議程
09:00
報到時間
10:00
Opening 開幕
10:10
English
Red
Exploit Development
Fuzzing
Advancements in JavaScript Engine Fuzzing
Carl Smith
11:00
Break
11:20
Mandarin
🍊
Red
Exploit Development
A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned
Orange Tsai
English
Red
Communication
How to hijack a VoLTE network
Pavel Novikov
Mandarin
Blue
Crypto
打造公平的遊戲轉蛋:在不洩漏原始碼的前提下驗證虛擬轉蛋的機率
Jing Jie Wang、李安傑
12:00
Lunch
13:00
English
Red
Exploit Development
Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings.
Poh Jia Hao
Mandarin
Red
Communication
Reverse Engineering
從硬體攻擊手段來解開機殼下的美麗祕密:網路通訊設備安全分析
Ta-Lun Yen
Mandarin
Red
Exploit Development
BYOVD
直搗核心:探索 AMD 驅動程式中的資安漏洞
Zeze
13:40
Break
14:00
Mandarin
Red
Exploit Development
Endpoint Security or End of Security? Exploiting Trend Micro Apex One
Lays、Lynn
English
Red
Electron
ELECTRONizing macOS privacy - a new weapon in your red teaming armory
Wojciech Reguła
Mandarin
Red
Exploit Development
Fuzzing
搭配模糊測試對Linux核心遠端檔案系統進行漏洞挖掘
Pumpkin
麋鹿在芝麻街 - ELK x BERT 資安分析實戰
Sheng-Shan Chen、Yuki Hung
14:40
Tea Time
15:10
Mandarin
Red
BYOVD
LPE
現代內核漏洞戰爭 - 越過所有核心防線的系統/晶片虛實混合戰法
馬聖豪
English
Red
Exploit Development
Electron
Virtual
What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps
Li Jiantao
協會時間
Allen Own、CK
15:50
Break
16:00
Lightning Talk
freetsubasa & Hazel、沒有人
16:30
Closing
17:20
收場
Mandarin
Blue
APT
Malware
Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia
R2
地點
15:10 ~ 15:50
8月18日 週五
一般議程
類型

The healthcare industry has become increasingly important to a country's overall well-being, especially after the COVID-19 pandemic. Unfortunately, the healthcare sector has also become a target for cybercriminals and Advanced Persistent Threat (APT) groups. These threat actors were particularly interested in targeting patients' personal information and confidential information such as vaccine development. One such group that has been making such a ruckus is the APT group CamoFei, better known as Chamelgang. In recent years, CamoFei has operated relatively unnoticed for several years. It gained notoriety after PT Security published a report back in September 2021, indicating that the group was specifically targeting Russia. Since then, the threat group has started focusing on Taiwan, performing spear-phishing attacks against multiple organizations whilst carrying large-scale attacks against multiple Taiwanese healthcare and government agencies. During our presentation, we will analyze CamoFei's Tactics, Techniques, and Procedures (TTPs), and the custom malware CamoFei had developed. We will also present several case studies highlighting the attack methods that CamoFei has employed against various healthcare and governmental organizations. By the end of the talk, the healthcare organizations and all the targeted organizations can use our mitigation and detection methods regarding the attacks.

Still Hsu

Still is a cyber-threat intelligence researcher at TeamT5. They are highly passionate and active in community discussion surrounding topics of malware and APTs. Specifically, Still is very outspoken and loves to teach students how to get started in malware research and reverse engineering. Despite their English bachelor background, Still has become one of the core members of the malware research team at TeamT5.

DuckLL

廖子慶 (DuckLL) 目前在 TeamT5 擔任威脅情資研究員,主要研究領域包含威脅情資、惡意程式分析,曾在 Black Hat Asia, HITB, CODE BLUE 等國際研討會發表相關研究。熱衷參與資安社群活動,曾擔任 AIS3、台灣好厲駭的講師,也是 UCCU Hacker 的核心成員。

© 2023 HITCON, All Rights Reserved.