8th December 2018
Hong Kong SAR China

Call for Paper and Workshop

Conference Ticket: HKD $1,200

Following a successful event in 2017, Hong Kong’s premier security research group Dragon Threat Labs is hosting DragonCon, possibly the most technically-intensive security conference borne out of Hong Kong.

Come join us, make friends and see the cyber city!

DragonCon invites proposals for half-day or full-day workshops to be held in December 2018. Workshops are expected to focus on Threat Intelligence, Hardware Hacking, Hardware Forensics, Hardware Attacks, Reverse Engineering, Exploitation, Vulnerabilty Research and any other subject that will make our nerd-o-meter hit the red line!

Speaker perks:
1. Complimentary ticket to the conference
2. Invitation to the VIP party
3. Remuneration for international speakers

Bart Inglot
Principal Consultant

Bart is an Incident Response and Forensics Specialist in MANDIANT's Security Consulting Services team helping clients restore confidence in an event of a breach. He holds a degree in Computer Forensics, is a keen developer, enjoys inspecting network traffic and specialises in Windows forensics with fascination in volatile memory.

Having worked on Incident Response engagements around the world, Bart routinely develops new tools and ideas to solve on-the-job problems and to ensure Mandiant remains an industry leader. Some of these developments led to Bart's contributions to the Volatility project.

After spending 8 years in England, Bart recently relocated to APJ region as he believes it's still the most fascinating, culturally diverse, and opportunistic region in the world. The relative immaturity in Cyber Security in most countries, but also the "hunger to learn" that most businesses and government organizations display, offer a significant growth opportunity.

Vincent Yiu
CEO, Founder of SYON Security

  • Lead attack simulation projects for many companies ranging from Fortune 10 to Fortune 500, and SMEs. Experiences focused on financial, manufacturing, retail, and aviation industries.
  • World recognized in the offensive cyber security space for advanced adversary simulation services and operating on production infrastructure.
  • Known for spreading offensive cybersecurity experience through the “Red Team Tips” series.
  • Speaker at various security conferences, such as HITB GSEC 2017 and 2018, SSC 2018, JD.com 2017, Steelcon 2017, BSides Manchester 2017, Snoopcon 2017 and 2016.
  • Regular blogger: www.vincentyiu.co.uk
  • On-going development of innovative tools to automate large-scale offensive cyber security simulations: MaiInt, LinkedInt, DomLink, CACTUSTORCH, RDPInception, ANGRYPUPPY, morphHTA, genHTA, and more.
  • Past: Accenture FusionX UK Lead, MDSec ActiveBreach CHECK Team Leader, MWR InfoSecurity.
  • Certifications: OSCP, OSCE, CCT INF.
  • UK National Cybersecurity Challenge Finalist in 2015 (3-day competition).
  • Researching topics:
    • Zero-day vulnerabilities in SOC stack such as ELK, and Splunk.
    • Extensions of Domain Fronting and covert Command and Control.
    • Large-scale cloud security research in significant providers such as Amazon, Azure, and Alibaba.
    • Domain and resource hijacking.
    • EDR bypasses and limitations.
    • Developing practical, relevant, and easy to use tooling.
    • Weaponizing 1-day vulnerabilities.

Brian Hansen
Intelligence Officer Asia-Pacific | FS-ISAC

Brian serves as the Financial Services Information Sharing and Analysis Center (FS- ISAC) Intelligence Officer for Asia-Pacific. Previous to his time at FS-ISAC, Brian worked for the Pharmaceutical Security Institute as the Senior Intelligence Analyst producing intelligence on criminal involvement with global counterfeit pharmaceutical networks, including cyber-based networks. Prior to that he served in the U.S. Department of Defense in intelligence and foreign affairs roles of increasing responsibility for twenty-six years culminating as the Principal Intelligence Officer for the Deputy Assistant Secretary of Defense, with responsibility for Taiwan, China, Japan, North and South Korea and Mongolia. Brian received his Master of Arts degree in Global Affairs from George Mason University focusing on global conflict and security. He is fluent in Mandarin Chinese, Portuguese and Spanish.

Seon-Kwang, Kim
Security Reseacher

I am a forensic researcher at the Institute of Best of the Best in south Korea and currently holds a master's degree in Information Security.

I am interested in analyzing incidents caused mainly by 1-day exploit and APT attacks.

In this conference, I will explain which artifacts is left in system when 1-day exploit works and describes how to make connection between normal information and abnormal infornaion to figure out which software vulnerabilities are causing the attack.

Jay P. Spreitzer
CISO and Co-Founder, Protocol 46

Jay Spreitzer has over 20 years of information security experience and is currently the CISO at Protocol 46. Over the last 13 years, he was the team lead for the cyber threat intelligence team at a large financial institution. Prior to working in the private sector, Jay retired from the US Army, after 23 years of service working in various technology and information security roles. Roles included system administrator, database administrator, Information Assurance Security Officer, and culminating as Information Management Officer. As Information Management Officer, he managed and developed all facets of the organization’s information security program. Jay is also the co-founder of Protocol 46, a US-based company extending cyber security to small and medium businesses.

