開始 |
結束 |
大會議程 |
講師與公司 |
| 09:30 |
09:45 |
開幕式和歡迎詞
|
Thomas Lim
(新加坡)
CEO of COSEINC and Organiser of SyScan |
| 09:45 |
10:00 |
Keynote: Asia's Significance in Worldwide Infosec Landscape 亞洲在全球資訊安全之特殊地位
SyScan到今天第五屆了,歷屆吸引了世界最頂尖的資安講師,飛到新加坡演講,今年也特地在台北舉辦。在亞洲舉辦的各大國際資安會議,例如台北的OWASP Asia,新加坡的SyScan,日本的BlackHatJapan與PacSec,馬來西亞的HITB,越南的
VNSECon,各個都辦得有聲有色,品直追美國BlackHat/defcon。這不是沒有原因,此演講將探討亞洲在全球資安領域所扮演的重要角色。在資安研究從興趣演進成商機,用從商業運用邁入軍事運用的今天,亞洲實為全球資安戰之最激烈戰場。這對亞洲之資安實力之累積,意義為何?亞洲資安工作者,又如何在此激烈戰局中,有效運用局勢,不但自保,更能幫公司與自己之資安生涯,搶佔上 風? |
|
Wayne Huang
(台北)
Armorize Technologies
(阿碼科技)
Co-Organiser |
| 10:00 |
11:00 |
Hacking RFiD Devices 如何駭入RFiD設備
RFID晶片的使用目前已經非常普及,從護照到褲子,從鑰匙到信用卡到手機到垃圾桶到寵物到甚至人體。不知為何,似乎RFID晶片非常好用,可以解決各種問題,怎麼裝都不嫌多!這個演講將探討RFID的底層技術,商業運用與運作方式,以及為何會產生資安漏洞,並將詳細地示範許多軟體以及硬體的攻擊工具(exploit)。
RFID is being embedded in everything... From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them....
This talk will look at the underlying technology, what it's being used for, how it works and why it's sometimes a BadIdea(tm) to rely on it for secure applications, and, more worryingly, how this off-the-shelf technology can be used against itself... Software and Hardware tools and techniques will be discussed and demonstrated, and a range of exploits examined in detail. |
|
Adam Laurie |
| 11:00 |
12:00 |
Lunch Break
午餐休息,請多彼此認識並與講師互動! |
|
| 12:00 |
13:00 |
Buffered Code Execution 執行時期的安全觀測方法:
本演講將講解最近在Symantec Research Labs研發出的一個雛形系統,可以把kernel-mode的驅動程式在user-mode下執行。本技術主要用來在user-mode下觀察kernel-mode之rootkit的行為,並能有效控制其行為。有別於傳統利用模擬器之作法,本技術是直接將 rootkit 利用真實硬體執行起來,但是是在 ring 3 而非 ring 0。當此 rootkit 開始利用特殊指令,或開始讀取 / 修改 / 執行 kernel-mode 之記憶體時,我們將 faults 攔截下來並送入 kernel 內。這樣一方面可以使此 rootkit 得以正常執行,一方面又得將其行為限制於sandbox內。本演講將深入探討此技術與實做,也將實際展示此雛形系統。
This presentation will cover a new prototype developed in Symantec Resarch Labs to run kernel-mode drivers from user-mode. This technology is primarily intended to sandbox a rootkit driver and monitors its activities. Utilizing this technique, the rootkit driver's activities can be controlled. Rather than utilizing emulation, the rootkit code is run directly on the native hardware but at ring 3. When the rootkit tries to utilize privileged instructions or read/write/execute kernel-mode memory, the faults are captured and proxied into the kernel, allowing the rootkit to function normally while at the same time preventing the rootkit from escaping the sandbox. The presentation will discuss the technology behind the prototype and demo the tool in action. |
|
Matthew Conover
Symantec
(賽門鐵克) |
| 13:00 |
14:00 |
PhlashDance, fuzzing your way to expensive bricks 新型攻擊 Permananet Denial of Service (PDOS):利用 flash update 對於嵌入式系統造成永久破壞之攻法
此演講介紹一種新種類的攻擊:「永久性DOS --(Permanent Denial Of Service (PDOS)」,主要針對嵌入式系統之設備。我們將介紹一種號稱為「Phlash」之PD S攻擊手法,主要利用韌體之flashupdate機制,達成PDOS之目的。我們將針對各嵌入式系統之flashupdate機制與韌體本身的結構做深入的分析,並介紹一個通用的模糊暴力式探測平台(genericfuzzingframework)PhlashDance。PhlashDance能自動在各式各樣不同的嵌入式系統中找出PDOS漏洞.除了介紹這些技術細節以外,我們也將解釋,為何這種新型攻擊必須受到各廠商(IT,手機與行動裝置)之關心,以及避免此種攻擊之種種困難處.
This presentation intends to discuss a new class of attack termed Permanent Denial Of Service (PDOS) targeted against embedded devices. Specifically, a particular manifestation of PDOS will be discussed which targets the firmware update mechanisms of embedded devices, such abuses of flash update mechanisms to cause PDOS conditions have been named Phlash attacks (cuz every attack needs a ‘ph’ right!). Phlash attacks targeting both the flash update mechanisms of devices, and the structuring of the binary firmware’s themselves will be discussed in a generic way. The presentation will also discuss the development of a generic fuzzing framework called PhlashDance, which aims to assist in the automatic identification of PDOS vulnerabilities across an extensible range of embedded devices. Beyond the pure technicalities of how Phlash attacks may be mounted, the presentation will also discuss why such novel attack vectors will be of particular concern to technology vendors, and the difficulties being faced in responding to and mitigating such vulnerabilities. |
|
Richard Smith
Hewlett-Packard (HP) |
| 14:00 |
15:00 |
Coffee Break
中場點心休息,請多彼此認識並與講師互動!
| |
| 15:00 |
15:30 |
Counter-Cyberterrorism System and National CIIP 反恐與國家資訊基礎建設保護
Anti Cyber Terrorism and Critical Information Infrastructure Protection by Jack Yu (Armorize)
反恐與國家資訊基礎建設保護(中文)
實體國土中的人、金錢、物品與疾病進出可管制,但是面對高度網路化的資訊服務所延伸的資訊國土該如何防護?本議題將從資訊基礎建設保護來談,面對大規模網路攻擊、經濟目的或針對性攻擊相關的資訊恐怖攻擊的警訊分析,以及建構防制資訊災害應變系統的探討。 |
Jack Yu
Amorize Technologies |
|
| 15:30 |
16:30 |
TBD 稍晚公布(英)
| 神秘講師 |
| |
|
结束第1天 |
|
| |
|
|
|
