Barry ‘Fish’ van Kampen is an hacker enthousiast and thinker full of ideas and energy. During his technologic journeys, he hasmade a lot of friends in the hacker(space) community. As part of the HITB Core crew he is co-organising HITB Amsterdam since 2010. He is also the chairman and one of the founders of Randomdata, a hackerspace in Utrecht. As a professional, he is the MD of The S-Unit with a great passion for technology.

The VXCon live-hacking village
At the VXcon hacking village you will learn how to tinker (play with technology) with hardware. Fish_, known for security conference Hack in The Box and hacker space Randomdata, will guide visitors in playing with hardware, protocols and the software behind it. He will bring a collection of ESP’s, Arduinos, sensors, hardware sniffers and SDR’s (Software Defined Radio). The main goal is to bridge the gap with the software hacking world and show you how easy it is to start hardware hacking. Next to the hardware village there is a mini CTF (hacking competition). Perzik, lead organizer of the CTF for Hack in The Box Amsterdam, will bring a collection of basic and intermediate challenges and guide the visitors in solving the hacking puzzles. Of course, there will be a scoreboard and a prize for the one who finishes the most (maybe even all ;) ) challenges during the 2 days.

Dirk "Perzik" van Veen is the lead pentester at The S-Unit. In his spare time, he organises and creates challenges for several CTF competitions in the Netherlands, including Hack in the Box. When he is not busy finding bugs in websites or penetrating networks, you can find him teaching people how to think like hacker or dance (in no particular order).

The VXCon live-hacking village
At the VXcon hacking village you will learn how to tinker (play with technology) with hardware. Fish_, known for security conference Hack in The Box and hacker space Randomdata, will guide visitors in playing with hardware, protocols and the software behind it. He will bring a collection of ESP’s, Arduinos, sensors, hardware sniffers and SDR’s (Software Defined Radio). The main goal is to bridge the gap with the software hacking world and show you how easy it is to start hardware hacking. Next to the hardware village there is a mini CTF (hacking competition). Perzik, lead organizer of the CTF for Hack in The Box Amsterdam, will bring a collection of basic and intermediate challenges and guide the visitors in solving the hacking puzzles. Of course, there will be a scoreboard and a prize for the one who finishes the most (maybe even all ;) ) challenges during the 2 days.

Clarence Chio graduated with a B.S. and M.S. in Computer Science from Stanford within 4 n data mining and artificial intelligence. He is in the process of authoring the O’Reilly book “Machine Learning and Security”, and currently works as a Security Researcher at Shape Security, building a product that protects high valued web assets from automated attacks. At Shape, he works on the data analysis systems used to tackle this problem. Clarence spoke on Machine Learning and Security at DEF CON 24, GeekPwn Shanghai, PHDays Moscow, BSides Las Vegas and NYC, Code Blue Tokyo, SecTor Toronto, GrrCon Michigan, Hack in Paris, QCon San Francisco, and DeepSec Vienna (2015-2016). He had been a community speaker with Intel, and is also the founder and organizer of the ‘Data Mining for Cyber Security’ meetup group, the largest gathering of security data scientists in the San Francisco Bay Area. His popular DEEP-PWNING deep learning fuzzing framework can be found at https://github.com/cchio/deep-pwning.

I'm Kelvin, currently working in Tencent Game Security Researcher and developement department, a kernel mode driver developer, and a experienced game (almost 10 years) security researcher, mainly responsible for providing a kernel-based solution for anti-game cheating, such as, game's speed hack, keyboard/ mouse emulation, game data accessed,etc and I'm a reverse engieer also, responsible for cheat sampling and unpacking, I'm also familiar with kernel mode debugging and Virtualization-based security solution, such as, Memory Hiding.

Furthermore, I'm a kHypervisor developer, which is a open-source the only project which is provided a nested-virtualization feature for Windows x64 platform. which will be a virtualization-based security solution.for giving a whole control and monitor of system and hardware access.

