The 2022 invasion of Ukraine tested many theories of how cyber power would be used in a major conflict. In this talk I will cover the range of what Google's TAG observed and didn't observe from various actors. More generally it will cover what this means in terms of how we should think about future threats in times of conflict and what we need to do to be prepared against serious threats in the future.

Former US Government official sharing experience in implementing zero trust architecture and maturing cybersecurity posture in the US Government. Focuses on cybersecurity risk management and prioritization in respect to people, process and technology enhancements. Discuss the need of cyber risk visibilities with XDR capability to ensure operational efficiney and policy enforcement consistency as well as concise C - Level communication of cyber risks through dashboards

Sharing perspectives as a cyber VC living in Israel during the pandemic and cyber regulator executing Singapore’s startup industry development masterplan, the speaker will share on the ground insights and lessons learnt of: 

• How these 2 island nations grew their startup ecosystem.
• Why should and how can Taiwan emulate success to become a global cyber startup nation.

On one recent occasion, cybersecurity personnel discovered that company data stored in a cloud-based object storage service had been leaked onto the dark web and made available for anyone to download. Upon further investigation, it was found that the company’s own developers had placed the encryption keys in the container image for ease of use. The keys were then compromised by hackers because incorrect permission settings had been used. Unfortunately, by the time the leak was discovered it was too late to stop the damage. The company now faces major financial losses and compensation claims as a result of this costly mistake.

Does this incident sound familiar and even commonplace to you? 

Do such news stories make you hesitate to use cloud computing?

The challenges that traditional cybersecurity personnel face in the cloud include:

1. Unfamiliarity with the cloud environment, leading to difficulties in managing cloud services and comprehensively attending to relevant security settings.

2. Dealing with new development processes such as DevOps and assisting development departments control potential risks.

In this session we will share common threat tactics in the cloud as well as response strategies that help cybersecurity personnel better manage cloud security.

Finding out the root causes of a security incident takes a lot of effort. At times when insufficient tracks and tools are available, blue team might even wish they could just resort to a fortune teller. In this course, for the audience to have a glimpse of real-world security practices, major CVEs in recent years will be presented. Participants will be instructed in using the tools commonly used by the blue team through highly realistic security incident scenarios and tools, including log analysis, network traffic investigation, etc. Event root cause analysis and track reconstruction will also be covered. And at the end of this course, you will be able to write a simple investigation report. 

Do you know that cybersecurity in online gaming is much more complex than you imagined? With high cybersecurity risks, how does the online gaming industry protect itself against hacking?

This session will share how the online gaming industry responds to constantly evolving cybersecurity attacks around the clock. It will also provide guidance on how to apply these experiences to create a resilient cybersecurity environment for general business operations.

The Secure Access Architecture extends the capabilities of next-generation firewalls to wired and wireless environments. Today, with digital transformation and the new normal of remote office in the post-epidemic era, SD-WAN, enhanced identity and account encryption, and zero-trust network are three new elements to build the Secure Access Architecturee 2.0, allowing you to easily build a secure office environment anytime, anywhere.

Have you ever listened to various Threat Intelligence presentations but still couldn't find the best fit for your business? 

Have you ever been curious about the values and benefits that Threat Intelligence can provide for your organization? 

Have you ever struggled with planning your cybersecurity budget and future cybersecurity strategy?

Let us reveal the mystery of Threat Intelligence through this topic!

Vulnerability remediation is the basis for improving the resilience of enterprise information security, and it has advanced from the past to focus on rapid discovery and fastest remediation, to how to remediate at the same time to produce maximum benefits and minimize impact on the system. It also provides measurable defensive indicators so that security deployments can clearly improve the resilience of enterprise operational sustainability.

以資料保護為核心的完整解決方案，建立工作環境的三道城牆

• 檔案寫出管制：在檔案寫出時，依照內容過濾結果，放行與標註備份檔案
• 應用程式存取權限：啟用應用程式對應措施 (如：螢幕浮水印)；防止未經授權應用程式存取檔案
• 檔案加密：自動加密電腦內指定檔案類型，保護重要資料

Adopting a Zero Trust Architecture is an important goal, albeit one that requires considerable investment and organizational culture change. In this session, David will deep dive into ZT pillars and share his experiences from implementing ZT in US Government . He will also provide recommendations for challenges organization might face during the journey.

What are the most recent fraud use cases in digital banking space and how they have evolved with latest technology, which expose banks to a next level of risks. Artificial intelligence has been an ongoing marketing buzz word and applied in many technological space. We would like to share tips on how can banks break down the mystique and elusiveness of AI to make it practical and explainable in the use of banking fraud detection.

Post-Endemic has brought about massive changes in the way we work driving a work-from-home or virtual workplace. The notion of hardening your premise and detection in no longer sufficient because you need to cater for a SAAS-based workflow for a decentralised workforce. The volume of web-based threats increases exponentially where existing ULR Filtering and Detection technologies are no longer sufficient in the face of Highly Evasive Adaptive Threats. How do you keep pace within this changing era and transform your security posture yet still stay within your compliance policies?

VPN is one of the main ways for many companies to connect to their internal servers, and the impact of the pandemic has made the demand and usage of VPN even more significant. However, there are reports showing that VPN vulnerabilities have become targets for ransomware attacks, and even used by hackers as a stepping stone to enter the corporate network for larger-scale attacks. This session will provide solutions to meet the remote collaboration needs of companies, while ensuring security and improving efficiency.

Fortinet's complete cloud security solution to help enterprises use cloud more flexibile and efficiently. and developing cloud with enhanced security monitoring and auditing . This solution also consolidate physical, virtual, and hybrid clouds into one single security fabric and unified security policy. This is foundation to create zero-trust access to any device and any location, regardless of whether user is on-net or off-net of enterprise.

Dell Technologies using exclusive data protection software and purpose backup built appliance to protection data in edge,core, and multi-cloud environment. In this speech, Dell Technologies will present how to build a complete cyber recovery data protection infrastructure in three-stages.

After the epidemic, companies have extensively used technology to improve business operations and production efficiency. With the growth of applications, how to implement automate security detection in the development life cycle to achieve vulnerability management and resolving security issues . This lecture will share the best practices on how to improve efficiency, risk management, web application scanning and source code scanning through Secure DevOps integration.

The term "zero trust" is receiving increasing attention. Modern cybersecurity threats and network attacks are becoming increasingly complex and covert, and traditional security models are no longer able to cope with these new challenges. Zero trust has become a prominent concept in cybersecurity. Before implementing zero trust, it is necessary to understand the current network environment and resources to determine whether zero trust is needed. What is needed is not just zero trust, but also a way to implement it. The ISA/IEC 62443 international standard provides a comprehensive set of methods for implementing zero trust.

The visibility and access control capabilities of Aruba's network solutions can meet the diverse scenarios of customer R&D applications, extend the management concept of the wireless network to the wired network environment, and highly integrate with its wired network products, effectively simplifying the complexity of enterprise network management.

Improving the digital resilience and strengthening of information security governance is vital to the sustainable development of both campus and hospital IT systems. Looking ahead, we seek to answer questions such as “what preparations must be made to ensure the sustainable operation of core information systems?”, “how can a multi-cloud and hyper-converged infrastructure be used to maximize energy saving and sustainability?”, “how can a universal information security management (ISMS) system be introduced using new cloud infrastructure”, “how to train and bring employees up to date on new security practices”, “how to use digital transformation to drive sustainable development of information systems”, and “how to evaluate and select AI based security products”. We welcome all those that are interested to join us in the discussion and sharing of experiences on the topic of InfoSec within the medical and educational fields.

On one recent occasion, cybersecurity personnel discovered that company data stored in a cloud-based object storage service had been leaked onto the dark web and made available for anyone to download. Upon further investigation, it was found that the company’s own developers had placed the encryption keys in the container image for ease of use. The keys were then compromised by hackers because incorrect permission settings had been used. Unfortunately, by the time the leak was discovered it was too late to stop the damage. The company now faces major financial losses and compensation claims as a result of this costly mistake.

Does this incident sound familiar and even commonplace to you? 

Do such news stories make you hesitate to use cloud computing?

The challenges that traditional cybersecurity personnel face in the cloud include:

1. Unfamiliarity with the cloud environment, leading to difficulties in managing cloud services and comprehensively attending to relevant security settings.

2. Dealing with new development processes such as DevOps and assisting development departments control potential risks.

In this session we will share common threat tactics in the cloud as well as response strategies that help cybersecurity personnel better manage cloud security.

