Saturday, 10 December 2016 from 09:00 to 17:00 (HKT)
Causeway Bay, Hong Kong SAR China


Video Live Streaming

For the first time, Hong Kong’s premier security research group Dragon Threat Labs is hosting DragonCon, possibly the most technically-intensive security conference borne out of Hong Kong.

In keeping with Hong Kong’s fine reputation as the cyberpunk sprawl giving birth to such engineering marvels as Lik-Sang and where movies and games like Blackhat, Sleeping Dogs and Ghost in the Shell take place, DragonCon’s first conference has IoT as its theme. Now at this East meets West place, at this age of Cyber meets Physical, the 1st DragonCon is set to present topics guaranteed to scare and inspire.

Come join us, make Hong Kong great again!

Call For Paper is CLOSED

DragonCon invites proposals for half- or full-day workshops to be held on December 10, 2016. Workshops are expected to focus on IoT and Hardware Hacking, Hardware Forensics and Hardware Attacks Illustrations. 

Speaker perks:
1. Complimentary ticket to the conference
2. Invitation to the VIP party
3. (No remuneration and travel allowance for local speakers)

Call For Workshop is CLOSED

Brian Candlish
Chief Security Researcher & Master of the Dark Arts

Brian is a Chief Security Researcher for Australia's largest telecommunications company, who spends his days and nights making the internet a safer place. His interests in information security include attack and detection techniques, intelligence and "active defence". He enjoys hunting adversaries on large corporate networks.

Christian Teutenberg
Security Researcher & DFIR Ninja

Christian is a Senior Security Specialist for Australia's largest telecommunications provider. He specialises in hunting for evidence of breach with endpoint, network and log data. He has over a decade of experience in information security, with a background focusing on intrusion detection, incident response and computer forensics for the enterprise.

Albert Hui
Security Ronin

Albert Hui is a security expert with over twenty years of experience in the industry. Having spent years breaking and protecting IT systems for investment banks, government and national critical infrastructures, he is most adept in securing sensitive mission-critical systems. As a testament to his versatility and ability to present technical risks in business terms, he has served in a technical advisory capacity at the group level during the RBS-ABN AMRO merger, as well as managed Asia-Pacific cyber threat response at Morgan Stanley.

Chen-yu Dai (GD)
CTO at Team T5 Research

Chen-yu Dai (GD) is CTO at Team T5 Research, providing Digital Forensics & Incident Response services, developing Threat Intelligence Program and Platforms, consulting enterprise cyber defenses. He is studying at the graduate school of Department of Information Management in the National Taiwan University of Science and Technology. He also volunteered as deputy coordinator of HITCON, the largest hacker community and security conference in Taiwan. He has received many prizes from domestic and international CTFs, as well as bug bounty programs.

Tony Miu (MT)

Tony Miu has over 12 years of experience in the IT industry and now he is a security researcher specializing in the IT security in Nexusguard. He delivery his experience and innovation to carry out industrial and academic research. His current research interests include network security, IoT security, data mining and data analytics. He has presented papers in DEFCON, Black Hat, HTCIA, AVTOKYO and PacSec.


Matt B

Matt is a malware researcher with an interest in malware used to target civil society. In addition to private malware research, he has experience in intelligence and incident response in the US government and private sectors.

Bart Inglot

Bart is an Incident Response and Forensics Specialist in MANDIANT's Security Consulting Services team helping clients restore confidence in an event of a breach. He holds a degree in Computer Forensics, is a keen developer, enjoys inspecting network traffic and specialises in Windows forensics with fascination in volatile memory.

Having worked on Incident Response engagements around the world, Bart routinely develops new tools and ideas to solve on-the-job problems and to ensure Mandiant remains an industry leader. Some of these developments led to Bart's contributions to the Volatility project.

After spending 8 years in England, Bart recently relocated to APJ region as he believes it's still the most fascinating, culturally diverse, and opportunistic region in the world. The relative immaturity in Cyber Security in most countries, but also the "hunger to learn" that most businesses and government organizations display, offer a significant growth opportunity.

