In a world plagued with Ransomware, you would be forgiven for thinking that Cybercriminals just do the same thing over and over again. The reality however is quite different - with a sophisticated, and efficient, service industry propping up crime online. Over the last year this ecosystem has evolved further, with new Criminal Business Models emerging - in particular as criminals have steadily increased their usage of AI. These changes will continue to test our defences, and force us to evolve also.

But AI in particular is not an even technology - while it is a great enabler for all industries, crime included, it stands to enhance some more than others. Of all these industries, Cybersecurity - and Law Enforcement who focus on it - are possibly the most ready to take advantage of the unique benefits it brings. 

In this talk, we'll dive into recent Criminal evolutions, and show why this time is a period where those on the defensive side of CyberSecurity stand to gain the biggest advantage in this never ending conflict.

LLMs are one of the most powerful inventions since the birth of computers. Not only are they a crucial piece in transforming information into knowledge, but they also serve as the foundation for building the AI-driven world. In just three to four years, LLMs have taken the world by storm, igniting a series of frenzied AI revolutions that have pushed the boundaries of technological advancement. However, with every leap in technology comes new challenges.

Unlike conventional software, LLMs are highly unpredictable, behaving more like "singularities" that do not conform to traditional information systems. Standard software quality control methods and testing tools are nearly ineffective in this domain, and existing cybersecurity frameworks struggle to adapt. We cannot approach LLM security as merely another software issue.

In this talk, we will explore the new cybersecurity challenges posed by AI applications from a security professional’s perspective. Join us as we delve into the risks and strategies needed to prepare for this transformative wave in the information industry! 

We conducted a research project on communications resilience for Taiwan. We asked a simple question: If in conflict, can Taiwan's people, private sector, and government demonstrate the same kinds of resilience we saw conducted by Zelensky in Ukraine? This proposal will tell the story of our research process, our findings, and how we created a war game / table top exercise to conduct at DefCon and Blackhat Las Vegas in 2024 to try to answer our simple question.

After breaching the internal network, attackers exploit network devices as footholds to compromise switches, ultimately taking control of core network infrastructure to enable lateral movement. This presentation will analyze the attack chain and technical methodologies involved, while also exploring actionable strategies to prevent network devices from being weaponized by attackers.

Premiere: 4/15 12:00 - 12:30

Replays: 4/15 18:00 - 18:30, 4/16 00:00 - 00:30

API attacks have become an increasingly severe issue in the Asia-Pacific region, posing major security threats to enterprises. These include shadow APIs, challenges in implementing third-party APIs, lack of API management, business logic abuse, data breaches, and a significant shortage of API security expertise.

In this session, David Holmes, Chief Technology Officer for Application Security at Imperva (a Thales subsidiary) and former Forrester cybersecurity analyst, will provide an in-depth analysis of API attack trends based on the latest attack statistics from the Imperva Threat Research Team. The discussion will cover common API vulnerabilities, business logic attacks, and emerging AI-related threats. Additionally, it will highlight global threat indices, regional differences between the Asia-Pacific and other areas, and provide localized insights into Taiwan's threat landscape.

How can enterprises develop concrete and actionable security strategies to counter these threats? This talk will outline proactive and adaptive cybersecurity measures and share the latest advancements in modern application security protection technologies.

Cybersecurity challenges are becoming increasingly diverse as cloud computing and AI technologies advance rapidly. This session takes a thorough look at the critical risks faced by AI applications, including data breaches, AI hallucinations caused by incorrect RAG data, and cyberattacks in which users trick AI into generating sensitive content. Also discussed in this session are: how to protect AI infrastructures, as well as how to achieve higher levels of security in cloud environments, offering comprehensive and practical solutions for securing AI.

Premiere: 4/15 12:40 - 13:10 

Replays: 4/15 18:40 - 19:10, 4/16 00:40 - 01:10

Multi-Factor Authentication (MFA) has long been considered an effective defense against account takeovers. However, with attackers developing automated tools to bypass MFA, relying solely on MFA is no longer sufficient. This session will explore the limitations of MFA and why a more comprehensive security strategy is essential to mitigate account compromise risks.

The presentation will cover the latest trends in MFA bypass attacks and analyze common techniques such as Pass-the-Cookies, push notification fatigue attacks, malware-based attacks, brute force, and adversary-in-the-middle (AiTM) attacks. To effectively counter these threats, organizations must go beyond traditional MFA and integrate technologies like artificial intelligence, machine learning, and behavioral analytics.

Additionally, implementing adaptive access controls, conducting regular security awareness training, and adopting a layered defense strategy are crucial to strengthening overall security. This session will provide insights into building a more resilient authentication framework to protect against evolving threats.

Premiere: 4/15 13:20 - 13:50 

Replays: 4/15 19:20 - 19:50, 4/16 01:20 - 01:50

Since BIMCO (The Baltic and International Maritime Council) first published its cyber security guidelines in 2016 and IMO’s (The International Maritime Organization) “Resolution MSC.428(98)” Maritime Cyber Risk Management guidelines in 2017, the maritime sector saw gradual progression of cyber safety awareness. Subsequently, OCIMF (the Oil Companies International Marine Forum) published its cyber safety chapters in its Ship Inspection Report Programme in 2018. This was followed by IACS’ (International Association of Classification Societies) technical guidelines in 2021 which stipulated all new builds in 2024 onwards to be cyber compliant.

While cyber incidents are not uncommon in the maritime sector, mostly are still within the IT on-shore and off-shore scenarios. What about the so-called moving and floating OT onboard rigs and vessels?

A live journey of this observation will be shared in this presentation in a bid to raise the awareness and to recommend the focused areas for maritime cyber going forward.

The European Union's Cyber Resilience Act (CRA) is set to take effect on December 11, 2027, posing significant compliance challenges for many organizations.

For manufacturers of industrial control and equipment, adherence to IEC 62443-4-1 and IEC 62443-4-2 product development standards satisfies most of the CRA requirements. However, there remain compliance gaps and potential risks in certain areas.

This presentation will examine these non-compliance issues in depth and propose practical and effective reinforcement strategies to help organizations fully achieve CRA compliance and enhance the cybersecurity resilience of their products.

In today's accelerated digital transformation, how enterprises can effectively integrate AI technology and information security has become a key issue.This session will explore in-depth AI-driven information security innovation strategies, help enterprises utilize AI technology to realize proactive prediction and response mechanisms, and provide CIOs and CISOs with a new perspective on risk.

Taiwan faces a range of threats, from cyber espionage to disinformation campaigns. This concise briefing will provide a high-level overview of the current threat landscape in Taiwan, leveraging Google Threat Intelligence (GTI) to highlight key trends and potential risks. Attendees will gain a valuable understanding of the challenges facing Taiwan and how GTI can help mitigate those risks.

In an era where digital threats are constantly escalating, Black Cat Information leverages integrated cybersecurity solutions to help organizations transition from basic defense to advanced threat management, thereby enhancing overall cybersecurity resilience. This presentation will focus on Black Cat Information's core technologies and services, demonstrating how the integration of SIEM, XDR, and SOC platforms enables comprehensive monitoring, intelligence integration, and rapid response.

The presentation will cover Black Cat Information's application in domain security detection, illustrating how to identify potential risks and vulnerabilities within a domain while proposing effective remediation and reinforcement strategies. Additionally, practical cases in External Attack Surface Management (EASM) will be introduced, showcasing how to inventory and manage digital footprints to reduce attack surfaces and minimize asset exposure risks. 

We will also share insights into the deployment of honeypot technology, threat hunting, and the application of the MITRE ATT&CK framework in analyzing hacker behavior. Real-world examples will be used to illustrate the effective implementation of cybersecurity defense strategies.

Through this session, participants will gain an in-depth understanding of how Black Cat Information employs innovative technologies and strategies to assist enterprises in countering escalating digital threats. Attendees will acquire hands-on experience in transitioning from foundational infrastructure to advanced threat management, ultimately strengthening their cybersecurity capabilities and resilience.

Generative AI is rapidly transforming industries and daily life, but it also introduces new risks. Small and medium-sized businesses (SMBs), with limited resources, face growing challenges in managing tasks like threat intelligence, alert analysis, and customer support. Their smaller systems are often vulnerable entry points for cyberattacks. Zyxel addresses these challenges with AI-driven innovations, including machine learning-based threat intelligence, the Nebula network management platform, and SecuReporter. These tools help SMBs enhance operational efficiency, strengthen security, and stay prepared for future.

In today’s rapidly evolving cyber threat landscape, organizations face increasingly sophisticated and targeted attacks while also struggling with limited resources and fragmented security architectures. How can businesses enhance their cybersecurity defenses and response speed while reducing costs?

This session will explore how collective intelligence is driving cybersecurity transformation and how the CrowdStrike Falcon platform leverages an integrated approach to deliver faster and more effective security outcomes. We will provide insights into the latest global cyber threat landscape, analyzing attacker tactics and trends to help organizations understand today’s most pressing security challenges.

Additionally, we will discuss Security Consolidation—how reducing tool sprawl, simplifying security management processes, and leveraging AI-driven threat detection can strengthen an organization’s overall defense posture. With the modern security strategy of the CrowdStrike Falcon platform, businesses can achieve stronger protection, faster response times, and lower costs.

Join us for this session to gain practical cybersecurity best practices and insights into how speed, intelligence, and efficiency can help organizations build a more resilient cybersecurity framework.

Infostealers commit close to a perfect cybercrime tool. They sneak into the computer, grab the passwords, anything of value (like cookies that help to bypass MFA) and the victim doesn’t even know they’ve been robbed. Let’s discuss how this threat impacts any size business in any industry worldwide.

The ISO/IEC 27001 is already a universal information security standard in the financial industry. In addition to continuing to maintain the validity of ISO/IEC 27001 certification, we began to think about how to continue to "consciously" strengthen the company's information security. Therefore, at the end of 2024, we overcame many difficulties and obtained the first NIST CSF certification in Taiwan's financial industry.

Through the Cybersecurity Framework proposed by the National Institute of Standards and Technology (NIST), we use the core framework and five implementation levels of the NIST CSF to examine the maturity of the company's information security governance, find our shortcomings in information security management, and then strengthen it in stages according to the risk level and company resources to build a more complete information security management structure.

The bitter blood and tears of introducing the NIST CSF certification process will be shared through this speech. I hope it will bring you inspiration and gain.

As enterprises increasingly adopt application-driven business models, security issues have become increasingly prominent. Many network security measures focus too much on human identity and ignore the management of machine identity. This provides opportunities for hackers and may lead to deep system attacks, ultimately leading to network attacks and data leaks. 

In the current digital economy, secure machine-to-machine communications have become even more important. However, with the widespread application of artificial intelligence (AI), new risks also arise. AI's automation and decision-making capabilities, if not properly managed, can lead to management vulnerabilities in TLS certificates and machine identities, increasing security threats.

Participants will gain an in-depth understanding of the challenges posed by rapidly growing machines and the complexities of cloud environments. We will explore the risks that AI can cause in TLS certificate lifecycle management (CLM), including potential errors in automated processes, insufficient anomaly detection, and errors in vulnerability prediction. This workshop will provide attendees with key insights and tools to strengthen their cybersecurity defenses and effectively manage machine identities in an AI-driven environment

The threat landscape in Asia Pacific has remained volatile, with 40% of respondents in our latest Asia Pacific Cybersecurity Report indicating they had experienced data breaches.

