Alisa Esage

Topic: Keynote and Browser Exploitation Workshop

Vulnerability Research in the Age of AI

Artificial Intelligence technologies are transforming industries at an unprecedented pace. From Machine Learning, which provides automated training techniques for artificial neural networks as an alternative to traditional Expert Systems, to Deep Learning, which enhances intelligent visual recognition and classification based on complex patterns, and Large Language Models that analyze intricate information and generate human-like responses—the potential of AI is clear. But what does this mean for vulnerability research and exploit development?

This keynote will offer a comprehensive “root cause to big picture” exploration of AI’s role in vulnerability research. By delving into the core workings of AI technologies and integrating this knowledge with advanced low-level hacking skills, we can move beyond the distractions of hype and critically assess the opportunities and challenges that AI presents for practical vulnerability discovery and exploit development. Our discussion will aim to achieve two objectives - first, to identify AI+VR initiatives that are worthy of investment, and second, to formulate a strategy for maintaining relevance in the evolving landscape of low-level hacking.

Bio:

Alisa Esage is a low-level hacker, researcher, and entrepreneur with over a decade of experience in vulnerability research and exploit development within complex software systems, including browsers and hypervisors. She has discovered critical security vulnerabilities across numerous widely-used platforms. In 2021, Alisa made history as the first solo female participant in the Pwn2Own contest, successfully demonstrating a 0-day Virtual Machine Escape exploit. That same year, she founded the Zero Day Engineering project, which provides professional, research-grade training for aspiring vulnerability researchers.

Carl Smith

Topic: Fuzzing for complex bugs across languages in JavaScript Engines

The fuzzing of Wasm is not a new concept. Since Wasm is a binary format, it’s relatively easy to employ a modern binary fuzzer like AFL++ to create modules and subsequently invoke them. However, this approach has limitations. Wasm modules can be utilized in more intricate contexts within web applications, typically collaborating with JavaScript code to accomplish more complex tasks. Linking and combining modules is possible, but it often requires the developer or fuzzer to possess in-depth knowledge of the modules involved.

To address this challenge, we extended Fuzzilli’s intermediate language to include instructions that describe Wasm modules. This allows us to comprehensively track and infer the module and its associated data. By doing so, we open up new possibilities for fuzzing. It becomes feasible to combine JavaScript and Wasm code within a single fuzz test case, enabling cross-language type tracking and inference. These test cases exhibit more intricate behavior and, when combined with Fuzzilli’s templating capabilities, facilitate the generation of complex and compelling test cases. We will look at some advanced browser fuzzing and some of the exciting test cases and bugs this has found in V8.

Bio:

Carl Smith is a Security Engineer on Google’s V8 Security Team. He previously interned at Exodus Intelligence and Google Project Zero. He is interested in fuzzing, compilers and security research. He can be reached on twitter, mastodon and bsky: @cffsmith / cffsmith@infosec.exchange / @rwx.page.

Jay Turla

Topic: Automating & Tooling Your CAN Hacking Tool On a Cheap Car Hacking Adventure

In this talk, we don’t need roads. You can sit tight and you don’t need to fasten your seatbelts because this will be a quick, cheap, practical, and dirty approach to car hacking specifically CAN Bus hacking. Using one component of your car you could just acquire from a junkyard or by any means necessary to start Car Hacking by yourself from fuzzing a simulator to actual hardware with open source tools and hardware. We will also discuss building your lost-cost CAN fuzzer and Metasploit module creation geared towards the hwbridge.

Main topics and points

• Hacking Your Low Cost Hardware
• Playing with nano-can
• Python for Car Hackers
• Introduction to Metasploit’s hwbridge modules
• Creating your own Metasploit module for car hacking
• Using canTot - CAN Bus Hacking Framework

Warning: this talk could produce future car hackers at your nearest Car Hacking Village and bug bashes.

Bio:

Jay Turla is a Principal Security Researcher at VicOne, and one of the goons of ROOTCON. He has presented at international conferences like ROOTCON, HITCON, Nullcon, DEFCON, etc. He used to work for HP Fortify and Bugcrowd in the areas of appsec. His main interest or research right now is about car hacking and is currently one of the main organizers of the Car Hacking Village of ROOTCON / Philippines which is recognized and supported by the Car Hacking Village community. He is also the leader of the hacking team “Peenoise” which is one of the top teams during SPIRITCYBER-24 Hackathon, an IoT / ICS / OT Hacking competition in Singapore.

Moonbeom Park

Topic: Maybe need 1-Day exploits more than it of 0-Day to our business

As you all know well, the market of 0-Day vulnerabilities and exploits is getting growing. However, purchasing 0-Day vulnerabilities and exploits requires complex procedures and a high level of strong trust between the seller and the buyer. So it is very difficult for most companies to use 0-Day vulnerabilities and exploits in their business, and the opportunities to purchase them are also very limited. So in this presentation, I want to talk about the value of undisclosed 1-Day vulnerabilities and exploits as an alternative to 0-Days that are difficult to purchase and use. For example, I will explain how to develop an exploit(PoC) for a 1-Day vulnerability through Microsoft’s regular security update (Patch Tuesday) and how can use such exploits in your business. And I will introduce an attack simulation service using an undisclosed exploit of a 1-Day vulnerability developed in this way.

