Announcement

VXCON 2018
Main Conference: 21-April-2018 (Saturday)
Village: 22-April-2018 (Sunday)
Workshops: 19-20 April-2018, 23-25 April-2018

CPE
Participants of the VXCON main conference are eligible to earn 6 hours of CPE

CTF
We are very pleased to announce that VXCON 2018 will host the VXCTF capture the flag contest. Tertiary institute students in Hong Kong are invited to compete in this exciting and fast-paced competition to exercise different skillsets in Information Security and Computer Science.
Details can be found here.
Please register at https://ctf.vxcon.hk for online CTF
*Although WiFi is available in the venue, it is recommended to use your own network for CTF.

CPE
Please send an email to info[at]vxcon.hk for CPE,
with your Ticket Order ID, Full name and ISC2 member ID, we will send you the proof for CPE hours


VXCON

VXCON, we are glad to invite a few prominent speakers and researchers all over the world. They are frequent speakers of Blackhat, DEF CON, HITCON and in various global hacker and security conference. Meanwhile, some are very good at Malware Analysis, CTF and Exploitation and Hardware. We focus on offensive security, threat and exploitation. Please enjoy and join us.

Interviewed by Hitachi - Hisys Journal


CTF

We are very pleased to announce that VXCON 2018 will host the VXCTF capture the flag contest on 21-22 April, 2018. Tertiary institute students in Hong Kong are invited to compete in this exciting and fast-paced competition to exercise different skillsets in Information Security and Computer Science.

The contest will follow the Jeopardy style. Participants will compete in a 30 hours non-stop competition consists of a series of challenges that vary in their degree of difficulty, and that require participants to exercise different skillsets to solve. The challenges cover a wide range of Information Security topics including web, cryptography, reverse engineering, forensic, binary exploitation, smart contract, etc. It aims at providing a venue for interested local STEM students to exercise their Information Security skills and promote the practice of ethical hacking among Hong Kong students.

ctf

The game is hosted on-site and online. You must be competing on-site if you want to be eligible for the prizes. All on-site participants will receive free entrance ticket to the main conference of VXCON 2018.

On-site
Day 1:
21 April 10:00 AM - 5:00 PM
8/F, The Wave, 4 Hing Yip Street, Kwun Tong, Hong Kong

Day 2:
22 April 10:00 AM - 4:00 PM
The Hong Kong Polytechnic University. Venue to be announced.

*Although WiFi is available in the venue, it is recommended to use your own network for CTF

Online
21 April 10:00 AM - 22 April 4:00 PM, 2018 (GMT+8, 30 hours). Details to be announced.

Eligibility
Tertiary institute students (excluding post-graduate) in Hong Kong. Maximum of 15 3-member teams for on-site competition.

Prize (On-site Only)
Champion: $16,384 HKD
1st runner-up: $8,192 HKD
2nd runner-up: $1,024 HKD

Onsite teams
Team nameInstitute
CatPawnCity University of Hong Kong
LMDThe Chinese University of Hong Kong
saltyFishThe Chinese University of Hong Kong
Yet another CTF teamThe Hong Kong University of Science and Technology
BlackTRHong Kong Institute of Vocational Education
g33zThe Chinese University of Hong Kong
hkno.itHong Kong Institute of Vocational Education
Team nameThe Chinese University of Hong Kong
ethical_CrackersThe Hong Kong University of Science and Technology
cloverThe Hong Kong University of Science and Technology
thestrangerThe Hong Kong University of Science and Technology
Online team registration will be open before the competition.
Please register at https://ctf.vxcon.hk

CTF Main Sponsor & Prize Sponsor
UDomain Web Hosting Limited

Agenda

Main Conference: 21-Apr 2018 09:00-18:00 (Venue: The Wave)
09:00 - 09:30Registration
09:30 - 09:45OpeningCTF Registration and Briefing
09:45 - 10:00Keynote: The New Era of Hacking and Defence - Daniel Ho (SingTel)
10:00 - 10:45The State of AI-assisted Fuzzing & Program Analysis - Clarence Chio
10:45 - 11:30Software Packer Implement - Ma Sheng Hao
11:30 - 11:45break
11:45 - 12:30The mystery of Bug Bounty hunting - Filedescriptor
12:30 - 14:00Lunch
14:00 - 14:30Poking IoT Botnets With a Honeypot - Tan Kean Siong
14:30 - 15:15Connecting Dark Web and Surface Web: Korean Cyber Underground - Sunghee Lim / Taejin Jang / Nikolay Akatyev
15:15 - 15:30break
15:30 - 16:15SDR - Pseudo-Doppler Redux - Mike Ossmann
16:15 - 16:30Secret Track Briefing - Moonbeom Park
16:30 - 17:00Fuzzing Javascript Engines - Reum / Singi
17:00 - 17:30Dive into PMU - Kelvin Chan
17:30 - 17:35Closing and Village Announcement
Village: 22-Apr 2018 10:00-18:00 (Venue: PolyU)
TimeRm N102 - Rm N103Rm N101
10:00CTFVillageSecret Track
10:30 CTF Village / Workshop:
Mike Ossmann - SDR demo
Captain - SMD soldering and ESP
Clarence - The State of AI-assisted Fuzzing & Program Analysis
Moonbeom and Anthony - Secret Track
12:30 - 14:00Lunch
14:00 - 16:00CTF Village / Workshop Cont'd 14:30 - 15:30
Wi-Fi dashboard camera vulnerability analysis using threat modeling
(Hong-Kyo Kim / Jae Yun Kim)
16:00End of CTF 16:00 - 16:30
PwC: Red Team Sharing
16:00 - 16:45CTF Interview
17:00CTF Result Announcement

