panda How and Why Hackers Purchase Stocks for You
✨Every authorization has its black: tackling privilege escalation in macOS
✨Adventures in Cyber Space: An introduction to satellite cybersecurity
✨Air-Gaped? How to bridge the gap?
Do you want to know more about HITCON 2022's sessions? 🔎
We will be announcing them in upcoming weeks. Make sure to subscribe to our page. 👀
—
🔥Book your tickets to join this grand annual event🔥
▌HITCON PEACE 2022
Time:August 19-20 2022
Location:Online/Onsite in Taipei Nangang Exhibition Center, Hall 2, 7F, Taiwan
Ticket:https://hitcon.kktix.cc/events/hitcon-peace-2022
—
主辦單位:經濟部工業局、社團法人台灣駭客協會
執行單位:社團法人台灣駭客協會、工業技術研究院
【 HITCON PEACE 2022 Agenda|CyberWar: APT Groups Research】
▍Operation Cache Panda:深度解析針對臺灣金融業的組織型供應鏈攻擊
股票被盜賣了民眾們第一個會怪誰 🤔
可能是證卷商、交易 APP、銀行、金管會、銀行,絕對不會想到要去怪 APT 組織
講者將透過實際的案例,從一個單純的金融機構事件進行調查,逐步追查出背後龐大的 APT 組織運作與危害,而這些潛在的攻擊將成為影響股價的潛在未爆彈,破壞金融交易的可信與誠實,並可能進一步摧毀金融秩序
在這場演講可以學習到如何找到駭客使用的漏洞、駭客使用的多重後門隱藏技術以及如何做 APT 族群的關聯分析,對於想了解威脅族群的你千萬不可錯過!
官網議程連結 ➡️ https://hitcon.org/2022/agenda/aa8dcbd0-b47c-43db-a4aa-065d7a3d2ce8
▍Operation Cache Panda How and Why Hackers Purchase Stocks for You
Which side would you blame when your stocks got stolen and sold? 🤔
Someone must be at fault - it could be your broker, your bank, or government administration. You'll never think of APT groups doing it!
In this session, the speaker will go through a real-world case of such incident, starting from a simple investigation within a financial institute, to following a trail of a huge APT group, and these kind of attacks would create mistrust and creating flucerations, even distrust on the stock market, and creating a chaos as a result.
Also, it'll be introducing how the team found exploits that the attacker used, how they hid their backdoors and how they've done analysis and grouping of APT groups involved in the attack. Don't miss this session if you're interested in APT groups!
Link ➡️ https://hitcon.org/2022/agenda/aa8dcbd0-b47c-43db-a4aa-065d7a3d2ce8
【 HITCON PEACE 2022 Agenda|CyberWeapon: ZeroDay Vulnerability Discovery】
▍Every authorization has its black: tackling privilege escalation in macOS
❗️極為難得的 macOS 議程❗️
一直以來 macOS 的權限控管都相較於其他作業系統更加嚴謹,在近年來也透過更多的機制去做限制,但被揭露的漏洞數量也隨之上升
而在近期 Apple 官方釋出了 Endpoint Security Framework (ESF),允許第三方軟體撰寫工具來獲取相關的 Event log,且 ESF 不只允許第三方軟體使用,更為藍隊提供極為詳細的行為資訊
在這場議程中我們可以看講者在真實案例中所看到的權限提升問題以及相關的攻擊手法,與大家探討 ESF 的相關能力及實作方向,並透過這個框架來開發出有效的鑑識及行為偵測工具!
對於 macOS 相關的漏洞、Endpoint Security Framework 相關分析及使用的開發者千萬不要錯過這場哦!
官網議程連結 ➡️ https://hitcon.org/2022/agenda/2492d003-197e-44ac-bfe0-135bf5cd1707
▍Every authorization has its black: tackling privilege escalation in macOS,mk12
❗️A Extremely rare session regarding macOS secueirt❗️
Managing privileged access in macOS is more concise, compared to other OSs - and Apple has been adding mechanisms to strengthen it further in recent years, as numbers of vulnerabilities found and disclosed within goes up.
