Saturday, 10 December 2016 from 09:00 to 17:00 (HKT)
Causeway Bay, Hong Kong SAR China
SOLD OUTVideo Live Streaming |
For the first time, Hong Kong’s premier security research group Dragon Threat Labs is hosting DragonCon, possibly the most technically-intensive security conference borne out of Hong Kong.
In keeping with Hong Kong’s fine reputation as the cyberpunk sprawl giving birth to such engineering marvels as Lik-Sang and where movies and games like Blackhat, Sleeping Dogs and Ghost in the Shell take place, DragonCon’s first conference has IoT as its theme. Now at this East meets West place, at this age of Cyber meets Physical, the 1st DragonCon is set to present topics guaranteed to scare and inspire.
Come join us, make Hong Kong great again!
Call For Paper is CLOSED |
DragonCon invites proposals for half- or full-day workshops to be held on December 10, 2016. Workshops are expected to focus on IoT and Hardware Hacking, Hardware Forensics and Hardware Attacks Illustrations.
Speaker perks:
1. Complimentary ticket to the conference
2. Invitation to the VIP party
3. (No remuneration and travel allowance for local speakers)
Call For Workshop is CLOSED |
Brian is a Chief Security Researcher for Australia's largest telecommunications company, who spends his days and nights making the internet a safer place. His interests in information security include attack and detection techniques, intelligence and "active defence". He enjoys hunting adversaries on large corporate networks.
Christian is a Senior Security Specialist for Australia's largest telecommunications provider. He specialises in hunting for evidence of breach with endpoint, network and log data. He has over a decade of experience in information security, with a background focusing on intrusion detection, incident response and computer forensics for the enterprise.
Albert Hui is a security expert with over twenty years of experience in the industry. Having spent years breaking and protecting IT systems for investment banks, government and national critical infrastructures, he is most adept in securing sensitive mission-critical systems. As a testament to his versatility and ability to present technical risks in business terms, he has served in a technical advisory capacity at the group level during the RBS-ABN AMRO merger, as well as managed Asia-Pacific cyber threat response at Morgan Stanley.
Chen-yu Dai (GD) is CTO at Team T5 Research, providing Digital Forensics & Incident Response services, developing Threat Intelligence Program and Platforms, consulting enterprise cyber defenses. He is studying at the graduate school of Department of Information Management in the National Taiwan University of Science and Technology. He also volunteered as deputy coordinator of HITCON, the largest hacker community and security conference in Taiwan. He has received many prizes from domestic and international CTFs, as well as bug bounty programs.
Tony Miu has over 12 years of experience in the IT industry and now he is a security researcher specializing in the IT security in Nexusguard. He delivery his experience and innovation to carry out industrial and academic research. His current research interests include network security, IoT security, data mining and data analytics. He has presented papers in DEFCON, Black Hat, HTCIA, AVTOKYO and PacSec.
Matt is a malware researcher with an interest in malware used to
target civil society. In addition to private malware research, he has
experience in intelligence and incident response in the US government
and private sectors.
Bart is an Incident Response and Forensics Specialist in MANDIANT's
Security Consulting Services team helping clients restore confidence in
an event of a breach. He holds a degree in Computer Forensics, is a
keen developer, enjoys inspecting network traffic and specialises in
Windows forensics with fascination in volatile memory.
Having worked on Incident Response engagements around the world,
Bart routinely develops new tools and ideas to solve on-the-job problems
and to ensure Mandiant remains an industry leader. Some of these
developments led to Bart's contributions to the Volatility project.
After spending 8 years in England, Bart recently relocated to APJ
region as he believes it's still the most fascinating, culturally
diverse, and opportunistic region in the world. The relative immaturity
in Cyber Security in most countries, but also the "hunger to learn" that
most businesses and government organizations display, offer a
significant growth opportunity.
Karsten Nohl has spoken widely on security gaps since 2006. He and co-investigators have uncovered flaws in mobile communication, payment, and other widely-used infrastructures. In his work as CISO at an Asian 4G and digital services provider, and as Chief Scientist at Security Research Labs in Berlin, a risk management think tank specializing in emerging IT threats, Karsten challenges security assumptions in proprietary systems and is fascinated by the security-innovation trade-off. Hailing from the Rhineland, he studied electrical engineering in Heidelberg and earned a doctorate in 2008 from the University of Virginia.
Jeremy is an security professional largely focused on application security along with vulnerability research and development. He has gained extensive software security experience working at large software and service companies for several years as well as publishing many projects in the security community. He has taken the opportunity to work in various areas including exploit mitigations, scalable fuzzing and web security. He has the understanding and proven execution for how to scale security across organizations, providing comprehensive coverage for critical assets, reduction of attack surfaces and automating security at all stages in the development lifecycle. Also, he enjoys writing and performing nerdcore at times under the NYAN brand.
Saturday, 10 December 2016 from 09:00 to 17:00 (HKT)
08:45am - 09:10am
Registration - Opens at reception
09:10am - 09:15am
Welcome Speech
09:15am - 09:45am
Cyber-Physical Security: the Age of Convergence
Albert Hui - The Security Ronin
09:45am - 10:30am
Elucidating IoT botnet
Tony Miu - MT
The sharing focuses on the IoT hacking methodology, attack code analysis, vulnerabilities of target devices. Last but not least, the impact will be shared including the estimated attack fire, existing Botnet sources and potential hackable devices.
