Security concepts such as Security by Design are rapidly becoming the new norm as Electric Vehicles (EV) and Software-defined Vehicles are becoming more widely discussed. In the past two years, not only have new automotive cybersecurity standards been introduced but also promulgated, such as with the WP29, R155/R156, and ISO/SAE 21434. This presentation will showcase CyCraft research on security regarding self-driving cars.

    Today, people connect to corporate networks, cloud databases, and a variety applications from everywhere with all kinds of devices. Enterprises can no longer make the assumption that authenticated or trusted devices/users are secure. Therefore, the zero trust security model is an important strategy for strengthening the security of critical data and systems, especially in a hybrid, dynamic workplace. It is a more advanced, agile, and effective approach to security, compared to the traditional security model.

     Comprehensive visibility and understanding of risks are the foundation of effective security prioritization and automated zero trust access controls. Unfortunately, a lot of solutions labeled as "zero trust" do not really understand how to evaluate trust. 

    Activities of this session include:

     1.) Attack and defense drills. Get first-hand experience of hackers' stealthy intrusion techniques.

     2.) Hands-on labs. From the defender's perspective, learn how to identify the root cause of an incident and determine the scope of its impact. 

     3.) Incident investigations. Collect evidence and think how to response with remediation measures, how to implement such measures with existing defenses, and how to stand in the executives' shoes to provide critical information for CISO and SOC teams to make informed decisions.

Experience a highly interactive cybersecurity card game! Players not only have fun but also learn the basic concepts of the Cyber Defense Matrix (CDM) security model. By abstractly simulating real-world security incidents, players learn common attacker techniques, the effectiveness of current defensive techniques, and how to use CDM concepts to build an effective and efficient defense—on a budget!

This course is divided into three parts: lecture, discussion, and game! 

First, we will introduce the importance and usefulness of security models used by researchers and analysts, such as CDM, NIST CSF, and Mitre ATT&CK. We will then compare the security models and explain how researchers and analysts use these models to break down cyberattacks into individual techniques and their intended uses, stretching from initial access to data exfiltration and impact. Attendees will learn how cybersecurity analysts map out—and eventually predict—attack behavior and how to use CDM with various information security frameworks to formulate effective security strategies and fill gaps. Most importantly, attendees will be able to immediately use this knowledge in our new highly interactive card game that leverages CDM concepts in a fun, educational, and approachable way highlighting the importance of cybersecurity. 

Managed detection and response (MDR) is an outsourced service that provides organizations with threat hunting services and responds to threats once they are discovered.

The speech will share MDR how to apply the unique Threat Intelligence collection data, verification mechanism, and machine learning analysis technology. Our total solution will help company to defend against unknown threats and 0-day attacks to ensure enterprises’ network security.

In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and harden their systems against attacks. In this session, Darktrace presents a newly announced, ambitious new vision for security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from threats. Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organisation.

In the wave of ESG and digitization, the definition and value of "information security" has changed dramatically. With the corporate's information security management has been included in the evaluation project of the Dow Jones Sustainability Index (DJSI) and more well-known sustainability awards, which will be an issue and a challenge that needs to be addressed more seriously at the CXO level. In this digital transformation wave that everyone can relate to, the ecosystem of the industry has turned over and reshaped the information security battlefield. 

With the growth of Internet of Vehicle (IoV) devices, while give user more convenience, it also allows hackers to have more weakness point to penetrate. In this presentation, we will share the security issues of various automotive components from attacker’s vision in real cases and provide prevention solutions.

Cybersecurity risk trends are changing rapidly, and companies need to proactively establish mechanisms to detect whether cyber risks affect the enterprise environment.

I will discuss the NISTIR 8286 ERM, COBIT 2019 framework, the concept of risk monitoring and risk response, and let the audience understand the use of Key Risk Indicator (KRI) and Key Performance Indicator (KPI) in information security risk management, so as to realize enterprise business goals.

Real-Time Protection is an essential design for all modern anti-virus and endpoint protection, which scans the executed binaries, detects and blocks the malware immediately. To achieve this protection, the security vendors have used APIs provided by Microsoft to embed their hooks at the Ring0 kernel level. However, is that game of cat and mouse over? ;)

In this session, we will reverse engineer the Windows OS. To understand the Process Creation, Userland IRP, and Kernel Driver design for learning the modern attacker's strategies to escape virus-scan.At the end of the session, we will use several PoC as examples used in the wild to demonstrate how attackers can abuse the issue of scanning timeline, to launch temporal pincher move to avoid anti-virus scan, and we will provide suggestions on mitigation measures and suggestions on select security products for users .

    Today, people connect to corporate networks, cloud databases, and a variety applications from everywhere with all kinds of devices. Enterprises can no longer make the assumption that authenticated or trusted devices/users are secure. Therefore, the zero trust security model is an important strategy for strengthening the security of critical data and systems, especially in a hybrid, dynamic workplace. It is a more advanced, agile, and effective approach to security, compared to the traditional security model.

     Comprehensive visibility and understanding of risks are the foundation of effective security prioritization and automated zero trust access controls. Unfortunately, a lot of solutions labeled as "zero trust" do not really understand how to evaluate trust. 

    Activities of this session include:

     1.) Attack and defense drills. Get first-hand experience of hackers' stealthy intrusion techniques.

     2.) Hands-on labs. From the defender's perspective, learn how to identify the root cause of an incident and determine the scope of its impact. 

     3.) Incident investigations. Collect evidence and think how to response with remediation measures, how to implement such measures with existing defenses, and how to stand in the executives' shoes to provide critical information for CISO and SOC teams to make informed decisions.

Experience a highly interactive cybersecurity card game! Players not only have fun but also learn the basic concepts of the Cyber Defense Matrix (CDM) security model. By abstractly simulating real-world security incidents, players learn common attacker techniques, the effectiveness of current defensive techniques, and how to use CDM concepts to build an effective and efficient defense—on a budget!

This course is divided into three parts: lecture, discussion, and game! 

