Cyber attacks today are an inevitable threat modern organizations must face. How an organization detects, labels, responds, and remediates existing decifiencies in their cyber defense while also effectively utilizing their limited resources has become a necessary skill for infosec management teams for all organizations. One method that has helped alleviate this issue for infosec management teams has been the Cyber Defense Matrix (CDM), a well-known security model from recent years, and combining it with the use of various infosec frameworks.

Our course will focus on the concept of CDM, how to successfully supplement it via other infosec frameworks, and the analysis of cyber attack methods in terms of defense. Participants will learn how to think like and defend themselves from threat actors by learning how to properly analyze an attack, succesfully construct an attack storyline, understand each step of the attack from the attacker’s perspective, and, finally, how to properly defende themselves at each phase of the attack.

At the end of the course, participants will experience the latest in infosec edutech—an interactive CDM game. Through the game, participants will gain a deeper understanding of CDM concepts, common offensive and defensive techniques, how to successfully build an effective modern defense against today’s threats. This course will help participants evolve into valuable and effective information security personnel and prepare them for the inevitable frontline experience against a modern threat.

While container has increasingly become a much applied technology in recent years, its architecture is utterly different from the traditional IT environment, rendering most of the existing security defenses ineffective in protecting containers.

This session demonstrates how to leverage tools to enforce security policies in the development process to ensure that everything works as intended in the container. It involves protecting not just the container images used in the build process but also the container host, the platform, and the application layer during runtime. Some of the mistakes in deploying containers will also be explained, along with the consequences and preventive measures.

By practicing of incident response, you will understand the various TTPs of APT attack.Learn how to resolve the encoded content of script and find the way of persistence, lateral movement and how the shellcode is loaded.

You will be devided into teams and help each other to see the whole scope of incident from an single alert.

Coming Soon

There is no 100% security in cyber world. The SolarWinds third-party supply chain issue prooved that no matter how strong the defense is, it is impossible to guarantee 100% security. The hacker and malicious attacks are always a continuous problem to enterprise, and sooner or later matters. Cyber Resilience is the primary to be focus and enhanced to any enterprise, advanced planning and deployment that prepares for the breach of the security defense line. iSecurity pointed out 4 steps for cyber resilience to be more stronger: Stop More Attacks, Find Breach Faster, Fix Breaches Faster, Reduce Breach Impact.

The global pandemic has proved to be an incubator of cybercrime, and Taiwan’s performance surprisingly ranked last for the past 3 years! In line with this, Systex Corporation’s seminar is designed to assist corporations instill a cyber awareness in employee actions through its 4Es: Experience, Examine, Experiment, and Evaluate. The human factor in cybersecurity will be emphasized to forge a strong firewall and fill the missing link for effective corporate cybersecurity.

The ISM and ISC of Internet-only Bank

From the viewpoints of compliance, cybersecurity regulations and industry standards are still updated. In addition to ISO 27001, the NIST Cybersecurity Framework (CSF) and IEC/ISA 62443 are embedded in newly drafting SEMI Cybersecurity Standards and ITRI's Cybersecurity Maturity Model in Taiwan. Based on participation in drafting a standard and its practical implementation, the instructor will share and discuss stories behind those compliance issues.

Proper endpoint protection is the foundation of data protection. Especially during the pandemic period, working from home becomes a trend to enterprises; SASA SCANNER Mail and CDR can prevent most phishing and malicious ransomware; and be ensured the risk of internet access security in the container of BufferZone. And finally, collocates with a full-view Digital Guardian, which completely supervise the user behavior of the endpoints, that is almost non-invasive, except the endpoints, the security of IOT devices in enterprise is often ignored. VDOO's security detection can help.

Cyber-attacks present a growing threat to businesses/enterprises, governments, and individuals all over the world.

There are a lot of cyber-attacks happened to large enterprises in Taiwan in recent years as well. 

Then, you thought these large enterprises didn’t prepare an specific security team or professional security software & hardware to protect cybersecuity ? 

Obviously the answer is No. Hackers still targeted and attacked them which caused the huge losses.

