Announcement

VXCON 2024

We are glad to announce VXCON 2024 is coming up from 15-17 Nov,2024.

This year we have invited some prominent speakers and researchers from all over the world.
They are also frequent speakers in various global hacker conferences including BlackHat, DEFCON, etc.
VXCON focuses on offensive security, threat and exploitation.

Kicking off on 15th Nov 24, there will be a pre-conference workshop Exploiting Browser JavaScript Engines by Alisa Esage.
Followed by the main conference on 16th Nov 24 from 10am to 5pm.
After that, 17th Nov 24 is the VXCON Village which features some hands-on tasks, hardware and demos, as well as a workshop on taking you on a car hacking adventure by Jay Turla.

Enjoy the early bird discount on or before 16th Oct 24.
Your support is very important to us.

*Please note that while refunds are allowed, requests made without valid reasons may lead to restrictions on future event participation. We kindly ask that you carefully consider your purchase before proceeding.

VXCON


VXCON

VXCON, the 10th Anniversary, we are glad to invite a few prominent speakers and researchers all over the world. They are frequent speakers of Blackhat, DEF CON, HITCON and in various global hacker and security conference. Meanwhile, some are very good at Malware Analysis, CTF and Exploitation and Hardware. We focus on offensive security, threat and exploitation. Please enjoy and join us.

Past events

VXCON 2022
VXCON 2020-21
VXCON 2019
VXCON 2018
VXCON 2017


Speakers

Alisa Esage

Alisa Esage

Zero Day Engineering
Keynote and Browser Exploitation Workshop
Carl Smith

Carl Smith

Google v8
Fuzzing for complex bugs across languages in JavaScript Engines
Jay Turla

Jay Turla

Automating & Tooling Your CAN Hacking Tool On a Cheap Car Hacking Adventure
Moonbeom Park

Moonbeom Park

Maybe need 1-Day exploits more than it of 0-Day to our business
KaiJern Lau

KaiJern Lau

Certik
Redefine Reverse Engineering In Web3
Thanh Nguyen

Thanh Nguyen

Verichains
Stopping the New Wave of Mobile Banking Malware infecting users in South East Asia
Khoa Nguyen

Khoa Nguyen

Verichains
Stopping the New Wave of Mobile Banking Malware infecting users in South East Asia
VictorV

VictorV

Kun Lun
Unveiling the Cracks in Virtualization, Mastering the Host System-VMware Workstation Escape
Dennis Kim

Dennis Kim

BetaLabs CEO
Smishing and social engineering hacking in the blockchain market
Vitaly Kamluk

Vitaly Kamluk

Titanhex
Malware trends then and now
Emil Tan

Emil Tan

Panel Discussion
Boris So

Boris So

Panel Discussion

Workshop Schedule

Alisa Esage

Exploiting Browser JavaScript Engines: Zero to Hero (with Google v8) - 15 Nov 2024 (WeWork CityPlaza 21/F)
In this workshop, we will explore the v8 CVE-2022-4262 vulnerability as a case study to guide participants through a comprehensive workflow of attacking a JavaScript engine. We’ll cover everything from setting up the research platform and analyzing the security patch to conducting a root cause analysis of the bug and developing an exploit. The complexity of this vulnerability and its exploitation technique ensures a rich learning experience, moving beyond superficial understanding associated with more common bugs.

While this workshop will be challenging, participants with prior experience in exploit development and/or JavaScript engines will find it particularly rewarding. Due to time constraints, our focus will be on analytical examinations and guided walkthroughs rather than hands-on coding, making it accessible for beginners willing to embrace some intellectual rigor. Join us for a deep dive into the intricacies of JavaScript engine exploitation!