First, we will introduce the importance and usefulness of security models used by researchers and analysts, such as CDM, NIST CSF, and Mitre ATT&CK. We will then compare the security models and explain how researchers and analysts use these models to break down cyberattacks into individual techniques and their intended uses, stretching from initial access to data exfiltration and impact. Attendees will learn how cybersecurity analysts map out—and eventually predict—attack behavior and how to use CDM with various information security frameworks to formulate effective security strategies and fill gaps. Most importantly, attendees will be able to immediately use this knowledge in our new highly interactive card game that leverages CDM concepts in a fun, educational, and approachable way highlighting the importance of cybersecurity. 

In order to protect the rights of road users and promote the safety awareness of vehicle manufacturers, all new vehicles in the EU after July 2022 and all new production vehicles after 2024 must comply with the UNECE WP.29/R155 standard, while the ISO21434 standard, inherited from ISO26262, will soon be fully implemented. Regardless of the standard, Automotive TARA is the core component. What is TARA? How should vehicle manufacturers implement TARA? What makes Automotive TARA special? This topic will give you an in-depth understanding of Automotive TARA, from the purpose and necessity of TARA, the implementation of Automotive in the real world and the current status of ISO Regulation.

Aruba combines best-of-breed Aruba data center L2/3 switching with the industry's only, fully programmable DPU (Pensando Elba) to introduce the industry's first Distributed Services Switch the Aruba CX 10000 Series Switch. Its key features include: 

• IT organizations no longer need additional firewalls to control east-west traffic when building data centers, delivering 100x the scale and 10x the performance at 1/3 the TCO of traditional approaches
• Stateful firewall
• Extend micro segmentation capability to any type of hosts in the data center
• The encapsulated remote switch port analyzer (ERSPAN), telemetry and DDoS protection related features will be introduced gradually

Adopting cybersecurity framework could be meaningful to protect corporate data, as well as a trust relationship between supply chain. Starting from choosing a cybersecurity framework that suites your business, defining guidelines to different operating systems, selecting tools to fulfill the requirement of compliance and certification. This sharing would share a real world example on how to obtain and utilize associated resources, apply management tools to different OSes

Based upon Aon global database of cyber insurers’ survey and many years of local practice, will share with enterprises how insurance companies evaluate corporates’ cyber risks and define insurance policy terms. If a company plans to purchase cyber security insurance, what information or actions should be prepared in advance, and how to communicate with insurers to obtain the best terms? During a cybersecurity incident, how to cooperate with insurance companies to optimize the policy.

The online entertainment business is not a notable victim when we talk about Advanced Persistent Threat (APT) attacks. Previously, APT research emphasized the victims in the public sector, such as the government, military, or critical infrastructure. It was not until 2020 that security researchers started to shed light on APT attacks against the online entertainment industry. For instance, TrendMicro's "Operation DRBControl" suggested that China-nexus APT41 and APT27 had targeted gambling and betting entities.

This talk will focus on APT's targeted attack against online entertainment companies which have solid cash flow and a massive amount of personal data. Previously, many cases were believed to be financially-motivated attacks because of the usage of ransomware. However, based on our observation in the past few years, APT attacks against online entertainment companies are also driven by espionage purposes.

We will dissect more than 20 targeted attack operations TeamT5 has tracked since 2018. Our analysis shows technical links between these targeted attacks and the infamous Chinese APT, including APT10 (aka menuPass), APT41 (aka Winnti, Amoeba), and APT27 (aka GreedyTaotie). Our presentation will cover these attacks' Tactic Technique and Procedures (TTPs). We have seen those APT groups adopt different TTPs aimed at the online entertainment industry. We detected the well-known China-origin weapons such as PlugX, ZxShell, and APT's shared tools such as Hyperbro, PlugX2016, and CoinDrop. Many campaigns even deployed ransomware for double extortion.

More importantly, these cases gave us a peek into China's strategic move. We believe that these APT attacks are the preliminary work of the Chinese government. After these intensive attacks of APT, we have seen China is officially purging the online entertainment and gambling industry. Our strategic intelligence indicates several possible scenarios which could lead us to believe the ultimate goal of these APT attacks.

Use Artificial Intelligence and Machine Learning technology to help companies control remote/home/outsourced work environments, such as:

• User identification
• Identification of bystanders in the work environment 
• Identification of objects in the work environment that could lead to a data breach, such as cell phones, cameras, keyboards, screens, notes, and papers
• Recognition of behaviors explicitly prohibited by the company in the work environment, such as taking pictures of the screen with a mobile phone/camera
• Actions for violations such as warning messages, blank screen, mandatory shutdown

This solution allows enterprises to fully control the Human Factor, protect data security, improve work efficiency, and assist Call Center to comply with the CLEAN DESK policy.

Learn how Trend Micro's automotive security solutions can help you detect and respond to future potential threats.

The well-known project - OWASP Top 10 was updated last year. The issues are shuffled and merged according to their importance. Also, the present software development flow affects application security which evolve in recent years. Few new issues such as software supply chain attacks were introduced in the new OWASP Top 10. How enterprises should change the way of security development according to the new OWASP Top 10?

New trends and details would be introduced in this session.

The pandemic accelerates the digital transformation of enterprises, but digital transformation brings more severe security challenges. The hackers use malicious attacks across a variety of endpoint devices and systems. Thus, the authorities from industry and government agency built various supervision systems and regulations to implement the security protection, therefore, how to effectively implement IT compliance, ensure information security and meet the regulatory requirements of specific industries through international common security practices such as CIS, DISA STIG, PCI-DSS, etc., is an important cornerstone for the success of enterprise digital transformation.

With the advent of the 5G era and prevalence of IoT (Internet of Things), network traffic continues to grow at exponential rate with unprecedented diversity and complexity in its content and behavior, leading to more challenges to network visibility and forensic analysis for carrier-grade networks. In this session, we take a deep dive into how GenieAnalytics assists network operators in overcoming the various challenges of large-scale network traffic analysis through methods like diverse traffic data collection, big data database building, heterogeneous network data correlation and enrichment, and multi-dimensional analytics to provide a fast, in-depth, network-wide solution for carrier-grade traffic analysis.