Ben Munroe (VP, APJC Field Marketing) will break down the growing resources devoted to compliance, gather insights on Zero Trust adoption and highlight key data on top cybersecurity priorities.

He will share the top three attack vectors that resulted in data breaches, how much of IT budgets are now addressing regulatory requirements and best practices for limiting the leverage for ransomware attackers and their demands

We provide an all-in-one Matter solution to help customers speed up product development, optimize production processes, and ensure compliance with international regulations and cybersecurity standards. Through professional technical support and comprehensive solutions, we enable products to reach the market faster, enhance efficiency, and reduce costs. Moreover, our solutions comply with various national regulations and Matter Cybersecurity Standards, ensuring security and regulatory compliance for more efficient and robust products.

對於疫情過後的台灣，在歷經了近年多次的大規模駭客攻擊或綁架事件後，國內企業己具備充足的危機意識，而接著而來的烏俄戰爭的全球性影響，相對台灣也長期處於在地緣政治與資訊戰中，可預期未來面臨更多更複雜的勒索軟件攻擊，以及地緣政治緊張時的持續營運挑戰，都更需要提前思考及超前部署準備。本次議題針對台灣資料安全最大的兩項風險，提供最受歡迎的資料保護解決方案，為企業在資訊安全領域提供了寶貴的參考與啟發

Premiere: 4/15 14:00 - 14:30 

Replays: 4/15 20:00 - 20:30, 4/16 02:00 - 02:30

1. FinTech is at the forefront of innovation, leveraging cutting-edge technologies while prioritizing operational security—an essential factor for its success. With robust security measures, FinTech can effectively guard against emerging threats. To tackle potential risks, it employs critical methodologies such as the Information Security Management System (ISMS), NIST Cybersecurity Framework, Privacy/Personal Information Management System (PIMS), and Business Continuity Management (BCM). 

2. Secure data management is crucial in navigating the risks of oversharing, third-party access, misconfigurations, and misclassifications. By implementing effective risk management strategies, organizations can proactively identify and address security challenges, ensuring that sensitive information remains protected from unauthorized access and corruption. That talk will examine (1) Secure Data Management in Digital Development, (2) Cybersecurity in FinTech, (3) Cybersecurity Development and Opportunities, and (4) Conclusion. 

3. Da-Yu Kao is an esteemed Associate Executive Vice President of the Information Security Division at Bank SinoPac in Taiwan and a dedicated part-time professor in the Information Security Master’s Program at National Chengchi University. With a solid investigative and forensic background, he has authored nearly 200 empirical papers on FinTech security and has an impressive international research portfolio. His extensive collaboration with law enforcement agencies and participation in global conferences highlight his commitment to enhancing FinTech security. 

Cyber threats in mobile networks are spreading like a silent pandemic, posing severe challenges to Industrial IoT security. This session will analyze cybersecurity risks in distributed IIoT environments, including lack of device visibility, insufficient traffic management, delayed firmware updates, and weak attack isolation. Focusing on three critical cybersecurity defense strategies, the session will leverage real cases and technical demonstrations to showcase innovative security solutions against mobile network attacks, fortifying IIoT resilience.

1. IIoT Content Security Defense: Enhancing device visibility with high-performance Deep Packet Inspection (DPI), network micro-segmentation, and automated threat response to effectively block malicious activities and limit attack scope.

2. IIoT Zero Trust Architecture: Implementing Network Access Control (NAC) for device authentication and compliance checks to mitigate internal security risks.

3. IIoT Device Security Design: Centering on "secure-by-design" principles, integrating international security certification standards and policy frameworks to strengthen IIoT device protection.

Premiere: 4/15 14:40 - 15:10 

Replays: 4/15 20:40 - 21:10, 4/16 02:40 - 03:10

Explore how industries such as fintech, healthcare, manufacturing, retail, and critical infrastructure are leveraging OXDR, XDR, and cloud security to strengthen cyber resilience. Discover how these advanced security solutions enhance threat detection, incident response, and compliance across diverse digital ecosystems, ensuring businesses stay ahead of evolving cyber threats worldwide.

As the 5G era dawns and the Internet of Things (IoT) rapidly proliferates, network traffic is undergoing explosive growth. The emergence of innovative applications (like OTT services) and diverse network architectures (such as CDNs) has made traffic content and behavior more varied and complex, presenting new challenges for carrier-grade traffic visibility and forensic analysis.

In this session, we will delve into use cases to explore how GenieAnalytics by Genie Networks leverages diverse traffic data collection, big data database construction, heterogeneous data correlation and enrichment, multidimensional traffic analytics, and network forensics to help network operators grasp traffic pattern, gain instant insights, and effectively address challenges.

We will demonstrate how to build a carrier-grade, network-wide traffic analysis solution, assisting network management teams in optimizing network resources, detecting traffic anomalies, and enhancing network security. This presentation, combining technological trends with practical applications, will lead you to explore new horizons in next-generation network security and management.

1. Introduction to Vicarius

2. How Long Have Vulnerabilities Been Troubling Us?

3. One-Stop Vulnerability Remediation Platform with AI Assistance at Every Step:

(1) Discovery: Asset environment mapping, unknown zero-day vulnerabilities, software relationships, network scanning

(2) Analysis and Contextual Prioritization: Multi-dimensional Vulnerability scoring system, real-time network threat landscape, dynamic vulnerability environment.

(3) Remediation: Single or recurring Playbooks, Script Based Remediation and Operation, patch rollback, AI-driven remediation suggestions, Next Generation Patchless Protection

Deploying next-generation firewall and intrusion detection systems in the cloud often requires complex architectures and significant management overhead. Beyond ensuring high availability, routing traffic to the firewall also demands tedious design. In this session, you will learn how to use Cloud NGFW to deploy secure, scalable, and highly available cloud-native next-generation firewall and intrusion detection systems with a simplified architecture. We will show you how to enhance application security with ease.

Simplify network security management for your team with Zero Trust.

When an organization has already implemented a database audit solution, can it strengthen the identification of data security from the perspective of "people"? Or is it just a routine for regulatory compliance? In this session, we will take a closer look at how we can use information about database activity to further prevent the risk of possible data breaches.

AI-driven data classification and labeling technology enables enterprises to automatically identify, tag, and categorize internal data, ensuring that sensitive information receives the appropriate level of protection. By leveraging machine learning and behavioral analysis, AI enhances the distinction between confidential, internal, and public data, dynamically adjusting classification labels based on business needs.

When integrated with Risk-Adaptive Protection (RAP), the system conducts real-time risk assessments based on user behavior, automatically adjusting access permissions and security policies as needed. If anomalous activities are detected, protective measures are reinforced instantly.

This intelligent security mechanism not only enhances data management efficiency but also ensures that enterprises maintain a robust data security posture in an ever-evolving digital landscape.

Elastic Security combines AI Assistant and Machine Learning to bring a new perspective to enterprise security operations. The AI Assistant focuses on quickly analyzing alerts, helping security teams clarify the threats to prioritize and provide the best response recommendations, significantly shortening incident response time. Machine learning technology is responsible for in-depth mining of massive log data within the enterprise, proactively identifying potential threats and abnormal behavior, avoiding the risks that traditional rule-based systems may miss. Compared to the high false positive rate and data processing bottlenecks of traditional SIEMs, Elastic Security breaks through limitations with its distributed architecture and intelligent analysis technology, achieving more comprehensive and accurate control of modern threats. This topic will delve into how Elastic Security can revolutionize security operation processes and improve threat detection efficiency through the perfect combination of AI Assistant and machine learning, and demonstrate its qualitative difference from traditional SIEMs, providing enterprises with an intelligent security solution for the future.

Based on the security incidents in which application security was invaded in recent years, this paper explores the potential threats to today's application system security and supply chain vulnarability. In addition to the currently well-known security threats, this session specifically explores threats that may not be considered in "application security testing" and "software supply chain security". We will also discuss the technical and management process aspects, and how to complete necessary security checks in S-SDLC and automated CI/CD processes. And add these TTP into your Threat Modeling knowledge.

Oh no… Windows Update again? System updates have long been a headache for users, disrupting workflows and breaking control over their machines. But what if we told you that top-tier security solutions share the same pain?

Inspired by the Black Hat USA research "Windows Downgrade Attacks using Windows Updates", we conducted an in-depth analysis of how real-world security solutions handle these attack techniques, revealing a critical gap in protection: inconsistencies in how security products interpret and enforce defenses across three key layers—registry settings, running processes, and disk files—ultimately exposing an entirely new attack surface.

In this talk, we’ll take a deep dive into Windows 11’s latest Trusted Installer-based update architecture, exposing its structural weaknesses and the security blind spots between upgrade mechanisms and endpoint protection. We'll analyze how adversaries manipulate event logs to exploit misalignments in system-to-security communications, ultimately forging unprotected registry and disk artifacts to hijack the upgrader’s identity. The result? A fully weaponized "arbitrary update" technique, allowing attackers to repurpose antivirus software as a backdoor execution tool.

Over the past decade, HCLSoftware has played a pivotal role in advancing the digital economy with its robust cybersecurity capabilities. The company has been a driving force behind digital transformation, offering proven security solutions that empower businesses to evolve securely and efficiently.

HCLSoftware offers a comprehensive suite of products and services that tackle a wide range of areas including business applications, AI and intelligent operations, total experience, data and analytics, and cybersecurity. These solutions are designed to bridge the gap between where businesses currently stand and where they aspire to be, equipping them with the necessary toolkit to thrive in the digital+ economy.

With a strong focus on automation, cloud adoption, data analytics, and security, HCLSoftware is portrayed as a catalyst for decision-making, unlocking potential, and propelling transformative growth across various industries.

As organizations accelerate cloud adoption, securing cloud workloads has become a critical challenge. Attackers are constantly evolving, exploiting new attack surfaces such as cloud applications, misconfigurations, and identity-based vulnerabilities. How can businesses stay ahead of these threats and protect their cloud environments?

This session explores the latest cloud security challenges and how adversaries are adapting their tactics to target cloud infrastructure. We will introduce CrowdStrike’s Cloud Security solution, demonstrating how a unified security approach can help organizations detect, prevent, and respond to cloud threats in real time.

Key topics include:

• Emerging cloud attack techniques and evolving threats
• Addressing misconfigurations and identity-based risks
• Strengthening security across multi-cloud and hybrid environments
• How CrowdStrike Falcon Cloud Security delivers proactive and automated protection

The session will also include a product demonstration, showcasing how CrowdStrike Falcon Cloud Security provides real-time visibility, threat detection, and automated response to mitigate risks and secure cloud workloads.

Join us for this session to gain practical insights into securing cloud applications and staying ahead in an ever-changing cloud battlefield. Learn how businesses can leverage AI-driven security, real-time threat intelligence, and automation to reduce risk, improve efficiency, and enhance their cloud security posture.

• Challenges, Trends, and Strategies for Modern Data Environments
• Balancing Security and Efficiency: Ensuring a Safe Environment While Maintaining Operations
• Application and Flexibility of Innovative Technologies in Data Security

Based on the rapid development of AI technology, enterprises now face more complex information security threats.

This course is going to analyze the four major challenges bought by AI technology which are the speed of technological development, system vulnerabilities, data authenticity, and continuous vigilance. It will also explore how to enhance defense capabilities through CTEM (Continuous Threat Exposure Management), ZTA (Zero Trust Architecture), and CSPM (Cloud Security Posture Management).

