hitcon2013 overview

HITCON 2013Overview

Spin Lai

2013年8月30日星期五

HITCON


‣ CHROOT‣ IRC ‣ Wall of Sheep‣ Wargame


Wall of Sheep


Source : http://dougsdevotions.com/2013/07/who-is-going-after-the-lost-sheep-vol-52/


http://www.restkultur.net/gray-wolves-norway.html


Source : http://www.restkultur.net/gray-wolves-norway.html




‣ July 19 ~ July 20‣ 3 tracks‣ 36 speakers‣ 14 countries


Highlights


‣ Cyberwars‣ APT‣ Vulnerability & Exploit‣ Mobile


Cyberwars


People’s Republic of Cyber Warfare :Comparing China, Iran & Russia Militarization of

Cyberspace

駭客人民共和國 : 中國伊朗跟俄羅斯網軍的分析與比較


Global Cyber Espionage and Chinese Hacker Threats, Internet Surveillance and PRISM

全球間諜 : 互聯網監控全球趨勢, 稜鏡門與中國駭客威脅論


Edward Snowden


How South Korea Makes White-hat Hackers 2013 edition

南韓如何培養白帽駭客?


‣ Government‣ Industry‣ The Community

Motivation


• North Korea

• Need good hackers

• Support the community (secret)

• Push industry

Government


• Money talks

• Cyber attacks is real

• Strict law

• Result in over 200 security companies

Industry


• Hacking competitions from 1999

• Passionated on Defcon CTF

• Inspired by world class hackers

• Try to make something themselves

The community


‣ The Community‣ Industry‣ Academy‣ Government

Actions


• Over 10 hacking contests/conferences per year

• http://hackerschool.org

• KOSEC (Korea Security)

• Nurturing for next generation

The community


• Support conferences and hacker’s activity

• Give back to the community

• Work for security company instead of military service

Industry


• Universities have infosec related majors

• Universities have MOU with Cyber command

• Full scholarship for cyber warfare students

• Go to Army after graduation (for 5 years)

Academy


• Eager to hire skilled hackers

• KISA (Korea Internet & Security Agency)

• NCSC (National Cyber Security Center)

• Cyber command

• BoB (Best of the Best)

Government


APT


Advanced Persistent Threat


‣ Targeted‣ Long-term‣ Planned‣ Organized

APT


‣ Dark Seoul (2013/03/20)‣ Sony PSN (2011/04)‣ RSA (2011/03/17)‣ Google (2010/01/12)

Case study


Dark Seoul (2013/03/20)


Sony PSN (2011/04)


RSA (2011/03/17)


Google (2010/01/12)


APT Defense From the View of Security Architecture

從系統設計建置面談 APT 防禦


Visual Data Analytics - Graphing your indicators

APT 特徵的視覺資料分析法


‣ Huge amount of data‣ The old way‣ Data visualization

Overview


• Domains

• IP addresses

• Malware strings

• Assembly codes

• Net flows ...

Huge amount of data


The old way


Data visualization


Digital Eagle Eye System : Use Cyber Intelligence against APT Attacks

數位鷹眼系統 : 以網路數位情資對抗 APT 攻擊


APT Cyber Shuttle : From Automated Analysis to TTP Observation

APT 網際飛梭 : 從自動化分析到拆解 APT 後台駭客活動


APT1 : Technical Backstage

APT1 : 反攻網軍後台


Light & Shadow about Banking Security@Japan

光與影 : 日本銀行業的資訊安全


‣ Net-banking security practices‣ Business strategies‣ The result of a Power Balance‣ Study and solutions

Overview


• Screen keyboards

• Eliminating popup windows

• Password Reminder

• One Time Password (Bingo Card)

• One Time Password (Send by e-mail)

Net-banking security practices


• Net-banking service enabled by default

• Prefer to do what others are doing

• Customer expectation

Business strategies


• Money talks

• Banks became customer of ‘self-consequence’

• Systems Integrators become ‘ingratiating’

• Solutions for delighting banks

• No risk analysis !

The result of a Power Balance


• Convenience is the enemy of security

• Less differentiation, less confusion

• Enable the service when needed

• Use credit card instead of wire transfer

Study and solutions


Vulnerability&

Exploit


Life of Coder: The adventure through the landscape of bugs

程序員的蟲洞漂流


Killing AV in x64

戳戳防毒軟體死穴


0-Day Easy Talk - Happy Fuzzing Internet Explorer

0-Day 輕鬆談 - Happy Fuzzing Internet Explorer


How Can I Have 100 0-day for Just 1 Day

超級秘訣 - 一天擁有100個0-day


‣ Fuzzy testing‣ Why ActiveX?‣ Steps

Overview


• Black-box testing

• Random (Malformed) input data

• Monitoring the exceptions

• Find a exploitable vulnerability

Fuzzy testing


• Each module’s size is small

• Easy to collect ActiveX

• So many vulnerabilities existed

• Damage is huge

Why ActiveX?


Steps


Exploting JRE

JRE安全机制与漏洞挖掘研究


Mobile


Review of Security Vulnerabilities on the Android Platform

Android 平台安全性漏洞回顧


Escaping Android Dynamic Analysis; Chinese New Year Train Ticket Ordering Day

逃離安卓動態檢測 & 訂票助手一日談


Android Hooking Attack


GSM Security Research using Open Soruce Tools

以開源軟體進行GSM安全研究


Others


Breaking image CAPTCHA for fun

CAPTCHA 好好玩


‣ Bypass‣ Skill‣ Brute force

CAPTCHA Breaking


• Alternative form

Bypass


• OCR

• Statistic

• Curve-fitting (FFT)

• Analytic

Skill


• Database matching

• Effective brute force

Brute force


‣ FFT‣ Histogram‣ Longest path finding

And more ...


Browser and Local Zone

瀏覽器與本地域


‣ What is zone?‣ Zones in IE‣ Attack types

Overview


• Data separation

• Privilege separation

What is zone?


• Internet

• Local Intranet

• Trusted Sites

• Restricted sites

• Local Computer (hidden)

Zone in IE


• Probe local path/file from the Internet Zone

• Access local file from the Internet Zone

• Access local file from the Local Computer Zone

Attack types


Conclusion


‣ Government‣ Organization‣ Developer‣ User

What should we do?


Don't be an ostrich


hitcon2013 overview

Technology

apt cyber shuttle

apt attacks

security company

enemy of security

apt defense

indicators apt

security companies industry

cyber command