Finding out the root causes of a security incident takes a lot of effort. At times when insufficient tracks and tools are available, blue team might even wish they could just resort to a fortune teller. In this course, for the audience to have a glimpse of real-world security practices, major CVEs in recent years will be presented. Participants will be instructed in using the tools commonly used by the blue team through highly realistic security incident scenarios and tools, including log analysis, network traffic investigation, etc. Event root cause analysis and track reconstruction will also be covered. And at the end of this course, you will be able to write a simple investigation report. 

In the face of the digital transformation wave, building digital trust and a sustainable environment is a key factor in strengthening organizational resilience. This session will share how organizations and enterprises can refer to international standards to establish robust information security systems and governance, strengthen organizational resilience, and integrate ESG to build a digital trust ecosystem. This will ensure sustainable business operations and competitiveness while establishing digital trust.

In the data era, all of the enterprises expect to use data to create greater value. However, if you want to use customer data safely and securely, data anonymization is one of the important technical means that you must understand. This session will share the thinking, strategies, and practices of data anonymization. Taking the PostgreSQL database as an example, it will specifically explain the implementation method of database technology.

Credential stuffing attacks frequently occupy the news pages both in Taiwan and around the world, damaging the goodwill of companies in all kinds of industries and even causing property losses. It is sometimes combined with phishing and man-in-the-middle attacks, making it a top concern for security personnel and one of the most difficult forms of cyberattack to counter.

HiTRUST will take you on a journey from the perspective of hackers to help you re-understand one of the most significant security threats facing websites and their users. By the end of this speech, you will have a better understanding of how credential stuffing works, why it's a serious threat, and what you can do to protect yourself and your business.

Recently, information security incidents happened frequently, and endpoint security protection has become the last line of defense. EDR has become an important part of many enterprise's information security protection architect. However, after deploying the EDR solution, how to analyze and investigate information security alarm events has become a concern of many users. In this agenda, we will share with you how FortiEDR can be use for information security incident investigation and analysis and case sharing of FortiMDR security incident handling.      

Sustaining operations’ factor includes talent, capital, and know-how. Another very important element is data. The main source of risk to data is external threats to the Web. In recent years, data exchanges between applications have become more frequent, and these data exchange and interfacing require API, so we should also pay attention to API security. Imperva provides excellent Web and API security solutions to build a solid line of defense for enterprises to protect applications and data, and help enterprises maintain operations continued.

The modernization of industrial networks through internet connectivity has improved productivity, but the benefits of digital transformation have also brought about an increase in potential attack surfaces. The constant occurrence of industrial control security incidents has greatly reduced the effectiveness of physical isolation. In this session, we will take the perspective of an industrial network security company and build a complete industrial security ecosystem from a visualization standpoint.

This agenda will share insights on how to design and implement automated processes (DevOps) while incorporating security considerations (Security in DevOps), including experiences in introducing security development automation processes and how to overcome challenges.

AD (Active Directory) is the central nerve linking all IT systems in a company. Unfortunately, AD was born toward the end of the last century (1996), an innocent time with no cyber attacks. The fundamental architecture of AD did not anticipate the types of cybersecurity threats that corporations must face today. Moreover, coupled with years of overlapping patch/version updates and organizational growth and expansion, AD has become the primary target to hackers globally when they attack corporations. Semperis has the greatest collection of Microsoft AD-related MVPs (Most Valuable Professional) in the industry. We will share relevant cases and Best Practices over AD security health check, threat detection, incidence response/remediation, as well as backup & recovery.

When it comes to zero trust architecture, the endpoint is your first line of defense. How can you identify risk, manage settings, and monitor all endpoints for zero trust compliance with zero trust endpoint management? You need the following two capabilities: improve Visibility into all endpoints, identifying whether they are owned by your organization or someone else, and quickly remediate vulnerabilities in real time when hackers can use them to gain access to your data and resources.

The three features of a trade secret include economically valuable, reasonable restrictions, and measures to protect secrecy. The need of level of reasonable protection measures for enterprises is often unclear. If companies have their files encrypted, is it considered a reasonable protection measure? It has always been difficult to have a standard baseline. Through the discussion of court judgments, this lecture puts forward suggestions on the protection measures that enterprises should take, and provides enterprises with reference.

In 2020, we noticed that the Taiwan Government Service Network (GSN) had attack traffic to extranet. If a botnet can infiltrate a system, APTs or targeted attacks may also be able to infiltrate it. This study will reveal the network attack behaviors collected from Taiwan and critical infrastructure from around the world (including oil, water, electricity, government agencies, etc.). By analyzing this information, which is suspected to have been invaded and used as an attack tool, we can gain insight into the possible weaknesses of critical infrastructure in various countries and use this knowledge to assist in constructing our own possible defense mechanisms.

When did the "Chinese Internet Army" appear? How capable are they? Rufus Lin, Director of the Information Center of the National Police Agency, combined his 20 years of experience in cyber police and information security work, and explained the changes in hacker attack methods and attack targets.

The development of the Internet has changed human life. As we become more and more dependent on the Internet, the combination of criminal groups and hackers will have the greatest impact on the "breaking trust" between people, between people and computers, and between people and nations. Data breaches, phishing sites, criminal scams and false information flood the internet. How should individuals, businesses and government agencies respond? "

Bypassing signature detection is a common and general hacking technique, eh... but it's no longer used by hackers - huh? I mean what? If the hacker can just turn off your whole protection ... what's the reason to bypass ;)

In this session, we will share the new forms of tricks that we have observed in the wild and community over the past two years that hackers are using: exploiting flaws in the standard architecture of modern anti-virus, and the ability to shut down anti-virus protection perfectly. We will demonstrate seven new attack strategies: how to forge tokens, disguise sleep mode, exploit driver issues, and even put anti-virus in a sandbox! At the end of the agenda, we will share the principles behind these attacks to help Blue Team members to detect and respond to these attacks early.

Cybersecurity has become a must in OT environment.the However, the tranformation process can be challenging, there are lots of products and solutions in the OT field. There are lots of products and solutions. How can we build up our owned security orchestration which is aline with our environment and culture? This security orchestration can be built step by step, but we need to have a whole view before we choose the productions. In this speech, we will let you know what you should consider with and prorities the implementations steps.

Drive-by and email attacks frequently use malicious scripts to deploy the malware, including ransomware, financial trojans or customised trojans on victims’ machines. Over the years, attackers constantly improve techniques to bypass detection. This session will demonstrate the latest obfuscation and anti-detection techniques found in malicious scripts and analysis techniques to help incident responders unveil their malicious features.

Bug bounty program have always been a love-hate thing for enterprise. Enterprises running bug bounty programs can discover their vulnerabilities through external information security researchers and manage the vulnerability disclosure process. However, at the same time, they suffer from incomplete experience or planning when running the program, which leads to many problems.

This seesion will start from the bounty hunter's own experience until joining a company to assist in handling and running the program. I will share the experience and difficulties from both sides and also cases of conflict and cooperation.

Risks is everywhere, application security testing has become an important goal for enterprise to protect and defend. This lecture will share how leverage multiple different technologies to improve application security in dynamic application security testing, static application security testing and interactive application security testing.

• Research, data and innovation
• Cybersecurity observatory
• Strategic awareness
• Supporting cybersecurity industrial ecosystem
• Building cybersecurity competence and capacity

Do we need to secure everything by design? Or is there a better way? A new paradigm, called the DIE Triad (which stands for Distributed, Immutable, and Ephemeral) enables us to truly be resilient and escape some of the burdens of cybersecurity.

We are facing an unprecedented digital revolution that affects all fields. As digitization has become a necessary competitiveness for successful enterprises, enhancing cybersecurity capabilities has become an urgent priority. During digital transformation, industries often ponder how to balance cybersecurity and operations. However, hackers on the attack side construct a network crime industry through an organized crime approach and are pioneers in launching attacks using new technologies. Especially in the scene where the Internet of Things (IoT) devices are used as digital asset applications during digitalization, how to ensure information security has become an essential issue for enterprise digitalization. In the past, enterprises only focused on cybersecurity capabilities for computer devices, which could not avoid becoming victims of hacker attacks. Through this sharing, we will introduce how enterprises should adjust their cybersecurity strategies during digitalization and use their operational characteristics to detect hacker intrusions and response strategies.

APT and Cybercriminal organizations are converging with shared infrastructure, resources and targets within both the public and private sector. This talk will show some examples of the Advanced Persistent Cybercrime phenomenon, and also discuss a holistic approach to disruption highlighting industry effort underway.

