Agenda
09:00
Attendant Registration Time
10:00
Welcome Speech
10:10
English
Red
Exploit Development
Fuzzing
Advancements in JavaScript Engine Fuzzing
Carl Smith
11:00
Break
11:20
Mandarin
🍊
Red
Exploit Development
A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned
Orange Tsai
English
Red
Communication
How to hijack a VoLTE network
Pavel Novikov
Mandarin
Blue
Crypto
打造公平的遊戲轉蛋:在不洩漏原始碼的前提下驗證虛擬轉蛋的機率
Jing Jie Wang, 李安傑
12:00
Lunch
13:00
English
Red
Exploit Development
Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings.
Poh Jia Hao
Mandarin
Red
Communication
Reverse Engineering
Decrypting the Secrets of Network Connectivity Devices through Hardware Attacks
Ta-Lun Yen
Mandarin
Red
Exploit Development
BYOVD
Uncovering Kernel Exploits: Exploring Vulnerabilities in AMD's Windows Kernel Drivers
Zeze
13:40
Break
14:00
Mandarin
Red
Exploit Development
Endpoint Security or End of Security? Exploiting Trend Micro Apex One
Lays, Lynn
English
Red
Electron
ELECTRONizing macOS privacy - a new weapon in your red teaming armory
Wojciech Reguła
Mandarin
Red
Exploit Development
Fuzzing
搭配模糊測試對Linux核心遠端檔案系統進行漏洞挖掘
Pumpkin
Elk on Sesame Street - Cybersecurity Analysis in Action with ELK and BERT
Sheng-Shan Chen, Yuki Hung
14:40
Tea Time
15:10
Mandarin
Red
BYOVD
LPE
現代內核漏洞戰爭 - 越過所有核心防線的系統/晶片虛實混合戰法
馬聖豪
English
Red
Exploit Development
Electron
Virtual
What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps
Li Jiantao
協會時間
Allen Own, CK
15:50
Break
16:00
Lightning Talk
freetsubasa & Hazel, NoBody
16:30
Closing
17:20
收場
English
Blue
Malware
APT
GroundPeony: Crawling with Malice
R2
Site
14:00 ~ 14:40
Fri, Aug 18
Talk
Type

In March 2023, we discovered a cyber attack campaign targeting Taiwanese government agencies. The campaign employed devious tactics such as tampering with legitimate websites to distribute malware, using URL obfuscation, and employing multi-stage loaders. In this session, we will first provide an overview of this attack campaign and share the analysis results of the malware used. Through this, the audience will be able to understand the latest attack cases targeting Taiwan. ​ As a result of our investigation, we suspect that this attack campaign was orchestrated by a China-nexus attack group. We will discuss the specific evidence supporting this assumption, and trace back to past attack campaigns. Past campaigns include attacks that abused the CVE-2022-30190, known as Follina, at the zero-day stage. These studies enable to understand attacker's motivations and attack backgrounds. ​ This session will enable SOC analysts, IR team members, CSIRT personnel, and others to gain a deep understanding of the latest APT attack trends targeting East and South Asia including Taiwan that have never been reported so far, and to take concrete countermeasures.

Rintaro Koike

Rintaro Koike is a security analyst at NTT Security Holdings. He is engaged in threat research and malware analysis. In addition, he is a founder of "nao_sec" and is in charge of threat research. He focuses on APT attacks targeting East Asia and web-based attacks. He has been a speaker at HITCON, VB, SAS, Black Hat USA Arsenal and others.

Shota Nakajima

Shota Nakajima is a Senior Threat Intelligence Analyst at Cyber Defense Institute, Inc. He is engaged in threat research and malware analysis, incident response. Besides, he belongs to the non-profit cyber-security research team, a.k.a nao_sec and analyzing malware in the wild. He has spoken at domestic and international conferences such as JSAC, HITCON, and Black Hat EUROPE Arsenal.

© 2023 HITCON, All Rights Reserved.