Additionally, it will share how to integrate SOC, MDR and SOAR to build an information security monitoring and response platform, and how to enhance exposure management and information security resilience through EASM (External Attack Surface Management), BAS (Breach and Attack Simulation), and Incident Response exercises.

Finally, this session will help enterprises grasp AI driven information security trends, establish more comprehensive protection strategies, and ensure operational security and digital transformation development.

This session targets to introduce approaches and recommendations for decision makers with projects of application modernizatin and AI adoption, for both end users and internal stakeholders. Steven will cover below 3 key areas:

1. Reduce complexity and modernize your tech stack;
2. Enable new applications with latest AI capability;
3. Protect from AI related risks and attacks for your customers and internal users

Cybersecurity challenges are becoming increasingly diverse as cloud computing and AI technologies advance rapidly. This session takes a thorough look at the critical risks faced by AI applications, including data breaches, AI hallucinations caused by incorrect RAG data, and cyberattacks in which users trick AI into generating sensitive content. Also discussed in this session are: how to protect AI infrastructures, as well as how to achieve higher levels of security in cloud environments, offering comprehensive and practical solutions for securing AI.

As global semiconductor equipment sales continue to reach record highs, the industry has become a target for threat actors. To enable automated data transfer between different equipment, almost all advance semiconductor fabrications follow to the SECS/GEM standard. However, since this standard was not preliminarily designed with cybersecurity, it's difficult for fabrications to mitigate cyber threats through a single solution.

Although the SECS/GEM standard is crucial for advance semiconductor fabrications, there has yet to be a comprehensive threat study based on the SECS/GEM standard. Therefore, this research will explore the SECS/GEM standard and its communication protocols. When advance fabrications face cyberattacks, it directly impacts global chip production and cycles. To mitigate the threats posed by threat actors to the semiconductor industry, this talk will also analyze the cybersecurity standards for semiconductor fabrications and provide recommendations for protection strategies.

Protecting sensitive documents from leaks is a major challenge for businesses.

This talk extracts practical approaches for intelligent protection of sensitive documents from hundreds of real cases:

1.Comprehensive Strategy – Introducing a framework of ""Security Defense, Good management, and Successful litigation"" to help businesses establish a solid document protection strategy.

2.Intelligent Document Classification – The key requirement of the Trade Secrets Act is that businesses must classify and categorize their documents. This session includes practical cases on how AI technology helps identify sensitive documents and conduct classification, categorization, and auditing.

3.Encryption & Secure File Sharing – File encryption must consider various devices and file formats, as well as secure internal and external sharing, searchability, and direct integration with cloud or other business systems.

4.Implementing Zero Trust: Based on CISA’s Zero Trust Maturity Model 2.0, the ""Data"" and ""Optimal"" guidelines, this session covers best practices for data security, including anomaly access analysis and dynamic access control. Insights from nearly 100 enterprise cases will provide a practical roadmap for implementation.

5.Leak Investigation & Litigation Assessment – Evidence collection and legal assessment can be time-consuming. Automating evidence reports and enhancing user behavior anomaly detection are essential steps after a data leak.

Understanding the threat landscape and what it means for your organization is the cornerstone of establishing a modern approach to threat detection, investigation, and response (TDIR). However, achieving this dynamic, modern approach with traditional SIEMs has proven difficult.

Learn how a modern, AI & intel-driven SOC that leverages applied threat intelligence enables organizations to keep up with the changing threat landscape and reduce risk.

In today’s work environment, hybrid work models have become the norm for businesses. As employees switch flexibly between the office and remote locations, ensuring data security and business continuity has become increasingly important. As an industry leader, Citrix offers a range of innovative solutions specifically designed to address these challenges.

Citrix not only seamlessly integrates cloud and on-premises resources but also provides secure remote access to ensure users can securely access enterprise applications from any location. With robust identity and access management, dynamic security policies, and security controls for endpoint devices, Citrix effectively mitigates potential security threats.

Join our meeting to learn more about how Citrix helps businesses achieve secure and flexible digital transformation in an ever-present hybrid environment, and how it tackles today’s security challenges. We look forward to your participation!

In today’s digital landscape, business resilience and cybersecurity are deeply interconnected. Organizations must safeguard their operations from an increasingly complex range of cyber threats while remaining agile and adaptable. Business resilience refers to an organization’s ability to recover quickly and continue operations after disruptions, while cybersecurity protects critical assets, data, and systems from malicious attacks.

Beyond having a solid cybersecurity strategy, organizations must implement a robust cybersecurity architecture and enforce strong protocols to effectively withstand potential attacks.

Equipping cybersecurity teams with the right tools is also essential to ensure they can respond swiftly and efficiently in the event of an incident.

By leveraging cutting-edge AI-powered technology, organizations can arm their cybersecurity teams with advanced tools to strengthen resilience. By combining human insights aided with machine efficient, businesses remain secure and adaptable in today’s fast-evolving, threat-laden environment.

The rise of artificial intelligence (AI) presents new cybersecurity risks as its applications expand across industries, from data analytics to automation. While AI enhances efficiency, it also introduces security concerns.

1. AI-Driven Attacks: Hackers exploit AI for sophisticated cyber threats, such as deepfake disinformation and automated phishing, making attacks more deceptive and harder to detect.
2. Data Privacy and Surveillance: AI relies on vast amounts of data for training, often involving sensitive information. This increases the risk of data breaches and misuse.
3. Security Vulnerabilities in Automation: AI-driven cybersecurity solutions can strengthen defense mechanisms, but flaws in AI models, biased training data, or system vulnerabilities may lead to misjudgments and security gaps.
4. Regulatory and Ethical Challenges: As AI adoption grows, balancing innovation with regulation is crucial. Ensuring privacy protection and preventing AI misuse remain key global challenges.

To address these risks, businesses and governments must prioritize cybersecurity, strengthen legal frameworks, and invest in AI security measures to build a safer digital future.

As time goes by, vulnerabilities in various products emerge in an endless stream, and the malwares used for attacks are also varied. We collected and analyzed the malicious traffic generated in Taiwan, and especially found several vulnerabilities that attackers often exploit. In addition, we conducted a complete analysis of the malwares that attackers sent in these malicious traffic to control and compromise the target environment. We identified various types of variants and found common characteristics among these malicious programs, such as subsequent triggered attacks or methods of persistence in the target environment, etc.

Modern industrial networks leverage internet connectivity to boost productivity, but the benefits of digital transformation also come with an increased attack surface. The rise of industrial control system (ICS) cybersecurity incidents has significantly undermined the perceived effectiveness of "isolation" as a universal solution. However, due to the inherent limitations of operational technology (OT) environments, they cannot adopt the multi-layered defense mechanisms of IT systems, highlighting the difficulty of protecting OT systems from cyberattacks.

This session will take the perspective of an industrial network security company, using visualization as a starting point to construct a comprehensive industrial security ecosystem. In addition to covering OT assets, it will also encompass IT and IoT devices, as well as equipment within Building Management Systems (BMS). This approach addresses the increasingly discussed topic of Cyber-Physical System (CPS) security in recent years.

Traditional SIEM solutions are no longer sufficient for today’s rapidly evolving cybersecurity landscape. With the exponential growth of data and the increasing speed of cyberattacks, security teams are struggling to keep up. Instead of focusing on stopping threats, SOC teams are spending more time configuring and maintaining event sources and rules.

This presentation will explore why traditional SIEMs are failing and how next-generation SIEM solutions can help organizations enhance SOC efficiency, improve threat detection, and reduce operational costs.

Key topics include:

• The challenges of legacy SIEM solutions in modern security operations
• How cyber threats and attacker tactics are evolving
• The benefits of next-generation SIEM for real-time detection and response
• How organizations can reduce SOC workload and improve response times

Join this session to gain insights into how a modern SIEM approach can transform security operations, enabling faster threat detection, streamlined workflows, and improved SOC performance.

資安是持續的風險管理，首先需掌握資安威脅趨勢，特別是AI技術發展所帶來的資安威脅，並接軌最新的資安推動策略，包括國際及我國等資安策略，在管理面邁向安治理架構，在技術面推動零信任架構，同時建立AI檢測機制，選擇可信賴的(Trustworthy)、負責任的(Accountable)AI產品與系統，以及透過AI技術來強化事前、事中及事後的資安防護。

本演講，將就AI創新趨勢發展分析，可能產生的資安威脅，及所需的資安治理模式。

1. AI的資安威脅

(1) 網路安全環境、社會與治理 (ESG)

(2) AI是什麼?有那些創新?

(3) AI的資安威脅

2. AI的資安風險評估方法

3. AI的資安防護與治理模式

4. 結論

The advent of quantum computing poses significant challenges to classical cryptographic systems, necessitating a global transition to post-quantum cryptography (PQC). This talk will explore the current landscape and critical milestones of this transition. A key focus will be the efforts of the NIST PQC team, which has standardized CRYSTALS-Kyber and HQC as key encapsulation mechanism (KEM) standards, alongside CRYSTALS-Dilithium, Falcon, and SPHINCS+ as digital signature standards. Further insights will be drawn from the publication of NIST's Internal Report 8547, "Transition to Post-Quantum Cryptography Standards."

Additionally, the National Cybersecurity Center of Excellence (NCCoE) at NIST is spearheading the "Migration to PQC" project, detailed in Special Publication 1800-38, which provides comprehensive guidelines to facilitate this transition. The talk will also delve into the critical importance of countermeasures against side-channel attacks as part of PQC migration. Addressing these vulnerabilities is imperative for achieving certification under higher levels of FIPS 140-3 and meeting Common Criteria standards.

This presentation will delve into the core concepts and functionalities of Google Cloud CNAPP solution (Security Command Center Enterprise), including:

1. Unified Visibility and Control
2. Threat Detection and Response
3. Security Vulnerability Management
4. Compliance Assurance

Through this presentation, you will understand how Security Command Center Enterprise can help you:

1. Reduce Security Risks: Comprehensively protect your cloud application scenarios (e.g., AI, DMZ, data warehouse), reducing security vulnerabilities and attacks.
2. Improve Security Efficiency: Automate security processes and improve the efficiency of security teams.
3. Optimize Cost-Effectiveness: Integrate multiple security functions to reduce security costs.

In recent findings, Cisco Talos has uncovered a new threat actor, dubbed “CoralRaider,” believed to originate from Vietnam and driven by financial motivations. Operating since at least 2023, CoralRaider has targeted victims primarily across Asian and Southeast Asian countries, focusing on the theft of credentials, financial data, and social media accounts, including business and advertisement profiles.The group employs sophisticated tactics, leveraging customized variants of known malware such as RotBot (a modified version of QuasarRAT) and the XClient stealer as primary payloads in their campaigns. Notably, CoralRaider utilizes the dead drop technique, utilizing legitimate services to host C2 configuration files and uncommon living-off-the-land binaries (LoLBins) like Windows Forfiles.exe and FoDHelper.exe.

In a recent discovery made by Talos in February 2024, CoralRaider has initiated a new campaign distributing renowned infostealer malware, including Cryptbot, LummaC2, and Rhadamanthys. Employing innovative tactics, the threat actor embeds PowerShell command-line arguments within LNK files to evade antivirus detection and facilitate payload downloads onto victim hosts.Furthermore, the campaign utilizes Content Delivery Network (CDN) cache domains as download servers for hosting malicious HTA files and payloads, adding another layer of complexity to their operations. Talos assesses with moderate confidence that CoralRaider is behind this campaign, noting overlaps in tactics, techniques, and procedures (TTPs) observed in previous Rotbot campaigns. These include the utilization of Windows Shortcut files as initial attack vectors, intermediate PowerShell decryptors, and FoDHelper techniques to bypass User Access Controls (UAC) on victim machines.