A key rule can bring hidden attack behaviors to the surface, but writing such a rule requires a deep background knowledge of system event investigation. This course will teach students how to use SIGMA rules to identify the true attack behavior of hackers in a sea of log records, and to describe the TTPs (tactics, techniques, and procedures) of these attacks. In the course, we will delve into Sigma rules and how to collect system log files, and then explain the principles and implementation methods of various attacks, in order to consider their possible detection rules. Finally, we will collaborate to write and execute our own detection rules to judge whether malicious attack behaviors can be caught. This course allows students to experience threat hunting and try to face practical challenges.

On one recent occasion, cybersecurity personnel discovered that company data stored in a cloud-based object storage service had been leaked onto the dark web and made available for anyone to download. Upon further investigation, it was found that the company’s own developers had placed the encryption keys in the container image for ease of use. The keys were then compromised by hackers because incorrect permission settings had been used. Unfortunately, by the time the leak was discovered it was too late to stop the damage. The company now faces major financial losses and compensation claims as a result of this costly mistake.

Does this incident sound familiar and even commonplace to you? 

Do such news stories make you hesitate to use cloud computing?

The challenges that traditional cybersecurity personnel face in the cloud include:

1. Unfamiliarity with the cloud environment, leading to difficulties in managing cloud services and comprehensively attending to relevant security settings.

2. Dealing with new development processes such as DevOps and assisting development departments control potential risks.

In this session we will share common threat tactics in the cloud as well as response strategies that help cybersecurity personnel better manage cloud security.

We attempt to penetrate humans with device and data planes in a Zero Trust Architecture (ZTA). Human periphererals (i.e. vision, hearing) are not only limited; but also illusions and blindsight will occur. Human's data storage (i.e. memory) also has the weakness of forgetting and forging. The brain is faced with the continuous input of vague information. Penetration prevention is necessary in the preprocessing stage,. The brain also needs to integrate information from multiple sources; to judge logical fallacies; and to make decisions. Fortunately; humans know how to use technology to compensate for their vulnerability; and continue to keep their trustworthiness

With the rapid growth of DevOps, DevSecOps is also gaining attention from organizations, and how to integrate security into DevOps has become an issue for many organizations.

This session will share the core concepts and key technologies of DevSecOps, and explore the issues, challenges, and opportunities that may be faced in implementing DevSecOps from different perspectives, including people, process, technology, and culture.

In recent years, penetration testing and red team assesment have become a way for enterprises to examine their product security. Although mitigating vulnerabilities is better late than never, it would be more desirable if the vulnerabilities aren't released at the first place. This agenda will illustrate what the benefits of having a red team within the company are and how to take advantage of them to buff the development process. Eventually, allowing the red team and blue team, which are generally considered to be on the opposite sides, to coordinate and cooperate with each other and to enhance the enterprise's security quickly, smoothly and thoroughly.

This session discusses the latest attacks conducted by the big four nation state adversaries from China, Russia, North Korea, and Iran, with a strong focus on China-based actors, diving deep into the background of these adversaries, their motivations, and the latest technical tradecraft leveraged during their daily offensive cyber operations.

Focus then shifts to the history of eCrime, the latest attack trends being used by adversaries intent on financial gain, with a spotlight on highlighting the broad, highly interconnected modern eCrime ecosystem, which leverages elaborate capabilities from enterprising criminals selling specialized wares.

Finally, the speaker will demonstrate a distinct association, and blurring of the lines between nation state and eCrime adversaries. Nowadays it is no simple task to discern the difference between the state actor and sophisticated criminal, in particular because of intent, but increasingly because of advanced tradecraft.

The Cyber Defense Matrix is a simple mental model that helps explain the capabilities that are needed to build, manage, and operate a security program. This presentation will show how we can use the Matrix to organize technologies, skillsets, and processes. This enables us to understand what problems each capability can solve, what gaps exist, and what options are available to close those gaps.

The decentralized nature of Web3 fascinates many people, but greater power also means greater responsibility. During the Web2 era, website backend handled verification tasks. Now, some of these tasks have been shifted to Web3 users. But can untrained users handle the diverse range of verification requests? This talk introduces the differences between Web2 and Web3 verification, as well as common scam tactics.

Taidoor, AKA Earth Aughisky, is the APT group who focused on Taiwan-related targets before, but switched their interests around 2018.

We will introduce the background and changes of Taidoor in this sharing, attendees will be able to understand more about this group.

Policy priorities and initiatives for securing Industrial Automation and Control Systems (IACS) in the Netherlands

• Importance of ICS: an assessment of risks for the Netherlands
• Threats: overview of current threats taken into account
• Resilience: priorities and initiatives from the central government 
• Challenges and next steps

你有興趣成為一名資安人員嗎？你對資安領域有什麼樣的想法嗎？

歐米英泰專注企業網路安全和全球加速領域，持續不間斷地精進技術實力來提供客戶頂尖服務品質。日益增加的資安威脅對企業而言，資安已不再單純僅止IT問題，而是關係到企業的長遠發展和利益。我們將分享資安戰役中的經驗，以及歐米英泰技術團隊培育零經驗的資安人才，如何提供完整的教育訓練。

Splunk's unique data analysis technology creates an AI brain designed specifically for enterprises, using machine learning algorithms to analyze past attack patterns, predict possible risks in the future, and provide defense suggestions. For example, it monitors employee activities and data access logs for potential internal threats. If data access suddenly increases or legitimate users use sensitive data, or even when data is sent in large quantities outside, the Splunk AI brain will alert to prevent potential data leaks or theft, and automatically respond to security events through Splunk SOAR.

This session will introduce how Splunk's AI brain can combat internal and external cybersecurity attacks and prevent data leakage.

CyCraft Technology is the only cybersecurity company in Taiwan that has been selected as an AI representative case company by Gartner and IDC. With years of accumulated data on hacking activities and experience, we have a top-notch cybersecurity technology background and aim to develop automated AI products, hoping to transform the current enterprise security environment with new technology changes.

This session will give you an understanding of CyCraft Technology, including corporate culture, work and growth opportunities. You can also pursue personal growth at work and make your work be meaningful.

Join CyCraft to transform cybersecurity into the most fulfilling job in the world and see every cyber defender fulfill their full potential! 

The trust relationship is the cornerstone of communication between people in society. The trust relationship, in reality, is most often used by attackers to defraud or obtain benefits. The information security issues in the computer world reflect the real world, from Trust No One. So far, the zero-trust architecture has been known. Attackers have been looking for how to use the trust authority granted to attack domain servers. In this article, the speaker will share the attackers’ current attack methods of attacking domain trust and delegation to know themselves and the enemy and win every battle.

API Security plays the most important role in the present modern software microservices architecture. OWASP also introduces API Security Top 10 in 2019. In this talk, I will be talking about how API insecurity can be leveraged to gain data and how we can penetrate your API endpoints

In recent years, attacks against Windows RPC have been increasing day by day. when developers use Windows API, they often do not pay attention on the privilege management of the underlying MS-RPCE, and even the official system services developed by Microsoft based on the MS-RPCE interface also have this type of vulnerability.

This agenda will analyze the various Potato-named tools commonly used in penetration testing one by one, and propose the corresponding Mitigation, as well as how to examine the software vulnerabilities of MS-RPCE lacking proper privilege management.

The XREX security team will share their practical experience and strategies for dealing with emerging cybersecurity threats in the decentralized world of Web3 in 2022, from a blue team perspective, as well as their experiences with centralized cryptocurrency exchanges.

Web3 was born out of blockchain technology, and its characteristics, applications, and advantages have created many innovative applications. At the same time, different cybersecurity challenges have also emerged, such as hacker attacks on Ethereum and other EVM-compatible public chains, and financial fraud. The XREX security team will reveal Web3 attack methods and threat response strategies, and provide practical security advice.

Is your security operations team struggling to keep pace with the numerous types of cybersecurity threats? When faceing with these challenges, Managed Detection and Response (MDR) services can provide you with what you need! Moreover, with the help of Threat Intelligence, MDR services can be empowered like never before!

The BGP protocol is a routing protocol for Internet traffic, and its security is an important aspect of cybersecurity for service providers. In order to quickly detect anomalies and instability in network traffic transmission, operators can use a number of monitoring and analysis methods, combined with network traffic analysis data to gain deep insights into network traffic status, increase traffic routing visibility, quickly detect routing issues, and assist in optimizing network configuration. This session will explore these BGP monitoring and analysis methods and discuss how to enhance network routing security and stability from a technical perspective.