Bio:

Moonbeom Park, he is former senior researcher of Korean government agency for last 17years and now working at 78ResearchLab, a company specializing in attack technique simulation research as CPO(Chief Product Officer) in Seoul, South Korea, have 17 years of experience in hacking analysis, research on attack vector and tracking hacking source.

He is tracking APT attack groups based on the attack techniques and attack vectors used by specific country based APT attack groups, and researching on specific APT attack group profiling base on attack vectors. And has been presented at conferences such as VXCON, FIRST, HITB, HITCON, TROOPERS, SCSD, etc.

KaiJern Lau

Topic: Redefine Reverse Engineering In Web3

Reverse engineering has long been an established discipline in the computer science realm, with a rich history of exceptional frameworks and tools crafted by some of the most talented individuals in the field. Yet, as we venture into the era of Web3, the foundational technologies of the Ethereum Virtual Machine (EVM) and Web Assembly (WASM) have revealed a stark gap in the utility of existing tools. While current available emulators for EVM and WASM excel for development purposes, they fall short in the realm of reverse engineering, posing a significant challenge and deterring seasoned reverse engineers from entering the Web3 domain. In this presentation, we are excited to unveil a groundbreaking framework designed to transcend these limitations. Our innovative framework is engineered to support an array of virtual machines, seamlessly integrating the robustness of traditional x86 reverse engineering techniques with the dynamic needs of Web3 environments. We will showcase the full potential of this framework, highlighting its versatility and the ways in which it revolutionizes the reverse engineering process for blockchain-based architectures. Furthermore, we will demonstrate a suite of sophisticated tools developed atop this framework. These tools not only facilitate a deeper and more intuitive analysis of smart contracts and decentralized applications but also mark a significant leap forward in bridging the gap between traditional reverse engineering expertise and the burgeoning Web3 landscape. Join us as we embark on a journey to redefine the boundaries of reverse engineering in the age of blockchain, and open up new avenues for innovation and security in Web3.

Bio:

Name: Lau Kai Jern

Title: Founder

Org: Qiling Framework

Email: kj@qiling.io

KaiJern (xwings). Founder of open source reverse engineering project, Qiling Framework (https://qiling.io). His research topic is mainly on developing cutting edge cross platform reverse engineering framework, embedded devices security, blockchain security, and various security topics. He presented his findings in different international security conferences like Blackhat, Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC, Nullcon, etc. He conducted hardware hacking courses in various conferences around the globe. He is also actively involved in Unicorn Engine (https://unicorn-engine.org), Capstone Engine (https://capstone-engine.org), Keystone Engine (https://keystone-engine.org) and hackersbage.com

Thanh Nguyen

Topic: Stopping the New Wave of Mobile Banking Malware infecting users in South East Asia

In recent years, we’ve witnessed a surge in sophisticated mobile banking malware that can bypass eKYC measures, remotely control devices, and ultimately lead to financial loss. This technical presentation will delve into the alarming trend of mobile banking malware gaining remote control over infected devices. We will explore the techniques used to hijack devices, intercept SMS messages, bypass eKYC, and manipulate banking transactions.

Key takeaways:

• Phone hijacking
• eKYC bypassing
• Money stealing
• Mobile banking malware campaigns

For developers, we also provide some guidelines to protect your apps from these malware techniques.

Verichains Booth - FinSec Village

Verichains is committed to empowering banking and fintech organizations with robust, bank-grade security solutions designed for today’s digital challenges. Our flagship product, BShield, is a device-first fraud prevention and risk intelligence solution, essential for securing both retail and internal banking applications. BShield ensures your applications are fortified against sophisticated cyber threats, safeguard your customer’s sensitive data, and maintain full regulatory compliance.

Along with BShield at our booth of FinSec Village, Verichains offers:

• Comprehensive penetration testing and vulnerability assessments
• Mobile application penetration testing for specific use cases of Banking - Finance sector.
• Managed threat detection and response services (24×7 SOC)

Bio:

Thanh Nguyen, founder of GreenNode AI and Verichains, is a distinguished technical fellow with 30 years of experience in large-scale online applications, blockchain technology, firmware, chipsets, and micro-architecture. He previously worked as a Lead CPU Security Architect at Intel Corporation, where he was responsible for the security of Intel’s next-generation technologies, including Atom Mobile & SoC platforms, Core i7 micro-architecture (Nehalem, Ivybridge, Haswell), Larrabee GPGPU for HPC, … Thanh has spoken at global security events and contributed to renowned publications, including Phrack Magazine, BlackHat USA, Hack In The Box, and others. He has also served on review boards for leading events, such as the HITB Security Conference, Qihoo 360 World CTF, Syscan, and Defcon AI Village. Thanh formerly led the Capture The Flag (CTF) team CLGT and helped organize Asia’s first CTF events for HITB Security Conference starting in 2006.

