Cyber espionage actors from China are challenging defenders globally with vastly improved capabilities. This evolving threat is particularly relevant to Taiwan where these actors are highly focused. In her presentation, Sandra Joyce will highlight multiple improvements these actors have made to achieve greater stealth and complicate attribution. Her presentation will detail the focus on 0-days in security devices, the use of IOT botnets for infrastructure, and the adoption of living-off-the-land techniques by these actors. Additionally, she will detail the information operations campaigns which have targeted Taiwanese audiences in recent years.

Security bugs in software have a lifecycle-they go from discovery to exploitation to patch and then-usually-they go away. At each stage of this lifecycle, organizations can take different approaches to minimize the risk to themselves and their customers. Unfortunately, many industries find themselves with unique challenges when trying to respond to vulnerabilities due to the nature of their products and manufacturing processes. For example, vehicles have complicated supply chains and many third-party components that must be kept current and harden to defend against modern attacks.

This presentation examines some of these unique areas that various industries should be aware of when it comes to handling vulnerabilities and monitoring the threat landscape. Based on lessons learned from Trend Micro’s Zero Day Initiative, the world’s largest vendor-agnostic bug bounty program, along with the Pwn2Own hacking contest, we examine how industries have tackled these challenges, where they were successful, and where they failed. Finally, we highlight some recommendations hardware and software manufacturers should consider when managing the lifecycle of vulnerabilities.

In this session, we'll delve into the evolution of cybersecurity witnessed over the past decade at the Taiwan CYBERSEC conference, from the speaker's perspective. In this era of rapid development, cybersecurity technology has shifted from various threat detection products to the prevalence of various defense methodologies. However, amidst this evolution, there's a concerning trend: cybersecurity services are gradually gaining importance, indicating a growing need for external assistance in combating threats. Furthermore, recent years have seen the proliferation of artificial intelligence automation technology, bringing both promise and peril to the cybersecurity landscape. Let's brace ourselves as we explore the potential challenges and disruptions awaiting the cybersecurity industry in the next decade.

Premiere: 5/14 12:00 - 12:30

Replays: 5/14 18:00 - 18:30, 5/15 00:00 - 00:30

Localized threat intelligence is the kryptonite to threat actors, yet the majority of organizations overlook it completely. When you know who your enemy is, why not focus all your energy and resources into understanding them and staying one step ahead? Well, it’s next to impossible for most western governments to gather actionable intelligence on APAC adversaries, so companies have no chance at all.

With little to zero understanding of how the typical APAC adversary group operates, a lack of humanresources who understand the local language (and its dialects), most organizations simply give up.

However, there are companies on the front lines of the information war (that has already started) that are developing solutions and exporting them globally. In this session, we will discuss what localized intelligence is, how APAC threat intelligence teams gather and process it, and how international organizations can use it to stay one step ahead of threat actors.

The company recently discovered an information security incident. Our R&D data stored in AWS S3 was disclosed on multiple forums.After investigation, it was found that the reason was that a colleague of our company accidentally uploaded the S3 cloud to improve work efficiency. Access is set to public. This resulted in the leakage of confidential information. In addition, because the EC2 in the cloud has not patched the vulnerability, hackers were able to take advantage of it, further exacerbating the security disaster.

Are these news making you hesitant to use the cloud？

Although the cloud has become a trend in the world and its advantages are obvious, threats can also be seen everywhere.

Challenges faced by security personnel in the cloud：

1. Not familiar with the cloud environment, and cannot fully understand the relevant security settings and regulations.
2. Cloud components and services are used too widely, making it impossible to fully understand service security.

This agenda will share how security personnel can manage cloud security more effectively and securely in a complex cloud environment.

This is an advanced course. It will guide participants through the process of digital forensics investigation and teach them to use relevant tools for analysis. In the initial phase, participants will be hands-on with the tools and become familiar with their usage and investigative aspects. In the latter part of the course, past CTF competition cases will be provided, and the solving process and technical details will be analyzed in depth, aiming to cultivate participants' practical experience and skills in digital forensics and enhance their investigative abilities, thereby providing valuable support for organizational cybersecurity defenses.

Premiere: 5/14 12:40 - 13:10 

Replays: 5/14 18:40 - 19:10, 5/15 00:40 - 01:10

There is observed rapid rise in awareness of cyber security in the maritime sector especially in the last couple of years. This is now strengthened by IACS' mandated cyber security compliances for new builds of ships and vessels by mid 2024.

This presentation addresses concisely the past, present and future possibilities of maritime cybersecurity. It aims to provide practical and actionable insights and advice as take home for the audience

Quark Script is a tool designed to detect black-box vulnerabilities in Android, which was presented at BlackHat Asia Arsenal 2024. It features three main characteristics :

• Creativity and Innovation : Delving deep into black-box vulnerability discovery, resolving automation issues, providing user-friendly and practical APIs, and encouraging users to script detection with creativity and innovation.
• Dynamic and Static Analysis : Integration of static analysis tools (such as Quark itself) and dynamic analysis tools (such as Frida).
• Reusable and Shareable : Once a user creates a Quark Script, it can be applied to analyze different targets and shared with other users.

Premiere: 5/14 13:20 - 13:50 

Replays: 5/14 19:20 - 19:50, 5/15 01:20 - 01:50

In the rapidly evolving landscape of cybersecurity, the protection of sensitive information lies at the heart of robust product security. As businesses go digital, the surge in data and complex software makes it essential to find innovative ways to protect critical assets. This presentation will focus on the key role of secrets management in strengthening digital security and improving the overall safety of modern products.

We will explore the fundamental importance of secrets management in securing credentials, API keys, encryption keys, and other sensitive information vital to the integrity of digital ecosystems. I'll discuss the evolving threats we face and share real-life examples to highlight the need for effective secrets management. I'll also cover the latest techniques, tools, and best practices designed for today's ever-changing security challenges.

What is special about the threats targeting critical infrastructure? Stealth.

Critical infrastructure refers to the systems, assets, and networks that are essential for the functioning of a society, economy, or country. Cellular Networks, both private and public, are part of Communication infrastructure.

APTs targeting communication infrastructure are not ransomware gangs; they are often backed by nation-states. Espionage or data exflitration is the primary aim. The implants are designed to stay undetected in the infected system for a long time (E.g.: BPF Door, Cyclops Blink).

Private cellular networks are increasingly finding applications in Defense systems, manufacturing industry, V2X communications and so on. Over generations, from 3G to 4G to 5G, Packet core and Radio systems have transitioned to an open architecture. Monolithic architecture and proprietary protocols are giving way to component disaggregation (SBA, ORAN) and interface standardization (SBI, E2). Parts of packet core and RAN have been cloudified.

The transition to open architecture and cloud gives cellular networks the flexibility to support various private network deployment scenarios. Not surprisingly, the attack surface of cellular networks has also expanded. More interfaces are exposed in cloud, edge and in internal networks. CT and IT networks blend in private networks, thus risking threats crossing over from one domain to the other.

The motivation to compromise cellular networks is clear. This talk is about attack vectors from cellular technology.

The IBM Security QRadar Suite is a modular threat detection and response solution for enterprise-level open platforms, redefining the job experience for cybersecurity analysts. Leveraging advanced artificial intelligence and automation technologies, it rapidly optimizes the analyst's handling of the cybersecurity incident lifecycle, improving efficiency and enabling cybersecurity teams to integrate operational tasks more effectively. Combining endpoint security (EDR, XDR, and MDR), log management, SIEM, and SOAR functionalities, it presents a unified, intuitive user interface, providing deep insights and event case management workflows.

The IBM Security QRadar Suite reshapes the threat management framework for cybersecurity analysts, featuring AI-enhanced alert classification, automated threat investigations, and accelerated threat search capabilities. This unique experience positions you at the forefront of cybersecurity.

In the agenda "Cybersecurity in the Era of AI : Challenges and Innovations", we will explore the profound impact of artificial intelligence on the field of information security. With the rapid advancement of AI technology, we face new challenges and opportunities. This session will delve into how AI has changed the landscape of cybersecurity and how to address these changes. We will discuss the applications of AI in the field of cybersecurity and explore its impact on threat detection, risk management, and security strategies. Additionally, we will discuss the latest trends in cybersecurity innovation and how to leverage AI technology to enhance our cybersecurity defenses.

Do you know that leaking personal data can now be fined up to 15 million? In June 2023, the government increased the upper limit of fines for personal data breaches to 15 million yuan, which is 75 times the original penalty! If a data breach incident occurs and the government imposes a high fine, it will increase the operating costs of the enterprise and also lead to a decline in the company's reputation. Therefore, we must prevent data breaches from happening. In this course, we will introduce how to use the DAM+ Next-Generation Database Security Audit solution to address the blind spots of traditional DAM traces, implement monitoring from the application end users to database access, strengthen the protection of enterprise databases and monitoring application systems, prevent data leakage opportunities, and explain how to provide relevant evidence for post-event auditing in case of a data breach, to prove innocence.

In the face of the global trend driven by governments and key infrastructure industries advocating for the Zero Trust security framework, enterprises often grapple with avoiding mere compliance, aligning with trends, or making investments without clear direction. Leveraging CISA's Zero Trust maturity assessment criteria and NIST CSF framework, the Systex Group Cybersecutiry team & uniXecure Tech. Ltd integrate years of practical cybersecurity experience. We introduce a pioneering 'Zero Trust Maturity Assessment Methodology,' offering insights from real-world implementations within the group. This approach enables organizations across various industries to balance theoretical and practical aspects of cybersecurity. Collaboratively aligning information infrastructure, networks, application development, and cybersecurity teams with a shared understanding, we help craft phased Zero Trust security implementation plans that effectively garner support from top management.

Fueling the DIGITAL+ Economy

We deliver transformative technology-at scale and speed. It’s not enough to be digital first. You need to be DIGITAL+.

Insider risk management is prone to encounter obstacles such as insufficient data, employee privacy, massive and complex records that are difficult to analyze, and other obstacles.

Collect more than 40 kinds of user and system activity records through endpoints, and use AI-powered (ChatGPT) automatically analyze users’ abnormal and potentially risky behaviors, including: using computers to connect to suspicious websites during non-working hours, and suspected of uploading internal files; connecting to non-company network (such as mobile phone hotspots); chatting on IM and emailing files may have confidential data which are suspected of leaking; before employees resign, they copy a large number of files to USB storage drives and then delete them.

Without human observation and bias, AI can be used to quickly analyze and respond to potential risks, protecting company assets while respecting employee privacy and work processes.

