Call for Paper and Workshop
Following a successful event in 2017, Hong Kong’s premier security research group Dragon Threat Labs is hosting DragonCon, possibly the most technically-intensive security conference borne out of Hong Kong.
Come join us, make friends and see the cyber city!
DragonCon invites proposals for half-day or full-day workshops to be held in December 2018. Workshops are expected to focus on Threat Intelligence, Hardware Hacking, Hardware Forensics, Hardware Attacks, Reverse Engineering, Exploitation, Vulnerabilty Research and any other subject that will make our nerd-o-meter hit the red line!
1. Complimentary ticket to the conference
2. Invitation to the VIP party
3. Remuneration for international speakers
Bart is an Incident Response and Forensics Specialist in MANDIANT's Security Consulting Services team helping clients restore confidence in an event of a breach. He holds a degree in Computer Forensics, is a keen developer, enjoys inspecting network traffic and specialises in Windows forensics with fascination in volatile memory.
Having worked on Incident Response engagements around the world, Bart routinely develops new tools and ideas to solve on-the-job problems and to ensure Mandiant remains an industry leader. Some of these developments led to Bart's contributions to the Volatility project.
After spending 8 years in England, Bart recently relocated to APJ region as he believes it's still the most fascinating, culturally diverse, and opportunistic region in the world. The relative immaturity in Cyber Security in most countries, but also the "hunger to learn" that most businesses and government organizations display, offer a significant growth opportunity.
Brian serves as the Financial Services Information Sharing and Analysis Center (FS- ISAC) Intelligence Officer for Asia-Pacific. Previous to his time at FS-ISAC, Brian worked for the Pharmaceutical Security Institute as the Senior Intelligence Analyst producing intelligence on criminal involvement with global counterfeit pharmaceutical networks, including cyber-based networks. Prior to that he served in the U.S. Department of Defense in intelligence and foreign affairs roles of increasing responsibility for twenty-six years culminating as the Principal Intelligence Officer for the Deputy Assistant Secretary of Defense, with responsibility for Taiwan, China, Japan, North and South Korea and Mongolia. Brian received his Master of Arts degree in Global Affairs from George Mason University focusing on global conflict and security. He is fluent in Mandarin Chinese, Portuguese and Spanish.
I am a forensic researcher at the Institute of Best of the Best in south Korea and currently holds a master's degree in Information Security.
I am interested in analyzing incidents caused mainly by 1-day exploit and APT attacks.
In this conference, I will explain which artifacts is left in system when 1-day exploit works and describes how to make connection between normal information and abnormal infornaion to figure out which software vulnerabilities are causing the attack.
Jay Spreitzer has over 20 years of information security experience and is currently the CISO at Protocol 46. Over the last 13 years, he was the team lead for the cyber threat intelligence team at a large financial institution. Prior to working in the private sector, Jay retired from the US Army, after 23 years of service working in various technology and information security roles. Roles included system administrator, database administrator, Information Assurance Security Officer, and culminating as Information Management Officer. As Information Management Officer, he managed and developed all facets of the organization’s information security program. Jay is also the co-founder of Protocol 46, a US-based company extending cyber security to small and medium businesses.
Jay has completed his Bachelor of Science in Information Technology and a Master of Science in Information Assurance and Security. Some of his other training includes Network Penetration Testing and Ethical Hacking, Advanced Security Essential, the Criminal Intelligence Analyst Course, and the FBI Citizen’s Academy. He holds GIAC Continuous Monitoring and Security Operations, Enterprise Defender, and Incident Handler certifications.
Jay is a member of InfraGard and the High Technology Crime Investigators Association. Jay has been an active member of the Board of Directors for the FBI Citizens Academy Alumni Association and Minnesota InfraGard.
09:00am - 09:20am
09:20am - 09:30am
Welcome & opening speech
09:30am - 10:15am
Evolving Beyond GREP: Enterprise-Wide Hunting with Execution Artefacts
Six years ago, Mandiant released a proof of concept tool named ShimCacheParser, along with a blog post titled‚ Leveraging the Application Compatibility Cache in Forensic Investigations. Since then, ShimCache metadata has become increasingly popular as a source of forensic evidence, both for standalone analysis and enterprise intrusion investigations.
While six years may seem like a long time, few community efforts have focused on leveraging ShimCache metadata at an enterprise scale.
The talk will present an open-source tool designed to efficiently process, analyse and hunt at enterprise scale using temporal execution artefacts such as ShimCache and AmCache, that prior to a public release a year ago was only available to Mandiant consultants.
The talk is full of demos and will present custom-built analytics, such as: time execution correlation, Levenshtein distance analysis and time stacking, to name a few. The talk was designed by the tool author and my dear colleague, Matias Bevilacqua.
10:15am - 11:00am
11:00am - 11:15am
11:15am - 12:00pm
12:00pm - 12:45pm
12:45pm - 14:00pm
14:00pm - 14:45pm
14:45pm - 15:30pm
15:30pm - 15:45pm
15:45pm - 16:30pm
16:30pm - 17:00pm
Panel Discussion: How to Build a Global IT/OT SOC in Hong Kong (Tentative)
A Hong Kong mass transit operator who has operations in Hong Kong, China and some foreign countries is seeking advices for building up a world class IT/OT cyber security operation centre in Hong Kong. We arrange our domestic SOC analysts and cyber security analysts to join a panel discussion to provide free advices to address the pros and cons and the feasibility in this plan.
7th Dec 2018
09:00am - 18:00pm
A hands-on perspective of modern attacker techniques
Vincent Yiu, SYON Security
Course Length: Full-day training
This course provides students with a solid foundational knowledge about modern attackers, their techniques, and how to perform them. The student will be able to practically execute a basic, modern attack. This hands-on course aims to educate and fast-track train penetration testers with the necessary skills necessary to simulate a modern attacker.
We will utilize the cloud to spin up a real command and control server and simulate an actual attack against TeaLab Corporation.
Introduction to Modern
7th Dec 2018
09:00am - 18:00pm
Security Monitoring Practical Workshop
Dragon Advance Tech Co. Ltd.
Course Length: Full-day training
What You Will Learn
This course provides students with the knowledge and tools to fully leverage security analyst duties, ensures that you can use the functions and features of tools used in a SOC to detect and respond to security incidents and determine the extent of a compromise.
We are seeking sponsors. If you are interested in sponsoring, please contact the following at Dragon Threat Labs.
For the donation, please contact the following at Dragon Threat Labs.
Copyright © 2018 Dragon Threat Labs