CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

bg-inner
Mars Cheng

SPEAKER

Mars Cheng

TXOne Networks Manager, PSIRT and Threat Research

Mars Cheng (@marscheng_) is a manager of TXOne Networks PSIRT and threat research team, responsible for coordinating product security and threat research. Mars blends a background and experience in both ICS/SCADA and enterprise cybersecurity systems. Mars has directly contributed to more than ten CVE-IDs, and has had work published in three Science Citation Index (SCI) applied cryptography journals. Before joining TXOne, Cheng was a security engineer at the Taiwan National Center for Cyber Security Technology (NCCST). Mars is a frequent speaker and trainer at several international cyber security conferences such as Black Hat Europe, DEFCON, SecTor, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, SINCON, CYBERSEC, and CLOUDSEC. Mars is general coordinator of HITCON (Hacks in Taiwan Conference) 2022 and was coordinator of HITCON 2021 and vice general coordinator of HITCON 2020.

Speech

Ransomware Solution Forum

SEP 22

#

No More Ransomware in Critical Infrastructure!

09/22 (Thu) 14:00 - 14:30 7F 701C
TXOne Networks Manager, PSIRT and Threat Research / Mars Cheng
TXOne Networks Threat Researcher / Hank Chen

Attacks on critical infrastructure are becoming more and more rampant, especially since 2019. Ransomware has become a necessary subject of study for stakeholders and personnel, and has also had a substantial operational impact on industrial control system (ICS) environments. The continuous evolution of ransomware and the peculiarities of the ICS environment make it difficult to ensure that ICSes are protected from ransomware attacks under operating conditions. In this talk, in addition to in-depth analysis of the ransomware behaviors and ransomware-related techniques that have affected ICS environments, we also propose effective defense methods and strategies perfected to ICS environments to strengthen protection against ransomware.

Manufacturing Security Forum

SEP 22

#

Practical Attack Vectors and Their Ideal Defensive Strategies for Critical Manufacturing

09/22 (Thu) 11:20 - 11:50 7F 701D
TXOne Networks Manager, PSIRT and Threat Research / Mars Cheng
TXOne Networks Director / Canaan Kao

In this talk, we surveyed firsthand many real ICS and SCADA systems, performing penetration testing on several of them. We counted the attack vectors present in this real ICS environment. In our presentation, we will share serveral real-world ICS and SCADA examples on Critical Manufacturing. We will also give a behind-the-scenes view (starting with real-world ICS security assessment) based on different ICS/SCADA systems in several CI sectors. Finally, we will provide serveral sample attack demos. We recreated these in our lab to demonstrate the attacks against real-world ICS equipment in-depth. We will also review 6 common defense strategies to help secure an ICS environment. We believe that such an analysis will help the enhancement of subsequent defense strategies.

Blue Team Forum

SEP 22

#

Taking Apart Misconfiguration - The Attack Path in Active Directory Environment

09/22 (Thu) 09:30 - 10:00 4F 4B
TXOne Networks Manager, PSIRT and Threat Research / Mars Cheng
TXOne Networks Threat Researcher / Dexter Chen

This talk briefly presents several misconfigurations that are abused by attacker to compromised domain controller. In advance, taking apart an attack path from usually ignored misconfigurations allowing attacker to control entire Active Directory service.