議程
09:00
報到時間
10:00
Opening 開幕
10:10
English
Red
Exploit Development
Fuzzing
Advancements in JavaScript Engine Fuzzing
Carl Smith
11:00
Break
11:20
Mandarin
🍊
Red
Exploit Development
A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned
Orange Tsai
English
Red
Communication
How to hijack a VoLTE network
Pavel Novikov
Mandarin
Blue
Crypto
打造公平的遊戲轉蛋:在不洩漏原始碼的前提下驗證虛擬轉蛋的機率
Jing Jie Wang、李安傑
12:00
Lunch
13:00
English
Red
Exploit Development
Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings.
Poh Jia Hao
Mandarin
Red
Communication
Reverse Engineering
從硬體攻擊手段來解開機殼下的美麗祕密:網路通訊設備安全分析
Ta-Lun Yen
Mandarin
Red
Exploit Development
BYOVD
直搗核心:探索 AMD 驅動程式中的資安漏洞
Zeze
13:40
Break
14:00
Mandarin
Red
Exploit Development
Endpoint Security or End of Security? Exploiting Trend Micro Apex One
Lays、Lynn
English
Red
Electron
ELECTRONizing macOS privacy - a new weapon in your red teaming armory
Wojciech Reguła
Mandarin
Red
Exploit Development
Fuzzing
搭配模糊測試對Linux核心遠端檔案系統進行漏洞挖掘
Pumpkin
麋鹿在芝麻街 - ELK x BERT 資安分析實戰
Sheng-Shan Chen、Yuki Hung
14:40
Tea Time
15:10
Mandarin
Red
BYOVD
LPE
現代內核漏洞戰爭 - 越過所有核心防線的系統/晶片虛實混合戰法
馬聖豪
English
Red
Exploit Development
Electron
Virtual
What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps
Li Jiantao
協會時間
Allen Own、CK
15:50
Break
16:00
Lightning Talk
freetsubasa & Hazel、沒有人
16:30
Closing
17:20
收場
ARM-ing for Android: Unraveling the Mysteries of Native Library Reverse Engineering
R3
地點
12:40 ~ 14:40
8月18日 週五
Hacking 101
類型

Ever wondered what's behind the scenes in Android apps? It's time to uncover the secrets with our hands-on workshop, "ARM-ing for Android". This workshop is designed to simplify the complex world of Android native library reverse engineering - a topic crucial to Android security but often overlooked due to the scarcity of accessible resources.

Starting with a fun and easy-to-understand introduction to the ARM assembly language, we will equip you with essential knowledge and skills needed to tackle this challenging area. This part is important because understanding the ARM assembly language is the first step towards mastering native library reverse engineering.

But we don't just stop at theory. You'll get a chance to apply your newfound skills in a thrilling Capture-The-Flag (CTF) event. We have prepared four Android apps for you to examine. Each of these apps contains hidden layers - the kind of 'secrets' you'd encounter in real-life scenarios.

The highlight of our workshop is our focus on teaching key aspects of reverse engineering native libraries. We believe that practical understanding is essential in this field. Therefore, our workshop structure is designed as follows:Understanding ARM Assembly, Dive into Native Libraries, Reverse Engineering Native Libraries, CTF Challenge.

By attending our workshop, you're not just learning a new skill, you're contributing to the safety and security of Android apps everywhere. So, join us, uncover the secrets of Android native libraries, and take a step towards a safer digital world.

預備知識/工具:

  1. GenyMotion
  2. ADB Shell
  3. Virtualization Software (VirtualBox or VMWare Workstation)
  4. 自備電腦

注意事項:

  1. 為確保教學品質,Hacking 101 將限制 36人參與,請排隊等候。
  2. 本議程將不提供同步口譯。

議程語言:英文

Ravi Rajput

Ravi Rajput is well-known for his work in automotive security and discovering vulnerabilities in systems. He has spent over eight years in this area, mainly focusing on making vehicles safer. Currently, he's involved in four research projects on vehicle security. Before this, he led a group called Null Ahmedabad, dedicated to cyber security.

Ravi has a knack for public speaking and often shares his knowledge at various conferences. He has spoken at UnitedCon, Null, Bounty Bash, Bsides in cities like Delhi, Maharashtra, and Ahmedabad. He discusses various topics, such as reverse engineering, exploit development, web reconnaissance, as well as complex subjects like post-exploitation, persistence, and antivirus evasion.

One of his notable achievements was presenting at BlackHat Asia 2023, a well-regarded conference in the security world. At this event, he launched AutoHackOS, a unique system designed for testing car security. This added to his recognition in the industry.

© 2023 HITCON, All Rights Reserved.