The manufacturing industry is constantly innovating its processes and optimizing production. Protecting the operational technology (OT) that underpins this innovation is essential. Strong cybersecurity starts with the proper isolation of IT and OT domains. An effective cross-domain solution reduces the chances of an IT-level attack impacting OT-level operations. You need a cross-domain solution that prevents risks from data transfers and threats hidden in files and devices entering your facilities. During this session, you will learn how to deploy Zero Trust in the OT environment and protect your manufacturing process from external attacks. Innovate, optimize, and secure your production environment.

This speech discusses the philosophy of knowing employees and the necessary skills to implement information security governance from the CISO perspective. CISOs must develop an incident response plan outlining the proper procedures for a security breach or incident. That includes identifying, collecting, examining, analyzing, and preserving the evidence. They should ensure that the organization complies with financial regulatory requirements. CISOs further work closely with other leaders in the organization to ensure that security, convenience, and resiliency are top priorities. 

In conclusion, CISOs must have a comprehensive understanding of cyber security risks and the ability to develop and implement effective strategies. They must also be able to lead incident response efforts to manage or mitigate these risks effectively and efficiently.

A key rule can bring hidden attack behaviors to the surface, but writing such a rule requires a deep background knowledge of system event investigation. This course will teach students how to use SIGMA rules to identify the true attack behavior of hackers in a sea of log records, and to describe the TTPs (tactics, techniques, and procedures) of these attacks. In the course, we will delve into Sigma rules and how to collect system log files, and then explain the principles and implementation methods of various attacks, in order to consider their possible detection rules. Finally, we will collaborate to write and execute our own detection rules to judge whether malicious attack behaviors can be caught. This course allows students to experience threat hunting and try to face practical challenges.

On one recent occasion, cybersecurity personnel discovered that company data stored in a cloud-based object storage service had been leaked onto the dark web and made available for anyone to download. Upon further investigation, it was found that the company’s own developers had placed the encryption keys in the container image for ease of use. The keys were then compromised by hackers because incorrect permission settings had been used. Unfortunately, by the time the leak was discovered it was too late to stop the damage. The company now faces major financial losses and compensation claims as a result of this costly mistake.

Does this incident sound familiar and even commonplace to you? 

Do such news stories make you hesitate to use cloud computing?

The challenges that traditional cybersecurity personnel face in the cloud include:

1. Unfamiliarity with the cloud environment, leading to difficulties in managing cloud services and comprehensively attending to relevant security settings.

2. Dealing with new development processes such as DevOps and assisting development departments control potential risks.

In this session we will share common threat tactics in the cloud as well as response strategies that help cybersecurity personnel better manage cloud security.

On the road to cybersecurity, we often get caught up in the three learning cycles: How to learn? Why can't we keep up with others? And What is the purpose of learning cybersecurity? These problems tend to repeat themselves as we explore this field, so how can we break this cycle and stay focused on learning cybersecurity? How can we skillfully enter the cybersecurity field and learn effectively? In 25 minutes, I'll share my learning journey and work experience in cybersecurity so you can stay on track and succeed in your cybersecurity learning.

Security Operation Center (SOC) is an integral information security management unit established based on information security incident response and information security-related laws and regulations. However, the effectiveness of unit setting or task outsourcing is often challenging to quantify. The framework may be a guide for enterprises to understand what tasks the information security operation center should complete and how to complete these tasks and shape the hard-to-understand words and sentences written in black and white on the specification into more specific functions that can be implemented, and with the measurement of maturity, You can even understand the blueprint for future development.

In the era of digitalization, many enterprises have practiced "agile" thinking and actions. This is a signal that needs to face different risks at the same time and is constantly being verified. More and more consumers, regulators, and markets have discovered that the cost of a data leakage caused by this is high and unacceptable. Many data breaches can be prevented in advance. Through the promotion of the concept of DevSecOps and the assistance of automation systems, these problems and risks would be effectively reduced, and the security and quality of the output can be ensured. In fact, it is not so difficult to implement DevSecOps. Daniel will talk about the key points when implementing DevSecOps and how to achieve this goal efficiently and beneficially.

Cyber attacks resulting in physical operations downtime and equipment damage changed from a theoretical problem to a real problem in 2020 - the world changed and nobody noticed. Cybersecurity systems are changing as well - "engineering grade" security solutions are increasingly demanded when public safety is at risk. Such solutions are deterministic - the degree of protection they provide is constant, no matter how sophisticated the cyber attacks launched at them. Join us to understand how both cyber attacks are changing and how cyber defenses are evolving to meet the threat.

Automation scanner is an important aspect in nowadays SDLC/SSDLC, but there's limitation when it comes to source code review scanner.

In this talk, some example will be shown to understand the pros and cons about automated scanner, and how can we identify the problems.

A complete DDoS defense mechanism requires full network-wide traffic visibility, including the ability to identify service information such as OTT services and CDN network delivery paths, in real-time. In this session, we will be sharing a few customer success stories from several well-known service providers in the Asia-Pacific region, including Taiwan, Singapore, Australia, India, etc., to explore how they leverage Genie’s end-to-end network traffic intelligence to efficiently manage and optimize their massive network traffic with a fast and low-cost deployment, and effectively defend against DDoS attacks. They can even turn these features into managed cloud services to create new revenue streams.

This session will introduce how to do Linux threat hunting on Linux, what tools or methods to use, share past experiences in Linux threat hunting, and finally share how to extract useful information from it to prepare for future threats.

Attack Surface Management (ASM) has a decisive role in an organization's external exposure to threats, and therefore, I’ll let attendees understand how ASM can help their enterprises unveil undiscovered dark corners (Assets) and expose potential problems such as Misconfigurations that people are unaware of through the core concepts of ASM and a few real-world examples. In the end, I will conclude by showing how companies can introduce ASM to ensure that they could achieve a comprehensive understanding of themselves.

E.SUN is looking for talents with potential, enthusiasm, and willingness to challenge themselves to join our big family.

 We provide a comprehensive training system and a good working environment, allowing you to display your professional skills and creativity in the field of information security and achieve greater success.

If you are passionate and curious, welcome to join our team and work together to provide better security service for the financial industry, companies and customers.

This is not a polished lecture, but a true story of a professional hacker - Mico. 

The original motivation for his study about cybersecurity, was just due to the lack of money to buy the points in the online game.

He almost couldn’t graduate from vocational high school, but he managed to graduate from university one year earlier than his classmates.

What had “part-time administrator in school” to do with the runner-up in the WorldSkills Competition?

What did he figure out after becoming a real hacker?

What is Red Team Specialist doing the whole day long?

Don’t miss the cybersecurity career story of Mico, the Red Team Specialist of DEVCORE.

The presentation details how the FAIR framework quantifies information risk via five core elements. It aims to improve risk management and enhance enterprise security and competitiveness.

In this presentation, we will introduce the concept and purpose of Security Development Lifecycle (SDL), and share Synology's experience in introducing SDL and practicing DevSecOps. Demonstrating how product security assurance and penetration testing is conducted and the results, as well as the use of static and dynamic automated application security testing to further enhance software quality and security.

When everybody shouts DevSecOps, but what is the truthly DevSecOps? In the process of introducing DevSecOps, what should be do at beginning and which part could be work as follow ups?

During the two years of the epidemic, many automotive industries, which are accustomed to the physical factory production, realized the importance of digital transformation gradually, and the way to safely and effectively manage the robot arm in the factory on the cloud is an essential topic. Among the many communication specifications, OPC-UA standard has been proved in 2016 by the cooperation between Renault and Google that it can efficiently and securely help the factory to do data exchange and PLC control management, so that the major car manufacturers in recent years have started to adopt OPC to build a digital transformation. 

However, is the OPC-UA spec really as secure as it is officially claimed to be ;)? In this session, we will share the design architecture, security principles and flaws in the specification level of OPC-UA, which led to 80% of the major brand products in the market being easily hacked.

Through a few use cases, this session will explore how to use network traffic data to implement layer-7 application analysis without deploying high-cost devices such as network probes. The analysis should identify top-ranked network applications used by network users, as well as the transmission paths of traffic in the network infrastructure (including CDN). In-depth analysis of top-ranked user applications can be used as best practices for network analysis and management such as reference for revenue strategies, improving user satisfaction, providing EIM (Employee Internet Management) framework, etc.