Empowering the Future of SOC: Multi layered AI-Powered Cybersecurity: In the midst of mounting pressure on cybersecurity to defend against increasingly sophisticated attacks and navigate a shortage of talent within the industry, our session showcases the challenges and opportunities faced. We draw upon our insights from observing and investigating threats throughout 2023, providing a comprehensive overview while casting our gaze forward to the evolving threat landscape of 2024. Leveraging telemetry data collected from tens of millions of endpoints, we offer valuable perspectives on emerging cyber threats and trends. Central to our discussion is the integration of AI-powered cybersecurity technology into Security Operations Centers (SOCs) as a strategic response to these challenges. By harnessing the capabilities of AI, organisations can bolster their defenses and address the talent shortage by automating key processes within their SOC. We explore how SentinelOne's AI-powered platform simplifies data ingestion, conducts advanced analysis, prioritises incidents, and streamlines workflows, thereby enabling SOC teams to effectively combat cyber threats with agility and precision. Join us as we delve into the practical applications of AI in cybersecurity, providing actionable insights and strategies to fortify your organisation's defenses and navigate the evolving threat landscape with confidence.

In February, the National Institute of Standards and Technology released version 2.0 of the Cybersecurity Framework (CSF). This version introduces "Govern" as the sixth core function, complementing the existing five functions. To promote cyber governance, CSF version 2.0 echoes the critical role of cyber oversight highlighted by the United States Securities and Exchange Commission in its 2022 Commission Statement and Guidance on Public Company Cybersecurity Disclosures.

Few publicly-listed firms have established cyber governance committees or defined dedicated roles and responsibilities within them. Their frameworks or principles are still evolving and have not yet achieved certified standard status. From our first-hand observations, local cyber risk management has not been fully implemented. This begs the question: is cyber governance akin to medicine or merely a placebo? If cyber governance could indeed guide the cyber risk roadmap, what challenges do we encounter in creating such a roadmap? Furthermore, how does cyber governance relate to the Cybersecurity Framework and the cybersecurity of the supply chain   

Forcepoint takes AI/ML as the core to organize the overall picture of data security management, helping you simplify the information security management process and prevent data loss. No matter when and where you work, you can access data with peace of mind, so that data protection is safe.

In the IoT environment, effective implementation of machine identity management is not only the cornerstone of production security and efficiency but also an inevitable requirement to address increasingly complex security challenges. Adhering to relevant standards, leveraging PKI and cryptographic techniques, and integrating machine identity management into overall identity and access management will help establish a more robust IoT security foundation.

Premiere: 5/14 14:00 - 14:30 

Replays: 5/14 20:00 - 20:30, 5/15 02:00 - 02:30

By 2030, 100 billion devices will be connected to the internet, significantly expanding the attack surface. Beyond asset owners who utilize these connected products, the companies selling such devices must also seriously consider reducing potential cybersecurity threats and risks during the product development life cycle through essential product security practices. It is crucial for them to understand and recognize the value of “product security” and differentiate it from IT security or OT security.

Additionally, global and regional regulations and standards have been driving action since the 2010s, compelling product manufacturers and providers to take necessary steps. However, many of these companies lack internal cybersecurity capabilities and sufficient resources to fully implement the required practices to meet product security requirements.

In this talk, I will introduce comprehensive recommendations at different levels, including compliance and testing services, security software development tools, and security software components. These measures aim to ensure effective guarding against cybersecurity threats and risks.

Software-Defined Vehicles ( SDVs ) leverage Over-The-Air ( OTA ) update to continuously provide users with a diverse range of services and an enhanced experience. However, this software-centric approach introduces a dynamic landscape of cybersecurity threats alongside its conveniences. Traditional Electronic Control Unit ( ECU ) system design struggle against the evolving demands of SDV. To support rapid software changing, we must reconsider automotive ECU design philosophy. So, which traditional cybersecurity design principles are being challenged? Which remain essential? This presentation will share practical experiences in ECU cybersecurity functional design, exploring the challenges to embracing the era of SDV.

Premiere: 5/14 14:40 - 15:10 

Replays: 5/14 20:40 - 21:10, 5/15 02:40 - 03:10

In today's interconnected world, the protection of critical infrastructure is paramount. The recent events unfolding in the Russia-Ukraine conflict have underscored the critical importance of enhancing cybersecurity measures, particularly in OT systems.

As we witness the evolving nature of warfare, it's crucial to draw lessons from this conflict and apply them to fortify our defenses. The Russia-Ukraine war has not only showcased traditional military tactics but has also seen a significant reliance on cyber warfare targeting critical infrastructure.

One of the key lessons we can glean from this conflict is the vulnerability of OT systems within critical infrastructure. These systems control vital operations in sectors such as energy, communications, and government. The disruption of these systems can have far-reaching consequences, impacting not just national security but also the economy and public safety.

To enhance OT cybersecurity in critical infrastructure, we must prioritize several key strategies to address this hybrid warfare. Countermeasure suggestions will be provided based on recent attacks targeting critical infrastructure.

This session will delve into the application and value of Copilot for Security in the field of information security. Through in-depth analysis and real-world examples, we will explore how to leverage the technology of Copilot for Security to enhance security and defense capabilities. The session will introduce its workings, features, and characteristics, and discuss how it integrates with other security solutions to form a robust overall security defense system. Participants will have the opportunity to gain insights into Microsoft's latest technologies and innovations in AI security and learn how to apply these technologies to address increasingly complex information security challenges.

Delta Electronics is one of the world's leading electronics manufacturers and attaches great importance to supply chain security. In 2017, Delta established a corporation-level product security center of excellence team to be responsible for product security compliance and assessment services for Delta’s business group, and to develop security tools and security solutions. By implementing product security practices covering industry automation, energy infrastructure, ICT infrastructure, telecommunication, and semiconductor domains, Delta has been gradually building own product security to form a safe and resilient supply chain. 

Over the years, Delta Research Center has been investing significant resources on product security with academic and industrial research institutes, and has implemented product security in most Delta’s product offering. 

In this speech, Delta will share how to move towards the last mile of supply chain security through the best practice of product security. We welcome leading manufacturers and product providers from all industries to work with Delta to enhance your product security to build a resilient and secure supply chain.

In the development and maintenance of application systems, information security has become a necessary item. Therefore, the goals of Security by Design have become increasingly clear, and the team has gradually reached a consensus. The earlier the development stage of the system, the earlier security will be included in the design. Overall The cost is lower. However, in the process of digital transformation, the old system already exists, and maintenance and operation have to be worried about, and loopholes are constantly being discovered, and they have to be repaired in a hurry. In the process of pursuing agile development, the information security team, R&D team, and maintenance team have different perceptions of each other, resulting in team conflicts. This agenda explores how to use automated security tools to meet security needs at all stages of SDLC and CI/CD, and explores successful cases of best practices.

HCL Verse is a secure, compliant, performant, and cost-effective email platform. 

It features a new, modern user interface, protects your data, and offers flexible deployment options, including on-premises deployment. 

HCL Verse also includes a variety of unique email extensions, integrates with multiple online meetings, and is available as a webmail client, a secure email client, and a mobile email app.

In this digital age, cybersecurity governance has become a critical issue for ensuring the survival and development of enterprises. How should enterprises construct the most suitable cybersecurity governance blueprint, implement cybersecurity architecture and management policies, and apply these practices to different business environments? ISO 27001, as an internationally recognized standard for information security management systems, provides enterprises with a comprehensive and effective framework to address the growing challenges of information security.

In this seminar, cybersecurity experts from Symantec will share with you how enterprises can meet stakeholder requirements and implement key practices and best strategies for implementing ISO 27001. They will also share the latest Symantec solutions to help you establish a robust cybersecurity system and effectively respond to various security threats.

From humble beginnings, across industries, through attempts of adoption, current innovations and future predictions. How do organisations leverage automation to remove monotonous workloads and become more efficient without falling victim to autonomous and public AI driven technologies.

Explore the intersection of AI and cyber threats, showcasing real-world examples of adversarial AI use. Discover strategies to mitigate these risks and empower organizations to navigate the evolving landscape of automation securely and effectively.

Introducing Cato's SSE 360 and how to use SSE 360 to build a flexible, secure and easy-to-manage network access solution to adapt to the increasingly complex network environment and security needs of modern enterprises

Cyber security area of research at CTU in Prague

Brief information about CTU in Prague (teaching and research), followed by a brief list of research topics and specific activities of the fair participants focused on cyber security.

CyberSecurity Hub: Centralizing Efforts for a Secure Future

The presentation begins by spotlighting the CyberSecurity Hub's integral role as the orchestrator of diverse cybersecurity activities, emphasizing its pivotal position in fortifying the digital framework of the Czech Republic based on the collaborative force between three distinguished Czech universities, showcasing this union as a cornerstone in cybersecurity innovation. The narrative unfolds to reveal key activities such as Czechia's sole cybersecurity centre in the framework of European Digital Innovation Hubs (EDIH), dedicated to SMEś and public services in digital transformation, or the CZ-EuroQCI initiative, which promises testing of secure quantum key distribution across Europe's critical infrastructures. Further, the presentation heralds the Taiwan Semiconductor Scholarship for nurturing talent in the semiconductor realm and underscores the partnership with the National Cybersecurity Coordination Centre (NÚKIB) as evidence of the Hub's pivotal helping role in national cybersecurity strategies. Towards the end , presentation accentuates the strategic project of CyberCampus.cz, located in Brno, as a geographical nexus that amalgamates expert knowledge, activities, and infrastructure, thereby symbolizing the Czech Republic's visionary approach to crafting a resilient digital society. The invitation extends to all participants to explore the vast opportunities the CyberSecurity Hub offers, from digital transformation consultancy and office space leases to bespoke cybersecurity training programs, all within the innovative milieu of CyberCampus.cz.

CyberSecurity Research at FIT BUT

The Faculty of Information Technology (FIT), Brno University of Technology (BUT), belongs to the leading IT faculties and research institutes in the Czech Republic. It is involved in contractual research with renowned companies and institutions and various European R&I projects.

Within cybersecurity, FIT BUT offers its expertise ranging from Forensics, Computer networks, Internet security, Security monitoring, AI-powered threat detection and hunting, Deception techniques, Blockchain technologies, incl. Secured logging, Semicentralized cryptocurrency, Consensus protocols in blockchain, Decentralized e-voting, Deepfakes (detection methods and verification), Digital security, Hybrid-/ cloud environment security, Hardware accelerated DDoS mitigation, Self-defending computer networks, Flow-based Encrypted Traffic Analysis, Automated network diagnostics, Analysis of IPFIX network data, up to big data analytics, etc. 