However, we found many small and medium enterprises or e-commerce customers believed that their company scale is small, hackers would not attack them, they may ignore the risk of cybersecurity.

Therefore, in this session, we will use the e-commerce customer as a case study to illustrate how to against hacker and what is the best way to protect your website.

Are you implementing Zero Trust or Zero Sleep? To achieve Zero Trust typically requires building a stack of solutions, integrating them and increasing security spend. This session will provide a framework and specific steps that show how to leverage identity centric security for Frictionless Zero Trust for IT, Security, and end users resulting in reduced risks, reduced cost, and a better user experience. This session shows you new technology that can help financial enterprises meet the unique needs around compliance and user experience, without compromising security.

Email is the major attack method of hackers.

Such like social attacks, malicious links, BEC and even APT attacks may all be delivered via email.

Systex Email Security Cloud provides multi-layer anti-virus engine,threat intelligence, AI analysis, sandbox detection...and many other detection and defense mechanisms. 

The cloud-base service can save a lot of manpower and provide the most complete email security protection with the least impact on the customer’s environment.

The properties of constrained resource, unfriendly interface, and heterogeneous architectures for IoT endpoint devices make secure protection for them extremely difficult. The mature protection mechanisms for traditional desktops (e.g., Antivirus or EDR) cannot be directly applied into IoT scenario. By extracting firmware of a IoT physical endpoint device and executing it in an emulated IoT system, this speech discusses how to establish a virtual IoT device with high fidelity and leverage system-level monitoring and IDS to achieve EDR for IoT endpoint devices.

Many companies use patchwork security defense architectures in the construction of security protection, resulting in a lack of integration and joint defense mechanisms in the overall defense process, making it more difficult for managers to track and manage. This agenda is mainly to provide the audience with another information security thinking model, how to build a smart information security platform to strengthen the overall protection of the enterprise and detect more unknown malicious attacks. Making managing security no longer a daunting task

While container has increasingly become a much applied technology in recent years, its architecture is utterly different from the traditional IT environment, rendering most of the existing security defenses ineffective in protecting containers.

This session demonstrates how to leverage tools to enforce security policies in the development process to ensure that everything works as intended in the container. It involves protecting not just the container images used in the build process but also the container host, the platform, and the application layer during runtime. Some of the mistakes in deploying containers will also be explained, along with the consequences and preventive measures.

By practicing of incident response, you will understand the various TTPs of APT attack.Learn how to resolve the encoded content of script and find the way of persistence, lateral movement and how the shellcode is loaded.

You will be devided into teams and help each other to see the whole scope of incident from an single alert.

Coming Soon

In this high-tech era, cyber threats get in by every opening. Governments and private enterprises pay lots of attention on cyber security, which is no longer a non-popular knowledge but a national security issue which cannot be ignored. 

ICEF is a mysterious organization in military. What important role does the ICEF play in the national cyber security team? How does ICEF protect our cyber territory?

The speaker will share her experience about

。Characteristics, work content and challenges of the ICEF

。How to continuously improve and cultivate oneself during participating in IT work in the military

Network attack situation continues to transform, the use of enterprise digital transformation after the extension of the security gap to attack, enterprise SOC analyst configuration, has been difficult to keep up with the pace of threat evolution, the security market has appeared SOAR in a scripted way to determine the security incident analysis SOP and automate the process of emotional intelligence collection and response action, the analyst manpower on high-value analysis operations, in order to shorten the response time of each event, to achieve the level of enterprise requirements of security control. 

The rise of 5G technology, along with the exponential growth in the number of IoT devices, has posed unprecedented challenges for internet service providers to secure against DDoS threats. Therefore, it is necessary to set up a more effective security measure for the 5G core network architecture. In this session, we will discuss the differences between analyzing 5G networks and legacy networks by focusing on topics like data collection from the entire network as well as the 5G network slicing, automated traffic baselining and fingerprinting, real-time anomaly detection, virtual network segmentation, DDoS event tracking and reporting, and attack pattern profiling.