Completing our CyCraft trilogy of CyberSec talks, we will discuss the critical importance of proper privilege management. Windows AD is the heart of Enterprise IT cybersecurity. Yet while it is a top security priority, it can also be the darkest enigma and a monster to unravel. AD security is difficult to measure. In this presentation, we will introduce a new AI analysis method for AD security, combining the confrontational thinking between red and blue teams to better help outline the boundaries of enterprise cybersecurity and increase visibility and metrics for AD security. This is a Birdman session you cannot miss.

After the incubation of around one year, CCoE (Cybersecurity Center of Excellence) is to be established early next year. Positioned to be a provider of cybersecurity assessment technologies, a trainng camp of cybersecurity blue teams, a diplomacy to collaborate with well-known international cyberseucirty organizations, CCoE shall embrace academia, entreprenurs, cyber communities, and other institutional bodies, with one third of its budget. Under three laboratories, cyber threat defense lab, cyber data analytics lab, and post quantum crypto lab, we are developing several platforms: vulerabilitiy mining, threat intelligence, cyber range, social network analytics, disinformation detection, deepfake detection, and post quantum crypto eco-system. In this talk, we argue the differences between the technologies for cyber players and the ones for assessors, the differences between training blue teams and training red teams, why spending one third of budget externally, and how we shall differ from the other institutional bodies. With these, we hope to recruit talents to build this CCoE together. 

Aside from historical vehicle hacking cases, it is predicted that future attacks will increase when more and more connected vehicles are on the road. We will demo a hackers attack on the IVI, TCU, and Gateway, and how our In-Vehicle Security is purpose-built to protect against these threats. At the same time, you will have the opportunity to visualize how Vehicle One (a cloud-based management console) detects and responds to these threats. Furthermore, OEMs require suppliers to manage vulnerability in compliance with UNECE R155. We will also demo the Vulnerability Management functionality, which focuses on Vulnerability, Back Door, and Malware scanning, which benefits suppliers in gaining OEMs' trust while hardening device security.

When attackers are familiar with the methods and intelligence that blue teams use to detect threats, can the intelligence at our disposal still help us detect signs of an attacker's intrusion?

XDR (eXtended Detection and Response) is the hot new buzzword in the security industry but so far there isn't a lot of agreement on what defines XDR. The goal makes sense. Extend your detection capabilities across your hybrid network to catch advanced threats like zero days, supply chain attacks, and insider threats, and respond quickly before damage can be done. This talk will explore the data sources that XDR leverages as well as the pros and cons of XDR such as: is it realistic that one vendor can offer you all the tools you need for detection and response or will you need to create a strategy to achieve your own extended detection and response ecosystem.

In this lesson, you will be introduced to digital forensics tools and guided through hands-on lab. You will also learn about how to use the tools to analyze and evaluate the impact scope during real-world investigation and response to incidents. For an immersive experience, a hands-on lab will give participants the chance to investigate cases, experience cybersecurity experts' course of investigation, simulate hackers' tracks via remaining PC data, and to write a basic report, with our team's guidance. 

    Today, people connect to corporate networks, cloud databases, and a variety applications from everywhere with all kinds of devices. Enterprises can no longer make the assumption that authenticated or trusted devices/users are secure. Therefore, the zero trust security model is an important strategy for strengthening the security of critical data and systems, especially in a hybrid, dynamic workplace. It is a more advanced, agile, and effective approach to security, compared to the traditional security model.

     Comprehensive visibility and understanding of risks are the foundation of effective security prioritization and automated zero trust access controls. Unfortunately, a lot of solutions labeled as "zero trust" do not really understand how to evaluate trust. 

    Activities of this session include:

     1.) Attack and defense drills. Get first-hand experience of hackers' stealthy intrusion techniques.

     2.) Hands-on labs. From the defender's perspective, learn how to identify the root cause of an incident and determine the scope of its impact. 

     3.) Incident investigations. Collect evidence and think how to response with remediation measures, how to implement such measures with existing defenses, and how to stand in the executives' shoes to provide critical information for CISO and SOC teams to make informed decisions.

Many countries have gradually adopted an attitude of coexistence with the epidemic, and it is expected that the time for the global reopen is getting closer. However, due to the push of the epidemic, work and life styles have changed dramatically, and hackers are constantly changing to evolve their attack methods and targets. Therefore, in the post-epidemic era, enterprises need to update their thinking and strategies, and start to plan the cyber security as soon as possible. This agenda will share actual cases to analyze the evolution trends of hackers' attacks under this wave of pandemic, and provide corresponding defense strategies and solutions.

Linux server security becomes more vital as more enterprises go through digitization and cloud migration. This presentation discusses both real-world attack techniques used when targeting Linux systems as well as effective defense strategies defenders can leverage to rapidly improve and harden their defenses. Understanding the attackers’ methods is only the beginning. Defenders need to understand how to properly detect, identify, and respond to each and every technique attackers have at their disposal.

The confidentiality of modern communication and storage is highly dependent on cryptographic algorithms such as encryptions and digital signature schemes. The development of quantum computers continues to progress. In the future, large-scale universal quantum computers are able to crack all todays’ public-key cryptosystems. In order to resist the threat posed by quantum computing, PQC (Post-Quantum Cryptography) has emerged. Using PQC can resist quantum cryptanalysis.

Zero trust must initialize from the top strategy, make an appropriate action plan based on the actual requirements of the organization, promote it step by step, and design suitable measureable indicators to confirm the implementation effect. Practical operations can refer to the US CISA zero trust maturity model and the US Department of Defense's promotion practices, starting from needs, considering risks, seeking the best technology and making economical methods.

1. In the process of digital transformation, what are the industrial demands and information security challenges that HOPAX faces?