Recently, Apple has announced Endpoint Security Framework (ESF), allowing 3rd parties to access event logs, even allowing blue teams to gain more insights of endpoint-system-behaviors in detail..
In this session, we'll go through actual attack methods and privilege escalation vulnerabilities used in recent incidents, and introduce how ESF behaves and its capabilities, and how to use such a framework to develop tools for forensics and behavior detection.
For anyone interested in macOS vulnerabilities, analysis for Endpoint Security Framework, make sure to check out this session!
Link ➡️ https://hitcon.org/2022/agenda/2492d003-197e-44ac-bfe0-135bf5cd1707
【 HITCON PEACE 2022 Agenda|Cyber Attack on Critical Infrastructure】
▍Adventures in Cyber Space: An introduction to satellite cybersecurity
衛星科技的相關應用與我們的生活息息相關,但你曾好奇過這些衛星背後的資訊系統嗎?
這場議程將帶觀眾一窺營運衛星背後所需要的資訊系統,有哪些可能的攻擊弱點、衛星相關的通訊的情報蒐集的方法
由於有航太和衛星相關開發能力的國家不多,導致有相關經驗的單位也少,因此這類型系統的資訊及資安分析議程相當稀有
這麼少見的議程你還不快來參加嗎 👀
官網議程連結 ➡️ https://hitcon.org/2022/agenda/164f4d28-9d9c-4fd6-b414-6be0ecca925d
▍Adventures in Cyber Space: An introduction to satellite cybersecurity
Our daily life has become more attached with the application of satellite systems. Have you ever wondered about systems behind the works?
In this session, it'll introduce information systems used in daily operation of satellites, what attack surfaces it could have, and how to gather information on how satellites work and communicate with earth.
It's been a rare session as countries with the ability to develop in the aerospace sector are pretty scarce, and as a result, it's rare that someone could be sharing such experience with us.
Don't miss such a one-of-a-kind type of session! 👀
Link ➡️ https://hitcon.org/2022/agenda/164f4d28-9d9c-4fd6-b414-6be0ecca925d
【 HITCON PEACE 2022 Agenda|Systemized Enterprise Cyber Security Management】
▍隔離網路,隔離了什麼?
在企業環境中發生資安事件時,大家第一個想到的會是怎麼做呢?重灌?重開機?
大家最常想到的都是先斷網再說,以避免惡意程式在內網間橫向移動進行擴散
但是這樣方式真的有效、真的能保護到內網環境嗎?而隔離後我們到底隔離了些什麼東西,還是只是應付一時,並沒有解決實際上的漏洞就直接重灌系統
這場議程將由曾任行政院資安處處長、現任勤業眾信副總經理的簡宏偉,同時透過政府、企業兩個視角來探討,究竟在實務上隔離網路這件事能為我們帶來怎樣的效益,以及其未來能發展的方向!
官網議程連結 ➡️ https://hitcon.org/2022/agenda/b7ec9f2c-64c4-4398-ac5e-fdf3bc794a63
▍Air-Gaped? How to bridge the gap?
What happens if a security incident happens in your enterprise? Do we reinstall OS or reboot?
Most people's first reaction is to unplug from the network, to prevent further lateral movement. However, is this really effective in stopping lateral movement? What happens after you unplug the cable? Did network isolation really stop the attack, or just being adhering to the protocol, and to reinstall the OS without patching vulnerabilities?
The session will be presented by Hong-Wei Jyan, partner of Risk Advisory at Deloitte & Touche, who were Director General of the Department of Cyber Security, Executive Yuan. From both the perspective of government and enterprise, he'll share how isolating networks could bring benefits in such incidents, and how such methods could be developed in the future.
Link ➡️ https://hitcon.org/2022/agenda/b7ec9f2c-64c4-4398-ac5e-fdf3bc794a63
#HITCON #HITCON2022 #HITCON_PEACE_2022 #HITCON2022_AGENDA
No comments:
Post a Comment