This research sheds light on the evolving tactics of CoralRaider and underscores the importance of continuous threat intelligence to combat emerging cyber threats effectively. Understanding the modus operandi of such threat actors is crucial for bolstering defenses and mitigating risks in today’s cybersecurity landscape.

This session will delve into an emerging advanced technique designed to bypass Endpoint Detection and Response (EDR) systems. This technique enables attackers to conceal their malicious activities and evade EDR monitoring and detection by leveraging low-level Windows APIs and manipulating system call user-mode hooking mechanisms. By doing so, attackers can bypass traditional EDR defenses, evade file scanning, behavior monitoring, and other protective measures, while establishing persistent control.

In 2025, AI will emerge as the central pillar of cybersecurity, yet its rapid advancement also brings heightened risks such as deepfake technology and quantum attacks, posing unprecedented challenges for enterprises. This discussion will explore critical cybersecurity trends and demonstrate how Palo Alto Networks' unified platform, powered by AI-driven security solutions, can transform passive defense into proactive resilience. Learn how to build a trusted AI security strategy to navigate the complexities of evolving cyber threats and maintain a competitive edge in the dynamic digital landscape.

Hyper-V in Windows endpoint detection, has always been regarded as the crown jewel that is difficult for the red team to conquer. Therefore, in the underground economy, online game anti-cheat protection heavily utilize Intel VT as the last line of defense to avoid classic BYOVD kernel-level attacks to bypass the protection; However, SOTA anti-cheat protection, in order to achieve better system threat protection than Microsoft's standard design, gradually introduce Hyper-V technology to make numerous kernel-level protection via EXPLOIT AND MANIPULLATION to Windows 10+ NT Kernel objects, under the premise of "effectively bypassing Microsoft's kernel driver-level protection " to beawre the game cheating. But this technology as detection, malicious and effective?

Know yourself and your enemy, you will never be defeated in a hundred battles! In this session, we will guide the audience to play with the Hypervisor detection defences and the system's architectural relationship with them, from dismantling the architecture of Microsoft's VT-based Hyper-V platform to how the anti-cheat protection can manipulate Microsoft's VBS (Virtualisation-Based Security) and Patch Guard to achieve the desired results to forge memory pages in both user/kernel mode. In the end of the session, provides recommendations and guidance on the methods and risks of endpoint detection to introduce such kernel patches as endpoint detection.

Large Language Models (LLMs) have shown great potential in cybersecurity applications. However, to fully harness their value, inherent biases and stability issues in LLM-driven security assessments must be effectively addressed. This talk will focus on these challenges and present our latest research on improving evaluation frameworks.

Our study analyzes how LLMs can be influenced by the order of presented options during the assessment process, leading to biases. We propose ranking strategies and probabilistic weighting techniques that significantly improve scoring accuracy and consistency. Key topics covered in this talk include experimental design and observations on LLM biases, probability-based weighting adjustments, and methodologies for integrating results from multiple ranking permutations. Notably, through validation with the G-EVAL dataset, we demonstrate measurable improvements in model evaluation performance.

Whether you are conducting research on language models or working in cybersecurity technology and decision-making, this talk will provide valuable technical insights and practical takeaways.

Cyber Threat Intelligence (CTI) plays a pivotal role in modern cybersecurity defense, providing critical insights into vulnerabilities, attacker profiles, attack tools, and Indicators of Compromise (IoCs). However, the traditional practice of analysts relying on unstructured text for report writing, while beneficial for interpersonal communication, results in inefficient and time-consuming intelligence management.

Despite STIX format and MITRE ATT&CK® matrix providing foundational infrastructure for standardized intelligence management, their high technical barriers have hindered widespread adoption. Our solution leverages Large Language Models to develop automated tools—CTI2STIX and CTI2MITREATT&CK—enabling seamless conversion from natural language intelligence to structured formats.

Furthermore, our system integrates multi-source intelligence reports, breaking down information silos and enhancing the comprehensiveness, efficiency, and accuracy of threat analysis, thereby providing organizations with more robust cybersecurity protection capabilities.

Cybersecurity is essential across all industries and stands as one of the cornerstones of national security in Taiwan. Yet, discussions often center around technical details or attack methodologies, leaving out the real-world challenges defenders face in their daily operations. With limited resources and budgets, the critical issue of how to implement proactive strategies, optimize resource allocation, and maximize defense effectiveness has received surprisingly little attention.

In this presentation, I will explore how to foster a resilient defensive mindset, select and deploy the most effective tactics and tools based on your organization's specific needs, and examine the latest trends in attack methods. Rather than relying on traditional frameworks, we will focus on building a more practical, results-driven defense strategy. Through real-world case studies and firsthand experiences, I will provide actionable insights that go beyond theory, offering concrete, immediately applicable strategies.

Whether you are a business leader, a cybersecurity professional, or someone passionate about the future of digital security, this session will equip you with valuable knowledge to help you optimize your resources and enhance your organization's security posture.

As cyber threats facing enterprises become increasingly complex and diverse, ASUS has developed a robust approach to enhance visibility and real-time responsiveness through External Attack Surface Management (EASM) combined with threat intelligence resources. This article delves into how ASUS integrates various threat intelligence sources, collects relevant information from a multitude of data streams, and employs automation to bolster cybersecurity defenses.

We will explore how EASM can be leveraged to meet enterprise needs by integrating threat intelligence, including the use of both commercial and free methods to observe EASM, manage digital assets, and threat intelligence platforms. The process of gathering different threat intelligence sources and filtering intelligence content will also be discussed. Subsequently, we will examine how to utilize data from threat intelligence platforms to integrate enterprise Open Source security risks, focus on high-risk vulnerabilities, and enhance overall security.

Additionally, we will introduce the use of the AIL Project for intelligence gathering, particularly extracting, crawling, mining, and analyzing unstructured data from private channels and the dark web to obtain valuable threat intelligence. These insights will be automatically converted into critical notifications to establish an efficient alert mechanism, ensuring enterprises can respond to potential threats in real-time.

Finally, we will share ASUS future plans, including more comprehensive data collection and the future integration of CTI with LLM (Language Learning Models), to further enhance the enterprise’s security defense capabilities.

This comprehensive approach demonstrates ASUS commitment to providing robust cybersecurity measures through the intelligent integration of diverse data sources and automated threat intelligence processes.

Introduction

Geopolitical risks have become a key concern for nations worldwide, with the rapidly evolving Taiwan Strait situation adding further uncertainty. Is your company still relying solely on traditional Business Continuity Management (BCM) strategies?

This speech, based on the speaker’s experience in assisting clients with strategic planning, will provide insights on how businesses can develop advanced strategies and measures to prepare for extreme scenarios—transitioning from BCM 1.0 to BCM 2.0 for enhanced corporate resilience.

Outline

1. Understanding Geopolitical Risks
2. Industry Responses to the Russia-Ukraine War and the Israel-Palestine Conflict
3. Challenges and Strategic Recommendations for Taiwanese Enterprises

In today’s work-from-anywhere environment, protecting employee identities has become more critical than ever. This is why industry analysts recommend adopting Identity Threat Detection and Response (ITDR) solutions to prevent account takeovers, credential theft, data breaches, and fraudulent activities.

All users, whether inside or outside an organization's network, must undergo authentication, authorization, and continuous verification. This approach strengthens identity security posture, ensuring that the right people have the right access to the right resources at the right time.

Whether you have already implemented Single Sign-On (SSO) and Multi-Factor Authentication (MFA) or are still exploring ways to transition more applications to the cloud, CrowdStrike Falcon Identity Protection provides visibility, insights, and proactive measures to help organizations identify, mitigate, and respond to identity-based threats effectively.

Vulnerability scanning has been a staple in cybersecurity for over two decades. Despite its long-standing presence, many organizations still struggle with effectively conducting scans, assessing discovered vulnerabilities, and prioritizing remediation efforts. Furthermore, the emergence of new security products — such as Breach and Attack Simulation (BAS) and External Attack Surface Management (EASM) — has added another layer of complexity, leaving businesses uncertain about whether to invest in these tools and how to maximize their effectiveness.

With limited resources, organizations face the ongoing challenge of deciding which cybersecurity products and services should be prioritized. A poor selection can lead to wasted budgets, while improper deployment may prevent organizations from realizing the full potential of their investments. Drawing from our extensive experience in over 100+ Red Team engagements, this talk will explore the best use cases for various security tools in real-world scenarios and demonstrate how integrating these tools with Red Team Assessment can serve as an effective Proof of Concept (PoC) for evaluating their true impact.

Discover how partners are instrumental to Cloudflare's growth strategy and the mutual opportunities that lay ahead as we scale together.

In today’s rapidly accelerating digital transformation and increasingly severe cybersecurity threats, ensuring the security of every link in the supply chain has become a critical challenge for industries such as electronics manufacturing, the Internet of Things (IoT), automotive electronics, and industrial control. With the rise of quantum computing, traditional encryption technologies are facing unprecedented threats. As a result, hardware security key (PUF) technology, with its inherent and non-replicable characteristics, has become one of the key solutions to enhance cybersecurity protection capabilities.

This presentation will focus on the application of PUF technology in industries with high cybersecurity demands, exploring how to implement enhanced security protection from chip to system level. It will also delve into the practical applications of PUF in areas such as authentication, device certification, key management, and post-quantum cryptography (PQC). Through specific case studies, we will demonstrate how PUF technology can effectively improve the security of IoT devices, industrial control systems, automotive electronics, and data centers, strengthening the ability to prevent future cybersecurity risks. Finally, the presentation will provide industry trends and insights to help businesses select the most suitable hardware security solutions for their cybersecurity needs, ensuring the integrity of their systems and data security.

Digital sovereignty is a crucial aspect of modern democracy, determining a state's ability to control its digital infrastructure, regulate technology, and protect citizen data. In today’s world, data has become the most valuable resource, surpassing even oil and gold, as it enables those who control it to influence public perception and decision-making. Democratic states prioritize transparency, freedom of speech, and data protection, while autocratic regimes use digital tools for censorship, surveillance, and propaganda. The European Union (EU) and other democratic nations implement regulations such as GDPR, DSA, and DMA to ensure fair competition, secure personal data, and counter disinformation. However, the challenge remains: balancing security with fundamental freedoms. The global contest over digital sovereignty reflects the broader geopolitical struggle between democratic and authoritarian models. While democracies regulate digital platforms to protect citizens, autocratic states monopolize online spaces to control narratives. International collaboration, such as between the EU and Taiwan, is vital for strengthening cybersecurity, countering digital propaganda, and fostering technological independence. Ultimately, digital sovereignty must not lead to isolation but serve as a tool for democratic resilience. The future lies in cooperation, transparency, and the protection of fundamental rights in the digital realm.

An overview of cyber threat intelligence on current and near-term adversary use of artificial intelligence to generate cyber threats. Google Mandiant insights on ways to defend cloud infrastructure on which AI rests, and how generative AI can be used to enhance the capabilities of defensive cyber threat intelligence teams and network defenders.