2. How does HOPAX effectively find relevant resources for assistance?

3. HOPAX's information security strategy and improvement structure: strengthen self-improvement + supply chain joint defense

4. Supply chain identity zero trust

5. Uninterrupted intrusion detection and defense

6. The protection of industrial control and information security is not neglected

7. Information security team establishment and threat monitoring analysis

Traditional industrial control system lacks security considerations. With limited human resources, the popularization of networking technology and remote control is becoming a possible solution. In this situation, these industrial control systems would be more likely to be targeted by hackers. This speech will allow the audience to understand common safety deficiencies in industrial control architecture from the actual example of dam safety, and propose relevant suggestions.

Connected Vehicle brings EV, Smart City and next-generation Vehicle applications. Like more automated, electric vehicles, conncted vehicle applications in our smart city face many of the same security challenges. It is imperative that the supply chain partners adopt policies that will improve both the active testing and security of the materials supply needed to enable a secured vehicle compoent.

Certificates are an evaluation system for ability. After passing through the certificate certification system, ability is affirmed. Information security is a collection of multiple sciences. Through the acquisition of certificates, bonus points are given to careers, and those certificates are the identity of the information security industry. Certificate, those who have substantial benefits, the preparation and mental journey of the examination process, the Abbot will recite the scriptures for you!!

This session covers practical information management and information security governance at the enterprise level. Topics include the responsibilities of the Chief Information Officer and Chief Information Security Officer and how the roles complement each other. 

Explaining the information security risks of Internet of Vehicles(IoV) and the future operating model in this Cyber Security Management ecosystem through the framework of ISO 21434.

The insufficient visibility of enterprise intranets, caused by no common communication hub for each endpoint that brings trouble to network monitoring, has been a worry. We did learn how serious it could be in WannaCry and SolarWinds security cases. Surprisingly, private 5G technology may help. Since each 5G device should connect to some base stations (eNB or gNB), theoretically, we could inspect the complete communication data of the 5G devices when the base stations connected by them are monitored. It also implies that enterprise intranet visibility can be easily achieved if the enterprise adopts 5G, also known as the private 5G network. However, its cost could be too high to be accepted by most enterprises.

There still exists the alternative: to enable local-break-out, LBO, function on 5G operator’s network: Mobile phones or IoT devices can then directly connect to enterprise Intranet through the operator’s base stations.

We will share the details in this session about LBO technology and the business model for “5G improves enterprise security”.

In this talk, I'll introduce analysis of Earth Baku (aka APT41)'s new cyberespionage campaign, particularly the group's use of advanced malware tools and multiple attack vectors.

In this lesson, you will be introduced to digital forensics tools and guided through hands-on lab. You will also learn about how to use the tools to analyze and evaluate the impact scope during real-world investigation and response to incidents. For an immersive experience, a hands-on lab will give participants the chance to investigate cases, experience cybersecurity experts' course of investigation, simulate hackers' tracks via remaining PC data, and to write a basic report, with our team's guidance. 

In this talk, we will introduce the fundamental definition and properties of homomorphic encryption and its application on threshold signature. Lastly, we focus on the management of private keys through threshold signature scheme.

    Today, people connect to corporate networks, cloud databases, and a variety applications from everywhere with all kinds of devices. Enterprises can no longer make the assumption that authenticated or trusted devices/users are secure. Therefore, the zero trust security model is an important strategy for strengthening the security of critical data and systems, especially in a hybrid, dynamic workplace. It is a more advanced, agile, and effective approach to security, compared to the traditional security model.

     Comprehensive visibility and understanding of risks are the foundation of effective security prioritization and automated zero trust access controls. Unfortunately, a lot of solutions labeled as "zero trust" do not really understand how to evaluate trust. 

    Activities of this session include:

     1.) Attack and defense drills. Get first-hand experience of hackers' stealthy intrusion techniques.

     2.) Hands-on labs. From the defender's perspective, learn how to identify the root cause of an incident and determine the scope of its impact. 

     3.) Incident investigations. Collect evidence and think how to response with remediation measures, how to implement such measures with existing defenses, and how to stand in the executives' shoes to provide critical information for CISO and SOC teams to make informed decisions.

Zero Trust is one of the new countermeasures that has been proposed recently to achieve effective protection and co-work with industrial AIoT technologies. In this speech, we will outline the complete solutions to realize Zero Trust cybersecurity protection, and provide the practical examples for smart manufacturing applications.

After IIOT, the information security problem cannot be prevented solely from within. A complete protection mechanism from both internal and external to handle information security issue brought by the suppliers and to improve privacy requested from the clients is imperative. 

In the speech, we will be discussing: How to control the entrance of the suppliers? How to visuallise secrurity information to raise awareness? What strategy the organisation need to deploy to improve protection? The impact of improved security protection to the industry? 

When information security governance has become a trend, have you ever thought about what is the correct concept of information security governance?

The agenda will share the four information security certificates (CISA/CISM/CRISC/CGEIT) of ISACA, and introduce why they are the goal of information security practitioners, and talk about some ways to prepare for the exam. Finally, discuss the benefits and help of the research certificate.

We will review what are some of the latest trends in the security threat landscape in the past few years.

General best practices & concept that can help us keep up with the zero day threats and deep dive into how Edgio security solution can help you respond quickly to the next critical zero day security incidence.

In most enterprises, information and product security are still positioned as the cost center. How does the C ISO turn this situation around?

How to strategize and take action to demonstrate that security is not only critical to business success, but is as much a driver and competitive advantage for business continuity as the digital infrastructure and smart information it protects.

OSCP and OSEP are certifications for professional Red Teamer.

International cybersecurity standards have drawn great attention from high-technology industry, particularly automotive electronics in a post-covid period. However, business logic behind those standards are little unknown. In the past, top management thinks cyberseurity standards only as an international certificate. The current and emerging trends of cyber resilience, cybersecurity standards cover both functional and organizational purposes of cybersecurity. This talk will share insight on organizational resources for standard implementation by taking IEC/ISA 62443 as an example. 