Pre Conference Workshop: 19-20 Apr 2018 09:30-18:00 (Venue: PolyU)
Angelboy - Advanced Binary Exploitation
Day 1 - Day 2: HKD$8000
Day 1
09:30 - 18:00
Day 2
09:30 - 18:00
Post Conference Workshop: 23-25 Apr 2018 10:00-18:00 (Venue: PolyU)
CK Chen
Day 1 - Day 2: HKD$6000
Day 3: HKD$4000
Day 1 - Symbolic Execution and Bug Hunting
10:00 – 10:20Environment Setting
10:20 - 11:20Introduction to Symbolic Execution
11:30 – 12:00 Introduction to Z3 SMT, Part 1
12:00 – 13:30Lunch
13:30 – 13:50Introduction to Z3 SMT, Part 2
14:00 – 14:50Binary Instrument with Pin
15:00 – 15:50Triton: The Concolic Execution Engine(1)
16:00 - 17:00Triton: The Concolic Execution Engine(2)
Day 2 - Symbolic Execution and Bug Hunting
10:00 – 12:00Angr: Symbolic Execution Binary Analysis(1)
12:00 - 13:30Lunch
13:30 - 14:50Angr: Symbolic Execution Binary Analysis(2)
15:00 - 17:00Automatic Exploit Generation
Day 3 - VMI Sandbox Implementation and Application
1. Fundamental Concept
2. QEMU Internal
3. MBA, The VMI Sandbox
4. Program Analysis
4.1. Intruction Trace
4.2. Function Hook
4.3. System Call Trace
4.4. Taint Tracking
5. System Forensics
5.1. File System Forensic
5.2. Registry Forensic
5.3. Memory Forensic
5.4. Network Forensic
*Please note that the schedule is subject to change
**For pre/post workshop registration, please contact info[at]vxcon.hk / darkfloyd[at]vxrl.org for further arrangement

Speakers

Mike Ossmann

Wireless Security Resercher
Topic: SDR - Pseudo-Doppler Redux

Filedescriptor

Security Researcher
Topic: The mystery of Bug Bounty hunting

Clarence Chio

Security Researcher
Topic: The State of AI-assisted Fuzzing & Program Analysis

Daniel Ho

Solutions Architect, Cyber Security, Singtel
Topic: Keynote - The New Era of Hacking and Defence

Reum and Singi

Security Researchers
Topic: Fuzzing Javascript Engines

Jenius Shieh

Manager, Pwc
Topic: Red team sharing

Moonbeom Park

Security Researcher
Topic: Secret Track

Ma Sheng Hao

Security Resercher
Topic: Software Packer Implement

SungLee Lim, Taejin Jang, Nikolay Akatyev

Security Researchers
Topic: Connecting Dark Web and Surface Web - Korean Cyber Underground

Kelvin Chan

Security Researcher
Topic: Dive into PMU

Tan Kean Siong

Security Researcher
Topic: Poking IoT Botnets With a Honeypot

Hong Kyo Kim and Jae Yun Kim

Security Researchers
Topic: Wi-Fi dashboard camera vulnerability analysis using threat modeling

C K Chen

Security Researcher
Topic: Symbolic Execution and Bug Hunting + VMI Sandbox Implementaion and Application Workshop

Anthony Lai

Security Researcher
Topic: Secret Track

Angelboy

Security Researcher
Topic: Advanced Binary Exploitation

Sponsors

Please contact info[at]vxcon.hk for arrangement


Supporting Organisations, CON and Friends


Individual Sponsors

Tessy
Tessy
Daniel
Daniel
Boris
Boris
Byron
Byron

Location

Conference Venue - The Wave

8/F, The Wave, 4 Hing Yip Street, Kwun Tong, Hong Kong

Workshop Venue - The Hong Kong Polytechnic University