The enterprises and hackers have been defensed and attacks for decades and have never stopped. We must assume that companies absolutely likely be invaded through network.This session will give some examples of the recent information security issues to explore how companies can prevent possible attacks by planning in advance, so as to prevent subsequent damages from expanding and affecting the business and reputation.

This research will collect publicly leaked data and share some of the traps and fun that we found during the analysis. We will also share how we have conducted big data analysis on more than 10 billion pieces of data from 200 plus datasets, with a particular focus on the analysis of data leakage and password habits of Taiwan's 8 critical infrastructure service providers. Finally, based on the in-depth analysis of our data, we will try to provide prediction warnings to high-risk CI sectors and vendors that may be invaded due to information leakage, and finally advise how to perform prevention and mitigation measures.

Driven by the Cyber Security Management Act, various government agencies are actively formulating comprehensive improvement plans to strengthen their cyber security protection. Since SYSTEX team is familiar with the IT environment in public sector, and understands the regulatory requirements, our "MOC (Monitoring and Operation Center) Cyber Security Service, was quickly adopted by various government angencies.

Some vendors would assume "whitelisting", "firewalling" their control system would make them "safe". We will prove otherwise, and talk about how we research deeply into security implications of human-machine interfaces, including firmware analysis, defending

 against attacks, and developing safer software.

Security incidents and the false-positive alerts generated by SEIM solutions have grown considerably over the last decade. In this talk, we take a deep dive into the technical aspects of designing and creating an effective AI-driven threat hunting system from the ground up. Automated threat hunting systems, such as our Fuchikoma, alleviate alert fatigue by automating the investigation process, alert triage, and auto-generating attack storylines, allowing SOC analysts to rapidly identify and focus on the more severe incidents, their root cause, auto-enriched contextual information of each step of the attack, and ultimately, eradication and remediation. Each step of our design process on Fuchikoma’s automated ML-driven threat hunting system will be broken down step-by-step and explained thoroughly in detail. 

Sharing common security issues, attack methods and detection/response mechanisms in cloud services, and how to build an effective cybersecurity protection system in practice, so that cloud security will not become a hot potato in the organization.

We will talk about cybersecurity in 4G/5G campus network and how to build a lab for assessment before buying.

Jenkins, the popular open-source CI/CD tool, has inadvertently become a vector for hackers to compromise your systems during the COVID-19 pandemic, leaving many systems of business users encrypted by ransomware. In this session, we will be sharing the difficulties and goodies we have found with implementing Jenkins. Using real cases, we show you how hackers can quickly compromise your systems and move laterally within your organizations. You will see that hackers and their threats are everywhere, and their attacks will never stop.

In this session, I'll explain the meaning and purpose of the different X-Forwarded-XXX headers. Next, I'll show how the attackers can bypass the IP Ban by the application via the wrong setting of X-Forwarded-For, or even ban other victim's IP. Last, I'll demo the blind SSRF vulnerabilities I found in Slack, which is due to the misconfiguration of the X-Forwarded-Host setting. It should make everyone knows more about the X-Forwarded-XXX headers.

While container has increasingly become a much applied technology in recent years, its architecture is utterly different from the traditional IT environment, rendering most of the existing security defenses ineffective in protecting containers.

This session demonstrates how to leverage tools to enforce security policies in the development process to ensure that everything works as intended in the container. It involves protecting not just the container images used in the build process but also the container host, the platform, and the application layer during runtime. Some of the mistakes in deploying containers will also be explained, along with the consequences and preventive measures.

Coming Soon

In the first half of 2020, the COVID-19 pandemic has given rise to the need of working from home. While IT engineers strived to deploy VPN architecture so their colleagues could work remotely, a backdoor has also been opened for hackers to directly access the corporate intranet. 

Hans and his team have observed ransomware attacks in major industries during the second half of 2020 and discovered this phenomenon, and in this speech, he will be sharing how his team performed red teaming exercises to intrude Active Directory and to establish backdoor, hoping to prevent companies from falling into the same trap. 