Spin-offs of FIT BUT are successful and gain worldwide attention. And there are opportunities for collaboration as presented on joint R&D projects with organizations in Taiwan.

Digital Security 

Whalebone Aura protects Telco subscribers’ connected devices from threats with a single click, without the need to install anything. But we go further, with 16 different user touchpoints to show the value of this security, and increase customer stickiness. Finally, where other vendors struggle to integrate features like this in less than nine months, Whalebone makes it happen in as little as seven weeks; so you can start monetizing your new security solution and increase customer satisfaction before you know it.

Today, enterprises are facing increasingly complex and serious security challenges. People will connect to corporate networks, cloud databases or various applications from various locations and using various devices. This also makes it easier for hackers to impersonate corporate employees. or certified third parties to carry out targeted attacks such as data theft or encryption and ransomware. Simply relying on traditional firewalls, VPNs and other network security protections is no longer able to cope with evolving threats and attacks. Enterprises can no longer assume that pre-verified or trusted devices and user identities are safe.

In the face of a complex and frequently changing workplace, "zero trust" is an important strategy to strengthen the security of critical data and critical systems. Compared with traditional information security architecture, this is a more advanced, flexible and effective information security method. More and more organizations are turning to Zero Trust Secure Access (ZTSA) architecture. This architecture assumes that both internal and external networks are not trustworthy and takes appropriate security measures to ensure the safety of data and assets.

This agenda will share and implement how to use Zero Trust Secure Access to help enterprises implement a zero-trust architecture and protect their data and assets based on information security priority judgment and zero-trust automated access control.

This is an advanced course. It will guide participants through the process of digital forensics investigation and teach them to use relevant tools for analysis. In the initial phase, participants will be hands-on with the tools and become familiar with their usage and investigative aspects. In the latter part of the course, past CTF competition cases will be provided, and the solving process and technical details will be analyzed in depth, aiming to cultivate participants' practical experience and skills in digital forensics and enhance their investigative abilities, thereby providing valuable support for organizational cybersecurity defenses.

As cloud computing, AI intelligence, and remote maintenance technologies flourish, the concept of the Industrial Internet of Things (IIoT) is progressively implemented across various critical infrastructures. This not only breaks the limitations of traditional industrial control environments but also brings unprecedented convenience while introducing numerous cybersecurity risks. In this context, building a secure and reliable industrial control system within the IIoT environment has become an urgent issue to address.

In this presentation, we will explore the key strategies for asset owners, service providers, system integrators, and product manufacturers in tackling cybersecurity risks associated with IIoT. Additionally, we will introduce how the ISASecure certification program develops global cybersecurity certification suitable for IIoT devices and gateways, based on risk assessment results combined with the ISA/IEC 62443 standards. We will also delve into the various stages of product development, control measures, and certification standards to help attendees thoroughly understand the philosophies and objectives behind these standards.

Besides presenting the latest global cybersecurity trends, we will share the newest developments and information from the ISASecure certification program to support Taiwan's industry in aligning with global cybersecurity standards. These efforts aim to comprehensively enhance our cybersecurity protection capabilities in the AIoT domain, focusing not only on software security but also on hardware security measures. Through such measures, we can effectively reduce cybersecurity risks in the IIoT environment, ensuring that technological innovation and cybersecurity protection progress hand in hand, laying a solid foundation for the future development of the industry.

Premiere: 5/14 15:20 - 15:50 

Replays: 5/14 21:20 - 21:50, 5/15 03:20 - 03:50

Summary:

• Uncover the latest APT tactics: Discover the ever-sophisticated tactics of Advanced Persistent Threats (APTs) from our annual email security report. Learn how phishing has become near-undetectable, demanding expert defense mechanisms and real-time threat intelligence.
• The Cloud Security Imperative: Explore the mass migration to cloud email services like Microsoft 365 and Google Workspace. We will delve into the growing adoption of third-party email security solutions and hybrid cloud archiving, driven by factors like flexibility, scalability, and cost-efficiency.
• Openfind: Your Trusted Email Security Partner: Gain insights from Openfind's experience in securing email for governments, financial institutions, and telecoms in Taiwan and Japan. We will showcase our expertise and successful deployments, positioning Openfind as the best complement to M365 email security.
• Join Us: Building Global Partnerships: Explore opportunities for international collaboration as we look to expand our reach and address the ever-growing demand for robust email security solutions.

【Initiating the Sales of High－Security Japanese - Made Drones in Japan and the United States】

ACSL, a Japanese drone manufacturer, specializes in compact and highly secure unmanned aerial vehicles (UAVs), with its flagship model named SOTEN. SOTEN is designed for versatility in various missions and features a quick-detach camera system. In late 2023, ACSL signed an exclusive agency memorandum of understanding (MOU) with Xiangqi Technology, marking the official entry of SOTEN into the U.S. market. This strategic partnership aims to achieve significant sales success for high-security drones, further expanding ACSL's presence in the international market.

【Zero Trust Strategy and Comprehensive Security Protection】

The Zero Trust strategy redefines the security model by implementing strict access control based on real-time verification. RAPIXUS comprehensive security protection combines multiple layers of protective measures, including asset inventory and endpoint security. This forms a robust defense network that can achieve stronger protection, guard against various threats, and enhance overall security.

DDoS attacks are predominantly executed by botnets, with the true adversaries remaining anonymous and operating from the shadows. However, from the perspective of ISPs, cloud providers, and large-scale backbone networks, network administrators can gain a comprehensive view of the entire network and perform correlation analysis by monitoring router traffic (NetFlow), thereby identifying anomalous traffic behaviors.

This session will explore the implementation of AI intelligence for enabling comprehensive network traffic monitoring, rapid detection of DDoS attacks, and identification of botnet activities. We will look at how AI intelligence helps establish automated DDoS protection by precisely monitoring and analyzing normal and abnormal traffic.

This session will delve into the risks and challenges brought by Shadow AI to IT security teams in the AI era, and how security teams can effectively respond to protect and manage sensitive enterprise information. We will focus on exploring how to protect sensitive information through effective data protection measures, ensuring the security and privacy of data. Additionally, we will discuss how to establish appropriate data governance frameworks to regulate and manage the data generated in the AI era, thereby ensuring information security and compliance. This session will provide practical guidance and best practices to help security teams address the challenges of the AI era and establish robust data protection and governance mechanisms to ensure the security of sensitive enterprise data.

According to the IBM Data Breach Yearly Report, from March 2022 to March 2023, the global healthcare industry emerged as the primary target for cyberattacks, marking 13 consecutive years of high data breach costs, with an average loss of $11 million per incident. Healthcare providers are prime targets for ransomware attacks due to the sensitive patient data they possess. Establishing supplier lists, continuous monitoring, and providing comprehensive technical support will be the greatest challenges for healthcare institutions.

SecurityScorecard offers insights and analysis on corporate security posture, with scores ranging from A (100) to F (0), representing security assessments using letters. Combining artificial intelligence and ten years of big data analysis, different scores and grades reflect the likelihood of attacks on enterprises, assisting in enhancing cybersecurity levels.

Using a variety of detection technologies including static analysis (SAST), dynamic analysis (DAST), interactive analysis (IAST), software composition analysis (SCA), and Secert, API, Container, and IaC scanning is the most powerful application security testing combination with no blind spots. In this agenda, we will share how to use different technologies to integrate with CI/CD in a single platform solution to create the state of the art perfect Secure DevOps with automated application security testing.

We will evaluate the capabilities of different models in the field of cybersecurity in Taiwan from various aspects (e.g., harmlessness and local). We will analyze the performance of different models such as TAIDE, Taiwan LLM, and the LLM - CyCraftGPT developed by CyCraft, understanding their applicability in addressing various issues, and helping the audience to choose suitable models more quickly in the future. 

The blockchain is expected to provide a secure and transparent financial environment, yet in recent years, malicious actors have exploited it for money laundering and fraud. This presentation delves into a thorough analysis by the blue team, revealing a crucial aspect of these illicit activities - the hidden fund flows within cryptocurrency exchanges. We will uncover the concealed illegal transactions and financial fraud activities within cryptocurrency exchanges, while also discussing how the blue team can effectively utilize anti-money laundering techniques to track these illicit activities.

With the development of the times, Various types of digital evidence have emerged one after another in the trial process. Therefore, it is a new challenge for the judiciary to build a "Digital evidence" storage system to ensure identity and maintain the ability of evidence. Judicial Yuan, Ministry of Justice, Taiwan High Prosecutors Office, National Police Agency and Ministry of Justice Investigation Bureau jointly plan and build a "Blockchain-applied Judicial Alliance for Digital Era" in response to the digital evidence storage, authentication and verification in the digital era, with the goal of gaining people's trust and judicial credibility.

By sharing the structure and content of NIST SP 800-128, I expect to assist audience in searching the management possibilities for cloud and ground energy compliance in the technological environment where emerging technologies emerge. I woud like to apply the new version of ISO 27001 (ISO 27001:2022) as a starting point to help the audience understand how NIST SP 800-128 can be used to fulfill the change of the standards. The new version of ISO 27001 has put more emphasis on configuration management, but most companies are unable to effectively practice configuration management. Finally, through the sharing of industry cases, the audience can have a concrete understanding of management practices.

With the rise of highly sophisticated cyberattacks, organizations are seeking advanced security solutions that can effectively defend against these evolving threats. The integration of artificial intelligence (AI/ML) and the implementation of a holistic zero trust platform offer a powerful defence mechanism. This session explores the capabilities of an AI-powered holistic zero trust platform in defending against highly sophisticated cyberattacks. By leveraging AI algorithms to analyse vast amounts of data and identify patterns indicative of malicious activity, this platform can proactively detect and mitigate threats effectively. Additionally, the zero trust model ensures that all users and devices are continuously authenticated and authorized, thereby minimizing the risk of unauthorized access. The combination of AI and zero trust architecture provides organizations with a robust and adaptive security framework, enabling them to stay one step ahead of advanced cyber threats.

With the release of the latest version of "Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions" by the US FDA in September 2023, and the update of "Guidelines for Industry on Management of Cybersecurity in Medical Device" by the Taiwan Ministry of Health and Welfare in 2021, addressing the requirements of cybersecurity has become a significant challenge for medical device manufacturers who have already implemented the IEC 62304 standard. The key to solving this challenge lies in the IEC 81001-5-1 standard, which builds upon IEC 62304 and incorporates requirements from IEC 62443-4-1 for Secure Software Development Lifecycle (SSDLC), serving as guidance for manufacturers to achieve secure software development practices. This presentation will share practical insights into the challenges that manufacturers may face when implementing software security development processes and emphasize the key considerations they should focus on.