This session of agenda brings you a brief review about the Secure Software Development Life Process (SSDLC). Then the speaker will introduce the new Cryptography Module Verification Standard from NIST: "FIPS 140-3", with the perspectives of SSDLC, and discover the needs and impacts what FIPS 140-3 brings to SSDLC, and leads you understand the benefits and difficulties of upgrading to FIPS 140-3.

Due to the COVID-19 situation , working style is changing from office to remote. To make the enterprise works properly , more and more external systems are used for replacing physical work flow.

This systems like document signing or meeting services become popular and also more vulnerabilities found on them. In this presentation , the speaker will start from introducing what is a vulnerability , CVE and the interaction that enterprise should take. 

Then , managers should understand the impact and place priority to fix the issue. The speaker will take 2021 Log4J as example to share some experience about how to mitigate the damage of new dangerous CVE appears.

This presentation will discuss the evolution of attack and defense techniques for vehicle security systems, starting from the common architecture and components of today’s vehicles and ending in an analysis of potential attack and defense techniques for the autonomous vehicles (AV) of the future. We will also discuss the potential impact and risk posed by supply chain attacks as well as the mitigations we can take today to secure the safe arrival of passengers tomorrow. 

Recent years have seen 4G and 5G gaining increasing popularity and moving towards all IP technology, leading to the booming of the Open Radio Access Network (ORAN). Seeing the increase of attacks on mobile networks, we will be sharing a few case studies in this session about how mobile networks can be compromised, in addition to two fuzz testing tools specifically designed for 5G.   

The IT and OT security protection capabilities with " Cyber Network Threat Scanning ", " Cybersecurity Enhancement and Deployment " and " Building a Dedicated Cybersecurity Team and System " followed by international standards IEC 62443 in smart factories. It helps users to analyze the insufficient system and assist team to operate and manage the security system efficiently.

In response to the business opportunities of OT cybersecurity in the future, ICP DAS proposes a solution that uses machine learning to quickly establish cybersecurity detection technologies and environments for industrial network protocol anomaly detection. We solve the cybersecurity issues faced by factories in the field of IIoT, and a systematic OT cybersecurity threat detection system has also been developed at the same time.

Nowadays heating, ventilation, and air conditioning (HVAC) system are indispensable in many places, such as hospitals, factories, office buildings and even in residentials. Most of HVAC systems have a Human Machine Interface (HMI) and can be easily managed remotely. While convenience is improved, the security of HVAC control systems is often neglected.

This time, we have investigated popular HVAC control systems that have web-accessible HMIs. During our research, some products were found to be vulnerable to attacks such as credentials disclosure and privilege escalation. Furthermore, many of them could be found on the Internet. Since HVAC control systems are usually connected to other building systems and facility equipment, if HVAC control system is taken over, other systems would be attacked easily. In this session, we will introduce possible attack scenarios and how to mitigate these attacks.

Obfuscated File Extension (OFE) is a classic Web exploit technique. Hackers simply upload a JPG file to the server with arbitrary upload vulnerabilities, then use the contents of the image file as a PHP WebShell to execute. Boom! Take down the entire server.

However, in today's world of cyber attacks, has this technique never been used to attack non-Web enterprises and home computers? The answer is absolutely yes!

In this session, we will talk from the modern malware analyzer to the defense design of today's security solutions and their 1% defense blind spot. Then use several PoCs to explain how the attacker was able to increase the 1% to 100% blind spot for spoofing and winning the trust by security products by OFE tricks.

With an open architecture and interface, O-RAN is designed to build the next-generation RANs with intelligent control. It can provide a certain degree of flexibility and customization and allow new communication interfaces between network components (e.g., O-CU, O-DU) and Radio Access Network Intelligent Controllers (RICs). Moreover, it can work with real-time detection, response, and management with machine learning (ML) algorithms on applications (xAPPs). However, the open architecture and interface also significantly increase the possibility of being attacked. This presentation not only explores the current development of the O-RAN alliance in information security, but also integrates O-RAN and Software Defined Radio (SDR) to realize an experimental network and explores the possible threats of new network components and interfaces in this experimental environment. Finally, we would also discuss the implementation of information security-related xAPP on O-RAN to enhance the security of O-RAN.

Ransomware is the most soaring type of security incident recently. Due to the ecosystem formation of ransomware and double extortion approach, ransomware threat to enterprises is continuously expanding. At the same time, since the US National Institute of Standards and Technology (NIST) published the SP 800-207, Zero Trust Architecture document in 2019, zero trust architecture has become the most discussed topic among security industries and enterprises. This session will describe how to take a Zero Trust security strategy to mitigate the threat of ransomware.

Be Truthful: Use content directly from your security and compliance program

The best way to answer a question is by sharing information directly from your security and compliance program (should you have one…and you should). Share a control and/or policy document that describes how you do something. You should try to avoid making up custom answers for a question because it is difficult to keep track of the nuances in each answer in the future, in case a customer asks you about it down the line.

If you don’t have a control or policy, but it’s in your roadmap, state that, along with an approximate timeline on when you will adopt the new controls and policies. Always expect the customer to ask for proof, so don’t make up an answer you cannot back up with evidence.

Over the past few years new laws and policies were introduced by the Australian Government to prevent the misuse of the Internet. The Australian Government has also emphasised the importance of equal access and has strengthened its cyber diplomacy. This session will discuss current challenges the Australian government faces in combating cybercrime. It will also briefly introduce Australia's new cyber security and cybercrime laws and policies.

The current discussion on international cybersecurity standards tends to focus more on posture than maturity. This talk will take some examples to explain the difference between posture and maturity. Based on our third-party review experiences on NIST Cybersecurity Framework, the differences between IT and risk management views are examined. In addition, due to the implementation of NIST Cybersecurity Framework by SEMI Taiwan, its implication to semiconductor industry will be updated. 