IDS in the industrial control network environment can detect whether there is abnormal network packet behavior in the industrial control network environment, remind factory personnel that the communication of each computer in the factory is not attacked by external hackers, and prompt internal malicious employees Abnormal network packet behavior. We rely on "hearing" all the packets of the switch or router in the factory to let everyone "see" the purdue model and asset inventory table of the factory network, and teach you to see the normal and abnormal behaviors in the industrial control network; we will share Actual cases to see WannaCry's abnormal behavior will also introduce the importance of industrial control internal network isolation. Through a few actual cases, we can open the audience's eyes and see the abnormal behavior on the industrial control network. Except, the communication between the machine and the machine in the factory is like the communication between the Boss and the Servant. The language of communication may be Chinese, English, French, Japanese, but it may also be an unknown dialect (Unknown Protocol), so we will introduce the analysis of the Unknown Protocol. 

Introductory session on applying Watson AutoML + STIX-Shifter for Threat hunting. Using WML to train and serve a classification model that can examine a STIX bundle to indicate suspicious level.

How to implement IaC safety feature by coding to obtain best practices in CI/CD process.

Mobile telecommunication has gone through generations of evolution from the early days to the establishment of 3gpp in December 1998, when the world joined hands to revolutionize mobile telecommunication. Today, 3gpp has taken on the task to drive the development and establishment of standards for 5G. In addition to releasing specifications for this latest mobile telecommunication technology, 3gpp has also touched upon its security aspects and TS.33 is the outcome. This session invites the audience to take a look at how experts at 3gpp tackle some of the most iconic challenges in 5G.

In view of the common problems encountered by enterprises when they are invaded, discuss and the response and improvement methods before, during and after the incidents.

With advances in cybersecurity technology and diversified solutions providing protection from attackers, adversaries need more meticulously planned operations to hide their footprints. These surreptitious tactics leverage the power of operating systems and other trusted tools to achieve its malicious goals, such as the fileless malware attack.

In the face of the global epidemic, digital transformation of enterprises is imperative. New business models bring new opportunities, but they also extend more risks. In Q4 2020 alone, over 10 listed companies in Taiwan suffered extortion by professional hacker groups. Tens of millions of dollars of Ransoms caused heavy operating losses. Against long-term latent APT attacks, traditional passive external defenses, such as anti-virus software and firewalls, are no longer sufficient. How can MIS and IT personnel, who stands on the front line of information security, build a comprehensive defense strategy? In this forum, the senior technical manager of UPAS will share the practical experience of UPAS engaged in intranet security management for nearly 20 years: from APT kill chain analysis, ransomware attack types, to each corresponding defense link, introducing a joint defense mechanism, in order to help companies resist targeted ransomware attacks in the post-epidemic era.

This talk will share how we built an automated large-scale IoT threat hunting system, and will share a deep look into the overall threat situation and trends compiled from six target examples in the past year.

This talk will be the first-ever public report that analyses Taiwanese user passwords in depth. I will break down Taiwanese user passwords into multiple common patterns, discuss their weaknesses, give insight into building better password practices and policies, offer actionable advice for password assessment during Red/Blue team cyber security drills, and provide insight into real-world threats and the techniques they use to crack “very strong” passwords.

Are you curious about container technology? 

What is the security issue regarding it? 

How to utilize this security issue to gain the host privilege and how to use Shodan to search for it ?

Come with me !!!

This session will introduce an attack that lured Chinese speakers to download the Telegram installer with Trojan. We will see how attackers can actively improve their attack techniques within a short time, and try to use various tricks to avoid detection and confuse users to identify their genuine functions.

Recently, industry could lease spectrum and non-public network to realize 5G killer applications such as intelligent factory. However, the popularity of 5G opensource and the occurrence of cheap software define radio (SDR) enable experimental base stations (BSs) possible. Adversary could easily adopt such BSs to launch malicious attacks against availability, integrity, and privacy of industrial IoT devices. In this speech, we deploy sensors with the aid of mobile edge computing (MEC) in 5G non-public network to detect rogue BS attack and mitigate its negative effects. 

While container has increasingly become a much applied technology in recent years, its architecture is utterly different from the traditional IT environment, rendering most of the existing security defenses ineffective in protecting containers.