As enterprises move towards digital transformation to build competitive advantages, they need to face the rapidly changing and uncontrollable risks of emerging technologies, and enhancing digital forensic power has become an important issue for enterprises. The main agenda of this presentation is as follows:

- Trends in digital forensics under emerging technologies

- Digital Forensics Principles and Controversies

- Case study

The prevalence of attacks driven by malicious documents has been long-standing. In this talk, we will analyze nearly a hundred samples of malicious documents within the past six months, investigating the CVEs, common exploitation techniques, and evasion methods they utilize. We will also point out the trends in exploiting malicious documents vulnerabilities, and suggest the key points to be aware of when detecting and scanning them.

Because blockchain technology tends to involve large volumes of personal assets, smart contract development needs to be extremely rigorous. However, manual auditing of contract content is very costly and time-consuming. Hence, the development of automated detection tools is crucial to providing developers with faster detection solutions. Rather than use an approach based on time- and computation-intensive fuzzing technology and inflexible rule-based detection, we deploy mature natural language processing techniques to detect source code and developed a detection tool that performs superbly in terms of speed and effectiveness.

Encountering hacking attacks is an unavoidable reality nowadays. Unfortunately, the response times and countermeasures deployed by most businesses are insufficient, making it difficult to efficaciously handle hacker intrusion incidents. In this talk, I will explore two effective indicators: the time required to detect intrusions and the time required to complete investigations, both of which can facilitate strengthening the response capability of enterprises.

After moving to the cloud, the convenience of cloud environments also brings security risks. How to monitor and respond to such risks has become a new challenge for security managers. We will share SOC cloud monitoring experience and practices in the agenda, highlight several key points that can be used for monitoring in the cloud, and hope to provide better understanding for current security personnel facing cloud monitoring.

Taiwan is no stranger to nation state threats attacks, with numerous high-profile cases making headlines in recent years. In this presentation, we will delve into the tactics and techniques used by nation-state Activity Groups targeting Taiwan, with a focus on the lessons learned from similar attacks in Ukraine.

Additionally, we will discuss the importance of organizations being proactive in their cybersecurity efforts and implementing appropriate defenses to prevent such abuse. 

Through this presentation, attendees will gain valuable insights into the tactics and techniques used by nation state actors and how to protect their organizations from these threats. By understanding the similarities, victimology and differences between attacks in Ukraine and Taiwan, attendees will be better equipped to recognize and respond to potential threats in their own environments.

This session will share Microsoft's AI-integrated security solutions, including discussions on Microsoft Security Copilot, how to introduce the new generation of AI into the field of network security defense, and how to combine OpenAI's large language model (LLM) with Microsoft's proprietary security model. This will enable defenders to quickly detect and respond to threats through natural language conversations, taking security protection to a new level and empowering organizations to build cyber resilience.

By sharing the as-is and to-be frameworks of supplier measurement on supply chain security, we hope to help audiences to figure out the key areas and differentiation of supply chain security in various industries. Also help audiences to understand the compliance barriers and implementation costs of such frameworks rollout with business strategy. 

The vast quantity of threat intelligence poses a daunting challenge that cannot be addressed by human effort alone. Much of this information is unstructured, which makes it unsuitable for automatic machine analysis. Automating the process of threat intelligence application has become a widely discussed topic. With the emergence of ChatGPT, natural language models are being reexamined for their applicability to threat intelligence domain. In this session, we will review the threat intelligence processing workflow, describing how natural language models can assist information security analysts in reducing processing time.

In the movie "The Matrix", finding the "Keymaker" is the key to ending the war. In real life, Initial Access Brokers who provide malicious hackers with access to various enterprises' defense systems have become increasingly active since 2022. They trade effective login credentials in dark web marketplaces. From national-level hackers, ransomware groups to red team service providers, all of them could be potential buyers of those illegal credentials. In many cases of ransomware attacks, achieving initial access is enough to complete their whole destructive incident. The speaker Pei-Kan Tsung (PK) has been analyzing the dark web trading market and the causes of attacking incidents for a long time, and recommends that enterprises should actively seek out the "Keymaker" who can break the locked door of their defense system to proactively prevent potential cyber attacks.

Face deepfake technology is mature, and related cases are increasing year by year. However, with the rise of the new AIGC technology, the deepfake technology is upgraded again, which is very likely to generate more criminal cases. Our content will cover deepfake technology demonstration, case study, technical introduction, and introduction of deepfake identification technology.

Malicious program attacks on the semiconductor manufacturing industry are being taken increasingly seriously as the industry heavily relies on automated production and has a tremendous economic value. In light of this, txOne Networks proposes a protection paradigm based on the asset life cycle, analyzes the key challenges accompanying the SEMI E187/E188 standards, and provides practical recommendations to help asset owners and equipment suppliers together achieve standard compliance.

In recent years, electric vehicles have emerged like mushrooms, and related security issues have become increasingly important. This topic will provide a comprehensive overview of the cybersecurity issues that arise from electric vehicles, including communication protocols between charging stations and electric vehicles, related cloud architectures, and various potential attack surface that could emerge in the future.

We have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world, which is initiated since 2022 March. The seemingly wide outbreak of targeted attacks includes but not limited to Myanmar, Australia, the Philippines, Japan and Taiwan. The observed malware families, such as TONEINS, TONESHELL and PUBLOAD, could be attributed to a notorious advanced persistent threat (APT) group called Earth Preta (also known as Mustang Panda and Bronze President). Since 2023 January, we found more undisclosed malware was used in this campaign, and we also observed that the actors were actively changing their TTPs to bypass security solutions. Especially, we also found some interesting tools used for exfiltration. In this presentation, we will introduce the technical details of this campaign.

For Microsoft's authentication mechanisms, most people only know one but not the other, because they are all based on the research results of others. If you haven't studied the principles, it is difficult to have creative ideas. In the course, we will explain and analyze the NTLM & Kerberos authentication mechanisms through practical operations, so that students can understand the relationship between authentication mechanisms and attack techniques, and further understand the key points to be aware of in defense.

Cybersecurity theory is like a math formula. After understanding the concept behind it, it also needs to be applied to real-life examples to achieve mastery. 

In the course of comprehending the formula, let CHT Security guide you step by step to obtain the correct answer when faced with hackers. 

The use of Open Source Library has become common in today's software development environment. However, developers often overlook the security risks of Open Source, resulting in serious information security threats that jeopardize the organization's confidentiality and business operations. Snyk's Open Source Workshop course will introduce the possible threats posed by Open Source today, so that students can understand and operate the platform first-hand, scan and assess risks, and master how to use Open Source safely.Best practices will also be shared to learn how to mitigate risks and establish effective Open Source management processes. This course will help enterprises maintain their information security and avoid major losses due to open source vulnerabilities.

1. Use GCP SIEM (Chronicle SIEM) and Threat Intelligence solutions (VirusTotal Enterprise) to identify attack source and conduct security event investigation to find out attack targets including devices and users

2. Use Threat Intelligence solution (VirusTotal Enterprise) to inspect the sandbox report of malware and collect the related IOC

Following last year's exam selection, this year we introduce the "Ultimate Sword Trial" to help you quickly analyze which certification investments are effective! Drawing from my personal experience with each certificate, I'll share with you which ones are practical and which ones require a decade-long commitment. Regardless of whether they're good or bad, they are the foundation of your future success. Let this program guide you on the path to certification!

Recent years have seen an increase in the number of cases of misuse of vulnerable or exploitable drivers. The agenda will share how drivers that have been weaponized by malicious programs are abused, the purpose of this type of attack, and finally provide driver developers and system administrators defense recommendations against this type of attack.

Data security has never been more important than it is in this age of artificial intelligence, when practically every electronic device is both infused with AI and connected to near- and far-reaching networks. This presentation will address, through details and anecdotes, the need for high-level security in the flash memories and microcontrollers ubiquitous in devices that comprise today's electronics landscape.

This speech will showcase how Microsoft accomplish effective information security management by taking information security and employee productivity into consideration, as well as putting Zero Trust strategies into practice. In addition, the speech will also discuss the challenges corporates might face and their and solutions when implementing Zero Trust strategies, along with other useful tips and case studies.

The aim of this speech is to explore effective ways of managing a cybersecurity team and enabling cybersecurity personnel to deliver higher efficiency. From the perspective of attack simulation, the cybersecurity operation is divided into three aspects: construction, team, and investment. Focusing on the pre, during, and post stages of an event, the program explores how to improve the procurement evaluation and decision-making efficiency of cybersecurity managers at the investment level, the cybersecurity resilience measurement and product verification efficiency of cybersecurity construction, and the on-site response capability and cybersecurity exercise efficiency of the cybersecurity team.