APT41 (aka Winnti, Amoeba) is a notorious Chinese APT group. In recent years, TeamT5 CTI team observes that the group has developed into multiple subgroups and it has posed a serious threat to companies in the APAC region. In this talk, we will cover an emerging Chinese APT group named "Tianwu," which was first spotted in 2020. We found that there are several TTPs overlap between Tianwu and APT41. Tianwu's proprietary tool, Pangolin8RAT, is a modular trojan that supports at least 8 communication protocols. Our talk will also provide our outlook on the group's future development as well as actionable intelligence for enterprises.

This talk briefly presents several misconfigurations that are abused by attacker to compromised domain controller. In advance, taking apart an attack path from usually ignored misconfigurations allowing attacker to control entire Active Directory service.

How much cyber risk do we have? Is our cyber budget aligned with the business operational risk? Are our cyber risk management options cost-effective? In order to answer aforementioned questions, we must approach cyber from a business risk perspective where we review business processes, technology applications and risk scenarios. The FAIR approach can guide us to perform both qualification and quantification cyber risk analysis. Help us clarify any uncertainty in cyber risk, and quantify risks in financial values. This will allow cyber risk to be a crucial part of financial liquidity management.

Completing our CyCraft trilogy of CyberSec talks, we will discuss the critical importance of proper privilege management. Windows AD is the heart of Enterprise IT cybersecurity. Yet while it is a top security priority, it can also be the darkest enigma and a monster to unravel. AD security is difficult to measure. In this presentation, we will introduce a new AI analysis method for AD security, combining the confrontational thinking between red and blue teams to better help outline the boundaries of enterprise cybersecurity and increase visibility and metrics for AD security. This is a Birdman session you cannot miss.

Many threats to your cloud security result from improper IAM or insecure configuration settings; such threats typically need to be prevented through inventory and risk assessments. Unfortunately, many services are out of the network admins’ control, complicating assessments and severely raising risk. In this presentation, we will discuss how to best assess cloud security; how to use different frameworks/methods to examine cloud assets, their corresponding risks, and security levels; and discuss real-world security incidents.

Threat actors anonymously carry out attacks at their will, stealing sensitive information, deploying ransomware on critical infrastructures, and conduct denial-of-service attacks to disrupt services, inflicting damages to the economy and causing wide-spread panic in society. 

Government agencies, as capable as they are, cannot defend against and mitigate these threats alone. It must be a coordinated effort between governments, corporations, NGOs, sharing information and intelligence. There must also be a change in people’s mindset on cybersecurity, from the end user to IT administrators, to the managers, to minimize the risks of the human factor.

The security flaws seem to be unrelated, yet altogether could cause a catastrophe? Vulnerabilities already patched, yet your website is still constantly hacked? Let the cybersecurity consultant with years of real-world experience from CHT Security share with you. Common website offensive techniques and countermeasures will be explained. You will also learn how to uncover root cause and block hackers from the defensive web via hands-on lab.

(Suitable for: website administrator/system developer/those interested in information security)

This lab will focus on security problems that cannot be solved by software updates. We choose some common website security issues as examples. After analyzing root cause of issues. First try to modify the code from the inside to solve the problem, and try to solve the problem. Block the problem from the outside, and use a series of implementations to understand the common handling methods of vulnerabilities in practice and the impact on the original service. The goal is to help who are begin to fix security issues after completing a vulnerability scan or penetration test.

Dyanmic analysis is a useful solution for malware analysis while the complicated IoT hardware architecture and peripherals make automatic emulation of IoT devices challenging. This course will focus on how to apply recent firmware rehosting technologies (such as Firmadyne, FirmAE) to operate commerical firmware in emulated IoT systems. Moreove, we will introduce well known vulnerability discoverying tools to enable dynamic analysis to the emulated IoT devices.

This course will introduce attendees to the basics of threat analysis, threat detection and designing behavioral solutions. Attendees will learn to perform threat hunting to facing red-team tactics. To keep the attendees focus on hunting thread, we leverage open source tool to design our behavioral solutions.

Currently, the trend of digital transformation has brought several new channels to access organizational resources. Therefore, the advanced persistent threat (APT) attacks become more and more serious. If organizations just deploy security mechanism on perimeter, once cracks can access the organizational internal network, they may move laterally to attack any organizational resources. Therefore, several countries have requested their agencies and organizations in the countries to adopt measures to achieves strategic goals of zero trust. The requirements can be used for CISOs to define security blueprints for their organizations. In this speech, I will introduce how to adapt security architecture to meet the requirements of zero trust.

Product safety is no longer a sunk cost but a sharp tool for future business competition.

How to use the PSIRT operation experience to make rapid progress in product design towards the goal of "Security by Default", in line with general information security standards and a sound information security certification system, and strengthen product competitiveness.

Distinguished Guest’s Remark

This topic first discusses the various requirements of regulations, threats, and resilience that corporate blue teams need to face, and then, based on the above-mentioned requirements, if an enterprise needs to build an autonomous blue team, the capabilities and resource requirements it needs to have, and through the concepts of BAS and MITRE ATT&CK and related tools or solutions to discuss how to conduct blue team verification, and finally integrate the enterprise blue team theory of how to continuously evolve.

Introduce the situational crime prevention theory and information security internal control, and how to apply to coping strategies.

The digitalization of business in the 21st century continues to dramatically increase convenience and severe security risks. The CISO is tasked with navigating leadership through the ever-changing and treacherous cyber landscape. This presentation will discuss four common challenges every CISO must face:

The CEO: Is your InfoSec budget not enough?

The Board: Isn’t it safe enough for now?

The CFO: Do you really need to spend so much?

Yourself: Are we ready for a Red Team assessment?

Each of these questions requires regularly assessing and having a comprehensive understanding of your environment’s digital assets; protection practices and policies; current cybersecurity technologies and tools; operational protocols; and the capabilities of your security team.

Are you ready to the extend your Work-from-Home to Work-from-Anywhere? Join our speaker to know more about how to prepare for your next phase of digital transformation in a Zero Trust approach.

In this session, we'll be talking about an APT group that targets organizations in Taiwan -- the Tropic Trooper, which is dubbed "Earth Centaur" by Trend Micro. As our research shows, this group has targeted multiple government agencies and transportation companies using customized backdoors such as SmileSvr, ChiserClient, and Lilith RAT tailored to individual targets. According to our observation, this campaign has been going on for at least over a year now. 