Step into the eerie echoes of Charles Dickens' *The Signal-Man* to uncover a chillingly relevant parable for our age of AI and cybersecurity. In a world where AI systems power decisions at unprecedented speeds, are we, like the lonely signalman, misinterpreting critical warnings while hurtling toward disaster? Join Dimitri van Zantvliet, the Cybersecurity Director of Dutch Railways, for a keynote that fuses storytelling with cutting-edge insights into the rail sector’s digital transformation and cybersecurity strategies.

This session will unravel the lessons of Dickens' tragic tale, exploring the parallels between Victorian railways and today’s AI-driven systems. From opaque "black box" algorithms to over-reliance on automated defenses, we face a critical crossroads: embrace AI with responsibility or risk repeating the signalman’s fate.

Discover how the rail industry navigates waves of digitization, compliance tsunamis, and escalating threats while building ethical, transparent, and sustainable AI frameworks. You’ll learn practical strategies to balance human oversight with AI’s vast potential, ensuring trust, security, and resilience in an era where the stakes have never been higher.

Don’t miss this captivating blend of history, innovation, and foresight—a call to action for leaders who refuse to be overwhelmed by the warnings they cannot understand. Together, let’s rewrite the future and ensure the signals of tomorrow guide us to safety, not tragedy.

Security issues with Active Directory have been discussed for many years. It's been 18 years since the "Pass The Hash" attack technique emerged. Have we really completely eliminated these security issues? For example, starting with Windows 11 24H2, NTLM authentication is being phased out, but does that mean Kerberos cannot be attacked? As enterprise architectures gradually shift toward hybrid identity authentication (such as Entra ID and SAML), these vulnerabilities seem to be merging into a larger attack surface.

In this session, we will review the history of Active Directory attacks over the years and introduce related technologies. We will explore various attack methods that arise at the intersection of AD and cloud-based Azure & Entra ID hybrid identity authentication. Using more relaxed and simple concepts, we aim to help everyone quickly understand these potential vulnerabilities and attack vectors, hoping to provide a more comprehensive understanding of these weaknesses to manage related risks within enterprises.

In recent years, the rapid development of LLMs has brought opportunities for innovation in various areas of an organization from customer services to decision-making. However, organizations lacking comprehensive security strategies may face the risks of data breaches, compromised AI models, or even the consequences of non-compliance and damaged reputation. Therefore, organizations need to take a systematic approach to their security defenses. 

The “LEARN” framework is a 5-stage approach that provides comprehensive security management:  

The "Layer" stage focuses on clarifying system boundaries to allow teams to see the risks of each component clearly and implement corresponding controls. 

The "Evaluate" stage evaluates the potential impact on operations based on current workflows and confidentiality of data, taking into account regulatory requirements, to find out the areas where hardening should be prioritized. Creating inter-department communication channels early on can help resolve issues before they become bigger problems. 

The "Act" stage turns plans into actions, including updating security measures, optimizing workflows, etc. Since LLM applications usually involve external users and third-party integrations, it is necessary to ensure that security measures can work automatically and issue alerts when anomalies occur. 

The "Reinforce" stage verifies the effectiveness of security measures through continuous monitoring and regular testing. This includes collecting system usage logs, emulating attacks, etc. to ensure security defenses are working properly. 

Finally, the "Nurture" stage focuses on building a security culture that ensures security awareness permeates the organization from bottom to top. Organizations need to be able to adapt to changes in the external environment by quickly adjusting internal guidelines and establishing new standards in daily operations.  

With LEARN, organizations can innovate with LLMs while managing their risks properly, taking advantage of market opportunities while ensuring operational continuity. As technologies continue to evolve, this framework will also provide room for adjustment that helps organizations continuously improve their defenses in changing environments. 

To identify a few unique binaries even worth the effort for human experts to analyze from large-scale samples, filter techniques for excluding those highly duplicated program files are essential to reduce the human cost within a restricted period of incident response, such as auto-sandbox emulation or AI detection engine. As VirusTotal reported in 2021 ~90% of 1.5 billion samples are duplicated but still require malware experts to verify due to obfuscation. 

In this work, we proposed a novel neural-network-based symbolic execution LLM, CuIDA, to simulate the analysis strategies of human experts, such as taint analysis of the Use-define chain among unknown API calls. Our method can automatically capture the contextual comprehension of API and successfully uncover those obfuscated behaviors in the most challenging detection dilemma including (a.) dynamic API solver, (b.) shellcode behavior inference, and (c.) commercial packers detection WITHOUT unpacking.

We demonstrate the practicality of this approach on large-scale sanitized binaries which are flagged as obfuscated but few positives on VirusTotal. We surprisingly uncovered up to 67% of binaries that were missed by most vendors in our experiment, by the factor of those threats successfully abuse the flaw of VC.Net detection to evade the scan. Also, this approach shows the inference intelligence on behavior prediction for shellcode without simulation, instead, only by using the data-relationships on the stack to infer the relative unique behaviors involved in the payload.

Moreover, to explore the limitation of our transformer’s contextual comprehension on the obfuscation problem, we evaluate the transformer with state-of-the-art commercial packers, VMProtect and Themida. Our approach successfully forensics-based investigates the original behaviors of the running protected program without unpacking. Furthermore, this approach reveals a few unexpected findings of the protection strategies of the commercial packers themselves. In conclusion, our method explores the possibility of using LLM to sample the reversing experience, analysis strategies of human experts, and success in building robust AI agents on practical obfuscated code understanding.

Premiere: 4/16 12:00 - 12:30

Replays: 4/16 18:00 - 18:30, 4/17 00:00 - 00:30

Data Sanitization: A Critical Factor for Sustainable Data Security

This session explores how enterprises can address end-of-life data more securely and sustainably

across traditional endpoints (including remote workplaces), live environments (onsite or in the cloud),

and decommissioned IT assets (loose drives and devices).

Session takeaways include:

• The security and sustainability drawbacks of physical destruction

• Why reformatting, deletion, and other data destruction methods are unacceptable approaches

• Best practices for automating data erasure for greater efficiency

Join us for an interactive workshop designed to strengthen your organisation’s identity security. Through a dynamic capture-the-flag lab, participants will engage in an exclusive red team/blue team simulation, secured by the Proofpoint Identity Threat Defence platform. Your mission: infiltrate a simulated casino network, steal a slot machine code file, and execute a mock ransomware attack—all while avoiding detection. The exercise is legal, educational, and fun, with prizes for top performers.

Many organisations struggle with identity security gaps, especially between traditional Identity and Access Management (IAM) controls and the advanced tools attackers use to bypass them. These vulnerabilities are particularly critical after an initial compromise, where attackers employ sophisticated methods to escalate privileges and access sensitive data. Tools like Mimikatz, Lazagne, and Nmap are often used in such attacks, underscoring the importance of robust detection and response capabilities. Solutions like Proofpoint Identity Threat Defence address these challenges by delivering high-fidelity detection and effective mitigation.

This workshop offers a unique opportunity to explore the attacker lifecycle, from initial compromise to full breach execution. Participants will gain hands-on experience with common attack tools and learn how deception-based endpoint technologies can effectively detect and stop threats. By stepping into the role of a white-hat hacker, attendees will deepen their understanding of attacker tactics while enhancing their defensive skills.

Don’t miss this chance to elevate your identity security knowledge in a hands-on, engaging environment. Reserve your spot today and take the first step towards closing critical security gaps!

Premiere: 4/16 12:40 - 13:10 

Replays: 4/16 18:40 - 19:10, 4/17 00:40 - 01:10

Autonomous AI agentic systems transform cybersecurity through independent decision-making and risk mitigation without human intervention. Through advanced algorithms and continuous learning, they prioritize and neutralize exposed vulnerabilities while aligning cybersecurity with business objectives. AI agents liberate human analysts by executing tasks removing exposed risks from digital assets.

As digital data continues to grow rapidly and cybersecurity threats become more sophisticated, secure flash memory is playing an increasingly vital role in protecting sensitive information. This session will explore how secure flash memory can strengthen your cybersecurity framework across multiple layers, helping to safeguard critical data and application systems. 

This presentation will cover:

1. The role and importance of secure flash memory in cybersecurity

2. How secure flash enhances system authentication and access control

3. Future trends and challenges in secure flash memory technology

Modern detection engines implement auto-sandbox or AI classification to classify input samples into specific malware types, such as virus, dropper etc. However, due to the complex landscape of modern warfare, attackers tend to design more sophisticated malware to evade detection. Furthermore, malware may incorporate multiple attack behaviors, making it inappropriate to classify them into specific categories. According to USENIX research in 2022, IT managers will receive more than 100K daily alerts, but 99% of them are false alerts by AV/EDR which makes it difficult to be aware of the real 1% attack happened without enough expert knowledge.

Due to the lack of explanation, detection engines often misclassify benign programs as malicious, further making end users untrust in detection results, leading them to manually override the detection result of AV/EDR and executed under a trusted status.

According to this pain point, we propose a new method of building an AI reversing expert based on Llama GPT. We let ChatGPT capture the decompilation knowledge as chain-of-thoughts (CoT) and leveraged Llama's inference intelligence for contextual comprehension of binary assembly, to build a reversing expert that successfully learned those reverse engineering strategies. Our AI model can identify specific malicious behaviors and explain the potential consequences and risks underlying. We demonstrate its effectiveness in large-scale threat hunting on VirusTotal, successfully detecting complex samples that are hard to defy as simple classification. At the end of this briefing, we will share a practical demo of our Neural Reversing Expert's capabilities in analyzing real-world samples.

Premiere: 4/16 13:20 - 13:50 

Replays: 4/16 19:20 - 19:50, 4/17 01:20 - 01:50

As cybersecurity threats increasingly affect devices across various sectors, regions have begun to establish comprehensive product security regulations with clearly defined implementation dates. Delta Electronics, with years of experience in product security, has actively developed solutions and practices related to compliance, testing, defense technologies, and tools. This presentation will share Delta’s successful experiences in managing product security challenges and provide actionable insights for product providers to effectively respond to these evolving regulations. By understanding and implementing key strategies in compliance and defense, product providers can navigate the complex landscape of product security regulations and protect their products from emerging threats.

Previously a production line supervisor at TSMC with nearly six years of experience in production management, I made the bold decision to leave this "Silicon Shield" due to personal circumstances and interests, transitioning into the field of cybersecurity. Now specializing in penetration testing, vulnerability scanning, and related assessments, I entered a field entirely unrelated to my previous career. Through persistent learning and a rigorous routine of working during the day, parenting in the evening, and studying late at night, I achieved first place in the HITCON ZERODAY 2023 vulnerability disclosure rankings within just one year of transitioning and successfully reported two CVE vulnerabilities.

This session aims to share my journey of career change and learning experiences, encouraging more people to step boldly into the cybersecurity field. Whether you are a beginner or considering a career shift, this talk offers insights and directions for learning and growth in cybersecurity.

Intezer AI automatically resolves more than 90% of alerts that do not require action, and only 4% of alerts require the attention of human analysts, effectively freeing up analysts' hands and achieving success.

Work is for a while, but life is for a lifetime. People who are always busy cannot possess wealth, but people who have time to read are more likely to become rich.

Do cyber security experts worry about having too many EDR/SIEM platform alerts to handle? Endless reverse engineering to do? Endless external threat intelligence to search? Endless whitelist to add? Endless sandbox detection?

Is AI just a marketing buzzword? Or can it really solve the "busyness" of cyber security analysts?

In this speech will discuss in depth the challenges faced by SOC/MDR, including labor shortages, analyst fatigue caused by alerts, and other issues. The wisdom of AI should be used to relieve the work anxiety and helplessness of SOC/MDR security personnel. Intezer lets AI handle noise, analysts to focus on real threats.