In this presentation, we will point out the challenge of inconsistent information in the design, implementation, and verification phases of ISO/SAE 21434 and present the concept of an attack knowledge base to show how it can assist in those phases. We will also demonstrate the practical application of the attack knowledge base through case sharing. This presentation aims to provide a solution for automakers to address information inconsistencies and help create an in-vehicle environment that is both secure and resilient.

This session will introduce how to become a program security expert, discuss its importance, and develop the necessary skills and knowledge. The talk will be conducted in a Q&A format to help attendees gain a deeper understanding of program security methods and importance. Whether you are a programmer, business owner, security professional, or interested in information security, you will benefit from this talk. We will also share practical tips and resources to help you better address program security challenges in your daily work and expand your career.

APT group is a special threat vector with sophistcated techniques that undetected easily. We will use MITRE ATT&CK framwork to elaborate the recent techniques which we observed from some cases. How to take the right response is the priority for the company when they are bombarded by APT attacks.

To share the experience of designing and developing products to comply 62443-4-2 on the point of view from 62443 project lead

The current password authentication method no longer meets the security needs of the modern digital world. To enhance enterprise security, more and more companies are adopting passwordless authentication technologies, such as biometrics, smart cards, and mobile devices. This session will introduce the latest authentication technologies and how to use Microsoft's passwordless authentication solutions to build stronger security defenses.

Nowadays the frequent occurrence of cyber-attacks has made enterprises pay more attention to the field of information security and strengthened the protection of enterprises by establishing and implementing comprehensive information security regulations. However, under such circumstances, hackers have gradually shifted their targets to the supply chain and launched flanking attacks through the suppliers, thereby posing a threat to business owners.

In such an environment, how to strengthen the Third Party Risk Management(TPRM) of the supply chain, and even prevent the risk caused by the supply chain in advance will be a test that business owners need to face up to.

Therefore, it is necessary to use a comprehensive information security risk management platform to strengthen the suppliers' various information security aspects. While improving the company's own information security defenses, can also prevent the risk of indirect attacks.

When using a sandbox, we expect to gain as much information as possible through dynamic analysis, including behavior, file modifications, and external machine interactions. However, the amount of information is vast and low-level, and during analysis, higher-level information such as which family it belongs to and which ATT&CK attack techniques are used are desired. In existing sandbox implementations, analysts use predefined rules, such as combinations of specific APIs or strings, extracted from the analyzed information. These rules are effective but time-consuming and effortful to produce, and they are also more specific. In this talk, I will share how we use APIs and dynamic string results generated by the sandbox, combined with malicious program families and ATT&CK tags produced by predefined rules as training data, to identify hidden relationships different from the predefined rules among samples marked as the same type. We feed these results back to the sandbox as new rules, achieving the goal of automatically generating rules.

Automobile security incidents of late indicate that internal combustion and electric vehicles are evolving into Software Defined Vehicles (SDV). SDVs rely on complex software to achieve various functions. Enhancing vehicle security necessitates a tool capable of measuring risk - the Software Bill of Materials (SBOM). This talk explores the role of SBOM in vehicle security and potential issues that may accompany it.

Why is 5G security important? We answer this by discussing the components of cellular networks, mobile phone connections, ORAN, 5GC, and MEC. We also explore the unique security challenges of private 5G systems and provide examples. Additionally, we discuss the limitations of traditional IT firewalls and compare cellular network architecture to traditional IT. Finally, we examine a Zero-Day and demonstrate how CT network peculiarities can expose private, isolated subnets of manufacturing plants to attackers.

How to fight ransomware has become an essential task, but will using the defense framework make our Cyber defense strategy invincible?

Things may be more complicated than you think. With so many assets to protect, which one has the highest priority?

With so many protection solutions available, which one can effectively defeat the attack?

Therefore, threat intelligence is even more critical than you might realize. Knowing your attackers' IOC, understanding their attack methods, and comprehending their background can help you better defeat them.

Recently, many enterprises have adopted ISO 27001 to establish their information security management systems, while many of them have achieved control over their ISMS through the use of cloud security services. However, simply implementing security software or services does not necessarily meet the relevant ISO standards. This session will provide insights into the relationship between ISO 27001 and cloud security services, as well as relevant examples.

OSCP is one of the requirements for hiring red teaming professionals. At the beginning of 2022, the OSCP exam content added an Active Directory section, making the passing threshold more stringent. This session aims to introduce the new version of the OSCP exam content, and share experiences on preparing for and taking the exam, in order to help those taking the exam better prepare for and respond to it.

Cathay Financial Holdings launched Phase One of its cloud migration project in 2021, achieving cloud readiness across four areas: infrastructure, applications, organization together with management and governance. Initiated Phase Two of the large-scale cloud migration in 2022. As the third year of our cloud transformation journey in 2023, we will share how we conquer challenges and difficulties in various aspects such as People, Process, Technology (PPT), information security and Legal & Compliance.

The information security that needs attention in the cloud can be divided into six parts. Describe the purpose of the mechanism and possible difficulties in its implementation.

Ensure that the enterprise can reduce the information risk to an acceptable level when using the cloud.

Supply chain cybersecurity has been a highly concerning issue in recent years. Whether it is the procurement of upstream vendors' components or the introduction of human resources systems and marketing services, they can all be potential vulnerabilities for enterprise information security. Therefore, this seminar will analyze the roles, rights and obligations between owners and suppliers from the perspective of cybersecurity. Through actual cases, it will explore the respective rights and obligations of owners and suppliers from supplier selection, acceptance to long-term maintenance cooperation. This will help listeners to better understand how to prevent cybersecurity threats from the supply chain.

Without prioritization, it is impossible to efficiently reduce the risk in the shortest time possible. Thus, after investing the resources to address security issues, outcome cannot be certain with high confidence without comprehensive risk assessment. 

To solve these challenges for defenders, we started by inventorying all the attack vectors for Active Directory to provide the visibility of potential threats. Also, we proposed a risk model to practically calculate the risk of attack vectors for prioritization. Thus, based on the risks for attack vectors, we can quantify the attack paths for overall evaluation. After a deep dive into our risk model, we will present how the attack vectors and the attack paths can be applied to the model for risk quantification with a strategy to reduce the overall risk in an effective and comprehensive way.

In the face of rapidly evolving ransomware attacks in the wild, security majors are promoting the ability of AI to identify and defeat malware in the wild - but is that true? There are benefits and unavoidable limitations to the use of AI technology in the fight against wild samples.

In this session, we will return to the semantics of execution and combine it with the papers on symbolic execution to design a practical symbolic engine that can reverse analyze over a thousand real ransomware samples in the wild to defeat over 95% of them! At the same time, the source code of our engine will be presented at the conference to help vendors understand and use the semantic-aware detection solution based on the symbolic engine, which can effectively combat highly variable obfuscated samples.

This program will focus on how information security governance personnel should use data maps to take stock of the data within an organization, and how machine learning can address the pain points encountered during traditional data inventories. It will cover the construction of data fortresses and the use of automated methods for data encryption, access control, compliance management, and leak prevention.

Since 2010 Stuxnet caused substantial damage to the nuclear program of Iran, ICS security issues have been raised.Lots of researchers dig into the hacking skills and path and those known attacks in the history and more malwares and events happened.We summarize the experience of reviewing over 20 factories traffic and analyzing 19 MITRE defined ICS malwares, PIPEDREAM/Incontroller in 2022. We found the main trend of ICS malwares changes from single protocol targeting to modularized , multiple protocols supporting. In this talk , we will also share how we making an OT adversary emulation tool according to what we summarized and MITRE ICS matrix.

As the defending side, blue teams have many different perspectives when it comes to responding to cybersecurity incidents compared to the red team. Besides considering the analysis's accuracy under a large amount of log data, blue teams also have more emphasis on response time and costs due to the needs of complying with government policies and regulations.

CyCraft has conducted extensive research on using Machine Learning techniques in investigations of large-scale cybersecurity incidents, and has incorporated AI into various scenarios, including endpoint event correlation, CmdGPT analysis of Cmdline, and automatic forensic report generation. Since last year, we have incorporated a new generation of large language models into our blue team AI assistant for automatic incident response and issue management. In this talk, the speaker will share our practical experiences and exclusive insights on how cybersecurity teams can properly use AI, and share some actual case studies.

