Session
Trends in Targeted Malware
Nart Villeneuve, Trend Micro
Nart Villeneuve is a Senior Threat Researcher at Trend Micro. His research focuses on malware, botnets and the cyber-criminal underground. His technical research led to the discovery of two cyber-espionage networks, GhostNet, which compromised diplomatic missions around the world; and ShadowNet, which extracted secret information from the Indian government.
Highly targeted attacks focused on espionage and the theft of sensitive data present additional challenges because the while the impact is high the distribution of the attack is quite low making gathering valuable evidence difficult. While they maintain a botnet-like infrastructure, those behind these attacks tend to be stealthy, use custom mal-ware components in addition to off-the-shelf tools and maintain a higher level of operational security. As boundaries between cyber-crime and cyber-espionage continue to blur, through the use of common mal-ware, exploits and infrastructure the ability to isolate and investigate these cases becomes increasingly difficult.
This presentation will focus on trends in targeted malware attacks in order to differentiate targeted mal-ware attacks from cybercrime. It will introduce the threat landscape by identifying the key roles within the malware ecosystem with a focus on the propagation, infrastructure and monetization of botnet operations. It will then examine the stages of a targeted attack from the reconnaissance phase through to the data ex-filtration phase and will explore trends in the tools, tactics and procedures used in such attacks.
Escaping From Auto Sandboxes
MJ0011 (鄭文彬)
Software Engineer
Chief Software Engineer at 360 Safe (www.360.cn)
Famous for his research on operating system kernel driver.
In the last two years, many security software vendors are trying to add an automation sandbox technology into their products as a solution for malware isolation to replace or supplement real time and behavior defense systems. This paper will analyze the weaknesses of four automated sandboxes and demonstrate how to escape from these sandboxes defense system.
Cloud @ Kingsoft: A Different Way of Thinking to Cloud Security
CardMagic (孫明焱)
Product Director
Internet Security Professional in Mainland China.
Author of famous Anti-Rootkit tool "DarkSpy", which has been bought by Trend Micro. Contributed many tech article in rootkit community such as rootkit.com. Has been giving talk "Vista system restore rootkit" in HIT2008.
KingSoft is a security technology company in china which has been established for over ten years. After many years to exploration of cloud security, we have some different views in the cloud security. This topic will introduce the features of KingSoft security system and give a different perspective to explain how to solve the traditional security vendor's confusion for cloud defense system.
Security Technologies in the Cloud-Security Era
張文君 Junzz Chang
Software Engineer
Internet Security Researcher at King Soft.
Domestic severe security incident response and analysis. Expertised in mal-ware analysis, in-depth knowledge of operating system kernel. Joined King Soft's secure development in 2009, currently in charge of kernel driver and rootkit-killing components for King Soft's Duba Anti-Virus product. Handled many well-known Chinese virus such as the "invisible panda", "extreme tiger", "ghost shadow", "kill-net", "tao-bo thief", "aurora", "super factory", "AV terminator".
The security environment has changed dramatically in the recent years due to cloud-based security. Mal-ware and virus-alike apps are also evolving to survive against the cloud-based anti-virus context. This topic will introduce their analysis in-depth and share their many methods against cloud-based anti-virus product.
APT Secrets In Asia
Birdman, Co-speaker Anthony Lai, Benson Wu
Xecure-Lab http://blog.xecure-lab.com
Jeremy Chiu (aka Birdman) has more than ten years of experience with host-based security, focusing on kernel technologies for both the Win32 and Linux platforms. In early 2001 he created Taiwan's first widespread trojan BirdSPY.And now, he is also a contract trainer for law enforcements, intelligence organizations, and conferences such as DEFCON 18 19, SySCAN (09 08), Hacks in Taiwan (07 06 05), HTICA(06 08) and OWASP Asia (08 07). In 2005, Jeremy founded X-Solve Inc. and successfully developed forensics and anti-malware products. In July 2007, X-Solve was acquired by Armorize Technologies. In Oct 2010, he left Armorize and created a new research team, Xecure-Lab.
Benson Wu He currently works as Postdoctoral Researcher from Research Center for Information Technology Innovation at Academia Sinica in Taiwan.
He focuses research on malware and threat analysis, code review, secure coding and SDLC process implementation. He graduated from National Taiwan University with PhD degree in Electrical Engineering. He had spoken at NIST SATE 2009, DEFCON 18, 19 (with Birdman), OWASP China 2010, and wrote the "Web Application Security Guideline" for the Taiwan government.
Anthony Lai (a.k.a Darkfloyd) He works on code audit, penetration test, crime investigation and threat analysis and acted as security consultant in various MNCs. His interest falls on studying exploit, reverse engineering, analyse threat and join CTFs, it would be nice to keep going and boost this China-made security wind in malware analysis and advanced persistent threat areas.
He found damn little security research group called VXRL in Hong Kong and has been working as visiting lecturer in HK Polytechnic University on hacking course :)
Advanced persistent threat (APT) usually refers to an organized taskforce with both the capability and the intent to effectively and persistently target a specific entity. The APT is commonly used nowadays to refer to cyber threats, in particular that of Internet enabled espionage, and here in Taiwan quite a few government agencies have been encountering APT for years.
