Login
Agenda
09:00
Attendant Registration Time
10:00
Welcome Speech
10:10
English
Red
Exploit Development
Fuzzing
Advancements in JavaScript Engine Fuzzing
Carl Smith
11:00
Break
11:20
Mandarin
🍊
Red
Exploit Development
A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned
Orange Tsai
English
Red
Communication
How to hijack a VoLTE network
Pavel Novikov
Mandarin
Blue
Crypto
打造公平的遊戲轉蛋:在不洩漏原始碼的前提下驗證虛擬轉蛋的機率
Jing Jie Wang, 李安傑
12:00
Lunch
13:00
English
Red
Exploit Development
Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings.
Poh Jia Hao
Mandarin
Red
Communication
Reverse Engineering
Decrypting the Secrets of Network Connectivity Devices through Hardware Attacks
Ta-Lun Yen
Mandarin
Red
Exploit Development
BYOVD
Uncovering Kernel Exploits: Exploring Vulnerabilities in AMD's Windows Kernel Drivers
Zeze
13:40
Break
14:00
Mandarin
Red
Exploit Development
Endpoint Security or End of Security? Exploiting Trend Micro Apex One
Lays, Lynn
English
Red
Electron
ELECTRONizing macOS privacy - a new weapon in your red teaming armory
Wojciech Reguła
Mandarin
Red
Exploit Development
Fuzzing
搭配模糊測試對Linux核心遠端檔案系統進行漏洞挖掘
Pumpkin
Elk on Sesame Street - Cybersecurity Analysis in Action with ELK and BERT
Sheng-Shan Chen, Yuki Hung
14:40
Tea Time
15:10
Mandarin
Red
BYOVD
LPE
現代內核漏洞戰爭 - 越過所有核心防線的系統/晶片虛實混合戰法
馬聖豪
English
Red
Exploit Development
Electron
Virtual
What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps
Li Jiantao
協會時間
Allen Own, CK
15:50
Break
16:00
Lightning Talk
freetsubasa & Hazel, NoBody
16:30
Closing
17:20
收場
Mandarin
Red
Exploit Development
Network Device
Playing with Fire: Exploring the Exploitable Side of ZyXEL VPN Firewall
Instant Q&A
R0
Site
15:10 ~ 15:50
Fri, Aug 18
Talk
Type

VPN Firewall is a security device that protects corporate assets from being directly exposed to the public internet. However, what if such a security device itself has vulnerabilities? Once these high-value vulnerabilities are discovered, malicious organizations could exploit them to launch attacks, leaving the enterprise directly exposed to risks. Our research focuses on the potential attack surface of Zyxel VPN Firewall when exposed to the public internet. During the research process, we discovered several vulnerabilities, and promptly notified the relevant authorities to release patches.

In this session, we will uncover recent critical vulnerabilities in the IPSec VPN of Zyxel VPN Firewall. We will delve into the causes of these vulnerabilities, their corresponding impacts, and how to identify vulnerable Zyxel devices within the entire network. The severity of these vulnerabilities has drawn international researchers' attention, and due to their quick reproducibility and stability in attack programs, they have been maliciously exploited by botnets. The United States Cybersecurity and Infrastructure Security Agency (CISA) has even issued related warnings in response.

Through this session, we aim to collectively explore the risks associated with these vulnerabilities and emphasize the importance of product security for VPN Firewalls.

atdog

HungChi Su, also known as atdog, is a co-founder and senior researcher at TRAPA Security. He was a member of the HITCON CTF Team and achieved second place in DEF CON CTF 25 and 27. He is currently a member of the Taiwanese cybersecurity community CHROOT. Furthermore, he has presented his research at Black Hat USA conference and secured the third position in the Pwn2Own competition.

Twitter: @atdog_tw

Lays

Shih-Fong Peng, aka Lays, is Co-Founder and Security Researcher of TRAPA Security, currently focusing on reverse engineering and vulnerability research. He is a member of HITCON and 217 CTF team which achieved second place at DEF CON CTF 25 and 27. He is also one of the 2019, 2020 MSRC Most Valuable Security Researcher and has reported vulnerabilities to Microsoft, Google, Samsung, etc.

Blog: https://blog.l4ys.tw Twitter: @_L4ys

© 2023 HITCON, All Rights Reserved.