It's not news when taking about Man-in-the-Middle (MitM) attacks. However it may causes more impact against OT, rather than IT. In this talk , we describe objectives to launch MitM attacks against OT, breakdown some major OT protocols vulnearbilities that could be leveraged to launch MitM attacks, and provide prevention/mitigation methods against such MitM attacks.

In this session, we will explore the challenges and corresponding solutions encountered at various stages of incorporating security into the software development life cycle through practical experience, from the perspectives of people, processes, and technology. We aim to provide insights into advancing towards a more mature and stable stage of secure software development.

Ultimately, we hope that the audience will gain an understanding of various practical solutions, allowing cybersecurity to become a collaborative partner in development rather than an adversarial role. Together, we can build a more seamless and unobstructed secure software development life cycle.

In today's environment, businesses are facing increasingly complex cybersecurity challenges. In this session, we will explore how to leverage best practices from Azure Security to build a robust enterprise security architecture. We will delve into various solutions provided by Microsoft, including identity and access management, data protection, threat detection and response, as well as compliance and monitoring. Through this session, you will learn how to effectively secure your cloud workloads and establish a secure and trusted enterprise environment.

Intelligent management of enterprise internet access, observing hackers' every move from external to internal perspectives.

HCL BigFix 11 now extends the world’s leading endpoint management platform with artificial intelligence capabilities along with new security and risk management tools, the latest compliance standards support, superior platform hardening and machine learning-driven runbook automation to make this the most powerful HCL BigFix in history. It aligns Security and IT Operations teams to dramatically improve remediation times while reducing costs by streamlining management tools and processes. The HCL BigFix endpoint management platform gives IT user workspace and datacenter management teams the power of continuous compliance, intelligent automation and security analytics.

Global fraud is becoming increasingly serious. Digital criminals no longer rely solely on persuasion; they combine hacking techniques, manipulation of social media, phishing, fake applications, cryptocurrency, deepfakes, artificial intelligence, and more, significantly raising the difficulty of identifying fraud.

The scope of "information security" is not equal to the scope of "trade secret". Thus, it is essential to identify trade secret so as to establish the corresponding control measure. In addition, If an organization faces a trade secret suit, digital data, with its characteristics of being easily tampered and spread, it is necessary to take measures to assist in identifying and proving the source of data in order to clarify responsibilities. In summary, existing information security practices are probably unable to respond to trade secret risks. How to boost the integrated management of information security and trade secret, and future effectiveness of evidence, are the important issues in digital era.

 In this session, the speaker aims to shed light on exploiting Large Language Models (LLMs) through adversarial attacks. The speaker will cover the common LLM use cases, highlight emerging threats, and delve into LLM adversarial attacks with practical examples to illustrate their impact. The presentation will introduce the concept of LLM red teaming, emphasizing its critical role in evaluating and enhancing LLM security for AI trustworthiness. Ultimately, this speech seeks to elevate the audience's understanding and encourage proactive strategies to safeguard against these adversarial threats.

This session will focus on cloud and on-premises hybrid attacks, adopting the perspective of attackers. It will explore the scenario where, after breaching a corporate network, the attacker is unable to obtain valid credentials for lateral movement on-premises. Nevertheless, they can still employ techniques such as Pass the PRT to vertically penetrate into the corporate cloud. Furthermore, by abusing mechanisms like Cloud Kerberos Trust and Hybrid Device Join, especially after gaining cloud admin privileges through privilege escalation tactics, the attacker can inversely breach into the corporate on-premises network.

This speech will give you general overview in The Netherlands public private partnership approach in the context of growing cyber security threats, changing global politics and upcoming new rules and regulations such as the NIS2 directive on cyber resilience and the EU cyber security act for safe and cyber secure products. Giving insights from the perspective of a foundation not for profit that operates as an eco-system orchestrator where about 300+ Dutch partners form government, knowledge institutes and businesses collaborate and innovate together towards a more secure digital society. One of the showcases is about the setup and network on cyber resilience centers for the horticulture and manufacturing sectors. Moreover about the work on international knowledge bridges and business alignments, also between Taiwan and The Netherlands.

This presentation commences with a retrospective look at recent Tesla recalls, pairing with scenes from the movie 'Leave The World Behind', illustrating potential scenarios of ADAS being misused by hackers. It then delves into the principles and recent advancements of ADAS technology. Following this, it delineates the three major types of ADAS systems, 28 attack vectors/ paths, and concludes with insights into ADAS security protection and the safety requirements from US government.. Aiming to both the general audiences interested in autonomous driving technology and developers in the field, the presentation aims to raise awareness of the security risks inherent in autonomous driving scenarios, and to provide guidance on essential security tips for a safer autonomous driving technology.

As the cybersecurity landscape grows more complex, the responsibilities of the Chief Information Security Officer (CISO) have evolved significantly. New CISOs face challenges such as advanced cyber threats, regulatory pressures, and technological changes while working within tight budgets. This keynote presentation discusses the effective CISO journey in three key areas: visionary leadership, strategic risk communication, and adaptive change management.

Drawing on personal experiences from leading a global cybersecurity team and interviews with global CISOs, this talk will outline practical strategies for:

1. Building and leading teams with a clear and compelling vision.

2. Articulating and negotiating cybersecurity risks with senior stakeholders to facilitate informed decision-making.

3. Embracing technological and regulatory changes as opportunities for innovation and improvement.

Premiere: 5/15 12:00 - 12:30 

Replays: 5/15 18:00 - 18:30, 5/16 00:00 - 00:30

Security bugs in software have a lifecycle-they go from discovery to exploitation to patch and then-usually-they go away. At each stage of this lifecycle, organizations can take different approaches to minimize the risk to themselves and their customers. Unfortunately, many industries find themselves with unique challenges when trying to respond to vulnerabilities due to the nature of their products and manufacturing processes. For example, vehicles have complicated supply chains and many third-party components that must be kept current and harden to defend against modern attacks.

This presentation examines some of these unique areas that various industries should be aware of when it comes to handling vulnerabilities and monitoring the threat landscape. Based on lessons learned from Trend Micro’s Zero Day Initiative, the world’s largest vendor-agnostic bug bounty program, along with the Pwn2Own hacking contest, we examine how industries have tackled these challenges, where they were successful, and where they failed. Finally, we highlight some recommendations hardware and software manufacturers should consider when managing the lifecycle of vulnerabilities.

The company recently discovered an information security incident. Our R&D data stored in AWS S3 was disclosed on multiple forums.After investigation, it was found that the reason was that a colleague of our company accidentally uploaded the S3 cloud to improve work efficiency. Access is set to public. This resulted in the leakage of confidential information. In addition, because the EC2 in the cloud has not patched the vulnerability, hackers were able to take advantage of it, further exacerbating the security disaster.

Are these news making you hesitant to use the cloud？

Although the cloud has become a trend in the world and its advantages are obvious, threats can also be seen everywhere.

Challenges faced by security personnel in the cloud：

1. Not familiar with the cloud environment, and cannot fully understand the relevant security settings and regulations.
2. Cloud components and services are used too widely, making it impossible to fully understand service security.

This agenda will share how security personnel can manage cloud security more effectively and securely in a complex cloud environment.

The lab will walk you through specific social engineering methods until remote code execution. The instructor will introduce and demonstrate one of the most famous Outlook 2016 bugs this year and share strategies for defending against this attack.

Premiere: 5/15 12:40 - 13:10 

Replays: 5/15 18:40 - 19:10, 5/16 00:40 - 01:10

With the accelerating adoption of hybrid cloud, remote workforce and digital transformation, identity has quickly become the new perimeter of security. Certainly, we have seen rapid growth of Identity & Access Management (IAM) adoption in organization. However, most of the IAM programs are not effective, difficult to scale operationally and ultimately lead to repetitive compliance gaps, productivity drains and business risks. Therefore, it is extremely important for organization to establish the right foundation of your IAM program, define the right strategies to prioritize your identity initiatives that align to the business objectives. In this presentation, we provide you the insights of putting identity-first security to boost your IAM program maturity.

With the increasing clarity in the application of SBOM, more and more critical infrastructure industries are engaging in PoC. This prompts us to consider whether we are adequately prepared for the development of SBOM. We know that merely listing the software and versions of asset through SBOM is insufficient to improve supply chain security. In light of this, we will deep into the concept, generation, and application of SBOM. Once we have SBOM, what technologies should we align with to effectively apply the concept? Additionally, we will also analyze the current use of SBOM in global critical infrastructure industries to illustrate the concerns it brings.

This speech will guide internal trainers or awareness promoters within enterprises on how to enhance their teaching skills and depth of knowledge, as well as how to effectively utilize AI for lesson preparation. It focuses on two main topics: cybersecurity awareness courses and professional technical education. The former will delve into the effective collection and utilization of real-life cases, as well as the design of interactive and impactful teaching content. The latter will explore methods for preparing professional technical courses and provide strategies to avoid common pitfalls during the teaching process. This speech is suitable for all professionals interested in enhancing their cybersecurity education capabilities.

Premiere: 5/15 13:20 - 13:50 

Replays: 5/15 19:20 - 19:50, 5/16 01:20 - 01:50

Threats to digitally stored data have existed ever since punch cards were the primary storage medium.The difference now is that data are as much currency as mere information, and therefore a rich target for thieves.

Artificial intelligence (AI) has ushered in an age in which data are expansive, ever-evolving and increasingly at risk of manipulation, if not downright theft.

A fast-growing and logical application of AI is autonomous driving, a.k.a., driverless vehicles. “Bad actors” are hard at work attempting to steal such autonomous-driving AI data through tampering, “key cracking” of flash storage to gain authentication, and outright theft from flash storage.

However, protection strategies can ward off these threats: anti-tampering actions; blocking key cracking; and theft-protection techniques.

In this presentation, Macronix will demonstrate how developers of AI-based autonomous-driving applications can identify attack methods, then take the necessary steps to provide protection against them.

The U.S. Department of Defense (DoD) announced the "Cybersecurity Maturity Model Certification" (CMMC) information security requirements for DIB (Defense Industrial Base) partners. The soon-to-be legalized CMMC is expected to be fully implemented in fiscal year 2026. As such, all DIB including their contractors/subcontractors must demonstrate adequate CMMC satisfaction before contracts would be awarded. CMMC will have a direct impact on all the manufacturers in the global supply chain. For Taiwanese manufacturers, CMMC presents both a challenge and opportunity. To be able to demonstrate adequate level of CMMC compliance is a key to winning a Defense contract. However, the purpose of CMMC doesn't stop here. It may go beyond current scope as company's product design and engineering that embedded the spirits of CMMC would definitely gain more competing edges, thus more customers. We are here to prepare those interested parties to become CMMC compliance and gain better competitive edge globally.

