AUG. 11(Tue)

KEYNOTE

KEYNOTE
CyCarrier
  • AUG. 11
  • 11:40
  • 7F_701

Keynote Speaker

Birdman Chiu
CyCarrier Technology   Co-Founder

Tech Briefing

Tech Briefing
New Privacy in Android 11 與 OWASP 行動開發安全-Albert Hsieh
  • AUG. 11
  • 14:00
  • 7F_701 F
Albert Hsieh
SinoPac Securities   Information Security Dept. Senior Vice President
Tech Briefing
Countermeasures to the Cybersecurity Threat from Quantum Computing
  • AUG. 11
  • 16:45
  • 7F_701 A
  • Cryptography
  • Quantum Computing
  • Quantum Decryption
Jimmy Chen
    Chairman, WiSECURE Technologies; Adjunct Assistant Professor, National Taiwan University

Attack & Defense Camp

CyberConnect

CyberLAB

Cyber Leadership Forum

CyberSec 101

Disinfomation Forum

Healthcare Security Forum

IR & CSIRT Forum

IR & CSIRT Forum
【IR & CSIRT Forum】 Panel Discussion
  • AUG. 11
  • 16:45
  • 7F_701 B
Ken Lee
Synology Inc.   Security Incident Response Team Manager
TT Tsai
TeamT5   Founder and CEO
Joseph Chiu
Trend Micro   Senior Manager of Cyber Security Incident Response Team
AUG. 12(Wed)

Tech Briefing

AI Security Forum

Attack & Defense Camp

Attack & Defense Camp
Abnormal Activities of Insider Threat: Encoding, Steganography, Device Hacking, Obfuscation
  • AUG. 12
  • 10:00
  • 4F_4 A

Recent employees steal valuable assets within organizations, e.g. source code, to gain huge profits. Researches and development results become profitable to other competitors. 
However, few people with some techniques and skills to steal data often hard to discover.
Organizations need to equip themselves with the right knowledge and tools to defend against this growing threat type.
This session will show four techniques to avoid security system control: 

1.Encoding 
Introduce how to hide the original confidential information by coding or encryption technology to avoid audit and surveillance analysis.

2.Steganography 
Live Demo (a) Text (b) Picture (c) Image (d) Sound (e) ADS steganography and tool. 

3. Stealth Device
Use special devices as a Carrier to steal data, such as Raspberry Pi W Simulated NIC, Teensy Simulated keyboard execute scripts, screen captures Spy device...etc. 

4. Obfuscation
Use Obfuscated command of CMD & PowerShell. Penetrating hidden intentions and Avoid the regulatory environment within the company

FineArt focus on the avoidance behavior of Insider threat. Remind your organization to pay more attention to insider data theft risk.

  • Insider Threat
  • Data Loss Prevention
  • Behavioral Analytics
Victor Chen
Information Security Manager & information security consultant  Manager of Information Technology  Systems Integration & MIS Manager
Attack & Defense Camp
Discover Invisible Fileless Webshell in the APT attack
  • AUG. 12
  • 14:00
  • 7F_701 B

APT groups always try to hide and be persistent inside their target environment. Although MITRE ATT&CK matrix try to collect knowledge of all adversary tactics and techniques, new techniques or skills will still show up. Recently, we found a new technique are being utilized in multiple operation and APT groups, including BlackTech, WINNTI and Operation ShadowHammer. Once while doing incident response, we found typing special URL path can trigger invisible webshell backdoor in the windows webserver without leaving any logs. The way this attack used let it hard to detect since it does not need to leave file inside webserver, it doesn’t have its own process and no log will be created. This kind of webshell backdoor can be used in any windows platform even if it doesn’t have webserver installed.

In this presentation we will show up the complete attack of this kind of backdoor cases, threat indicators, victims and disaster assessment.
What kind of technique or special windows API they used to achieve fileless, logless, processless webshell?
What should we do when doing incident response with this kind of invisible webshell?
And furthermore, we also using some windows undocumented API to build a new tool trying to catch up this kind of backdoor from memory while doing incident response.

  • Incident Response
  • Threat Detection & Response
  • APT
Dove Chiu
Trend Micro   Senior Threat Researcher
Tim Yeh
Trend Micro   Senior Threat Researcher

Black Hat Awarded Forum

Black Hat Awarded Forum
Operation Semi Chimera – APT Operation targets Semiconductor Vendor
  • AUG. 12
  • 15:50
  • 4F_4 A

This presentation provides an analysis of the APT attacks that have occurred during the past two years on the semiconductor industry. Our research shows that the majority of these attacks were concentrated on the Taiwan semiconductor sector. This is worthy of concern, as Taiwan’s semiconductor industry plays a very crucial role in the world. Even a small disruption in the supply chain could have a serious ripple effect throughout the entire industry. Surprisingly, up until now, there has been less coverage on these attacks. In this presentation, we seek to shed light on the threat actors and campaigns of these attacks, where they are collectively referred to as Operation SemiChimera (a.k.a. Skeleton). Additionally, we provide a brief overview of the current information security status of Taiwan’s semiconductor industry.