This presentation focuses on the security scenarios of generative AI, analyzing its unique security challenges and protections. We will delve into the application scenarios of generative AI in various fields, from content generation and code development to data analysis, analyzing potential security risks such as prompt injection and jailbreaking.

In addition, we will share practical cases, demonstrating best practices for secure generative AI applications, and explore the importance of trustworthy AI, ensuring the fairness, transparency, and reliability of AI systems.

No anomaly signals—does that mean no attack, or has the attack already succeeded?

The defense mechanisms appear intact, yet hackers have already infiltrated. How does this happen?

In this session, we will explore real-world cases to reveal how attackers evade detection and operate stealthily in a seemingly ""calm and secure"" environment. When no alarms are triggered, does it truly mean you’re safe? Let’s uncover these hidden risks together!

You will learn about the latest cybersecurity issues, and how we can secure better cyber protection together:

• What threats should you look out for?
• What considerations should end users undertake to mitigate security risks?
• What do you need to know about your surveillance partners and their supply chain?
• How can a hybrid architecture with a powerful edge enhance resilience and reduce cloud-related vulnerabilities?
• Why is effective lifecycle management critical for cloud-connected devices?

In response to the increasingly complex and changing network threats, enterprise networks often exhibit high heterogeneity with diverse architectures, operating systems, and applications. This diversity challenges the application of a single detection logic. Detection Engineering has emerged as a crucial theme, enabling the design of flexible detection rules tailored to specific environments through systematic methods. By abstracting attack behaviors into characteristic patterns, this approach remains adaptable to rapid changes. This presentation explores the core concepts and practices of Detection Engineering, demonstrated with real-world cases. We'll also discuss using frameworks like MITRE ATT&CK to deconstruct and locate potential detection points in attack behaviors.

In this presentation, TeamT5 will share insights into the latest attack evolution and strategic changes of the North Korean APT group Kimsuky. We will provide an in-depth introduction to Kimsuky's subgroups, CloudDragon and KimDragon, analyzing their shifting attack targets and the technical evolution of their specialized backdoor tools. According to our research, the group's targeting scope has gradually expanded from early focuses on government sectors, think tanks, defense, and financial institutions to heavy industries, technology sectors, and cryptocurrency industries. Following Microsoft's default disablement of macro functionality, the group has progressively adopted various alternative approaches in their operations, demonstrating high flexibility and adaptability. Finally, we will thoroughly examine the group's arsenal and its evolutionary trajectory.

Focusing on Zero Trust: Security Challenges in Cloud and On-Prem Identity Integration & Single Sign-On (SSO) 

As enterprises accelerate the adoption of Microsoft Authentication and Google Authentication with Multi-Factor Authentication (MFA), authentication mechanisms have improved in both convenience and security. However, these advancements also introduce new security risks. 

Cybercriminals exploit phishing websites and social engineering tactics to steal user credentials, disguising their attack devices as legitimate authentication endpoints. By doing so, they successfully bypass MFA protections and gain unauthorized access to both cloud and on-premises systems. Worse still, they leverage lateral movement techniques to expand their attack reach within corporate networks, further exposing weaknesses in identity verification frameworks. 

This session will provide an in-depth analysis of these evolving threats, the root causes of security risks in current identity authentication models, and the long-term impact on cybersecurity. Attendees will gain critical insights into how these security challenges affect enterprise operations and develop a deeper understanding of the core value of Zero Trust in future security architectures. 

This talk is designed for security professionals and decision-makers interested in cloud integration and security, equipping them with the knowledge to develop comprehensive security strategies for their organizations.

This session provides a comprehensive understanding of the ""Secure by Design"" approach, emphasizing its critical role in today’s evolving threat landscape. The discussion highlights the importance of embedding security principles from the early stages of product development. The session covers the Secure by Design commitment, outlining key principles for technology providers, such as transparency and proactive vulnerability disclosure.

Practical steps for integrating these principles into the software development lifecycle (SDLC) will be introduced, along with strategies for measuring and communicating progress. Additionally, the session will address the growing market demand for Secure by Design products and their competitive advantages. International partnerships supporting this approach will also be discussed. Finally, three key factors for successful implementation will be outlined: strong leadership, robust technical controls, and continuous improvement, providing CISOs with actionable insights to strengthen their organization’s security posture.

With the rapid growth of Internet use, whether it is various information equipment, mobile devices or IoT devices, more and more services are provided using the Web. As Web application services are used in large numbers, what are the problems with Web applications? What risks will arise from these issues? How to face these risks is an important issue worthy of discussion.

This session will discuss AI's positive and negatives impacts on cybersecurity, with a focus on discussing high-level concepts, current examples, and plausible future developments. Contents subject to change.

Premiere: 4/16 14:00 - 14:30 

Replays: 4/16 20:00 - 20:30, 4/17 02:00 - 02:30

Cybercriminals are no longer attacking organizations directly—they’re infiltrating through suppliers, software vendors, and service providers. A single weak link in your supply chain can open the door to devastating data breaches, ransomware attacks, and operational shutdowns. How can you secure your organization against threats that originate beyond your control?

Key Takeaways:

✅ How hackers exploit supply chain vulnerabilities

✅ Best practices to vet and secure third-party vendors

✅ Implementing zero-trust and continuous monitoring for stronger defenses

✅ Steps to build a resilient supply chain

Stay ahead of cyber threats—because security is only as strong as your weakest link.

Amid the wave of digital transformation, enterprises face not only challenges in surveillance management but also increasing cybersecurity threats. This session will explore how surveillance systems can enhance security protection during cloud migration and introduce how VIVOTEK leverages AI and cloud platform technologies to help businesses build a secure and efficient video surveillance solution.

Premiere: 4/16 14:40 - 15:10 

Replays: 4/16 20:40 - 21:10, 4/17 02:40 - 03:10

Bug bounty programs are a double-edged sword. Done right, they uncover critical vulnerabilities before attackers do. Done wrong, they create noise, drain resources, and even introduce new security risks. So how do you build a bug bounty program that actually works?

Drawing from my experience running Vietnam’s first and largest bug bounty platform, this session will cut through the theory and dive into the real-world lessons of designing, securing, and scaling a successful program. We’ll cover:

1. Program Design: How to define scope, set fair rewards, and attract serious security researchers - not just low-effort spam.

2. Vulnerability Handling: Triage strategies to separate signal from noise, manage false positives, and deal with duplicate reports effectively.

3. Operational Security Risks: How to prevent abuse, secure your own bug bounty infrastructure, and avoid becoming a target yourself.

4. The Human Factor: What motivates researchers, how to build trust, and why community management is just as important as technical execution.

We'll also discuss hard lessons learned, like how to handle rogue submissions and why transparency can make or break your program.

By the end of this talk, you’ll walk away with a practical, tested framework for building a bug bounty program that is secure, efficient, and actually useful - whether you’re starting from scratch or improving an existing initiative.

As businesses increasingly adopt cloud and hybrid infrastructures, the scope and complexity of cybersecurity threats continue to grow. Traditional security models are no longer sufficient to address the evolving nature of modern attacks and multi-faceted environments. This session will explore how next-generation Managed Security Service Providers (MSSPs) integrate Security Operations Center (SOC), Managed Detection and Response (MDR), and Cloud Native Application Protection Platform (CNAPP) services to provide comprehensive, intelligent security protection in hybrid cloud architectures.

We will discuss how MSSPs assist organizations in overcoming the security challenges that arise in cloud and on-premises environments by enabling seamless monitoring, rapid detection and response, and ensuring application and data compliance through cloud-native security solutions. Attendees will gain insights into the collaborative defense mechanisms that MSSPs leverage to help enterprises manage new and emerging cybersecurity risks while relieving the burden of security management and enhancing overall security effectiveness.

In the medical industry incident, Investigator 007 used Intezer Agentic AI to assist in the overall APT attack incident. The automated integration of Intezer Agentic AI and investigation tools does not disrupt the end user's daily operations at ordinary times, but can save user data at critical moments, becoming one of the last lines of defense for enterprise protection.

Investigator 007 visited various locations to investigate and discovered that the attackers had begun attacking the design and layout as early as the end of last year. They also discovered that the attackers had embedded themselves in various government agencies, critical infrastructure, distribution pipelines and other areas in Taiwan to deploy supply chain attacks in order to wait for the outbreak of war.

The investigation report shows that the attackers carefully planned the attack from the physical attack, pre-attack deployment and preparation to hiding in the victim's computer, and finally planned to launch a general attack on the medical industry during the New Year, which led to the exposure of the medical industry's victimization incidents. The first 007 investigation drama in the history of cybersecurity, unprecedented and irreplaceable.

The investigation incident will be made public for the first time at the Cyber ​​Security Conference, bringing everyone an unprecedented investigation feast in the history of cyber security.

This talk explores eight C2 tools, analyzing their communication methods and detection strategies. Tools discussed include Metasploit, Mythic, Merlin, CobaltStrike, Sliver, BruteRatel, DropboxC2C, and SaucePot C2. Detection focuses on behavior-based methods, network traffic analysis, and machine learning. Practical defense techniques will also be covered to strengthen cyber resilience.

這場演講引用愛德華‧德博諾的「六頂思考帽」模型，並調整其概念，使其適用於現代CISO（首席資訊安全官）及資安領導者的思維框架。隨著數位威脅加劇及科技與業務的深度融合，CISO的角色早已不再僅限於技術專業，更需涵蓋策略思維、財務洞察、風險管理、法規遵循及領導力等多元職能。

演講將透過白、黃、綠、黑、藍、紅六頂思考帽，深入剖析CISO如何在日常資安治理中靈活運用不同視角，以增強決策力、推動跨部門合作並建立資安文化。例如，白帽代表數據驅動的專業知識，協助CISO分析威脅情報並評估系統弱點；黃帽則強調正向的溝通能力，幫助CISO將技術術語轉化為易於理解的資訊，推動全體參與的資安文化。這些思維相輔相成，使CISO在複雜的網絡環境中能夠有效管理資源、控制風險並保持法規合規性。

聽眾將獲得一套實用的結構化工具，以幫助CISO在應對數位威脅時提升韌性，並在日常決策中與企業戰略保持一致。透過靈活應用六頂思考帽，CISO將能夠將資安意識融入全體員工之中，為企業建立更穩固的數位生態系統。

"Is Your Company Secure? Don't just wait for vulnerability found from security vendors, bug bounty hunters, or real-world attacks! Do it by yourself."

This session introduces the initial phase of penetration testing: reconnaissance. I will share how to use free online tools and open-source tools to uncover potential security risks. Attendees will understand how public information can be used for possible attacks.

I hope attendees will be able to conduct basic reconnaissance, find out potential security risks and reduce security risks earlier after this session. 

This talk will be based on TeamT5's extensive experience in providing Managed Detection and Response (MDR) services, exploring the challenges and pain points encountered during the threat hunting process. Through real-world case studies, we will discuss the obstacles faced in live environments and how threat hunting techniques can be leveraged to detect traces of Advanced Persistent Threat (APT) groups, especially in response to their evolving attack strategies.

Cloud attacks are becoming more frequent. To strengthen the security of hybrid cloud environments, enterprises must consider comprehensive. Cloud Application Protection Platform CNAPP single platform provides continuous visualization of cloud assets, rapid detection, and AI-automated response to various attack threats.