The speaker will introduce the knowledge related to electric vehicle charging, including the composition of charging piles and charging stations, management methods, and the characteristics of charging piles on the market. Then, he will discuss some famous cybersecurity incidents related to charging piles in recent years and explain their principles and response measures. Finally, he will predict the future trends of electric vehicle charging and the impact of current cybersecurity regulations on the charging ecosystem.

Earth Longzhi is a new sub-group of APT41 which is a cyber-espionage group believed to be based in China. Based on our analysis of their long-running activity through 2020-2022, we have identified two major campaigns mainly targeting Asia-Pasific countries including Taiwan. In this presentation, we will introduce the newly found malwares and noteworthy TTPs observed in these campaigns. And adding to that, we will describe the detail process of "how we attribute". We believe that sharing the attribution process, not only technical details of malwares, will help security community.

TeamT5 focuses on the research of national-level cyber attacks. Do you know the the purpose, and methods behind each attack? In this session, we will share how TeamT5, an cyber security company based in Taiwan, uses various cyber security roles, such as: top vulnerability researcher, cyber threat analyst, cyber security researcher, core system development, incident investigation and other professional positions, to continuously track the latest threats, filter the most valuable information, and help enterprises to fight against advanced cyber threats!

Welcome to join TeamT5 and let us protect world from the chaotic world.

Cybersecurity theory is like a math formula. After understanding the concept behind it, it also needs to be applied to real-life examples to achieve mastery. 

In the course of comprehending the formula, let CHT Security guide you step by step to obtain the correct answer when faced with hackers. 

Application security testing includes static, dynamic and interactive testing for web, mobile and open-source software. It detects pervasive security vulnerabilities and facilitates remediation. Secure DevOps now implements shift-left security by eliminating vulnerabilities during development, before software is deployed. Comprehensive management capabilities enable security professionals, developers, DevOps and compliance officers to continuously monitor the security posture of their application and maintain compliance with regulatory requirements. 

This Lab will go through the steps on how we can analyze AWS WAF (Web Application Firewall) logs through setting up a Kinesis Data Firehose stream, as AWS WAF logs frequently monitors requests from outside, there is a large amount of data to be collected and analyzed.

The financial cyber security roadmap should be employed to establish, implement, maintain and continually improve a cybersecurity posture for incident response and digital forensics within the organization's context. This talk will demonstrate due diligence and good corporate governance based on day-to-day business activity. It also can reduce the expenses and time of an internal investigation and promote the evidence of court acceptance.

1. Trends of International Cybersecurity Governance

2. Critical Issues: Cybersecurity KPI, OT Security

3. Innovative Perspectives of Cybersecurity

Content distribution networks (CDNs) offer many benefits, and they can also introduce new security risks that many people may not be aware of. Explore how to protect yourself and your business from these threats with a brief introduction to the various vulnerabilities CDNs can introduce.

Recently, because of the increased of security incident & the digital transformation happens in more and more industries. More and more companies start to consider whether to build up an in-house offensive security team. The speaker want to share advantages of in-house offensive security team, the working type as an in-house offensive security team member, and the role of in-house offensive security team in the SSDLC via this session.

Use Artificial Intelligence and Machine Learning technology to help companies control and manage work environments, such as:

• User identification(initial/Continuous)

• Identification of bystanders in the work environment 

• Identification of objects in the work environment that could lead to a data breach, such as cell phones, cameras, keyboards, screens, notes, and papers

• Recognition of behaviors explicitly prohibited by the company in the work environment, such as taking pictures of the screen with a mobile phone/camera

• Monitoring employee behaviors such as surfing the Internet and using applications with computer

• Actions for violations such as warning messages, blank screen, mandatory shutdown

This solution allows enterprises to fully control the Human Factor, protect data security, improve work efficiency, and assist Call Center to comply with the CLEAN DESK policy.

The research object of Side-Channel Analysis (SCA) is to obtain inadvertently leaked sensitive information when the hardware performs encryption and decryption operations, such as execution time, power consumption, electromagnetic radiation, etc., and use mathematical tools to analyze and obtain the private key. Compared with the traditional attack methods, the side-channel analysis technology enhanced by Machine Learning, regardless of whether the encryption and decryption algorithm is protected, the analysis results based on Deep Learning have been confirmed in recent years to have an overwhelming advantage.

On the internet, the Chinese cyber army is an important force of the Chinese government. Its purpose is to influence the politics, economy, and society of other countries through online propaganda and operations.

Therefore, Taiwan needs to strengthen the prevention of network security, strengthen network monitoring and combat cyber crime. TeamT5 observed that the Chinese cyber army’s information warfare operations against Taiwan are serious and are constantly evolving. Therefore, Taiwan must continue to update relevant threat intelligence. At the same time, the people of Taiwan also need to increase their vigilance against fake news, and not easily believe information from unknown sources, so as not to be affected by the operation of the Chinese army.

Zero Trust Architecture (ZTA) has become a popular keyword in cyber security, and the government has accelerated its adoption this year. Before rushing to implement it, we should understand how attackers view this architecture first. In this session, we will examine ZTA from the perspective of an attacker. What is trust? What is Zero Trust? What impact does ZTA have from the viewpoint and experience of a red team? When beginning to implement ZTA, what priority of mechanisms do we recommend?We hope that through this session, our audience can adjust their cybersecurity strategies correctly to address the security challenges of the Zero Trust era.

Why you need certificate?

Why CyberSecurity?

How you can get Certificate of CyberSecurity?

Those three questions can help you to understand three dimension:

1. Value of Certificate

2. CyberSecurity core value for organization

3. How you can get it?

I wanna to share my experience from study cybersecurity, how is my change throught different goal and effective way to go through all the topic of CC.

Overview of "Annual Reports and Public Prospectuses of Publicly Issued Companies Should Disclose Content Related to Information Security Risk Management", "major security incident information of listed and OTC companies", "internal control systems of publicly issued companies to carry out information security-related operations", “information security management into corporate governance evaluation projects”, “encourage participation in security information sharing platforms”; etc.; briefing on the recent planning directions for strengthening the management of corporate information security.

Describe the important meaning of CMMC's certification from the perspective of it's development history, and explain the problems that Taiwanese manufacturers will face in fighting for US DoD's purchasing contracts.

It's ACAD's commitment to supporting the national cyber security development policy, ACAD has designed and launched a range of professional cyber security courses that prioritise practical applications. ACAD's aim is to fulfill the increasing demand for cybersecurity talent across various industries.

Through this program, ACAD introduces its company's primary educational and training services, which provide the ideal solution for enterprises seeking to offer either general cyber security education or professional skills training for their operational management or internal cybersecurity personnel.

In order to promote CMMC, the U.S. government has aligned a single goal of federal administration and legislatives. It's overall implementation progress is truly a worthy of lesson learned to us. In practice, it is necessary to think a collaboratively way of integration of government and private sector's resources and establishing a constructive mechanism that can well meet Taiwan's national cybersecurity needs. This requires collective brainstorming and exploration.

Preventing from social engineering would be inevitable, regardless of IT or OT field. In this session, we'll introduce some latest social engineering attacks and provide possibile mitigation for you to prevent such attacks in early stages to protect your orgnizations. 

Introduce the modern red and blue team techniques and open-source tools, including how the blue team discovers the intrusions, catches the attacker, and increases the cost of attacks. Also, for the red team, we will talk about how the red team bypasses detection and execute malware by adopting techniques used for defense evasion. This agenda will share the experiences from both the red and blue teams, the HomeLAB environment, and learning resources.

In recent years the types of cybersecurity threats have been constantly changing, therefore, how to efficiently estimate the Information Security Risk within the organization is a topic that all Information security personnel as well as management shall focus on.Designing and building a feasible KRI and KPI to help the organization to identify, know and handle information security risks are worthy of notice.In order to let all the Information Security personnel who play different roles keep track of the current situation of information security risk in a timely manner, we would like to share not only the concept and the practical experience of designing the Information Security Risk Dashboard, but also the benefits we derived from the implementation for your reference.Hopefully, it would be helpful for you to design your own indicator and risk dashboard.

After looking at the painful experience of other listed companies, do you still think that your corporation has good management and not to pay attention to security investment?

However, security management is multi-faceted, and when companies are faced with so many important issues, how to spend money where it is needed most becomes an essential lesson for chief information security officers. Understanding the attacks that listed companies have suffered and the recent trend of hackers' attacks can help other corporations to lessen from the incident.

The speaker will analyze the security material information released by listed companies and compare the security defense methods in their annual reports to identify the similarities and differences. Through the speaker's years of practical experience in the security industry, he will guide you on how to respond to the latest security attack trends.