Between 2018 and 2019, we discovered several attacks on various semiconductor vendors located at the Hsinchu Science-based Industrial Park in Taiwan. As these attacks employed similar attack techniques and tactics, a pattern could be discerned from the malicious activities. From this pattern, we deduced that these attacks, which we dubbed Operation SemiChimera, were actually conducted by the same threat actor. The main objective of these attacks appeared to be stealing intelligence, specifically documents about IC chips, software development kits (SDKs), IC designs, the source code, etc. If such documents are successfully stolen, the impact can be devastating. The motive behind these attacks likely stems from competitors or even countries seeking to gain a competitive advantage over rivals. Since the similar techniques and tactics to previous attack activities, we suspect the attacker is China-based hacker group.

We thus hope that this presentation will help semiconductor companies gain a better understanding of the dangers from such attacks. Additionally, as we have worked with several of the semiconductor vendors to improve their cyber security, we wish to share this valuable experience, and highlight the current challenges facing the entire industry.

  • Hackers & Threats
  • APT
  • Threat Intelligence
Inndy Lin
CyCarrier Technology   Research Team - Cyber Security Researcher

CyberConnect

CyberConnect
【CyberConnect】
  • AUG. 12
  • 10:00
  • 7F_701 C

Strategic Plan of National Cyber Security Program (Draft) (2021 to 2024)

Jyan, Hong-Wei
Director General of Department of Cyber Security of Executive Yuan   
CyberConnect
【CyberConnect】
  • AUG. 12
  • 14:00

Industry Develop program of Cyber Security

Jyan, Hong-Wei
Director General of Department of Cyber Security of Executive Yuan   

CyberLAB

Cyber Leadership Forum

Cyber Leadership Forum
數位轉型的科技風險管理之道
  • AUG. 12
  • 14:05
  • 4F_4 C
Thomas Wan
SinoPac Holdings  Director  School of law, Soochow University - Adjunct Assistant Professor
Cyber Leadership Forum
Cyber Leadership Forum
  • AUG. 12
  • 14:35
  • 4F_4 C
Renwei Chen
Chinese Culture University   CIO, School of Continuing Education

Cyber Supply Chain Security Forum

Disinfomation Forum

FinSec Forum

FinSec Forum
【FINSEC Forum】中華電信
  • AUG. 12
  • 10:00
  • 7F_701 A
王信富
中華資安國際 (中華電信關係企業)    協理
FinSec Forum
Coming Soon
  • AUG. 12
  • 11:00
  • 7F_701 A
  • Cyber Resilience
  • ISO 27001
  • Governance Risk & Compliance
Peter Pu
British Standards Institution NE Asia   Managing Director

Cyber FreeTalk

HITCON Talk

National Defense Forum

IoT Security Forum

IoT Security Forum
Understanding the IoT threat landscape and a home appliance manufacturer's approach to counter threats to IoT
  • AUG. 11
  • 10:00
  • 7F_701 D

As we live in a world where billions of IoT devices are connected to the Internet, there are streams of news articles that depict damages caused by malware and other threats that target such devices. While there are some things that users can do to prevent such damages, consumers expect manufacturers to consider security as part of the product design in the development lifecycle.  Panasonic, being a device manufacturer is able to collect information on these threats by connecting our own devices in the development / pre-shipment phases to a honeypot that we have developed. Since its deployment, Panasonic has been able to find 179 million attack cases and 25 thousand malware samples, of which 4,800 were unique samples targeting IoT. 20% of the samples were new and hashes for them did not exist when querying Virustotal. We have developed a system where information being collected through the honeypot is sent to a Sandbox for automated analysis, to address our concern for having a limited number of security experts. What this system allows Panasonic to do is collect "malware targeting/exploiting Pansonic IoT devices" for quicker remediation, in addition to "popular malware" targeting a wide-range of IoT devices.  In this session, we will discuss the details of this project and share some analysis of malware that have been collected. By leveraging this information, Panasonic aims to develop products that are resilient to malware. In addition, we are looking for ways to use this threat and remediation information to develop an IoT SOC.

  • IoT Security
  • Security Development Lifecycle
  • Internet of Things
Jimmy Chang
Panasonic Corporation   Cyber Security Lab - Staff Engineer

OT Security Forum

* The organizer reserves the rights to amend all agenda and activities.