Karsten Nohl
Founder and Research Director, Security Research Labs

Karsten Nohl has spoken widely on security gaps since 2006. He and co-investigators have uncovered flaws in mobile communication, payment, and other widely-used infrastructures. In his work as CISO at an Asian 4G and digital services provider, and as Chief Scientist at Security Research Labs in Berlin, a risk management think tank specializing in emerging IT threats, Karsten challenges security assumptions in proprietary systems and is fascinated by the security-innovation trade-off. Hailing from the Rhineland, he studied electrical engineering in Heidelberg and earned a doctorate in 2008 from the University of Virginia.

Jeremy Brown

Jeremy is an security professional largely focused on application security along with vulnerability research and development. He has gained extensive software security experience working at large software and service companies for several years as well as publishing many projects in the security community. He has taken the opportunity to work in various areas including exploit mitigations, scalable fuzzing and web security. He has the understanding and proven execution for how to scale security across organizations, providing comprehensive coverage for critical assets, reduction of attack surfaces and automating security at all stages in the development lifecycle. Also, he enjoys writing and performing nerdcore at times under the NYAN brand.

Program Schedule

Saturday, 10 December 2016 from 09:00 to 17:00 (HKT)

08:45am - 09:10am

Registration - Opens at reception

09:10am - 09:15am

Welcome Speech

09:15am - 09:45am

Cyber-Physical Security: the Age of Convergence

Albert Hui - The Security Ronin

09:45am - 10:30am

Elucidating IoT botnet

Tony Miu - MT

The sharing focuses on the IoT hacking methodology, attack code analysis, vulnerabilities of target devices. Last but not least, the impact will be shared including the estimated attack fire, existing Botnet sources and potential hackable devices.

10:30am - 11:15pm

How much security is too much?

Karsten Nohl - Founder and Director of Research at Security Research Labs

Based on one decade of impactful security research and several years as a risk manager, Karsten Nohl reflects upon what he would have done differently in pushing a data security agenda.

Our community is convinced that stellar IT security is paramount for companies large and small: We need security for system availability, for brand reputation, to prevent fraud, and to keep data private. But is more security always better?

Poorly chosen protection measures can have large externalities on the productivity, innovation capacity, and even happiness of organizations. Can too much security be worse than too little security?

This talk investigates the trade-off between security and innovation along several examples of current security research. It finds that some hacking research is counter-productive in bringing the most security to most people, by spreading fear too widely.

11:15am - 11:30am

Coffee Break

11:30am - 12:15pm

Provoking Windows

Jeremy Brown

Attack surface on Windows is vast and full of opportunities. It has been explored upside down and inside out, although there's always room for other ways to look at it. In this talk, I'll be discussing how to discover attack surface by poking the OS in various ways to reveal interfaces and opportunities often otherwise found by either luck or winning a timing race. Starting a discussion on these components will shake out new bugs or design subtleties as they may have yet to be audited in depth. We'll walk through tooling for both the offensive and defensive angles. I'll be looking at the latest version of Windows 10 and also Server. If you're interested in finding vulnerabilities in the most prevalent platform on earth, or a developer with the urge to know more about application security, this talk is for you and will probably give you some new ideas.

12:15pm - 13:00pm

BLE authentication design challenges on smartphone controlled IoT devices: analyzing Gogoro Smart Scooter

Chen-yu Dai [GD] - CTO at Team T5 Research

Smartphones are commonly used as the controller and Internet gateway for BLE-enabled IoT devices. Designing a strong authentication protocol between them is the key part of IoT security. However mobile app design has many challenges such as limited input & output interfaces as well as user privacy protection features. Due to these restrictions, many vendors has given-up BLE's build-in security manager protocol and choose to build their own authentication protocols.