Moonbeom, he is a deputy general researcher in TTPA(Trusted Third Party Agency) of Korea, has 10 years of experience in hacking analysis, digital forensic, research on hacking and forensic for IoT device, profiling hacking source. He is not only one of experts among government and private sector in fields of forensic, hacking analysis, hacker profiling, counter-attack on hackers, but also mentor of Korea's next generation security leader training program ‘Best of the Best(a.k.a BoB)’. Also he has participated in various international security conference such as VXCON, TROOPERS, HITB-GSEC, HITCON, Ekoparty, and RedPill.

Woojin, he is not only a researcher in hacking and security academy called ‘Best of the Best(a.k.a BoB)’, but also leader of vulnerability researching group in South Korea. These days, he researching exploit technique and forensic technique for home electric appliances.

Cheng-Da Tsai, also as known as Orange Tsai, is member of DEVCORE and CHROOT from Taiwan. Speaker of conference including HITCON, Wooyun and AVTokyo. He participates numerous capture-the-flags (CTF), won 2nd Prize of DEFCON 22 CTF Finals as team member of HITCON. Currently focusing on vulnerability research, web application security. Orange enjoys to find vulnerabilities and participate Bug Bounty Program. He is enthusiasm for Remote Code Execution(RCE), also uncovered RCE in several vendors, such as Facebook, Uber, Apple, GitHub, Yahoo and Imgur.

PHP 應用漏洞挖掘與案例分析
PHP 為目前後端網頁開發最流行的語言，如 Facebook, Yahoo 及 Wikipedia 等知名網站也都使用 PHP 進行開發，但因語言本身特性導致，對於語言本身特性不太熟悉的程式設計師易寫出有問題的網頁應用！因此，本堂課程意在可得到原始碼的情況下，如何以攻擊者的角度挖掘出網頁應用的漏洞！

本堂課程從如何進行 PHP 代碼審查開始，了解進行代碼審查中所需關注的要點，並透過分析現實中常見應用、函示庫與框架所出現過的 CVE 弱點編號，從中了解漏洞如何產生？學習 PHP 的特性，到如何寫出漏洞利用代 (Exploit) 等！

Angeboy is a member of chroot and HTICON CTF team. He is researching in linux binary exploitation, especially in heap related exploitation. He participated in a lot of ctf, such as HITB、DEFCON、Boston key party, won 2nd in HITB GSEC 2016 and won 1st in Boston key party 2016,2017 with HTICON CTF Team.

Linux Binary Exploitation (Basic)
本課程將會從基本的 Binary Exploit 所需知識開始教起，並在目前系統的各種保護下，該如何利用所發現的漏洞，也將學習到一般寫程式該如何寫出更安全的程式碼及更要注意的地方，並會帶入一點 heap 相關的基礎知識。

Boris is a software security specialist in one of the world’s leading US financial services institute, specializing in software design and architecture, threat modeling, secure programming and static code analysis, penetration and simulation test, code obfuscation, steganography, as well as rootkit research. Possessing more than 10 years of experience in developing both hardware and software security products in a security solution developer prior to serving in his current position, Boris had been the lead architect in various security projects implemented in major fortune 500 companies in different industries. Currently Boris is involved in projects developing machine learning and statistical modeling application in threat detection. He holds 2 bachelor degrees in computing and surveying, and 2 master degrees in computer forensics and applied psychology. Boris is an enthusiast in aviation and he holds a private pilot license. During his free time, he is probably spending his time flying while not hacking.

Email: boris.so[at]owasp.org

Chia-Wei Wang is a Ph.D. candidate of the Distributed System and Network Security Lab at the National Chiao-Tung University in Taiwan. His research interests include virtualizations, operating system and malware analysis, especially the Windows platform. He is a developer of certain VM-based security systems such as a cloud-based interactive debugger (Cloudebug), a VMI tool auto-generating system (ProbeBuilder), a VM-based hooking system (MrKIP), etc. He is currently leading his team in developing the MBA, which is an open source malware sandbox dedicated to the modern Window 10 x64 environment. He also used to be a CTF player from 2010 to 2014.