As AD and Azure AD are widely adopted as identity management solutions by enterprises today, AD and Azure AD can be expected to be one of the core components in zero trust architecture implementation of decision and policy engines. In ZTA, do these AD and Azure AD related techniques lead to security issues? In this session, we will discuss potential risks under the ZTA from an administrator's point of view and provide recommendations for enterprises to strengthen their own enterprise security.

As artificial intelligence (AI) has been widely adopted in a variety of applications, it is time to consider the security and privacy of AI. For example, we may wonder whether the AI model will be backdoored such that the face recognition system for access control is useless. We may also have a question about whether object detectors will be fooled such that the self-driving cars cause the accidents. We might also wonder whether the chatGPT will output illicit or discriminative contents. In this talk, we assume that the audience has certain background on AI and summarize the security and privacy issues of AI. 

In the zero trust framework of "never trust, always verify," how the financial industry construct an ZTA environment that effectively identities network ID, restricts network access, monitors suspicious behavior, prevents spread and propagation, and strengthens information security?

As attackers become increasingly aggressive nowadays, the workload for defenders (the blue team) is growing, with the need to juggle internal operations and protection while also ensuring user endpoint security and defending against sensitive information leaks resulting from successful social engineering attacks. How can we use Microsoft Defender to reduce our burden and leverage the collaborative defense features of various protection mechanisms, implement effective SOAR, and adapt to modern working patterns in order to enhance our defense capabilities? We have designed scenarios involving malicious programs, identity theft, ransomware, and sensitive data tracking. These scenarios enable you to experience how Microsoft's modernized security work surface can help you quickly conduct effective inventory assessments, vulnerability scans, and automatic protection, achieving comprehensive protection, fearless transformation, and effective construction of zero trust!

This talk will focus on recent APT intrusion events targeting the financial industry. We will explore the details of these attacks, including their attack flow, vulnerabilities exploited, tools used, and implanted backdoors. Through analyzing the intrusion methods used in these attacks, we have observed a close relationship between these events and supply chain security. Therefore, we will review these attack events using a zero trust architecture and use it to enhance supply chain security.

2023 Cybersecurity and Network Top-Level Certifications Strategies and Analysis: Integrating Information Security Risk Control for Clients and IT Service Management

According to the relevant regulations, public companies must disclose the cyber security management status of the last year in the annual report. This speech not only include the importance of the annual reports must disclose cyber security management, but also take the different businesses cases to make everyone understand real situation in different corporations and then by the properly express the policy of cyber security to shareholders that will make corporations can achieve the goal of information security governance gradually.

In 2021, OMB published Memorandum M-21-31 developed pursuant to EO 14028. The memorandum establishes a maturity model for event log management, providing executive agency implementation requirements and details.Since the end of 2020, the U.S. public sector has suffered two information security shocks - the hacked of SolarWinds and four zero-day vulnerabilities in Microsoft Exchange Server. The U.S. government investigated both incidents. Investigators were unable to collect evidence due to the lack of log retention in the government agency, and were unable to establish a normal baseline and detect abnormal behavior that deviates from the baseline. "Log retention in federal information systems is critical to the detection, investigation, and remediation of cyber threats," said OMB Director.

Change management is an important risk issue. This agenda will discuss the connection and key points of configuration management, change management, data leakage prevention best practice in ISO27001:2022, also combine management concepts with technical practice. It is hoped that the audience can understand and refer to the concepts and processes proposed by internationally recognized organizations (such as ISACA/ISC2/CIS/NIST) in the agenda.

The development of the internet has brought about a lot of opportunities, but also threats, with DDoS being one of the most destructive threats. This time, we will share a total of six cases ranging from DDoS attacks at the "Tbps" level to various types of DDoS variant attacks. Through these cases, we can understand that DDoS attacks are not invincible. By seeking the help of DDoS defense experts and investing in appropriate network security costs, we can limit the risk within a controllable range. It is important not to act rashly and seek unverified remedies.

Following a ransomware attack, many companies find it challenging to detect and respond to the attack effectively. This session will explore various tools and methods that can be utilized to fully detect hackers' behavior, movements, and scope of penetration and show how companies can employ comprehensive security detection tools to thoroughly examine the cloud, network, and endpoints one-by-one, locate the paths of threat invasion and the scope of dissemination, and propose a new security architecture to ensure complete defense and prevent secondary ransomware attacks.

We will explain a complete process that can effectively analyze numerous malicious samples and convert these samples from raw data into usable intelligence. Generating much more complete and practical intelligence via analyzing common information produced by sandboxes, such as API, Strings, IoC, and so on.

There are countless cybersecurity skills, but one skill does not fall under this category, yet everyone in the cybersecurity field will inevitably encounter and struggle with. What is this intriguing skill? Let me share my experience and guide you to think from different perspectives to solve this big problem.

System patching, intrusion defensing and APT attacks have become the daily life for enterprises. The engineers and business owners are always suffering from the overtime and human resource investment in incident response and system patch. Is there another way for Engineers, except sleep in the company for endless incident handling? The resources are always limited. In this session, David Liu, the CISO of LINE Taiwan, will share experiences about how security and engineering departments work together to build the security culture and skills at LINE.

During this session, AIDC would like to introduce its role acted in defense industry. To share its experence on the process of introducing CMMC

Risk management without “Risk Analysis” is like driving in the dark without lights. It is like a person who has the knowledge and skill to drive a car but without direction and visibility to the danger along the way. Similarly, organizations often headstrong into implementing cyber risk management programs without clear visibility into their risks landscape. Oftentimes, Risk Analysis is done based on the subjectivity of the IT and cybersecurity professionals, which can vary from person to person and limit to the technology component. Furthermore, to make risk management even more difficult, as cybersecurity is a young industry, there is no agreement on the definition of risk, i.e. vulnerabilities, threat agents, CVE, or IOC. Therefore, risk analysis is inconsistent, risk decisions are misled, and risk appetite is misaligned. FAIR is a Risk Analysis methodology, an add-on component, to address consistency and repeatability in the Risk Management and ISMS processes.

In this speech, we will share Synology PSIRT's experience in building a red team from scratch within the company. The speech will also share the results of Synology's self-built red team over the past year. 

In this session, I will first explain the differences between penetration testing and vulnerability scanning, and then introduce how to use the built-in developer tools in browsers to observe web application behaviors and perform manual testing. Meanwhile, I will share common vulnerabilities and testing techniques used through real world cases & vulnerable apps . I hope that the audience can get started on web application penetraton testing in daily work without professional tools after this session.

The explosive growth of 5G, AIoT, and Industry 4.0 applications, as well as the computerization, digitization, and smart transformation, have led to a continuous increase in supply chain attacks, making supply chain security a global concern in recent years. Building an open source secure supply chain requires collaboration between industries, and SZ will share how major international companies and different industries use process management standards and Software Bill of Material (SBOM) to establish trust among different companies for exchanging deliverables made up of open source software components. In addition to sharing industry examples, SZ will also share the development blueprints and firsthand information from the open source security standard OpenChain and the international SBOM standard SPDX, hoping to build an open source secure supply chain together.

The openness of Android allows users to download Apps from a variety of sources besides from Google Play. However, this mechanism also brings risks to developers, as attackers can tamper with others’ Apps, modify functionality, or bypass payment mechanisms, and then repackage them as cracked versions and release them on third-party App stores, resulting in loss of developer revenue. This session will introduce common tampering techniques for Android Apps and propose countermeasures to help developers reduce the risk of Apps tampering.

This session will introduce the concept of zero trust, including dynamic risk, security assumptions and mechanisms, as well as its scope and the types of threats it can defend against. Next, we will delve into the implementation of the zero trust architecture and the design of dynamic access policies, including weaknesses in the core engine, integration of heterogeneous platforms, and the establishment of dynamic access policies. Finally, starting from the principle of least privilege, we will use internal and external risk assessment mechanisms to implement enterprise risk into dynamic access policies.

"People" is one of the three key elements for effective operation of information security, closely linked with "Processes" and "Technology" aspects, but is often the weakest link. How to enhance employees' information security awareness has always been a critical issue. This presentation will explore how to cultivate good information security habits and behaviors, further strengthening the personal and corporate information security defense capabilities.

We will base on the requirements for satisfying our US customers, CF Precision has transitioned from the previous NIST SP800-171 standard to the present CMMC, and share the experience from evaluating, discussing, vendor choosing, and practicing.