10:30am - 11:15pm
How much security is too much?
Karsten Nohl - Founder and Director of Research at Security Research Labs
Based on one decade of impactful security research and several years as a risk manager, Karsten Nohl reflects upon what he would have done differently in pushing a data security agenda.
Our community is convinced that stellar IT security is paramount for companies large and small: We need security for system availability, for brand reputation, to prevent fraud, and to keep data private. But is more security always better?
Poorly chosen protection measures can have large externalities on the productivity, innovation capacity, and even happiness of organizations. Can too much security be worse than too little security?
This talk investigates the trade-off between security and innovation along several examples of current security research. It finds that some hacking research is counter-productive in bringing the most security to most people, by spreading fear too widely.
11:15am - 11:30am
Coffee Break
11:30am - 12:15pm
Provoking Windows
Jeremy Brown
Attack surface on Windows is vast and full of opportunities. It has been explored upside down and inside out, although there's always room for other ways to look at it. In this talk, I'll be discussing how to discover attack surface by poking the OS in various ways to reveal interfaces and opportunities often otherwise found by either luck or winning a timing race. Starting a discussion on these components will shake out new bugs or design subtleties as they may have yet to be audited in depth. We'll walk through tooling for both the offensive and defensive angles. I'll be looking at the latest version of Windows 10 and also Server. If you're interested in finding vulnerabilities in the most prevalent platform on earth, or a developer with the urge to know more about application security, this talk is for you and will probably give you some new ideas.
12:15pm - 13:00pm
BLE authentication design challenges on smartphone controlled IoT devices: analyzing Gogoro Smart Scooter
Chen-yu Dai [GD] - CTO at Team T5 Research
Smartphones are commonly used as the controller and Internet gateway for BLE-enabled IoT devices. Designing a strong authentication protocol between them is the key part of IoT security. However mobile app design has many challenges such as limited input & output interfaces as well as user privacy protection features. Due to these restrictions, many vendors has given-up BLE's build-in security manager protocol and choose to build their own authentication protocols.
This study focused on a generalized method to analyze these BLE authentication protocols, discovering and solving challenges mentioned above. We applied this method on commercial products, including popular Gogoro Smart Scooter from Taiwan. We will demo under some certain circumstances it is possible to dump key used to unlock your GogoroScooter and send fake BLE authentication protocol packets to steal the scooter.
13:00pm - 02:00pm
Lunch Break
02:00pm - 02:45pm
The blackbox of DPAPI: the gift that keeps giving
Windows Data Protection API (DPAPI) has been around since Windows 2000 and while widely used by developers due to its simplicity and the "blackbox" concept, it's not so well-known among DFIR community. Outlook, Internet Explorer, EFS, Skype… and the list goes on, many of every day's applications and Windows components rely on DPAPI for keeping user secrets safe, however, are they really that safe? This session provides an introduction into DPAPI from a DFIR practitioner's perspective, though red-teamers will also find it interesting. It takes the audience through 3 real-world examples of problems faced on Incident Response engagements, gradually building up knowledge as the stories unravel. At the end you will know how to decrypt DPAPI secrets offline and what has DPAPI in common with staging exfil, mysterious malware payload and RDP replay.
02:45pm - 03:30pm
An Analysis of the DCM Trojan
Matt B
An Analysis of the DCM Trojan - This talk will walk through the technical aspects of a trojan known as DCM or Dark Wraith. It was disclosed by Tencent in April 2016 which caused one of the developers to anonymously come forward shortly thereafter. In addition to technical details, a timeline analysis of approximately 20 samples will be discussed and a tool for bulk analysis - MalData - will be released for beta testing for any interested attendees.
03:30pm - 03:40pm
Coffee Break
03:40pm - 04:55pm
Active Incident Response
Brian Candlish - Chief Security Researcher & Master of the Dark Arts
Christian Teutenberg - Security Researcher & DFIR ninja
04:55pm - 05:00pm
Closing Speech
05:00pm
End of Conference
05:15pm
VIP Party (Dickson's Bar) (For Speaker or By Invited)
Open and Invited discussions/workshops will be arranged during the conference period, interested person should contact the respective coordinators AND get a free ticket from Eventbrite for these open sessions. Please note that you must hold a conference ticket before you should register the open Discussions or Workshop.
Time/Venue |
Topic |
Coordinators |
09:45 am - 10:30 am |
Invited Discussion: East Asian Threat Persona Activity Q1-3 2016 (TLP BLACK, NDA) |
|
10:30 am - 11:15 pm |
Invited Discussion: East Asian Threat Persona Activity Q1-3 2016 (TLP BLACK, NDA) (Cont) |
|
11:15 am - 11:30 am |
Coffee Break | |
11:30 am - 12:15 am |
Open Discussion: Preparing for OSCP without Cyber Range |
|
12:15 am - 13:00 pm |
Open Discussion: Mobile app study on Securities Firms |
|
13:00 pm - 02:00 pm |
Lunch |
We are seeking sponsors for our first event. If you are interested in sponsoring, please contact the following at Dragon Threat Labs.
For the donation, you can donate through the eventbrite donation ticket at here ! For further donation options, please contact the following at Dragon Threat Labs.
|
|||
|
|
|||
|
|||
|
|||
|
|||
(Members of IEEE Hong Kong Section Computer Society Chapter (IEEE CompSoc HK) |
|||
|
|||
|
|||
|
Copyright © 2016 Dragon Threat Labs