This session demonstrates how to leverage tools to enforce security policies in the development process to ensure that everything works as intended in the container. It involves protecting not just the container images used in the build process but also the container host, the platform, and the application layer during runtime. Some of the mistakes in deploying containers will also be explained, along with the consequences and preventive measures.

Coming Soon

Deep packet inspection (DPI) technology is widely used in network-side defense or detection equipment such as IPS/IDS/UTM. The signature/virus patterns (i.e., DPI Rules) used to detect threats can be treated as the DPI system's soul. In the past, the generation of DPI rules relied on rich experience and consumed a lot of time. In recent years, with AI's help, we can have some automation in the rule generation process. Through this automation, we can lower the technical threshold of rule making and shorten rule generation time. This talk will share related technologies and provide a PoC demo.

In this session, we will share our experience of investigation based on a real IR case, also share the different behaviors betweeen cloud platforms and normal enviroments. In conclusion, we will mention how to enhance operate monitoring and architecture security based on the case.

Microsoft embeds a translation design named WoW64 (Windows 32 on Windows 64) used for running 32 bit PE (Portable Executable format) on 64 bit Windows. The design basically hosts every 32 bit PE file inside as a native standalone 64-bit process and translates every 32-bit system interrupt into a 64-bit syscall.

In this talk, we're going to talk about deep reversing engineering on WoW64 architecture how it does translations, and some uncovered issues about crossing-architecture could be abused in the wild.

I believe everyone has such feelings when you are asked about your company’s security posture. Why is that even when essential information security regulations have been introduced, defense equipments have been purchased, and awareness trainings have been conducted, yet you are still not confident to say that your company is well prepared for cyber threats?

This agenda discusses the effectiveness of information security implementations from the three elements of building a more comprehensive information security system: People, Process and Technology.

Your company expands its IT network over time, to support business and stakeholder needs. This session will help you understand how your network and security teams can continue to take control of your IT network, as it grows in size and complexity, to make sure that your stakeholders continue to get the information they need, and help the business continue to thrive in a highly competitive industry.

Show several blackmail families from the theft and blackmail incidents of major groups and organizations. Technical display analysis (1) Target Ransom uses DLL injection (2) Fileless threats, (3) Use Epplus to avoid malicious methods of security protection mechanisms, (4) Killing and anti-hacking backup methods, (5) Use the OS whitelist to run malicious actions and other intrusion methods. Extend the application of feasible protection technology for disaster reduction and analyze the defects of defense mechanism.

Data is an important resource for future profits in an enterprise, and a data governance system is to build an effective data flow network, which makes the data needed for business decision-making immediately available. However, in the process of data access, some misuse, non-compliant, or even malicious data use methods may occur. This agenda uses the PostgreSQL database as an example to illustrate the concept of data governance security in a concrete and practical way.

SELinux is famous for its thorough access control over the whole Linux box, but also notorious for the steep learning curve. The bundled open-source Reference Policy provides detailed security rules for a common Linux system, using the SELinux mechanism. However, system administrators usually have to tinker for the particular needs, on top of the Policy. 

In the meantime, due to the rise of cybersecurity attacks, people today pay much more attention to the light-weight solutions like whitelisting. In short, it is allowing or denying the program (or any subject) at the time of invocation. Its simplicity brings the popularity. To support the thinking, we made an experiment throwing away the Reference Policy and craft a so-called WhiteList Policy using the SELinux framework from scratch. It is intended to show 1) the loaded policy determines easy-to-use or not, not SELinux mechanism; 2) solution to security issues is a trade-off between many aspects, convenience and completeness especially; 3) there is always a gap between the theory and the practice on all security solutions , even the one simple as whitelist.

The information security of the supply chain is a part of enterprise information security. From the financial supply chain mentioned in the financial security action plan of the Financial Supervisory Commission to the suppliers of intelligent manufacturing components, all of them have an interlocking influence on the information security risks of enterprises. In this speech, the speaker will explain how to build a reliable information security service providing network, and in the meantime, how to meet the regulatory trend of the competent authority and the requirements of enterprise landing.