The agenda will introduce several common side-channel attack techniques to explain the prerequisites and difficulties needed to implement these types of attacks, and further analyze how existing technologies solve these difficulties and their advantages and disadvantages. Finally, through encryption Signal positioning technology demonstrates the automation of the side-channel attack process with a low threshold, showing the importance of side-channel attack detection.

Based on her own experience, she will present her career from military preparations to cyber security professions, as well as the true meaning of “Cyber Security is National Security” in INDSR.

In the B2B world, many systems are still using ID and password to sign-in. However, it is changing rapidly. As more companies use SaaS/cloud services and as those services become more crucial to the business, many companies are now concerned about how securely they can access. Today, not only has the use of MFA(Multi-Factor Authentication) become the “must” method but also there are several new ways of keeping access secure. This session will explain the latest trend of securing access to SaaS and cloud.

ASM (Attack Surface Management) of enterprise information security is an important task for large enterprises around the world in recent years, from using domain names and IP addresses to strengthening their management models and raising them to the information security level. The keynote speech on ASM will reveal how well-known brands in Taiwan handle ASM, and the whole management cycle of ASM will also be explored, with examples from world-renowned financial institutions and Internet service providers.

Because ETW can record detailed and diverse logging information, it has become an important source of information in tools and services such as incident response, antivirus software, and EDR. With a focus on .NET malware, this presentation will discuss how to best leverage ETW to monitor system behavior and detect malicious activity as well as how to identify critical system events, locate key digital forensic evidence of malicious activity, and filter malicious from suspicious activity.

How does Taipei City respond to the diverse governmental organization culture and structure, and how to do a good job of sustainable cyber security operations under the legal compliance of the Cyber Security Law, including management organizations, platforms, exposure management and sustainable cyber security practices, Allow government investment to effectively exert sustainable benefits.

1. Management organization: government-level cyber security chief committee, government cyber security audit committee, audit tracking review meeting, red and blue team structure.

2. Management Platform: Threat and Vulnerability Management Platform.

3.Threat Exposure management: Tier-Model permission control model, firewall information security review.

4.Sustainable Cyber Security：Secure By Default、Continous Compliance(Cyber Security check and GCB)、DevOps、SOAR。

According to the research report, the proportion of the global manufacturing industry attacked by advanced threats has been increasing in recent years. It simply not enough to meet the ever-evolving threats by using the traditional security tools. Organizations require more open and comprehensive solutions that provide deeper visibility, more intelligent automation and situational insights across endpoints, networks, clouds, and applications. This session will introduce you a new approach to threat detection and response: the industry's first comprehensive Extended Detection and Response (XDR) solutions.

DNS security is a lesser known and often overlooked field in cybersecurity. Did you know that it only takes a few button presses and commands to completely take over a company’s website or retrieve all their subdomains? DNS vulnerabilities are mind-blowingly naive, easily neglected, ubiquitous, yet surprisingly powerful.

In this session, we will explore a few common DNS vulnerabilities and their causes, then demonstrate the severity of these issues with a study on the top 100 companies. We hope to raise awareness on DNS security and teach the audience how to detect and fix these issues. 

Metaverse is a term that catches a lot of attention lately. Are you keeping up with its pace? This session will start with a discussion of Web3, which is the economic foundation of Metaverse, then moves on to topics such as crypto-currencies, decentralization, and their connection with Metaverse, rounding out with foreseeable attacks.

Nowadays, the cooperation of the global supply chain is as complex as the Gordian knot in ancient Greek mythology, but today, unlike Alexander the Great in ancient times, we do not have the ability to cut off problems with a single sword. Therefore, how to deal with effective management and examination of cyber supply chain security has always been the goal of enterprises. This agenda will focus on providing corresponding solutions for the strengthening of third-party cyber security risk management.

Zero Trust Privilege / Elevation & Delegation

In this talk, we surveyed firsthand many real ICS and SCADA systems, performing penetration testing on several of them. We counted the attack vectors present in this real ICS environment. In our presentation, we will share serveral real-world ICS and SCADA examples on Critical Manufacturing. We will also give a behind-the-scenes view (starting with real-world ICS security assessment) based on different ICS/SCADA systems in several CI sectors. Finally, we will provide serveral sample attack demos. We recreated these in our lab to demonstrate the attacks against real-world ICS equipment in-depth. We will also review 6 common defense strategies to help secure an ICS environment. We believe that such an analysis will help the enhancement of subsequent defense strategies.

Technology powers everything in our lives from our personal day-to-day lives to the day-to-day operations of the world’s largest industries and enterprises. Supply chain attacks pose grave risk as their impact is far more reaching and their damage far more severe than ever before.

In Nov 2021, it was reported that several well-known securities firms—as well as Taiwan’s greater financial sector—were targeted by credential stuffing attacks. However, an in-depth digital forensic investigation and detailed malware analysis by CyCraft concluded that the China-sponsored threat group APT10 had launched this series of sophisticated intrusions by exploiting one supply chain vulnerability, affecting multiple Taiwan institutions across the financial sector.

In this talk, we will share our forensic investigation results into this novel attack, including analyses of the leveraged tools, attack techniques, and malware. We will also discuss what this new attack behavior in China-state threat groups means for Taiwan, our financial institutions, and Taiwan’s cyber defense strategies against supply chain attacks.

Decentralized finance began to flourish in the second half of 2020, and information security incidents broke out one after another, mainly related to code security.This research intends to use the current attack process of various common DeFi projects to analyze the vulnerabilities, including flash loans, oracles, governance projects, etc., and provide smart contract security writing or solutions for cases, so that decentralized financial projects can be more intelligent The contract part can fundamentally slow down attacks from outside.