From the perspective of a vulnerability researcher, this presentation dives into the impact of 0day and nday vulnerability attacks on enterprises. It examines the capabilities of attackers at different technical levels, the considerations when attackers exploit vulnerabilities, and the cost implications of thwarting attacks at various levels (0day, 1day, nday). The presentation suggests how enterprises can effectively construct defense mechanisms to increase the cost of hacker attacks. This involves raising the risk of detection for attackers post-successful exploitation, thereby enhancing the overall effectiveness in combating vulnerability attacks. The emphasis is placed on multi-layered and comprehensive protection as a crucial strategy in addressing continually evolving threats in the realm of cybersecurity.

This presentation offers an insightful exploration into how evolving cyber defense strategies have subtly influenced the adaptations of the Muddled Libra threat group. Gaining prominence in 2022, Muddled Libra's recent evolution in 2023 highlights the group's response to the changing landscape of cybersecurity. We will discuss the nuanced changes in their approach, including alterations in tools, targets, and criminal methodologies, prompted by the gradual advancements in cyber defense. This session aims to provide a balanced perspective on the interplay between attacker innovation and defender strategies, illustrating the ongoing, dynamic nature of cybersecurity. Join us for a thoughtful analysis of this continuous adaptation and its implications for the future of cyber threats and defenses.

Currently, in the web3 industry, defense-oriented products are still in the early stages. Compared to web2, there is a general shift from IDS (Intrusion Detection Systems) to IPS (Intrusion Prevention Systems). Suggest protocol follow the fundamentals of DevSecOps in Web3 ensure that every stage, including planning, development, testing, release, and monitoring, is encompassed by security measures. These measures include smart contract auditing before release, post-release monitoring for potential attacks, and a robust, well-rehearsed incident response plan to ensure the optimal course of action is always taken.

Incident response requires thorough preparation and planning. In this session, we'll explore real-life cases to consider whether threats can be analyzed and detected in a timely manner before a security incident occurs and also discuss strategies to enhance cybersecurity resilience.

Artificial intelligence promotes scientific and technological progress. But it also brings unique risks that may have unexpected negative effects. Applications of AI are often complex, and without proper controls, AI can amplify, perpetuate, or exacerbate unfair or adverse outcomes. By sharing the applications and challenges of AI in information security, and helping listeners realize that AI can be a security partner or risk, understanding and managing the risks of AI systems will help enhance credibility and foster public trust.

Phishing emails are the starting point for hackers' attacks. We will focus on discussing the application of generative AI and digital transformation technologies. Through actual case studies, we will explore seven optimizable points in traditional phishing email drills :

1. We will demonstrate how to utilize cybersecurity intelligence and public information to identify high-risk email users within an enterprise.
2. Generative AI combined with human resource systems and public data will generate personalized email templates.
3. We will demonstrate a hybrid platform architecture that can unify drills and adapt to the needs of different departments.
4. Risk-driven drill plans will be formed based on customized risk assessment indicators.
5. Generative AI will be used for timely, personalized cybersecurity awareness promotion.
6. Through personal risk profile design, combined with phishing email drills and employee information asset management, we will promote the improvement of employee cybersecurity awareness.
7. We will share our understanding of high-quality drills and the checkpoints.

Through this presentation, the audience can expect to learn how to apply generative AI and digital transformation technologies to enhance employee cybersecurity awareness and prevent social engineering attacks, thereby building a more resilient enterprise-wide cybersecurity awareness defense line to effectively address the growing cybersecurity threats.

Threats to digitally stored data have existed ever since punch cards were the primary storage medium.The difference now is that data are as much currency as mere information, and therefore a rich target for thieves.

Artificial intelligence (AI) has ushered in an age in which data are expansive, ever-evolving and increasingly at risk of manipulation, if not downright theft.

A fast-growing and logical application of AI is autonomous driving, a.k.a., driverless vehicles. “Bad actors” are hard at work attempting to steal such autonomous-driving AI data through tampering, “key cracking” of flash storage to gain authentication, and outright theft from flash storage.

However, protection strategies can ward off these threats: anti-tampering actions; blocking key cracking; and theft-protection techniques.

In this presentation, Macronix will demonstrate how developers of AI-based autonomous-driving applications can identify attack methods, then take the necessary steps to provide protection against them.

Active Directory is a mission-critical single point of failure. The importance of AD makes it a highly attractive target for cybercriminals. Credential theft renders endpoint security solutions useless and that is why 90% of cyber breaches involve identity systems such as AD today. 

Without AD, there is no IT recovery. If you lose AD, you lose your business. Full AD forest recovery after a cyber attack is complicated and time-consuming as the process to recover the AD is tedious and long. Traditional backup solutions cannot recover the entire AD forest rapidly, automatically and without malware.

Learn how Semperis can help your organisation protect your AD before, during, and after an attack to stop identity threats and minimise disruption to your business.

Experience how HENNGE One IdP can help enterprises control cloud system logins through actual operations - satisfying Zero Trust's multi-factor authentication, unified account & login policy management, and further integrating ground systems - to create a secure and convenient enterprise system usage environment.

Premiere: 5/15 14:00 - 14:30 

Replays: 5/15 20:00 - 20:30, 5/16 02:00 - 02:30

CHT Security will share findings from incident responses and provide recommendations and countermeasures to enhanace cyber resilience

1. 緣起
2. 國際零信任架構推動概況
3. 政府零信任架構規劃
4. 零信任架構符合性驗證
5. 政府機關導入零信任架構經驗分享
6. 結語

As various regulations are implemented within tight deadlines, the automotive industry has been vigorously seeking certification processes and safety architecture evaluations in recent years. When manufacturers are choosing suppliers or attempting to establish their laboratories to tackle these issues, they encounter practical challenges, particularly with TARA (Threat Assessment & Risk Analysis) and VMS (Vulnerability Management Systems). The question arises: How can one accurately set the Security Boundary? This crucial yet often unaddressed issue, which neither ISO documentation nor consultants provide clear answers to, will be tackled in this presentation. Drawing from extensive experience in industry advisory roles, we will outline some fundamental guidelines. Additionally, we will use 'realistic' architectural diagrams and documents, which do not disclose any proprietary secrets, for live demonstrations and analysis.

Premiere: 5/15 14:40 - 15:10 

Replays: 5/15 20:40 - 21:10, 5/16 02:40 - 03:10

In today's digital world, phishing attacks pose a serious threat to security. Our company addresses this challenge with several valuable phishing-resistant multi-factor authentication products.

By adapting biometrics passkeys to multiple verification layers, we fortify web service logins against evolving cyber threats. Our solution seamlessly blends with existing authentication flows, not only ensuring security but also enhancing user friendlines with passwordless login experience.

With our phishing-resistant MFA passkeys, we offer not just a solution, but a shield against the pervasive dangers of phishing attacks, safeguarding the integrity of web service logins and empowering users to navigate the digital realm with confidence and peace of mind.

In recent years, Zero Trust Framework has evolved from a conceptual initiative to a practical one, with more frameworks and assessment methodologies being put in place, and we will use this session to explore the framework from a practical perspective.

In 2023, we will execute 30+ clients and over 180+ penetration test subjects, from which we have found many interesting cases, including AI chatbot jailbreak, intranet penetration of over 20 years old CMS. In 2023, the main industries we tested are: finance, gaming, food and beverage. On average, we find at least 1 High, 1 Medium, and 1 Low security risk for each project, we explore the risk items and statistically analyze them. In the process, we try to increase the execution speed of the project and optimize the testing process, and hope to share and exchange with the industry.

Currently, most network defense architectures primarily focus on detecting north-south network packet behavior. However, detecting east-west lateral network flow has always been a headache for IT professionals. This allows hackers to exploit this weakness, making it easy for them to infiltrate and spread within internal networks and locate critical targets without being easily detected. This session will share insights on leveraging network behavior analysis and monitoring from a blue team perspective to quickly identify hacker attack traces and problematic computers or devices.

I will introduce Threat Modeling, explaining its necessity and preparation requirements. I will systematically deconstruct the process, highlighting risks at each stage and providing vulnerability examples. This session serves as an introductory reference for helping understand, examine, and establish Threat Modeling. Audience, regardless of experience, can take back mentioned risks and review those parts in own orgnizations.

In this session, we will discuss the security of cryptocurrency exchanges from the perspectives of users and industry players. First, we analyze common cryptocurrency security risks. Then we share how to protect user assets from the perspective of exchange operators and share our experience. We use actual cases to show how exchanges protect user assets. In the end, we provide users guide that how to choose a secure and safe exchange.

This talk will discuss the hardening issues encountered by enterprises, and extend the discussion of international regulations and demand differences derived from supplychain audits.

2024 is set to be the biggest election year in history, with more than 4 billion people being asked to cast their votes, and AI-driven disinformation campaigns will be pervasive. Threat actors will exploit these events to manipulate public opinion on a global scale, posing significant challenges to election integrity and global stability.

Powered by the speed and scale of the internet, disinformation operations have weaponized social media platforms and fractured the information environment to sow discord and undermine trust. It is no secret that we live in an increasingly fractured and polarised world, where acceptance of the existence of “alternative facts” is now mainstream.

This session will examine the current state of disinformation operations and how their capabilities and reach will be significantly enhanced and accelerated through application of Artificial Intelligence. We will also present strategies for individuals, organisations and governments to begin to combat on this new frontier.

Even if IEC 62443 provides a process maturity level, how can we gradually move closer to the overall qualified standard in the face of different generations of products within the enterprise and the characteristics of the product life cycle in OT field.

This session shares how we use the activities of the Product Security Incident Response Team (PSIRT) as feedback to SSDLC. Use vulnerability handling activities to review the product process from requirements, design, implementation, testing and verification to make the process more mature and complete.

Facing the government’s cybersecurity policies and the world’s cybersecurity trends, how to pragmatically introduce cybersecurity protection, not only the response strategy of legal compliance, but more is the sharing of practical experience. Whether in management, strategy, or technology, how should we plan and promote? How to coordinate and solve when encountering difficulties? The content of the speech not only provides a reference for cybersecurity workers from the perspective of Party A, but also the related procurement thinking is suitable for Party B’s evaluation, allowing the team to understand the key points and difficulties of introducing various products, and creating a win-win future through the narration of practice and experience sharing. It will also explain the actual cases of auditing public agencies and teaching cybersecurity professional courses, so that all walks of life can understand the actual focus and promotion of information security.