*approx. 2 hours

Jay Turla

Automating & Tooling Your CAN Hacking Tool On a Cheap Car Hacking Adventure - 17 Nov 2024 (JobsDB by SEEK)
In this talk, we don't need roads. You can sit tight and you don't need to fasten your seatbelts because this will be a quick, cheap, practical, and dirty approach to car hacking specifically CAN Bus hacking. Using one component of your car you could just acquire from a junkyard or by any means necessary to start Car Hacking by yourself from fuzzing a simulator to actual hardware with open source tools and hardware. We will also discuss building your lost-cost CAN fuzzer and Metasploit module creation geared towards the hwbridge.

Main topics and points:
- Hacking Your Low Cost Hardware
- Playing with nano-can
- Python for Car Hackers
- Introduction to Metasploit's hwbridge modules
- Creating your own Metasploit module for car hacking
- Using canTot - CAN Bus Hacking Framework

Warning: this talk could produce future car hackers at your nearest Car Hacking Village and bug bashes.
For workshop, please contact darkfloyd[at]vxrl.org for details

Agenda

Conference: 16-Nov 2024 (Venue: The Wave)
Time Topic Speaker
09:00 - 09:50 Registration
09:50 - 10:00 Welcome
10:00 - 10:45 Stopping the New Wave of Mobile Banking Malware infecting users in South East Asia Thanh Nguyen (Verichains) / Khoa Nguyen (Verichains)
10:45 - 11:30 Redefine Reverse Engineering In Web3 KaiJern Lau (Certik)
Break
11:40 - 12:00 Smishing and Social Engineering Hacking in the Blockchain Market Dennis Kim (BetaLabs CEO)
12:00 - 12:45 Malware Trends Then and Now Vitaly Kamluk (Titanhex)
Lunch
13:45 - 14:30 Fuzzing for Complex Bugs Across Languages in JavaScript Engines Carl Smith (Google v8)
14:30 - 15:15 Automating & Tooling Your CAN Hacking Tool on a Cheap Car Hacking Adventure Jay Turla
Break
15:30 - 16:15 Unveiling the Cracks in Virtualization, Mastering the Host System-VMware Workstation Escape VictorV (Kun Lun)
16:15 - 17:00 Maybe Need 1-Day Exploits More Than 0-Day for Our Business Moonbeom Park
17:00 - 17:45 Future Hacking - Objectives: Past, Present, and Future Trends in Hacking;
AI's Impact; Supply Chain Exploits (case on XZ backdoor)
Panel (Emil Tan, Zetta, Boris, Carl Smith)
17:45 - 18:15 Keynote Alisa Esage
18:15 Closing and Head to Dinner
Village: 17-Nov 2024 10:00-18:00 (Venue: JobsDB by SEEK)
Verichains - Web3 Village All day
Byron - Red and Blue Team Challenge
Captain - Drone Hacking/Village (TBC)
Jay Turla - Car Hacking, CAN Bus Sniffing
  • 10:00 - 11:00: Village
  • 11:30 - 12:30: Village
  • Lunch Break
  • 14:00 - 16:00: Workshop
  • 16:30 - 17:30: Village
Darkfloyd - Game Hacking Village
  • 16:30 - 17:30
  • Introduction to Cheat Engine
  • Hack Dragon Ball with Cheat Engine
  • Arcade game board and hacking techniques
Dennis - RFID Village
  • All day
  • Setup RFID Booth
  • 2x pm3, 2x ultra, 2x f0
  • RFID hacking exercise with pm3 and flipper zero
Anthony - Arcade Game Hacking Exposed

Get your tickets - Purchase here

Organizer


Sponsors

Please contact info[at]vxcon.hk for arrangement


Supporting Organisations, CON and Friends


Workshop Location - 15-Nov-2024

Wework

Wework, 21/F, Cityplaza Three, 14 Taikoo Wan Road, Taikoo, Hong Kong

Main Conference Location - 16-Nov-2024

The Wave

The Wave, 9/F, 4 Hing Yip St, Kwun Tong, Hong Kong

Village Location - 17-Nov-2024

JobsDB by SEEK

37/F, PCCW Tower, Taikoo Place, 979 King’s Road, Quarry Bay, Hong Kong