Cybercriminals are capable of penetrating your defenses, accessing your Active Directory (AD), and planting backdoors to maintain persistence. This presentation covers traditional AD attack methods, explains the root causes of AD vulnerabilities, and goes into more recent AD attack methods observed in real-world security incidents. By better understanding the breadth of AD attack techniques, AD managers and defenders can better defend against active and emerging security threats. 

Six years ago, since the advent of System Integrity Protection (SIP) framework on macOS Yosemite, a protection mechanism protects files from being modified even with elevated privileges, which Apple deeply trusts to stop systems being maliciously tampered with or having data being stolen. Apple does not believe in empowering the users and went down a road of taking away privileges from users.

However, during these six years, we have seen more and more attacks allowing bypassing SIP to make modification to crucial files within the system. Moreover, multiple articles on the Internet instruct you to disable SIP entirely. We will introduce multiple bypasses for SIP in this session, and how Apple implemented this protection in the first place.

The security flaws seem to be unrelated, yet altogether could cause a catastrophe? Vulnerabilities already patched, yet your website is still constantly hacked? Let the cybersecurity consultant with years of real-world experience from CHT Security share with you. Common website offensive techniques and countermeasures will be explained. You will also learn how to uncover root cause and block hackers from the defensive web via hands-on lab.

(Suitable for: website administrator/system developer/those interested in information security)

This lab will focus on security problems that cannot be solved by software updates. We choose some common website security issues as examples. After analyzing root cause of issues. First try to modify the code from the inside to solve the problem, and try to solve the problem. Block the problem from the outside, and use a series of implementations to understand the common handling methods of vulnerabilities in practice and the impact on the original service. The goal is to help who are begin to fix security issues after completing a vulnerability scan or penetration test.

What is threat intelligence about? What do the researchers do exactly? Where do I even begin looking into malware? All and more will be answered in our lab session!

This course will introduce attendees to the basics of threat analysis, threat detection and designing behavioral solutions. Attendees will learn to perform threat hunting to facing red-team tactics. To keep the attendees focus on hunting thread, we leverage open source tool to design our behavioral solutions.

Take a look at the supply chain attack solutions offered by vendors and review recent months of supply chain attacks.

This session provides introduction to the MITRE ATT&CK Framework and how to analyze notoriously REvil Ransomware based on this framework.

Lastly, MITRE ATT&CK Framework's defense will be covered. 

In this agenda, lecturers share the current status of digital transformation in the industry, as well as the trends in business continuity management regulations and corporate response trends, and discuss current corporate challenges and put forward suggestions, hoping to enable companies to promote operational transformation while also taking into account risk management.

This session are talking about creating a cloud network and security architecture that meets requirements for scale, performance and automation.

We will introduce for creating a cloud architecture, how to design network subnet and what benefit with IAM in AWS. This will take into account critical operational and autoscaling and troubleshooting requirements.

Enterprises are facing great challenges due to the epidemic, but they are also accelerating the pace of digital transformation. In the post-epidemic era, while applying emerging technologies to sustainably operate, they should also pay attention to the importance of identity identification and access management. Enterprises should properly define and manage the identity role of each network user and the access rights of the resources required, and manage the access rights of the resources required by the identity role life cycle, and implement privileged account management and identity governance. and customer identification and access management.

The agenda makes an outline with the matters about the specific non-goverment agency of Cyber Security responsibility of Level-B. By sharing experiences and recommanding useful tips, lecturer will analyze the system aspect conducted.

Attacks on critical infrastructure are becoming more and more rampant, especially since 2019. Ransomware has become a necessary subject of study for stakeholders and personnel, and has also had a substantial operational impact on industrial control system (ICS) environments. The continuous evolution of ransomware and the peculiarities of the ICS environment make it difficult to ensure that ICSes are protected from ransomware attacks under operating conditions. In this talk, in addition to in-depth analysis of the ransomware behaviors and ransomware-related techniques that have affected ICS environments, we also propose effective defense methods and strategies perfected to ICS environments to strengthen protection against ransomware.

When speaking of web security in front-end, XSS is the first thing that comes to mind. But, even without JavaScript, the attacker can still use other attack vectors like HTML injection and CSS injection! 

The red team assessment has entered its fifth year in Taiwan, and when companies are at different levels of information security maturity, they have completely different ideas and expectations for the execution and results of the red team assessment. We hope that through this speech, enterprises can know how to choose targets, determine the suitable scope, coordinate attack methods, organize blue team response methods, and plan follow-up information security improvement measures for different information security maturity levels, so that enterprises can set a truly suitable red team assessment service for themselves. 

In today's asymmetric cyberwarfare, how do you decipher the concepts and methods behind hackers' techniques, or even their targets? And how do security teams demonstrate their value by ramping up their defenses through higher accuracy intelligence and resources? This session will show you how to decipher hackers' attack patterns across different time and locations in order to defend against such attack.

In this speech, we take the Chinese and Russian media combining the Azov Battalion with Hong Kong's "Anti-ELAB Movement" as an example to illustrate how China and Russia cooperate to spread disinformation to the Mandarin-speaking world and influence the attitudes of Chinese readers. In addition, we also analyze Weibo and Facebook's data from February 22 to March 8, with "Nazis" and "Azov Battalion" as keywords, to see the trends on different platforms.

Increasingly complex cyber-attacks and a reactive but sophisticated regulatory landscape are pushing companies’ cybersecurity capabilities to the limits. A paradigm shift in IT security architecture – Zero Trust – has attracted increasing attention as a way of responding to these challenges. By enforcing a ‘no trust without verification’ policy, Zero Trust strengthens a company’s cybersecurity posture by making cyber issues more visible and facilitating compliance with data and system protection requirements.

Distinguished Guest’s Remark

Dyanmic analysis is a useful solution for malware analysis while the complicated IoT hardware architecture and peripherals make automatic emulation of IoT devices challenging. This course will focus on how to apply recent firmware rehosting technologies (such as Firmadyne, FirmAE) to operate commerical firmware in emulated IoT systems. Moreove, we will introduce well known vulnerability discoverying tools to enable dynamic analysis to the emulated IoT devices.