Experience how HENNGE One IdP can help enterprises control cloud system logins through actual operations - satisfying Zero Trust's multi-factor authentication, unified account & login policy management, and further integrating ground systems - to create a secure and convenient enterprise system usage environment.

This session will share insights into the transition from CTF (Capture The Flag) competitions to red team exercises, discussing how to apply the skills honed in competitions to real-world cybersecurity challenges. The audience will understand the connection between CTFs and red team exercises, learning how to transform theoretical knowledge into practical capabilities.

Today, enterprises are facing increasingly complex and serious security challenges. People will connect to corporate networks, cloud databases or various applications from various locations and using various devices. This also makes it easier for hackers to impersonate corporate employees. or certified third parties to carry out targeted attacks such as data theft or encryption and ransomware. Simply relying on traditional firewalls, VPNs and other network security protections is no longer able to cope with evolving threats and attacks. Enterprises can no longer assume that pre-verified or trusted devices and user identities are safe.

In the face of a complex and frequently changing workplace, "zero trust" is an important strategy to strengthen the security of critical data and critical systems. Compared with traditional information security architecture, this is a more advanced, flexible and effective information security method. More and more organizations are turning to Zero Trust Secure Access (ZTSA) architecture. This architecture assumes that both internal and external networks are not trustworthy and takes appropriate security measures to ensure the safety of data and assets.

This agenda will share and implement how to use Zero Trust Secure Access to help enterprises implement a zero-trust architecture and protect their data and assets based on information security priority judgment and zero-trust automated access control.

The lab will walk you through specific social engineering methods until remote code execution. The instructor will introduce and demonstrate one of the most famous Outlook 2016 bugs this year and share strategies for defending against this attack.

Welcome to a concise exploration of In-Vehicle Networking (IVN), where we trace its evolution over the last twenty years. Initially, we'll discuss the fundamentals of IVNs, highlighting their critical role as the vehicle's nerve center, managing everything from engine performance to entertainment systems.

We then examine the various protocols that underpin IVNs, akin to diverse languages facilitating communication between car components. This section aims to demystify the technicalities, making them accessible and understandable.

However, IVNs come with vulnerabilities. A significant portion of our discussion will address cyber risks, focusing on incidents like "CAN injection," a cyberattack that can compromise vehicle operations. We aim to simplify cybersecurity concepts, providing clear and digestible explanations.

Finally, we'll look at the defenses in place to protect IVNs against cyber threats. This includes an overview of current security mechanisms, explained in an engaging and straightforward manner, suitable for those new to the subject of cybersecurity.

Premiere: 5/15 15:20 - 15:50 

Replays: 5/15 21:20 - 21:50, 5/16 03:20 - 03:50

2024 is a record-breaking year for elections around the globe, with over 60 countries home to roughly half of the world’s population set to hold national elections. On 13 January 2024, Taiwan kicked off this super-election year with its leadership elections. In this session we will discuss some of the ways external forces tried to influence these elections.

Do you want to be a good Cybersecurity Professional?

E.SUN is looking for talents with potential, enthusiasm, and willingness to challenge themselves to join our big family.

We ensure that the cybersecurity threats can be avoid in the important links of maintaining business development. We provide a comprehensive training system and a good working environment, allowing you to display your professional skills and creativity in the field of information security and achieve greater success.

If you are passionate and curious, welcome to join our team and work together to provide better security service for the financial industry, companies and customers.

By reviewing relevant guidelines and reports on international cybersecurity capabilities, it is hoped to provide several benefits to the audience :

1. Enterprises can learn how to conduct talent training.
2. Individuals aspiring to work in the cybersecurity industry can understand the direction of their future efforts.
3. Students currently in school can learn how to accumulate skills to facilitate entry into the cybersecurity industry after graduation.

" Is my enterprise secure ? " has always been difficult to answer through Red Team Assessment, as organizations often only address short-term issues without integrating them into long-term cybersecurity strategies. In this presentation, we will examine the challenges faced by enterprises based on observations from nearly a hundred red team experiences and reflect on past issues. To address this, we will introduce a new approach to structuring red team outcomes, like placing axes on the battlefield, to help enterprises overcome the dilemma of solving short-term problems separately and effectively leverage the full benefits of Red Team Assessment.

In this talk, we will explore the core concepts and goals of Security Code Review and share how Synology systematically detects security issues. We will introduce the technical details of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), including text search, semantic search, code analysis tools and fuzz testing.

We hope that these examples will help the audience to have a more intuitive understanding of the testing techniques, and at the same time enhance the audience's knowledge of code security, so that they can utilize what they have learned to more effectively protect the security of their products and services.

Due to the rise of the technology industry in Taiwan and the government's promotion of related digital transformation, it has been ongoing for many years. However, in statistics, the number of information security attacks suffered by Taiwan still ranks first in the Asia-Pacific region, among which DDoS is the most common, followed by ransomware, vulnerability intrusions, and botnets.

Starting this year, the targets of hacker attacks have gradually shifted to manufacturing and traditional industries. We should be vigilant. I often emphasize that information security matters.

Many incidents are caused by people. Almost 90% of information security incidents are caused by "people." But how do we protect information security? I believe this is a pain point for many manufacturing and traditional industries.

If information security incidents occur in banks, will traditional industries and manufacturing industries have to face the growing number of network information security incidents more cautiously?

The TVL of DeFi has surpassed $100 billion for the first time since 2022, with several notable security incidents occurring up to this point, such as Mixin Network (with losses of approximately $200 million), Euler Finance (with losses of approximately $200 million), and KyberSwap (with losses of approximately $48 million), among others. The losses from these DeFi security incidents are significant.

This topic will cover well-known DeFi security incidents and common attack vectors in DeFi, including manipulation of price oracles, reward manipulations, private key leaks, inadequate permission controls, and logical errors, among others. This session aims to enhance the understanding of blockchain security issues among Web 3 developers and security professionals through sharing problems frequently encountered in blockchain security audits and case analyses of security incidents. By doing so, it hopes to promote the construction of safer blockchain projects.

Presentation on Enterprise Security Threats in Zero Trust Architecture (ZTA) and Advanced Social Engineering, with a Focus on CVE-2023-23397 Vulnerability. Delving into Red Team Attack Scenarios and Blue Team Responses, we'll share practical insights and defense recommendations. Emphasizing the importance of risk management and user education, we aim to empower the audience with actionable strategies to enhance enterprise security and Make the World a Better Place.

Cyberattacks on critical infrastructure have increased in recent years, posing a significant threat to the stability and security of the affected nations. In this presentation, TeamT5 will introduce TeleBoyi, a Chinese-nexus APT that has not been disclosed previously. Based on our research findings, TeleBoyi shows a strong preference for targeting critical infrastructure, with a particular focus on the telecommunication sectors. The group has been active since at least 2014 and is currently still active. Their scope of targeting extends across numerous countries worldwide, including APAC, Americas, and Europe. Our presentation will cover TeleBoyi’s Tactic Techniques and Procedures (TTPs) including their weapons. Moreover, we will discuss overlapping TTPs with other notorious APT groups. We believe the techniques and tactics disclosed in this presentation can help blue teams prevent, detect, and respond to Teleboyi's attacks more efficiently and effectively.

Fulfilling three wishes at once - email backup, Spam filtering, leak prevention DLP - with HENNGE One Email Security. Experience how HENNGE One Email Security can help enterprises create a secure and convenient mail usage environment.

When it comes to the application of information security in IoT, AI, and servers, the concept of hardware-based security design becomes crucial. Hardware security chips are microchips specially designed to protect data and systems from malicious attacks. In IoT applications, hardware security chips can ensure the security of communication and data transmission for IoT devices, thereby protecting personal privacy and system integrity. In AI applications, these chips can prevent unauthorized access and tampering, ensuring the reliability and security of machine learning models. In the case of servers, hardware security chips can help prevent malicious software attacks and provide secure data storage and access control. Overall, the application of hardware security chips in these areas provides crucial support for data security and system protection, helping us to build a more reliable and secure digital ecosystem.

The most harmful malware that spreads through Microsoft OS vulnerabilities is probably WannaCry. However, 15 years ago, there was a worm called Conficker, which also spread through Microsoft vulnerabilities. Conficker continues to spread widely on the Internet today.

In November 2008, Conficker worm propagated through the Microsoft RPC vulnerability. Even now, devices in the wild are still attacked for spreading Conficker worm samples against SMB servers on public networks. 

In this session, we will start from the suspicious traffic discovered on honeypots, analyze Conficker worm network propagation behavior, and investigate the attack source and exploit payload collected by us. We also explore the threat about this type of attacks to industrial control systems and propose possible defense solutions.

This speech mainly explores how to effectively identify, evaluate, and respond to cybersecurity threats from the perspective of a Project Manager (PM), ensuring that projects and products do not become targets of hackers. The speech will cover the following main parts:

1. The intersection of cybersecurity and project management: Discussing the current cybersecurity challenges faced and highlighting the critical role of PMs in cybersecurity strategy.

2. Personal case studies sharing and analysis on how to avoid similar situations.

3. How PMs can learn about cybersecurity: Sharing how PMs with a business management background can learn about cybersecurity concepts and related technologies.

This lecture will combine my rich experience in project management, product development, and information security. The goal is for PMs to be more confident in handling cybersecurity issues and apply this knowledge in their daily project work.

With the rapid development of Web3, we are stepping into a completely new digital world. This world is based on decentralization, blockchain technology, and cryptocurrencies, opening up endless possibilities. However, these innovations also bring unprecedented security challenges. In this presentation, we will delve into the key security issues in the Web3 environment, including vulnerabilities in smart contracts, the security of decentralized applications (DApps), and weaknesses in blockchain networks.

This agenda will introduce the integration of generative information retrieval technology with intelligence databases to establish an intuitive conversational search engine. Through natural language to SQL transformation techniques, analysts can easily query the required intelligence data in the form of dialogue. Simultaneously, we integrate multi-modal models to enhance the depth and accuracy of intelligence data. Finally, we have introduced a question-answering bot to expedite intelligence acquisition, effectively assisting analysts in rapidly investigating cybersecurity incidents. This innovative solution will enable us to respond more swiftly and effectively to evolving threats.

Web shells are frequently used in website attacks. They can allow attackers to bypass web servers to access underlying operating systems or databases to steal the critical information, such as user credentials. Consequently, the operating systems can be compromised through web servers. To avoid the detection and code analysis, web shells often obfuscate their codes or add login functions to conceal their features and presence. This session will demonstrate a number of web shells and their obfuscation techniques.