Chi-en (Ashley) Shen is a Senior Cyber Threat Analyst at Team T5 Research, where she focuses on tracking and monitoring Advance Persistence Threat (APT) and cyber espionage attacks. Her major areas of research include malware analysis, malicious document, reverse engineering, and tracking of emerging threat. She is a member of Hacks in Taiwan Conference and is one of the founders and organizers of HITCON GIRLS, the first security community for women in Taiwan. Ashley is also a regular speaker at information security conferences, including CODE BLUE, Troopers, HITCON Community and HITCON Enterprise.

Abstract
Catching the Golden Snitch - Leveraging Threats with an Intelligent Platform to Defend against Cyber Attacks from an Advantageous Position Every day, security personnel in all types of industries and geographies are facing numerous attacks with emerging techniques from various adversaries. While there are a numbers of new malwares, incidents, indicators, vulnerabilities and adversaries that are being reported from internal and external resources day by day, how do we identify their most critical threats with these uncoordinated and fragmented information? How do we turn this information into the actionable defense procedures? The answer is “with the help of Threat Intelligence Program”. This is not a sales talk, we build our own intelligence platform and currently this is internal use only. We encourage every security firms, organization or enterprise to build your own intelligence platform. In this talk, we will explain why threat intelligence platform is essential in everyone’s defense tactic and how could the platform help to identify your threat. We will introduce the indispensable functions in threat intelligence platform and demonstrate how security and analyst could leverage the platform with real case APT attack incident. Starting from an individual incident, we will explain how we linked this attack to others, and how we eventually recognized the adversary behind the scene.

Chong-Kuan Chen(Bletchley) is a Ph.D. candidate of the Distributed System and Network Security Lab at the National Chiao-Tung University in Taiwan. His research interests include malware, virtualisation, reverse engineering, vulnerability and program analysis. He is also involved in several security projects. SECMAP, a scalable malware collect and storage platform. Forensor, a malicious document detector. MrKIP, a VM-based hooking system. C.K is also the CTF player. As the captain of NCTU campus hacker team BambooFox, he also attends CTFs and NCTU PT. He join the MBA team, which is an open source malware sandbox dedicated to the modern Window 10 x64 environment.

Noam Rathaus has been working in the security field since the age of 13, he has written 4 books - on open source security and penetration testing, has found over 40 vulnerabilities in various software, wrote about third of the code base of Nessus when it was still Open Source and over 500 tests out of the 1000 tests it had at the that time. He has founded Beyond Security with his colleague Aviram Jenik in 1999 and has been working in the security field ever since.

Abstract
In today world there is a great difficulty for researchers to be researchers, during the lecture we will cover the problems faced by security researchers in getting their discoveries published and out there while not getting sued, getting paid and having fun out of the whole process. We will cover why there is a need in transparent vulnerability brokers and why bug bounties don't work.

Bio:
Yongjun Park is a manager at FSI-CERT, in charge of Incident Response and Threat Intelligence for Financial Industry in Korea. He is interested in advanced attack and malware target to Financial System. He has experienced Incident Response, Security Testing, Mobile Security, Penetration Test for 10 Years. He also participated in HITCON, HITB-GSEC and security training in for security staff.

Topic: Advanced Targeted Attack in Financial Sector
Abstracts: Financial Industry is becoming a massive and elaborate system compare with other industries. Along with this position, Financial System has become a good target of cyber attack for the monetary purpose and cyber war. These attacks can cause a chaos from the illegal account transfer to the national emergency. I have participated investigation against various incidents targeting Financial Institutions and their employees. This talk will be based on incident case and tactics of the attacker with details.

Why Lockpicking?

Solving rubik’s cube in the dark

Useful knowledge

Hackers love it - nothing is as secure as it seems

Cybersecurity vs Physical security: without physical security...what’s the point?

Agenda

You might as well leave your locker open, hmm? (10 min)

Lockpicking Fundamentals (20 mins)

Lockpicking Village (1-2 hours)

-