總召致詞 & Opening
Industrial Cybersecurity Landscape in 2020: Trends, Challenges, and Opportunities
[ HITCON 論壇 ] 金融業如何迎擊數位戰場的第一道烽火
翁浩正 蔡福隆 處長 郭建中 董事長 蘇清偉 資安長 劉培文 執行副總經理
通訊網路安全研究，從 GSM 到 5G NR
A Million Boluses: Discovery and Disclosure of Vulnerabilities in an Insulin Pump
IoT Hacking 101
[ HITCON 論壇 ] 主動式資安防禦策略，解決 OT 資安相依性風險
毛敬豪 所長 劉榮太 執行長 鄭嘉信 執行長 楊瑞祥 技術長 王仁甫 總監
APT Chimera - Operation targets Semiconductor Vendors
陳仲寬 Inndy Lin JohnThunder
Bug Bounty Competition
IoT Hacking 101
[ HITCON 論壇 ] 如何兼顧疫情控制與隱私保護
李柏鋒 OCF 簡宏偉 處長 龐一鳴 處長 劉宇倫 醫師 Sherry Chung MyData Taiwan
Discover vulnerabilities with CodeQL
網軍內網滲透之奇技淫巧 (Operation: I am Tom)
zha0 Tom Aragorn
Bug Bounty Competition
[ HITCON 論壇 ] 疫情後資安人才培育的挑戰與契機
Alan Lee 黃俊穎 博士 Tzong-Chen Wu Seungjoo Kim Kana Shinoda Yan Shoshitaishvili
Reversing In Wonderland: Neural Network Based Malware Detection Techniques
Sheng-Hao Ma Shin-Ming Cheng
Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
Last orders at the House of Force
5G Village Session
[ HITCON 論壇 ] 人工智慧能否為人類指引網路攻防的基石？
陳仲寬 邱銘彰 陳品諭 博士 張嘉哲 技術發展總監
A CTF-Style Escape Journey on VMware Workstation
5G Village Session
Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot
從近期 DDoS 巨量攻擊解析 IoT/DVR 侵駭手法與因應之道
邱品仁 蔡振華 李樸
晶片卡 Agent 逆向工程與重製：以健保卡為例
Bug hunting from zero to 0(day) to ($)0
Anthony Lai Byron Wai Ken Wong
From LNK to RCE: Finding bugs in Windows Shell Link Parser
Head First CVE
Potential Security and Privacy Issues in Novel Taiwanese National eID system
First step in the quest for manufacturing cyber-resilient IoT devices
Jun Sato 張智翔
RE: 從零開始的 OOO DEF CON CTF & DEFCON 28 準備與競賽分享
LEAYA: Last Exploitation 絢 - An Embedded System Detection and Response
cp zet freetsubasa
Exploit (Almost) All Xiaomi Routers Using Logical Bugs
Aobo Wang Jihong Zheng
Development of Signaling Spoofing Attacks Using Function Containerization of Rogue Base Stations
Shin-Ming Cheng Bing-Kai Hong
My journey on SMBGhost
Guarding the Factory Floor: Catching Insecure Industrial Robot Programs
Federico Maggi Davide Quarta Marcello Pogliani Stefano Zanero Marco Balduzzi
How I Hacked Facebook Again!
Bug Bounty X Router X IP Cam X 電子支付
The Great Hotel Hack: Adventures in attacking hospitality industry
Daniel J. Bernstein Tanja Lange
Lightning Talk / 閉幕 / 花絮與展望 HITCON 2021
What if a perfectly patched industrial manufacturing machine can still harbor for vulnerabilities where no one is looking? What if the powerful programming languages used to program these machines can go beyond simple movement instructions, and actually allow threat actors to hide malware into the logic?
Industrial robot OEMs provide proprietary, legacy programming languages to automate these complex machines. Mostly offering movement primitives, theseprogramming languages also give access to low-level system resources like files, network sockets, and some even allow memory and program pointer. While useful, these features may lead to insecure programming patterns such as input-validation vulnerabilities. Also, they’re powerful enough to allow the implementation of advanced malware functionalities, with an underlying runtime environment that provides no resource isolation.