In the process of incident response, the cybersecurity blue team often needs to conduct a large amount of analysis, including extensive log analysis for cloud events. This presentation mainly shares how to use open source tools for analysis. This includes the mention of SOF-ELK, the open-source forensics project by SANS utilizing Elasticsearch, the use of Graylog + OpenSearch for SIEM analysis, and ways to quickly analyze malicious logs by incorporating established Sigma Rules and other blue team knowledge.

In a zero trust architecture, despite mature practices in identity and device authentication, the methods for trust inference at Policy Decision Points (PDP) remain unclear. To address this, we propose a Trust Inference Maturity Model, providing enterprises with a flexible and effective strategy for trust inference. To rapidly adapt to evolving cyber threats, we integrate large language model technology to quickly generate and adjust risk rules, responding to the rapidly changing cyber threats and enhancing the adaptability and interpretability of the overall security architecture.

This agenda will take the CISO's annual cybersecurity governance report to the board of directors as an example, focusing on key points closely related to the company's operations, such as cybersecurity strategy, quantitative results, compliance status, and future blueprints, so that the board of directors can clearly grasp the context and value of cybersecurity work and provide support and resource allocation.

Content Summary :

1. Security Management Architecture : Establish an overall architecture covering governance, risk, and compliance to lay a solid foundation for cybersecurity management.
2. Security Management Strategy : Develop strategies around confidentiality, integrity, and availability, and strengthen personnel as a security defense line through awareness enhancement and violation management.
3. Security Maturity Evolution : Review maturity through cybersecurity drills, learn from industry benchmarks, and continuously improve detection, response, and prevention capabilities.
4. Security Measures Implementation Results : Control risks from the source; establish intelligence-driven monitoring and response mechanisms to quickly detect and respond to threats.
5. Future Security Focus Points : Gain insight into the cybersecurity challenges of emerging technologies such as AI, and develop response guidelines and directives with agile thinking.

We will be discussing wireless security in HID devices (e.g. mouse and keyboards) as some of the devices are now claiming to be using encrypted connections. The topic stems from MouseJack back in 2016, which unveiled a series of flaws in HID devices which is susceptible to either keystroke or movement injection and sniffing attacks, and we'll be demonstrating how such devices may be built insecure in the first place and how they've become in present days.

OT (Operating Technology) is totally different from IT security, especially OT security has focused on not only on security but safety. In this session, speaker will present international trend of OT, threats and risk of OT security, and the coresponding strategies to improve OT security.

VPN is one of the main ways many companies connect to their internal servers. However, reports show that VPN vulnerabilities have become targets for ransomware attacks and are even used by hackers as springboards to enter enterprise intranets, launching large-scale attacks. This session will share recent cases of ransomware risks and provide HENNGE's solution and practical cases, meeting the needs of remote collaboration for businesses while ensuring security and improving productivity.

With the Taiwan presidential election underway, cyber attacks by Chinese hacker groups against Taiwan have become more frequent. Recently, we investigated a supply chain attack targeting Taiwan, which focused on a widely used document tool in Taiwan that is not only prevalent in government agencies but also heavily utilized in government, legal and academic institutions, potentially affecting over 500,000 victims. In this attack, we also discovered traces of malware from many Chinese threat group. The attackers compromised update servers to deliver malware to victim endpoints and remained undetected for several years.

From this attack, we also reviewed the past decade, from Operation GG to recent supply chain attacks targeting financial institutions. We conducted in-depth analysis on various supply chain attack techniques from both software development processes and supply chain service processes, including supply chain software vulnerabilities, implanting malware into normal programs, island hopping attacks, and out-sourcer leakage. We analyzed the causes of supply chain incidents and defense mechanisms. Additionally, we will introduce how we have utilized AI in the past few years to assist analysts in conducting incident investigations.

The occurrence of cybersecurity incidents is often accompanied by the risk of data leakage. Especially when PII (personally identifiable information) is breached, it will cause economic cost and reputational damage to the company. The purpose of collecting PII is to provide products, services and commercial value-added services. Enterprises are obliged to maintain the security of the PII process system. Data security strategy include organizational management and technical control countermeasures. This speech explains the key points of data security governance, interprets them based on relevant legal compliance and ISO standards, and compares recent information security or data breach incidents with cases to provide specific suggestions.

In this presentation, you will

1. Understand the six pillars of DevSecOps proposed by the authoritative organization on cloud security, Cloud Security Alliance (CSA).

2. Get acquainted with Kubescape, the latest CNCF sandbox project, and how it enhances security and scalability for Kubernetes (K8s) clusters.

3. Learn which key elements of the six pillars Kubescape implements for better security and scalability.

Despite the infinite convenience brought by digitalization in today's era, it also comes with increasingly complex geopolitical challenges. In the era of ongoing cyber warfare, the prevalence of advanced network environments poses unprecedented challenges to information security. In this context, national cybersecurity strategy serves as an indispensable cornerstone to ensure the stable operation of society, particularly for Taiwan.

This session will start by examining national cybersecurity strategies around the world, analyzing the cybersecurity strategies of the United States and Europe, offering personal insights, and exploring the relationship between national cybersecurity strategy and the international cybersecurity standard ISA/IEC 62443. ISA/IEC 62443 is a standard specifically designed for Industrial Automation and Control Systems (IACS), aiming to provide comprehensive guidelines to ensure the cybersecurity of industrial automation and control systems.

Through practical examples, the session will delve into how to extend national cybersecurity strategy into actionable plans and incorporate the essence of the ISA/IEC 62443 international standard.

According to DEVCORE's statistics from dozens of Red Team Assessments conducted over the past year, more than 50% of enterprise internal networks have misconfigurations related to Active Directory Certificate Services (AD CS). These misconfigurations allow attackers to gain domain admin privileges within minutes, even with just a low-privileged domain account.

In this presentation, we will present anonymized examples of these misconfigurations in various enterprises, demonstrate how attackers exploit them, and emphasize the importance of regularly assessing AD CS as a critical infrastructure component within an organization's internal network. We will also provide guidance on avoiding common configuration mistakes and mitigating measures for specific scenarios.

DarkWeb is the misty area on the Internet. TOR (The Onion Router) is the major technology composing the DarkWeb. In this talk, I will discuss how to get on the DarkWeb, how to setup your hidden services, how to analyze the onion site, how to use OSINT skill to get more information about DarkWeb and what tools to monitor your data on the DarkWeb.

2023 was a rampant year for threat actors, as the maturation of ransomware as a service (RaaS) and the emergence of AI-enabled cybercrime tools (WormGPT and FraudGPT), these key factors made it easier for threat actors to acquire or develop cyber weapons. By observing the cyber incidents of 2023, we conducted an analysis of attack trends of 2023. This includes an overview of Ransomware as an Services’ (RaaS) attack trends and tactics in 2023, rising problems from supply chain compromises, and the global impact of country-level threat organization activities.

Many enterprises heavily rely on the Active Directory (AD) as the backbone for user and asset management, distributing software updates, and related unified control mechanisms. While AD offers rich and diverse functionalities, it also leads to security risks directly or indirectly due to improper configuration settings by administrators for convenience, among other reasons. Moreover, the internal network structure of large enterprises is relatively complex, making it difficult to promptly detect ongoing attacks in the absence of comprehensive detection mechanisms. This presentation will start with the blue team's perspective, sharing how the core authentication mechanism of domain services - the Kerberos protocol operates, the attack techniques closely related to the Kerberos protocol, and how to detect such attacks in order to prevent attackers from taking over the enterprise domain services effectively and promptly.

The Internet of Vehicles (IoV) is a new technology that has developed rapidly in recent years, bringing revolutionary changes and unlimited business opportunities to the automotive industry. But beyond this postive side, as IoV technology matures and becomes more popular, the cybersecurity risks it brings are also increasing. This agenda will explain the security threats of IoV, and showcase practical experience sharing and solutions such as security assessment results and vulnerability analysis of IoV-related devices, with a view to improving the safety of vehicles and passengers.

In 2022, our country released the "Technical Specifications for Information Security Testing of Electric Vehicle Supply Equipment," establishing the basic cybersecurity requirements for connected charging devices. However, as part of the overall charging ecosystem, it is necessary to further consider the cybersecurity risks and countermeasures in operations and maintenance of the devices.

This presentation will begin by examining the cybersecurity requirements for electric vehicle fast charging infrastructure, as detailed in U.S. NIST IR 8473. We will define key terms and explore the cybersecurity risks identified by the U.S. NIST for stakeholders in the electric vehicle fast charging ecosystem, with a specific focus on charging stations. Following this, the presentation will highlight discrepancies in risk management strategies between the cybersecurity of the charging equipment itself and the provision of charging services. Based on these observations, we will offer targeted recommendations to address these gaps.

From a Cybersecurity Perspective: A Course Focused on Sharing Knowledge" This course prioritizes sharing knowledge and equips participants with the skills to deeply understand core concepts of malicious code analysis. Through hands-on learning of various techniques, attendees will learn to effectively utilize corresponding tools and technologies to counter continually evolving cybersecurity threats.

In today's threat-filled online environment, businesses require robust security solutions to protect their endpoints. CrowdStrike is a global leader in endpoint security, offering a comprehensive platform to defend against known and unknown threats.

Premiere: 5/16 09:30 - 10:00 

Replays: 5/16 15:30 - 16:00, 5/16 21:30 - 22:00

2024 is set to be the biggest election year in history, with more than 4 billion people being asked to cast their votes, and AI-driven disinformation campaigns will be pervasive. Threat actors will exploit these events to manipulate public opinion on a global scale, posing significant challenges to election integrity and global stability.

Powered by the speed and scale of the internet, disinformation operations have weaponized social media platforms and fractured the information environment to sow discord and undermine trust. It is no secret that we live in an increasingly fractured and polarised world, where acceptance of the existence of “alternative facts” is now mainstream.

This session will examine the current state of disinformation operations and how their capabilities and reach will be significantly enhanced and accelerated through application of Artificial Intelligence. We will also present strategies for individuals, organisations and governments to begin to combat on this new frontier.

Near-RT RIC (RAN Intelligent Controller) is a pivotal component within O-RAN, crucial for monitoring and managing RF resources and optimizing network performance. In the research, we reveal a couple of potential vulnerabilities in the form of malicious/anomalous xApps, subcomponents designed to optimize resource allocation, and the RIC Message Router (RMR), facilitating communication between these components.