This study focused on a generalized method to analyze these BLE authentication protocols, discovering and solving challenges mentioned above. We applied this method on commercial products, including popular Gogoro Smart Scooter from Taiwan. We will demo under some certain circumstances it is possible to dump key used to unlock your GogoroScooter and send fake BLE authentication protocol packets to steal the scooter.

13:00pm - 02:00pm

Lunch Break

02:00pm - 02:45pm

The blackbox of DPAPI: the gift that keeps giving

Bart Inglot

Windows Data Protection API (DPAPI) has been around since Windows 2000 and while widely used by developers due to its simplicity and the "blackbox" concept, it's not so well-known among DFIR community. Outlook, Internet Explorer, EFS, Skype… and the list goes on, many of every day's applications and Windows components rely on DPAPI for keeping user secrets safe, however, are they really that safe? This session provides an introduction into DPAPI from a DFIR practitioner's perspective, though red-teamers will also find it interesting. It takes the audience through 3 real-world examples of problems faced on Incident Response engagements, gradually building up knowledge as the stories unravel. At the end you will know how to decrypt DPAPI secrets offline and what has DPAPI in common with staging exfil, mysterious malware payload and RDP replay.

02:45pm - 03:30pm

An Analysis of the DCM Trojan

Matt B

An Analysis of the DCM Trojan - This talk will walk through the technical aspects of a trojan known as DCM or Dark Wraith. It was disclosed by Tencent in April 2016 which caused one of the developers to anonymously come forward shortly thereafter. In addition to technical details, a timeline analysis of approximately 20 samples will be discussed and a tool for bulk analysis - MalData - will be released for beta testing for any interested attendees.

03:30pm - 03:40pm

Coffee Break

03:40pm - 04:55pm

Active Incident Response

Brian Candlish - Chief Security Researcher & Master of the Dark Arts
Christian Teutenberg - Security Researcher & DFIR ninja

04:55pm - 05:00pm

Closing Speech


End of Conference


VIP Party (Dickson's Bar) (For Speaker or By Invited)


Open and Invited discussions/workshops will be arranged during the conference period, interested person should contact the respective coordinators AND get a free ticket from Eventbrite for these open sessions. Please note that you must hold a conference ticket before you should register the open Discussions or Workshop.




09:45 am - 10:30 am

Invited Discussion: East Asian Threat Persona Activity Q1-3 2016 (TLP BLACK, NDA)

Dan Kelly

10:30 am - 11:15 pm

Invited Discussion: East Asian Threat Persona Activity Q1-3 2016 (TLP BLACK, NDA) (Cont)


11:15 am - 11:30 am

Coffee Break  

11:30 am - 12:15 am

Open Discussion: Preparing for OSCP without Cyber Range

Frank Ng

12:15 am - 13:00 pm

Open Discussion: Mobile app study on Securities Firms

Frankie Wong

13:00 pm - 02:00 pm



We are seeking sponsors for our first event. If you are interested in sponsoring, please contact the following at Dragon Threat Labs.

For the donation, you can donate through the eventbrite donation ticket at here ! For further donation options, please contact the following at Dragon Threat Labs.

Media and Public Inquiries

Please contact Frank Ng <frank@dragonthreatlabs.com>.





Supporting Organizations

         Cyber Security and Privacy Laboratory (CSPL)
Department of Computing
Hong Kong Polytechnic University
         Cyber Security Lab
Department of Computer Science
Hong Kong University
         Cybersecurity Lab
Department of Computer Science and Engineering
Hong Kong University of Science and Technology
         IEEE Hong Kong Section
Computer Society Chapter

(Members of IEEE Hong Kong Section Computer Society Chapter (IEEE CompSoc HK)
who purchased a public ticket may be eligible for a HKD200 reimbursement from IEEE CompSoc HK,
for details please see here.)

         Internet Society Hong Kong
         Valkyrie-X Security Research Group (VXRL)
         Information Security and Forensics Society

Copyright © 2016 Dragon Threat Labs