游照臨 (Steven Meow)

Trend Micro / Threat Researcher

Steven Meow currently serves as a Red Team Cyber Threat Researcher at Trend Micro. He holds numerous professional certifications including OSEP, OSWE, OSCP, CRTP, CARTP, CESP-ADCS, LTP, CPENT, GCP ACE. Steven has previously presented at events such as Japan Security BSides, HITCON Bounty House, and CYBERSEC. He has disclosed CVE vulnerabilities in major companies like VMware, D-Link, and Zyxel. His expertise spans red team exercises, web security, IoT, and meow-related fields.

游照臨 (Steven Meow)
SPEECH
4/16 (Wed.) 15:20 - 15:50 4F AIoT & Hardware Security Zone AIoT & Hardware Security Summit
Turtle Crossing: New Horizons — The IoT Vulnerability Meetup!

Smart connected devices have become an indispensable part of daily life. From smart cameras, smart toilets, and smart cats to drones, these technological products may harbor cybersecurity risks that are not fully addressed. In recent years, the government has banned network communication equipment manufactured in certain countries, promoting domestically produced high-quality products as the preferred choice. However, does being domestic and certified truly equate to being secure?

This presentation will analyze several real-world CVE cases, revealing often overlooked security issues in IoT devices. We will explore essential cybersecurity challenges and vulnerability management strategies from a national level down to individual households. Additionally, this session will disclose the difficulties associated with current cybersecurity standard certifications, along with secrets and ghost stories about vulnerability reporting. Participants will learn how to select appropriate and secure cybersecurity devices and manage them properly.

More
4/17 (Thu.) 14:45 - 15:15 7F 701E Offensive Security Forum
Operations Security (OPSEC) — The Secrets to Red Team's Stealth!

This session will delve into enhancing the stealth of red team operations, ensuring their actions remain covert and effective. We will explore network anonymization technologies such as DoH, ECH, and Domain Fronting; management and configuration of Payloads and C2 Servers, covering both commercial and open-source tools like Cobalt Strike and Meterpreter. Additionally, we will discuss techniques such as Injection and API usage to increase operational concealment, along with practical considerations for using tools like Mimikatz, BloodHound, and Impacket.

The presentation will also address challenges posed by modern antivirus and endpoint protection through exploring technologies like AMSI and ETW, and methods to bypass them. This helps red team members avoid security detections and prevent triggering alerts during missions. Through this lecture, participants will learn how to maintain the secrecy of red team activities across various security environments while enhancing the effectiveness and precision of red team exercises.

More