Premiere: 5/16 10:10 - 10:40 

Replays: 5/16 16:10 - 16:40, 5/16 22:10 - 22:40

Security and security evaluations of integrated circuits is becoming a very important component for the overall security of devices and systems and is complex for a number of reasons. First, there is a large number of different regulations and assurance requirements that are continuously being developed. Second, the security of hardware-based solutions depends on the specific solution, and the solutions are fragmented, ranging from highly secure to unprotected in different technologies. Third, attacks and tools for attacks in the hardware area are actively being developed, leading to implementation of countermeasures and increased complexity and costs. Fourth, the developments of cryptography to quantum safe algorithms introduces challenges larger than drop-in replacements.

In this talk, we will first give an introduction to security evaluation of hardware-based security evaluation and its importance for the overall security of devices and systems. Then we will describe the current challenges for manufacturers, security laboratories and certification assessment bodies with focus on (1) the developments in the landscape of regulations and certification schemes, and then (2) the challenges for hardware-based security given the developments of post-quantum cryptography.

Looking ahead to ICS (Industrial Control System) security, it is crucial to consider the evolving technology and threat landscape. In this regard, the framework proposed by NIST, known as CSF 2.0, and the interaction with other emerging technologies are of paramount importance. CSF 2.0 is a widely used framework in the ICS security domain, providing a set of standards and guidelines to help enterprises assess, improve, and manage their ICS security.

The highlights of the CSF 2.0 framework lie in its flexibility and comprehensiveness, making it applicable to various types of organizations and different industries' ICS environments. However, with the advancement of technology, the emergence of emerging technologies brings new challenges and opportunities for ICS security.

For example, the applications of technologies such as the Internet of Things (IoT), Artificial Intelligence (AI), edge computing, supply chain, blockchain, etc., are becoming increasingly widespread. These technologies bring greater intelligence, connectivity, and efficiency to ICS systems, but at the same time, they also increase security risks. Therefore, the ICS security field needs to continuously interact with these emerging technologies to address new threats and strengthen system security.

The integration of CSF 2.0 with emerging technologies presents both challenges and opportunities for enhancing ICS security. Organizations need to adapt their security strategies to embrace the benefits of these technologies while effectively managing associated risks. Collaboration between industry stakeholders, researchers, and policymakers is essential to develop robust security measures and frameworks that can effectively mitigate evolving threats to ICS environments.

Ransomware crime syndicates are targeting enterprises for extortion, leaving everyone vulnerable. Ransom incidents have become routine, so how can we detect signs before significant harm is done? There are always precursors before ransomware truly impacts a company. This session will lead us from a blue team perspective to identify the signs of ransomware attacks. By recognizing these indicators early, we can mitigate the damage before it becomes severe.

Privacy-enhancing technologies (PETs) are technologies that embody the fundamental principles of data protection by minimizing personal data use, maximizing data security, and enhancing individual agency. PETs protect the privacy of personal information of users authorized by services or applications. They employ techniques to minimize the possession of personal data by information systems without losing functionality. However, there is no unified definition of PETs to quantify privacy since the objectives and scenarios depend on practical applications. In this lecture, we start from the motivation for privacy, illustrate why PETs are necessary through real-life events, and then introduce an overview of existing privacy solution technologies, including federated learning, secure multi-party computation, homomorphic encryption, differential privacy, and zero-knowledge proofs, among others.

The most important iron rule when using cloud platforms, SaaS platforms, and CI/CD platforms is the Principle of Least Privilege (PoLP). We always believe that by setting the minimal amount of privileges possible, we can ensure the security of the system. But is this really the case? This session will present an intriguing case study where the misuse of the Github Actions API led to privilege escalation and the hijacking of the CI/CD process, as well as tampering with the Repository. In this instance, despite the developers adhering strictly to the official documentation's recommended settings for all permissions, in line with the Principle of Least Privilege, it still resulted in the exploitation of vulnerabilities that compromised the website.

To enhance the convenience of software services, vendors are increasingly offering products via SaaS. However, as enterprises heavily adopt SaaS, their straightforward usage evolves into a cloud migration opportunity, inadvertently entering a realm of cloud complexity, which also eases hacker intrusion. Users often remain unaware of the extent of their cloud service usage until an attack occurs. This session diverges from the usual pre-incident cloud log configurations and post-incident threat hunting using logs. Instead, it focuses on real-time monitoring, particularly on Azure Entra ID and related cloud service logs, identifying key monitoring points during incidents. This provides a direction for attendees to apply in daily operations. Additionally, it includes case studies on cloud intrusions, demonstrating how well-designed monitoring rules can facilitate early detection and immediate response to enterprise breaches.

In this era of heightened cybersecurity awareness, the implementation of various protection and alert tools and technologies has become common practice. However, have we truly done enough in handling alerts? This session will delve into how unaddressed alerts can evolve into breaches, leaving organizations continually exposed to risks.

Through case analyses, we will share the process of analyzing attack methods and identifying relevant clues, enabling a proper understanding of the current threats and the formulation of response measures.

Since early 2022, we have been monitoring an APT campaign targeting several government entities worldwide, with a strong focus in Southeast Asia, but we have also seen targets in Europe, America, or Africa. Our research allowed us to identify multiple connections with China-nexus threat actors Earth Lusca and Luoyu. Despite this campaign still has an independent infrastructure and employed unique backdoors. We managed to retrieve multiple files from the threat actor's servers, including samples, configuration files and log files from their attack tools. By combining this data with our telemetry, we have gained a better understanding of their operation and build a clear view of Earth Krahang’s victimology and interests. In this presentation, we are going to disclose the details of their latest operations.

Emerging security risks limit the Internet of Things' potential. The fundamental way to solve this problem is to combine the advantages of the most secure hardware, software, and operating system solutions to create an interlocking security ecosystem.

PUFsecurity developed a series of chip-level hardware security solutions based on the patented Physical Unclonable Function (PUF), including the hotly discussed hardware root of trust and the indispensable crypto coprocessor. We use the unique secret generated by PUF to develop robust technologies such as key management, encryption and decryption, authentication, and anti-tamper technologies and wrap them into a highly integrated IP that is easy to deploy and use, protecting and connects the entire security operation ecosystem from the hardware level.

In this speech, we will gradually explain the role of hardware security, that is, chip security, in the entire information security trust chain, and then explain the technology, operation, and critical designs against attacks.

Premiere: 5/16 10:50 - 11:20 

Replays: 5/16 16:50 - 17:20, 5/16 22:50 - 23:20

In today's global cybersecurity landscape, the Software Bill of Materials (SBOM) has become a focal point for enterprises. This presentation will delve into the practical applications, technical challenges, and industry insights of SBOMs, covering aspects such as process management, cross-departmental collaboration, and supply chain integration. Through case study sharing, we will unveil the significance of SBOMs in software management, component tracking, and vulnerability assessment, underscoring the balance between automation and manual review. We will explore the role of SBOMs as part of a comprehensive security strategy, offering strategies to avoid common pitfalls and adopt best practices. Additionally, we will introduce the latest specifications of the SPDX international standard to enhance software security and management efficiency.

This session delves into cybersecurity challenges and strategies between Operational Technology (OT) and enterprise networks. We will dissect vulnerabilities at their intersection, including threats like ransomware and remote intrusions. Through case studies and expert insights, attendees will gain deeper understanding of OT security issues and learn to establish robust protection strategies for production networks, ensuring stability and safety. The aim is to raise awareness of OT security threats and provide practical response solutions, empowering attendees to effectively address growing cybersecurity challenges and safeguard business assets and operations.

In 2023, a new cyberespionage campaign by a group we named Earth Estries was identified, indicating activity since at least 2020. Notably, similarities emerged between Earth Estries' tactics and those of the advanced persistent threat (APT) group, FamousSparrow. The tools and techniques used suggest the involvement of highly skilled threat actors wielding advanced resources, employing numerous backdoors and hacking tools to great effect, targeting organizations in the government and technology industries based in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the US. In this topic, we discuss our detailed findings and technical analysis, including some backgrounds about Earth Estries and their motivations, attack methods and tools, C&C infrastructures, victimology and attribution.

This presentation will reveal a 0-day of edge device exploited in the wild by Chinese APT groups to spread disinformation and will share multiple case studies abused by Chinese threat actors. Additionally, we also disclose the new malware family implanted in edge devices, such as port-knocking backdoors and LoLbin attacks in edge devices. Lastly, this presentation also provides related approaches to mitigate related attacks.English Speech Summary。

In the cloud era, identity management becomes a formidable challenge for enterprises due to complex usage patterns and diverse identities and permissions. According to Gartner’s 2023 report, 'Managing Privileged Access in Cloud Infrastructure', it is predicted that 75% of cloud breaches will involve misconfigurations in Identity and Access Management (IAM), highlighting the crucial importance of identity visibility. To address this, we propose a system designed to identify and visualize the identity attack surface, presenting relationships between all cloud-related identities and assets graphically. 

Various types of accounts exist in the cloud environment, including CI / CD service accounts and on-premise synced accounts. Often, users may overlook these account types if they are not included in standard cloud inventory tools, focusing primarily on cloud-only accounts. Additionally, trusted relationships significantly extend the identity perimeter. This situation requires users to manage not only their own account permissions but also those of guest accounts, which can vary significantly in terms of risk.

In this talk, we will provide an inventory list of assets and configurations related to cloud initial access. Afterward, we will discuss a case study involving a cloud managed service provider that uses guest accounts to manage cloud services, highlighting issues related to identity and IAM misconfigurations. We will introduce how to reduce the attack surface of identities.

As countries worldwide expand their deployment of 5G networks, Taiwan is also catching up by promoting the widespread adoption of 5G network services and introducing numerous 5G User Equipment (UE). In this session, our focus will be on industrial-grade communication Internet of Things (IoT) devices, with the goal of "Pwn it before open it." This aims to enable successful research and yield findings before obtaining the physical product. The content will revolve around sharing the hurdles encountered during the research process, the methods employed to overcome them, and the approach to research. We will also share the cybersecurity vulnerabilities discovered in industrial-grade communication IoT devices and methods for mitigation and prevention. 

The content of this speech includes an introduction to the ASCON algorithm, our research team’s hardware implementation results, and its Side-Channel Analysis (SCA). The National Institute of Standards and Technology (NIST) announced in 2023 that the ASCON series of algorithms is a Lightweight Cryptography standard for Internet of Things (IoT) devices. ASCON boasts a simple structure compared to the Advanced Encryption Standard (AES) and Hash functions like SHA-256, which have been used for over 20 years. This design architecture can simultaneously meet the Symmetric-key Algorithm and Hash function requirements. However, whether in software or hardware implementation, ASCON remains vulnerable to attacks from Side-Channel Analysis, and attackers may even utilize Machine Learning or Deep Learning technologies to enhance attack efficiency.