AI assists in incident response, real-time reporting and mitigation, improving the enterprise's ability to respond to cloud threats.

Nobody likes passwords. You forget them, you need to change them every 6 months, they are annoying yet essential to your day-to-day work. 

While many say the future is passwordless, how ready are we to get rid of passwords, really? This presentation examines authentication trends both in Japan and Taiwan and discusses the challenges of going passwordless in the corporate world.

In Taiwan, obtaining certifications have always been a common practice. However, in the today's environment of stigmatized intellectual prestige hierarchy, how should we navigate our own paths? Should we chase after higher-level certifications, or should we prioritize honing our practical skills?

Based on the phenomenon observed in recent years, the speaker will share Offensive Security's learning journey and exam preparation strategies (including 100-Essentials and 200-Foundational series and OSCE³) drawing from personal experience, and explores the impact and possibilities of Offensive Security's revamping of the OSCP to OSCP+ in 2024.

This course is designed for development teams. It eliminates the need to learn complex penetration testing tools (which are not typically used in daily work), install any additional tools (keeping computers clean and uncontaminated), and generate any attack traffic (so companies don't have to worry about accidental misoperations by trainees).

This CyberLab provides a simulate environment with various vulnerabilities from OWASP Top 10 A01-A02. In this course, students will actually use these vulnerabilities to practice attack behaviors, gaining a deeper understanding of how security vulnerabilities are exploited and their effects.

Smart connected devices have become an indispensable part of daily life. From smart cameras, smart toilets, and smart cats to drones, these technological products may harbor cybersecurity risks that are not fully addressed. In recent years, the government has banned network communication equipment manufactured in certain countries, promoting domestically produced high-quality products as the preferred choice. However, does being domestic and certified truly equate to being secure?

This presentation will analyze several real-world CVE cases, revealing often overlooked security issues in IoT devices. We will explore essential cybersecurity challenges and vulnerability management strategies from a national level down to individual households. Additionally, this session will disclose the difficulties associated with current cybersecurity standard certifications, along with secrets and ghost stories about vulnerability reporting. Participants will learn how to select appropriate and secure cybersecurity devices and manage them properly.

45% of Fortune 100 companies use WIZ, and more than 5 million cloud workloads are protected by WIZ. Together with WIZ to redefines CNAPP cloud security.

Most of the things you worry about in cloud security never happen, and most of the things that do happen, you never anticipate. In response to the Financial Supervisory Commission's zero-trust architecture guidelines and global cloud security trends, this session explores how to establish a next-generation security protection system in a hybrid multi-cloud environment. Through WIZ's cloud security platform, we demonstrate all-round protection from cloud-native application security, configuration management, identity, API governance to compliance auditing. Special focus on ESG and cybersecurity compliance issues of concern to the financial industry, sharing how to conduct continuous security assessments.

With the rise of AI, digital transformation brings agility but also increases cyber risks fueled by AI-driven threats. Traditional security measures fall short in protecting critical assets. Zero Trust with network micro-segmentation provides a proactive, efficient, and scalable defense.

Key discussion points:

• AI-driven security challenges
• Enhancing resilience with Zero Trust
• Identifying and minimizing risk
• Reducing attack surfaces with micro-segmentation
• Containing ransomware and preventing lateral movement
• Effective response and recovery strategies

Why not fight back when you are attacked by hackers? You will find more interesting things when you fight back against hackers. In addition to C2 server, you can also obtain more hacker toysand funny information. This will help you strengthen your own defense.

Analyze the cybersecurity risks enterprises may face when managing both cloud and on-premises environments from a Blue Team perspective using real case study. Explore potential improvements based on relevant security frameworks and use the Cyber Defense Matrix (CDM) to assess applicable measures at each stage. Align real incidents with the CDM framework to illustrate actionable steps, helping security managers explore different aspects of hybrid cloud security governance.

Taiwan, as an island surrounded by the sea, many people here remain unfamiliar with the concepts of the 'ocean.' There seems to be confusion about how the marine-related tasks connect with IT, OT, AI, and cyber security.

Taiwan Ocean Research Institute (TORI) of NIAR (National Institutes of Applied Research) which belongs to NSTC (National Science and Technology Council), TORI is actively involved in the independent design and development of marine exploration equipment and innovative technologies to meet the research needs of government agencies, academia, and research institutions. At the same time, the institute operates the R/V Legend, the largest research vessel in Taiwan. The primary mission of the R/V Legend is to advance ocean science and technology.

In this presentation, I will share our experiences regarding Governance, Risk Management, Threats, Implementation Strategies, and Future Prospects in cybersecurity. Additionally, I will highlight how marine research, including the R/V Legend, can be integrated with information security across various domains. Our primary objective is to safeguard sensitive and valuable marine data from potential threats while continuing to deliver cybersecurity awareness training to our employees.

Healthcare organizations handle vast amounts of sensitive data, making cybersecurity resilience critical. With governments pushing cloud adoption and international data exchange, hospitals must also evolve their risk management strategies.

Yet, limited resources make keeping up with rapid tech changes a huge challenge. Before investing in high-end security tools, organizations need a solid review process—otherwise, the infamous 'Swiss cheese model' of security gaps will leave them exposed.

This talk, based on real-world security audits, will uncover common management blind spots and introduce the original 'Cybersecurity Cheese Checklist.' Designed for all industries, this checklist helps organizations strengthen security in practical ways—before employees unknowingly become insider threats.

Today’s cybersecurity landscape presents increasingly complex challenges. This session explores how AI can drive cybersecurity protection and security operations.

By leveraging Artificial Intelligence (AI) and Machine Learning (ML) to train detection models, organizations can improve both the accuracy and speed of threat detection. Moreover, integrating Generative AI into Network Operations Centers (NOC) and Security Operations Centers (SOC) enhances operational efficiency and security.

Through these applications, attendees will gain insights into leveraging AI technologies to enhance security strategies, ensuring organizations remain agile and efficient in the face of sophisticated threats.

This presentation is about a malicious campaign operated by a Chinese-speaking threat actor, SneakyChef, targeting government agencies, likely the Ministry of External/ Foreign Affairs or Embassies of various countries since as early as 2023, using SugarGh0st RAT and SpiceRAT.  

Talos assesses with high confidence that SneakyChef operators are likely Chinese-speaking based on their language preferences, usage of the variants of Chinese’s popular malware of choice, Gh0st RAT, and the specific targets, which include the Ministry of External Affairs of various countries and other government entities with the motive of Espionage and data theft. 

Their notable TTPs include Spear-Phishing campaigns, DLL Side-Loading, custom c2 communication protocol, and abusing legitimate applications.

SneakyChef has used various techniques in this campaign with multi-staged attack chains to deliver the payload SugarGh0st and SpiceRAT. Throughout this presentation, I will discuss various attach-chains and the techniques the threat actor has employed to establish persistence, evade the detections, and implant the RATs successfully. 

Finally, I will share the indications of SneakyChef’s origin as a Chinese-speaking actor and the attribution of the SugarGh0st and SpiceRAT attacks to them. 

This agenda will analyze and categorize risks from popular online threats, such as phishing attacks and ransomware.

It will share risks resulting from common file sharing configuration errors, and explore the current situation of cloud data leaks and exposures.

It will provide a detailed introduction to DLP (Data Loss Prevention) cloud data leak protection solutions, and the value they can bring to businesses.

人工智慧系統的發展自 2022 年後開始爆發性成長，而快速滲透進各種產業的應用場景。但是人工智慧在經濟發展與生產力提升之餘，產官學界也開始深度關切人工智慧的進展，逐漸朝向超級智慧 (SuperIntelligence) 迫近之時，吾人是否有足夠的方法來克服人工智慧系統帶來的諸項風險。

目前國際間對人工智慧治理除了着重在規範治理之外，亦有人工智慧對齊與驗測的方法來緩解人工智慧系統的各類安全與可信賴風險。國際趨勢如何發展與我國如何對應，將深切影響我國人工智慧產業的未來。

AI is transforming the cybersecurity industry, from automated threat detection to offensive and defensive simulations. This technological evolution is reshaping the core functions of cybersecurity professionals. But is AI merely a tool, or will it become the dominant force in the industry? How should cybersecurity professionals adapt to this shift?  

This talk will explore the intersection of AI and cybersecurity, covering current applications, its impact on talent demand, and the future career landscape. We will analyze how AI is redefining the role of cybersecurity professionals, identify the essential skills for the future, and provide learning recommendations to help attendees stay competitive in the AI-driven cybersecurity era. 

In 2024, an industry-academia collaboration team published the first cybersecurity scenario case study in the global Complex Chinese edition of Harvard Business Review. The case study emphasizes "using fictional business stories to illustrate the potential dilemmas faced by leaders."

Set against the backdrop of a major screw manufacturer, a typical Taiwanese manufacturing enterprise, the case follows the factory’s transition toward smart manufacturing. After a cyberattack shuts down the entire production line, the company’s future operations are threatened. However, compromising with the hackers could damage its reputation and carry legal risks. With the ransom deadline fast approaching, should the Chairman pay the ransom?

The case study was released just as Taiwan’s listed companies were facing significant regulatory changes regarding mandatory cybersecurity disclosures in 2024. Would board members and senior executives of publicly traded companies still find themselves caught in a dilemma when dealing with ransomware attacks? The team also incorporated AI tools for the first time to guide group discussions. Reflecting on past experiences in board and executive education, does the combination of case studies and AI-based teaching enhance participants' cybersecurity awareness and learning outcomes?

In an environment where information security threats are becoming increasingly severe, "Secure by Default" has emerged as a critical security design principle. The Zero Trust Architecture (ZTA) emphasizes verifying every access request and implementing dynamic privilege management. However, many organizations face challenges in implementing Zero Trust, such as protecting servers from unauthorized access without increasing operational complexity.

The core objective of this session is to leverage Serverless technologies to introduce a Zero-Trust Port Knocking mechanism. This approach enables secure and efficient access control while keeping all ports closed, reducing the attack surface and enhancing overall system security.

The session will cover the following key topics: 

1. An introduction to Secure by Default, Serverless, Zero Trust, and Port Knocking. 

2. Demonstrating the implementation of a Zero-Trust Port Knocking mechanism using Serverless technologies.  

The book "effortless: make it easier to do what matters most" hopes that readers can spend their time on high-leverage activities, stand at the height of giants to fully automate repetitive steps, prevent errors in advance, and let the results flow to us naturally.

Important things do not necessarily rely on complicated methods to achieve. Break your cognitive boundaries and complete work tasks in a simpler way.

This event will integrate the advantages of the six major products represented by AIShield (Intezer, Cynomi, WatchTowr, WIZ, Sevco, StrikeReady) to establish and promote a model-level ""Central Cybersecurity Command Center"" for enterprises. Learn how to think comprehensively about security architecture, cloud protection, EDR management, compliance framework, vulnerability management, threat review, intelligence management, asset management, resilience testing and other issues, and establish a sustainable development system that complies with international standards, local regulations and even ESG. To achieve the corporate goal, cyber security experts can easily complete the tasks assigned daily/weekly/monthly/quarterly/yearly.

Cybersecurity admin always busy, and it's only getting busier! In today's digital age, companies face increasing cybersecurity threats, making vulnerability management essential. From traditional IT maintenance to advanced , how to leverage the existing solutions, here's how to enhance overall security:

Regular Scanning and Assessment: Continuously perform vulnerability scans and risk assessments to identify and fix potential threats in real-time.