In this talk, we focus on the main attack vector of APT - targeted emails and examine the malicious documents being utilized in these APT missions. With our self-developed APT scanning tool and innovative APT grouping algorithm, let's find out interesting stuffs behind these APT.
-- This talk is also going to be presented at Defcon 19 this Aug.
Reversing Android Malware
Mahmud ab Rahman
Specialist at CyberSecurity Malaysia.
Taking in charge of CEWS 2.0 group known as MRC (Malware Research Group). Still maintaining honeynet project but expending the focus to malware research.
Android is growing at such an explosive rate, and users are storing an increasing amount of important data on their mobile phones, thus the platform is an attractive target for hackers. Malware infection on Android platform is going to be interesting in future (it's happening now!). Thus, reversing Android malware (Droid-ware) is interesting challenge to address.
In this talk, the speaker will discuss on recent progress on Android malware scene. The analysis parts will reveal on dissecting obfuscation such as encryption, string optimizing and generic obfuscation techniques applied inside Android Malware.
Android Application Reversing Essence
黃敬群 Jim Huang "Jserv"
Co-founder, 0xlab
Jim Huang, also known as "jserv". Open source developer since 1999. Co-founded 0xlab in 2009, an android development lab, devoting to his passion of computer technology and open software. Many of his coding contribution are recognized by the Android Open Source Project. Joined Linaro's development in 2011 to solve ARM development related quality and integration problems.
Reverse-engineering has been a long skill arena for hackers. It is worth researching on Android platform for its blooming on Smart Phones, Tablet PCs and even Smart Televisions.
This topic will provide comprehensive analysis on Android architecture and it’s Dalvik virtual machine. It will also demo reversing Android application with handy tools, including dynamic tracing, disassembling and decompiling. As well as binary modification, protection and anti-debugging practicals.
The Code Injection and Data Protection of Android Application
Thinker
Free Software Developer
Android is an open platform, and a variety of 3rd party applications are available in the market. However, it is inevitable that the problems of malicious softwares and data security issues are coming with it. The purpose of this topic is to discuss a encrypting technology that can protect not only the enterprise data of an Android device but also general applications which easily get in app market through code injecting.
Make a Contract with IE and Become a XSS Girl!
Yosuke HASEGAWA
Engineer of NetAgent Co., Ltd. R&D department. Engineering Advisor of Secure Sky Technology, Inc.
Received Microsoft MVP award for Client Operating System – Consumer Security Oct 2005 - Sep 2011 Discovered a lot of vulnerabilities of various software applications including Internet Explorer and Mozilla Firefox Author of JavaScript obfuscator "jjencode" and "aaencode". http://utf-8.jp/
In the world of web-based applications rapidly growing these days, the development race of browsers among vendors is beginning to heat up, new version of browsers are released day by day with new features and security improvement.
On the other hand, focusing on developing new versions decreases maintenance of old versions and bringing on deserting vulnerabilities for a long time, although during the period of support.
This is especially true in Microsoft, they downplay the risk of XSS, issues causing XSS for old version of IE are untreated for many years, although threat of XSS for users is increasing with the growing use of Web applications. In this session, I'll talk about advanced techniques causing XSS at IE6-8.
Disassemble Flash Lite 3.0 SWF File
Yoshinori TAKESAKO
Research and development worker of Cybozu Labs, Inc. Current leader of Shibuya Perl Mongers. Author of ppencode, mod_wafful, mod_imagefight, etc.
1995 - Entered Hiroshima City University.
2001 - Joined Namazu Project, the open source project of developing and maintaining a Japanese Full-Text Search Engine.
2003 - Talked on "mod_perl C10K Problem" at Shibuya.m Technical Talks #5
2004 - Supervised a translation, O'Reilly Perl Cookbook 2nd Edition.
2005 - Released "ppencode" a lightweight Language Day and Night.
2008 - Microsoft MVP Award 2008 - Developer Security.
2010 - Talked on "Polyglot Programming and Web Security" at OSDC.tw 2010.
2011 - Talked on "x86 ASCII Programming (16bit/32bit)" at OSDC.tw 2011.
How to protect your ActionScript source code.
Mobile Security in Japan
愛甲健二 (Kenji Aiko)
Board member of the NetAgent Co.Ltd.
Kenji Aiko is a board member of the [NetAgent Co. Ltd.] that has released the network security products in Japan. He is doing the reverse engineering at there too. At 3 years ago, he has researched the smart card and he did the presentation about Japan's smart card security in Black Hat Japan 2008. So he has started to research mobile security since 2009.
- Mobile market in Japan
- Smartphone and KEITAI
- Web application security on mobile
- Attacking mobile network
Mobile (Phone) Forensics Technology and Practice
黃敬博
Senior Forensic Consultant
- Current international technical standards on Smart mobile devices.(Compare with the current commercial technology standard and bottlenecks on iPhone / Android / GPS).
- The rescue technique of deleted phone data.
- Share the experience on rescue technology of deleted SMS, photos and video.
- Discuss how to deal with chips of the physically damaged mobile phones.
- Share the experience on examining china fake phones.
- Share the latest application of EnCase Smart Phone Module for mobile phones.