Jay has completed his Bachelor of Science in Information Technology and a Master of Science in Information Assurance and Security. Some of his other training includes Network Penetration Testing and Ethical Hacking, Advanced Security Essential, the Criminal Intelligence Analyst Course, and the FBI Citizen’s Academy. He holds GIAC Continuous Monitoring and Security Operations, Enterprise Defender, and Incident Handler certifications.

Jay is a member of InfraGard and the High Technology Crime Investigators Association. Jay has been an active member of the Board of Directors for the FBI Citizens Academy Alumni Association and Minnesota InfraGard.

Program Schedule

Main Conference 8th December 2018

Venue: HKU SPACE Admiralty Centre, 18 Harcourt Road, Hong Kong

Workshops 7th December 2018

09:00am - 09:20am


09:20am - 09:30am

Welcome & opening speech
Dan Kelly

09:30am - 10:15am

Evolving Beyond GREP: Enterprise-Wide Hunting with Execution Artefacts
Bart Inglot

Six years ago, Mandiant released a proof of concept tool named ShimCacheParser, along with a blog post titled‚ Leveraging the Application Compatibility Cache in Forensic Investigations. Since then, ShimCache metadata has become increasingly popular as a source of forensic evidence, both for standalone analysis and enterprise intrusion investigations.

While six years may seem like a long time, few community efforts have focused on leveraging ShimCache metadata at an enterprise scale.

The talk will present an open-source tool designed to efficiently process, analyse and hunt at enterprise scale using temporal execution artefacts such as ShimCache and AmCache, that prior to a public release a year ago was only available to Mandiant consultants.

The talk is full of demos and will present custom-built analytics, such as: time execution correlation, Levenshtein distance analysis and time stacking, to name a few. The talk was designed by the tool author and my dear colleague, Matias Bevilacqua.

10:15am - 11:00am


11:00am - 11:15am


11:15am - 12:00pm


12:00pm - 12:45pm


12:45pm - 14:00pm


14:00pm - 14:45pm


14:45pm - 15:30pm


15:30pm - 15:45pm


15:45pm - 16:30pm


16:30pm - 17:00pm

Panel Discussion: How to Build a Global IT/OT SOC in Hong Kong (Tentative)

A Hong Kong mass transit operator who has operations in Hong Kong, China and some foreign countries is seeking advices for building up a world class IT/OT cyber security operation centre in Hong Kong. We arrange our domestic SOC analysts and cyber security analysts to join a panel discussion to provide free advices to address the pros and cons and the feasibility in this plan.


Closing speech
Frankie Li

Workshop Schedule

December 2018

Venue: The Hong Kong University - Cyber Security Lab, Haking Wong Building 3/F Room 310A

7th Dec 2018
09:00am - 18:00pm

A hands-on perspective of modern attacker techniques
Vincent Yiu, SYON Security

Course Length: Full-day training

Fees: HKD 12,000
(DTL Members HKD 7,000 - Please enter the promotion code before checkout)

What You Will Get
  • USBNinja with the specific connector of your choice
  • Ubuntu Virtual Machine you will work with to perform the preparation and actual attack
  • Training Materials
What You Will Learn

This course provides students with a solid foundational knowledge about modern attackers, their techniques, and how to perform them. The student will be able to practically execute a basic, modern attack. This hands-on course aims to educate and fast-track train penetration testers with the necessary skills necessary to simulate a modern attacker.
We will utilize the cloud to spin up a real command and control server and simulate an actual attack against TeaLab Corporation.

Introduction to Modern

  • Cyberattacks
  • Attack lifecycles
  • A brief look at Advanced Persistent Threats
  • War-stories
  • Viable techniques from experience

7th Dec 2018
09:00am - 18:00pm

Security Monitoring Practical Workshop
Dragon Advance Tech Co. Ltd.

Course Length: Full-day training

Fees: HKD 10,000 (DTL Member HKD 5,000 - Please enter the promotion code before checkout)

What You Will Learn

This course provides students with the knowledge and tools to fully leverage security analyst duties, ensures that you can use the functions and features of tools used in a SOC to detect and respond to security incidents and determine the extent of a compromise.

  • Preparation: Know Your Environment
  • Tuning your SIEM
  • Threat Intelligence: Detect and Research Threats / Attack Methods
  • Detection: Evaluate Alarms and Events
  • Containment and Response: Minimizing Impact and Automating Response
  • Root Cause Analysis: Trace Security Incident Timelines


         Dragon Advance Tech Consulting Co. Ltd.
         Cyber Security Lab
Department of Computer Science
Hong Kong University

We are seeking sponsors. If you are interested in sponsoring, please contact the following at Dragon Threat Labs.

For the donation, please contact the following at Dragon Threat Labs.

Media and Public Inquiries

Please contact Roland Cheung and/or Dan Kelly.


if you wish to sponsor DragonCon please contact Frankie Li.

Copyright © 2018 Dragon Threat Labs