Prioritize Critical Vulnerabilities: Set priorities based on the severity of vulnerabilities and their impact on business, focusing resources on fixing high-risk vulnerabilities.

Use Automated Tools: Utilize advanced automated tools to improve the efficiency of vulnerability detection and remediation, reducing human errors.

Through those practices, applying these strategies tailored to your industry, you can effectively manage vulnerabilities, enhance overall security, and protect critical assets from cyber threats.

In this presentation, I will share with the audience the process and significance of applying for membership in FIRST (Forum of Incident Response and Security Teams). As global information security threats become increasingly severe, ASUS is committed to providing secure and reliable products and services to our global users and partners.

Throughout this session, I will explain how to use the SIM3 v2 interim Self Assessment Tool to conduct a comprehensive self-evaluation, fully understanding the maturity of our CSIRT/PSIRT and devising improvement plans. I will also discuss how we identified suitable sponsors for recommendations and on-site visits, ensuring the completeness of membership application materials. Additionally, I will detail the process of filling out the FIRST Membership Interest Form and the New Full Member Team Application, from expressing interest to formally submitting the application, ensuring each step is carried out smoothly.

Finally, I will sharing after joining FIRST member, including leveraging the FIRST MISP threat intelligence platform, participating in Special Interest Groups (SIGs), and FIRST events. These resources and opportunities will greatly enhance our response capabilities and professional growth. Through this sharing, I hope to help everyone better understand the significance and process of joining FIRST.

As enterprises increasingly prioritize cybersecurity, Endpoint Detection and Response (EDR) has become a critical defense tool. However, as adversaries continuously refine their tactics, the arms race between blue teams and red teams grows ever more intense. In this ongoing battle, every improvement in detection is met with new evasion techniques, driving a continuous cycle of adaptation and escalation.

In this session, we will explore the evolution of EDR detection strategies in recent years and analyze how attackers leverage obfuscation techniques to conceal malicious activities, abuse Windows Subsystem for Linux (WSL) to bypass traditional security solutions, and exploit Windows Filtering Platform (WFP)—as seen in EDRSilencer—to manipulate EDR operations. Through real-world case studies, we will examine the challenges these techniques pose to EDR detection and discuss how blue teams can develop proactive defense strategies, shifting from reactive detection to active deception, ensuring EDR remains a step ahead in the ever-evolving threat landscape.

With increasingly stringent data protection regulations, organizations face heightened compliance pressures. However, compliance is merely the foundation—intelligent and comprehensive data security is key for modern enterprises.

FortiDLP, powered by AI-driven technologies, not only helps organizations meet strict regulatory requirements but also significantly enhances data protection capabilities. Through automated data classification and behavioral analysis, FortiDLP strengthens access control, encryption, and transmission security for sensitive data. Additionally, it proactively detects and mitigates internal threats, shifting data protection from a reactive defense to a proactive prediction and prevention strategy.

In this session, we will explore how FortiDLP goes beyond traditional compliance requirements, leveraging intelligent defense and comprehensive protection to safeguard enterprise data in an era of increasing risk. Join us to discover how FortiDLP can be the key solution for your data security challenges !

Residential Gateways (modems) have become a very common device around the world, usually provided by the ISP along with a broadband subscription. As consumer routers have frequently been compromised by botnets or exploited as infrastructure for nation-state attackers, RGs have seen little discussions yet on a position on par with consumer routers.

We reviewed popular broadband network standards (DSL, DOCSIS, xPON), remote management standards (TR-069/CWMP), and reverse engineered 14 different RGs from 11 ISPs, across 8 different countries, including from G7. We analyzed all RG's hardware components, dissected and inspected all firmware, using a set of firmware dissectors and decryptors that we developed to deal with the proprietary formats. We discovered most RGs are lacking in modern software and hardware protection mechanisms such as ASLR, TrustZone and secure boot, and commonly being vulnerable to low complexity attacks such as weak credentials, buffer overflows and command injections, enabling installation of undetectable, persistent backdoors on RGs.

Furthermore, we've found some ISP's infrastructure to be exposed directly to the Internet, often with either easily exploited, outdated or sanctioned devices, which we will demonstrate. Combined with vulnerabilities with low-to-mid attack complexities within RG and ISP's infrastructure, we're able to demonstrate one actual case of a full, permanent compromise, on estimated four million RGs of the largest ISP in a top-20 country. This was reported to the ISP and has been fixed since.

Peter Drucker’s concept of “what gets measured, gets done” underscores the critical role of measurement in setting priorities and achieving objectives. By deciding what to measure, we define what truly matters, enabling a sharper focus on the actions that drive success. Without clear metrics, it’s impossible to track progress or ensure the job is done right. Metrics provide the structure, clarity, and accountability needed for effective decision-making and meaningful results.

In cybersecurity, the challenge of measurement is even greater. The constantly shifting threat landscape, the intangible nature of digital risks, and rapidly evolving technologies make it especially hard to quantify success or gauge performance. That’s why metrics are so vital—they bring clarity to uncertainty, help assess efforts, prioritize risks, and ultimately enable organizations to meet their goals.

This session will share the threats and trends faced by companies in Japan and Taiwan, as well as the growing importance of cybersecurity awareness.

It will also explore how to build the first line of defense for companies through practical social engineering drills and cloud protection solutions.

As confidential computing continues to grow, AMD SEV-SNP has evolved within the open-source community and is now supported by major cloud providers such as AWS, Google Cloud, and Azure. By encrypting memory, SEV-SNP ensures that a virtual machine’s memory remains accessible only to itself, protecting sensitive workloads in virtualized environments. This session provides an in-depth exploration of AMD SEV-SNP, focusing on its integration and implementation within the Linux kernel, QEMU, and OVMF. Attendees will gain insights into SEV-SNP’s role in confidential computing, recent advancements in open-source development, and the security guarantees it offers. We will also examine the limitations of its protections and discuss whether adopting this technology is essential for enhancing system security.

As AI technology rapidly advances, enterprises face unprecedented opportunities and risks. AI technology not only enhances operational efficiency but also brings higher security. However, as AI applications become more widespread, cybersecurity threats have become more complex and diverse.

According to market trends, the rise of generative AI has made cyberattack methods more advanced, and traditional defense measures are no longer sufficient to counter these new threats. Therefore, enterprises need to adopt more intelligent defense mechanisms, combining AI and automation technologies to establish an integrated security operations platform for cross-platform threat detection, hunting, and real-time response.

Additionally, data governance and risk management have become increasingly important. Enterprises need to establish robust governance frameworks to effectively monitor and manage data, and adopt advanced threat detection and model protection methods to mitigate the risks posed by AI technology.

In this event, we will delve into the cybersecurity challenges and innovations in the AI era. We look forward to your participation as we explore the future of cybersecurity together!

As generative AI becomes increasingly popular, a myriad of applications are springing up rapidly. However, what severe consequences could arise if such powerful AI is exploited by hackers? The corresponding attack technique, Prompt Injection, has topped the OWASP AI security issues ranking for two consecutive years.

This presentation will delve deeply into the attack methods of Prompt Injection, from the users of generative AI to internal systems, analyzing which stages may be vulnerable to attacks, and how to safely use generative AI.

Starting from 2024, there has been a significant policy change regarding the disclosure of major cybersecurity incidents by publicly listed companies. In response to the growing concerns of external stakeholders, a company’s cybersecurity emergency response team may expand beyond just the Chief Information Security Officer (CISO) and the cybersecurity team to include senior executives such as the General Manager, Spokesperson, Chief Legal Officer, Chief Financial Officer, and Public Relations Director. However, most companies only offer general cybersecurity awareness training and do not provide customized awareness programs tailored for these senior executives and their staff.

In the U.S. cybersecurity community, agility was the key takeaway from former ISC2 CEO Clar Rosso’s opening speech at the ISC2 Annual Conference in 2023. How can agility enhance teamwork among senior executives during cyber incident response? This talk will explore the application and real-world examples of incident responses from an agile perspective, offering innovative approaches for non-technical senior executives and their staff in handling cybersecurity incidents.

Taiwan is regularly targeted by cyberattacks from multiple sources due to its geopolitical situation. Recently, we observed cyberattacks targeting companies in Taiwan, including those in manufacturing, healthcare, information technology, and other sectors. The attacks involved phishing emails with identifiable characteristics, along with the distribution of multiple executable files. Among these attacks, Smokeloader's features are separated into multiple modules and AndeLoader delivers infostealer with Microsoft Office documents. Once the attacks succeed, the companies will be exposed to the risk of backdoor infections and data exfiltration. In this presentation, we will thoroughly reveal the attack chain and uncover the techniques employed during the attack.

Despite the increase in security point solutions to protect against a changing threat landscape, we still see ransomware attacks, disruption in supply chain, loss of data, IP and reputation damage daily. Users face access restrictions that hamper work and the complexity is impossible for IT and security teams to manage. The latest Cisco Security innovations are setting new standards in efficacy, resilience, and economics for zero trust access, data center security and firewalls, and security operations.

Three major challenges currently hinder threat intelligence: the diversity of intelligence sources leads to inconsistent formats, open-source intelligence often lacks completeness, and establishing relationships between intelligence entities remains difficult. In response, this session presents an innovative solution that integrates Large Language Models (LLMs) with Knowledge Graph technology to construct a comprehensive threat intelligence analysis framework. This approach features three key advantages: (1) leveraging LLMs to automatically construct knowledge graphs, enabling the standardization of heterogeneous intelligence data; (2) utilizing knowledge graph-enhanced Retrieval-Augmented Generation (RAG) to uncover hidden intelligence patterns and provide explainable relationships; and (3) automating the enrichment of missing intelligence, improving data completeness.

Beyond extracting entities from threat intelligence, this method also identifies latent relationships between entities, constructing a holistic view of the threat landscape through the knowledge graph. More importantly, the entire system is built on open-source models and frameworks, ensuring accessibility and flexibility. This talk will explore how to apply this innovative approach to intelligence collection and analysis in real-world scenarios.

To address the escalating cybersecurity challenges, the U.S. and European countries have introduced various cybersecurity regulations and actively advocate for enterprises to adopt a SBOM to enhance software supply chain transparency. SBOM enables organizations to promptly update software components to mitigate known vulnerabilities or leverage detailed insights to accelerate response times, minimizing the impact of attacks. Implementing SBOM not only strengthens proactive security measures within the software supply chain but also helps organizations adapt to evolving threats, making it a critical cybersecurity tool. This session will provide a comprehensive overview of SBOM’s fundamentals, its driving factors, and its necessity, along with real-world implementation cases showcasing its benefits in improving transparency and vulnerability risk management. Additionally, we will address common challenges and concerns faced during implementation, offering practical recommendations to help organizations enhance resilience and competitiveness in combating cybersecurity threats.

在計算機科學中，0 和 1 通常代表二進制系統中的 False 和 True。而在產品零信任安全機制的實踐中，如何在複雜的 Windows 系統中在不影響效能的前提下，找出信任的權限、檔案、行為，完美劃分出一條 True 與 False 之間清楚的界線，往往是最困難的事。

此議程中會與聽眾分享什麼是產品資安，以及如何實踐於效能及延遲有較高要求，譬如 OT 場域的零信任安全機制。再來會分享我們是如何透過 Minifilter 實踐零信任機制，以及過程中遇到的困難及解決方法。最後會展示對於常見的惡意程式，例如勒索病毒，以及多種不同型態的惡意攻擊的防禦效果。