Khoa Nguyen

Topic: Stopping the New Wave of Mobile Banking Malware infecting users in South East Asia

.

Bio:

Khoa Nguyen serves as a Security Engineer at Verichains, where he specializes in devising robust solutions for system security. His proficiency spans across diverse technologies, encompassing mobile, web, smart card, NFC, and blockchain. Khoa is a pivotal contributor to the team responsible for the creation of BShield, an advanced mobile application security solution. He and his team contributed significantly to the discovery of the TSSHOCK attacks, which gained attention upon disclosure at Black Hat USA 2023 and Hack In The Box Phuket 2023.

VictorV

Topic: Unveiling the Cracks in Virtualization, Mastering the Host System-VMware Workstation Escape

VMware Workstation is used by software developers and network security practitioners. Users can run dangerous programs in it without affecting the host system. However, if these programs can escape, the host system is no longer safe. If APT attack organizations exploit these vulnerabilities to attack these practitioners, it would be a disaster.

Attacks on virtualization often involve virtualization devices. In past public competitions for virtualization escapes, vulnerabilities in devices such as graphics cards, network cards, USB controllers, and Backdoor have been used. In recent years, multiple security vulnerabilities have appeared in USB devices in escape exploits.

In this talk, I will introduce several security vulnerabilities that have appeared in the USB1.1 controller, including those used by the Fluoroacetate team in Pwn2Own 2019, those I used in TianfuCup 2021, and those I used in TianfuCup 2023. Based on the vulnerabilities in TianfuCup 2023, I will describe my complete exploitation process, how I leaked information, how I read and wrote arbitrarily, and how I bypassed Windows’ protection mechanisms

Bio:

VictorV is the Senior Cybersecurity Engineer at Cyber Kunlun Lab. He was awarded Master of Pwn at Pwn2Own in 2017, “The Most Outstanding Technical Achievement Award” at TianfuCup in 2018, “The Best Innovation Breakthrough Award” at TianfuCup in 2023, VMware Escape at TianfuCup in 2018, 2021 and 2023, Hyper-V Escape in 2021, Top2 of MSRC leaderboard for Q3/Q4/2024 Q1/Annual, and he was a speaker at BlackHatAsia 2024/Zer0Con2022/HITB.

Dennis Kim

Topic: Smishing and social engineering hacking in the blockchain market

.

Bio:

.

Vitaly Kamluk

Topic: Malware trends then and now

This talk covers a sensitive topic of malware trends prediction. Predictions are always a slippery path, because making a wrong prediction casts a fear-mongering shadow on the expert. Tapping to 20 years of personal experience in malware and threat intelligence research, the speaker will revisit some of the important predictions made more than 15 years ago and reveal how they unrolled to date and what to expect in the future. This will be an honest reflection of a security researcher.

Bio:

Vitaly Kamluk is a principal security researcher with 20 years of experience in cybersecurity industry. He is based in Singapore and has lead a cyber threat intelligence team in Asia-Pacific region focusing on APT investigations in the past 10 years. He is passionate about reverse engineering, malware analysis, computer forensics and cybercrime investigations. In 2014-2017 Vitaly was attached as an expert at INTERPOL Digital Forensics Lab. He participates in mentorship initiatives in Singapore, an active member of Black Hat Asia conference review board. Over the years, he presented at many international security conferences including BlackHat, Defcon, Hitcon, BSides LasVegas, Ruxcon, SINCON, FIRST,and many others as well as numerous invite-only cybersecurity events such as Botnet Task Force, Digital Crime Consortium, Security Analyst Summit, Underground Economy, and others.

Emil Tan

Topic: Panel Discussion

.

Bio:

Emil Tan is currently serving the role of Cyber Strategist and Market Lead in Critical Infrastructure at Booz Allen Hamilton. He is also the Chief Community Officer (CCO) at Red Alpha Cybersecurity, a leading cybersecurity talent development company, and the Chair of the CREST Asia Council.

With over 10 years of experience in the cybersecurity industry, Emil has expertise across various cybersecurity trades, including R&D, cybersecurity operations, governance, policy and regulations, consultancy, and ecosystem development.

Emil is an active contributor to the cybersecurity ecosystem in Singapore. He plays an active role in catalysing cybersecurity conversations and thought leadership both locally and internationally. He founded Division Zero (Div0), Singapore’s largest techno-centric cybersecurity community group, and Infosec In the City, SINCON, Singapore’s international techno-centric cybersecurity conference.

He also leads The Honeynet Project, Singapore Chapter, a non-profit cybersecurity R&D institution, and serves on the Executive Committees of the Singapore Computer Society (SCS) Cybersecurity Chapter and the Association of Information Security Professionals (AiSP).

In recognition of his significant contributions, Emil was awarded the inaugural Cybersecurity Awards (Professional Category) in 2018 by the Cyber Security Agency of Singapore (CSA) and received a Special Recognition Award in 2023 from the Ministry of Communications and Information (MCI). He was also listed amongst Tatler’s 2024 Gen.T Leaders of Tomorrow.

Boris So

Topic: Panel Discussion

.

Bio:

.