Tropic Trooper is well aware that military or government organizations may have more robust security in their physically isolated environments (i.e., the use of biometrics or USB use in a quarantined machine before an air-gapped environment). The group then targets potentially unsecured related organizations that could serve as jumping-off points for attacks. For instance, we observed Tropic Trooper move from a military hospital to the military’s physically isolated network.

This talk provides an overview of the USB malware called USBferry and its capabilities, as well as the other tools used to infiltrate physically isolated environments. In addition, we will talk about their notable tactics in their attack scenario. Further details, including indicators of compromise (IoCs), can be read in the : https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-troopers-back-usbferry-attack-targets-air-gapped-environments/

Shifts in customer expectations have changed manufacturing forever. Modern manufacturing requires intelligent operations, scalable security, and connected supply chains to deliver more agile production, greater transparency, and smarter products and services.

The Internet of Things (IoT) sits at the center of this transformation. Today, IoT is not just about connecting devices, instead, it is about enabling a Digital Feedback Loop where data can be synchronized between employees, operations, products, and customers. Data from customers informs product development; operations data informs staffing decisions; product sales data informs production. As more data is input into the system, the system becomes more intelligent, making manufacturing smarter, safer, faster, and more agile, all while improving products and customer experience.

These embedded devices are very susceptible to security vulnerabilities, as they are always powered-on, and usually have no updates after manufacture (unless malfunctioning). OpenWrt is no exception. Although the community already tries its best to bring the state-of-art hardening to date, it is just insufficient as there are too many software packages but too few people maintaining. As a consequence per “defense in depth”concept, Thomas Petazzoni from bootlin initiated the work in 2019 bringing SELinux to OpenWrt, and the work has been merged to the mainstream as of today.

Unfortunately the work addresses only the very first part of porting: necessary user-space packages and related kernel options, but not the bundled Reference Policy. After a detailed examination, our work fills the gap to unleash the power of SELinux, in hope to bring security to everyone in a more friendly way (prevention rather than mitigation).

This presentation will introduce how to perform the product security assessment and disclose vulnerabilities from the PSIRT perspective.

The InSecure Deserialization issue in OWASP Top 10 is usually be viewed as a security researcher-only domain. 

By leveraging few simple programs & 2 CVE cases, the speaker will lead audiences to dive into the root cause of this issue & how it could be exploited. 

Audiences could better understand this mysterious issue & the magic of information security after this talk.

1 Bitcoin is now worth over 1.5 million NTD. No matter if you’re an experienced investor or just beginning and unfamiliar with financial terms or the digital assets market, I’ll walk you through the basics of crypto security, known threats you need to avoid, and the emerging threats we all need to look out for. Be better informed and make stronger and safer decisions before investing in crypto.

Open API is an unstoppable trend in the future. In addition to the security control of open API end, how third-party service providers (TSPs) implement security controls will also be an important issue. In this session, we will elaborate the information security challenges and suggested solutions based on OneDegree’s open API experience in HK to the audience who would like to participate in API ecosystem. 

This paper will discuss Science and Technology Investigation draft legislation, especially the part of Source Telecommunication Tapping, from the perspective of law and information security technology. From the legal side, we will introduce the content of the relevant regulations and its influence on the investigation after it is in effective. Then we would move to personal privacy of mobile messengers, which includes the introduction of point-to-point encryption (end-to-end encryption, E2EE), as well as the protection of user content in Popular mobile messengers such as Whatsapp, Telegram, Facebook, LINE, clubhouse. The discussion would then point out the gap between “what the police hacking wants” and “what the police could really get in real world” from the technical perspective.

This session provides in-depth analysis on targeted ransomware ecosystem. The major topics include an original threat distributor, crisis response, ransom negotiation and law enforcement disruption. We would like to invite the attendees to discuss how we can fight cybercrime from both technical perspective and real case study.

This session will go on Windows Driver architecture first to make audience become more easier to understand the driver's problems which I'm going to explain. With several famous instances, we will talk about driver's Downgrade Attack, Unauth-Handle & MSR exploit.

1. Project Motivation

2. Industry Issues

3. Project Preparation

4. Comments and Observations

5. Common Implementation Challenges