08:00 - 09:10

Attendant Registration Time

09:10 - 09:30

Welcome Speech

09:30 - 09:55

Event Introduce

09:55 - 10:40
10:40 - 10:55

Break

10:55 - 11:40
11:40 - 12:40

Lunch

12:40 - 13:25
13:25 - 13:40

Break

13:40 - 14:25
14:25 - 14:55

Tea Time

14:55 - 15:40
15:40 - 15:55

Break

15:55 - 16:40
16:40 - 16:55

Break

16:55 - 17:40
17:40 - 17:50

Closing

Skrull Like A King:從重兵看守的天眼防線殺出重圍

The king is dead, long live the king! After the cloud detection technology becomes standard, the monitoring and control line of modern anti-virus products is as strong as the eye in the sky - not only can multi-level monitoring effectively locate potentially threatening program files, but also can overlook the flow of program files with God's perspective. In addition to multi-level monitoring to effectively locate potentially threatening files, we can also take a God's-eye view of the flow of program files and send back samples to researchers and analysis models to effectively stop the spread of malicious files to more victim devices in real time. Therefore, the main challenge for malware designers is to survive the Post Exploitation phase in this cat-and-mouse game.

Many familiar techniques have been developed in the wild, such as initiating project poisoning, hijacking COM projects, or using system-level Rookit to hide backdoors; however, no backdoor protection technique has been developed that can be completely protected from analysis even if "the entire program file is passed back to researchers.

Imagine a scenario where a malicious program is armored with "digital anti-copy protection", and once it is installed on the victim's machine, it is automatically corrupted and cannot be executed or analyzed once it is sent back to the security company.)

In this session, we will start with Process Doppelgänging techniques and variants, and explain a new Unlink attack technique that allows malicious programs to achieve fileless attacks, forge their own digital signatures, and even arm themselves so that they cannot be copied and analyzed by researchers.