After going through the technical features of the languages by eight leading OEMs, we'll share cases of vulnerable and malicious usage. We'll then present a static code analyzer that we created and patented, to scan robotic programs and discover unsafe code patterns. Our evaluation on 100 automation task program files show that insecure patterns are indeed found in real-world code, and that static source code analysis is an effective defense tool in the short term.
With more than a decade of research experience in the cybersecurity field, Federico Maggi has done offensive and defensive research on web applications, network protocols and devices, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices. Some of his research work has been featured on mainstream and media outlets such as Wired, Reuters, Forbes, Hackread, ZDNet, and MIT Technology Review.
Currently employed as a Senior Researcher with security giant Trend Micro (https://trendmicro.com), Federico was an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students.
Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known conferences.
More info about Federico and his work is available online at https://maggi.cc
While working on this project Davide Quarta was a Postdoctoral Researcher with the System Security group under the supervision of Davide Balzarotti. He received his PhD from Politecnico di Milano where he worked in the NECSTLab under the supervision of Stefano Zanero and Federico Maggi. During this journey, he co-advised more than 10 students on their master thesis, and projects. He received my Laurea Magistrale in Software and Digital Systems, and Laurea from Politecnico di Torino. As a Marie-Skłodowska Curie alumni, Davide has been an exchange student at UC Santa Barbara' SecLab, working under the supervision of Giovanni Vigna and Christopher Kruegel. At the end of his PhD, Davide had a chance to work as an engineering intern in Qualcomm' Product Security group under the supervision of Pouyan Sepehrdad. He served as a reviewer for several journals, and as part of the Security&Privacy '18 student program committee, and WOOT '19 Artifact Evaluation Committee. Davide loves teaching: He worked as TA in basic programming, and computer security courses. As a freelance consultant, he taught malware analysis, and mobile and windows reverse engineering for the Consorzio Interuniversitario Nazionale per l'Informatica, and national, and international clients of Italian security firms Secure Network, and Shorr Kan.
Marcello Pogliani holds a PhD in information technology (computer security) from Politecnico di Milano. His research interests focus on cybersecurity in general, and particularly on security analysis topics concerning cyber-physical and industrial systems. In his spare time, he enjoys playing and organizing Capture the Flag competitions with Politecnico's team, Tower of Hanoi, and with the Italian team mHACKeroni. Currently, Marcello is a Security Engineer with Secure Network Srl, an information security consultancy firm, and sometimes collaborates on research work with his former colleagues at Politecnico. The research presented at Black Hat 2020 was performed while Marcello was a PhD candidate at Politecnico di Milano.
Stefano Zanero received a PhD in Computer Engineering from Politecnico di Milano, where he is currently an associate professor with the Dipartimento di Elettronica, Informazione e Bioingegneria. His research focuses on malware analysis, cyberphysical security, and cybersecurity in general. Besides teaching "Computer Security" and "Computer Forensics" at Politecnico, he has an extensive speaking and training experience in Italy and abroad. He co-authored over 70 scientific papers and books. He is a Senior Member of the IEEE (for which he sits on the MGA board), the IEEE Computer Society (for which he is a member of the Board of Governors), and a lifetime senior member of the ACM. Stefano co-founded the Italian chapter of ISSA (Information System Security Association). He has been named a Fellow of ISSA and sits in its International Board of Directors. Stefano is also a co-founder and chairman of Secure Network, a leading information security consulting firm based in Milan and in London; a co-founder of 18Months, a cloud-based ticketing solutions provider; and a co-founder of BankSealer, a startup in the FinTech sector that addresses fraud detection through machine learning techniques.
Dr. Marco Balduzzi holds a PhD in applied security from Télécom ParisTech and a M.Sc. in computer engineering from University of Bergamo. His interests concern all aspects of computer security, with particular emphasis on real problems that affect systems and networks. Some topics of interest are web and browser security, code analysis, malware detection, cyber-crime, privacy, and threats in the IoT space. With 15 years of experience in IT security, he's now with Trend Micro as a Senior Research Scientist. His work has been published in top peer-reviewed conferences like NDSS, RAID and ACSAC, and featured by distinguished media like Forbes, The Register, InfoWorld, DarkReading, BBC, and CNN. He's a regular speaker at conferences like Black Hat, HITB, OWASP AppSec, and now sits on the review board of IEEE journals and venues like HITB, AppSec, eCrime, and DIMVA.