Event Agenda

  • KEYNOTES
  • HITB MAIN TRACK
  • HITB COMMSEC TRACK
  • HITB LABS
  • RED TEAM VILLAGE

KEYNOTE 1

Ask Bruce

November 18th @ 09:00 (GMT +4) // HITB Main Track

Bruce Schneier, legendary cryptology guru, and internationally renowned security technologist, will be keynoting this year’s HITB CyberWeek Virtual Edition on the 18th of November!

Unlike a typical HITB keynote, Bruce is instead giving YOU the chance to pick his brain and have him answer your burning questions live during this session.

Send your questions in using the form below before the 1st of November, and Bruce will pick out what he feels are the 10 most interesting questions to answer on the future of our ever changing cyber security landscape.

The live stream keynote takes place 10am – 11am GMT+4 on the 18th, and will be broadcast via the HITB Youtube channel and also restreamed elsewhere. You can also join us on Discord to chat with fellow attendees and other event speakers.

Bruce Schneier
Cryptographer & Security Technologist

About The Speaker

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of over one dozen books–including his latest, Click Here to Kill Everybody–as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people.

He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org.

KEYNOTE 2

November 19th @ 09:00 (GMT +4) // HITB Main Track

The War for Control of DNS Encryption​

Pervasive monitoring of the Internet by both government, corporate, and criminal actors has triggered an encryption wavefront as wide as the Internet itself. DNS, as the map of the Internet’s territory, is seen as especially sensitive and there are now several competing encryption standards waiting to be deployed.

In this keynote, Dr. Vixie will explain the original problem, describe the protocol-level solutions, and then show how vendors like Google, Mozilla Corporation, Microsoft, and Apple are deploying these technologies across their product lines. Opinions may also be offered.

Paul Vixie
Chairman, CEO and Cofounder

About The Speaker

Dr. Paul Vixie is an internet pioneer. Currently, he is the Chairman, CEO and cofounder of award-winning Farsight Security, Inc. Dr. Vixie was inducted into the internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source internet software including BIND 8, and of many internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit internet infrastructure company (ISC, 1994), and the first neutral and commercial internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a European data sharing collective to fight cybercrime. Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.

Dr. Vixie is frequently invited to deliver keynotes at technology and business events around the world. He has presented at such events as Copenhagen Cybercrime Conference, FIRST, Palo Alto Networks IGNITE, RSA, Black Hat, DNS-OARC, SANS, Swiss Cyber Storm, and VirusBulletin.

HITB Main Track

November 18th & 19th @ 12:00 - 16:00 (GMT +4)

Track 1

13:00 - 14:00

Vladimir Kropotov (Researcher, Trend Micro) & Fyodor Yarochkin (Sr. Threat Researcher, Trend Micro)

14:00 - 15:00

Mars Cheng (TXOne Networks), YenTing Lee (TXOne Networks) & Max Farrell (TXOne Networks)

15:00 - 16:00

Tal Eliyahu (Principal Consultant, Undisclosed) 

Track 2

13:00 - 14:00

Sebastian Garcia (Startosphere laboratory in Czech Technical University) & Kamila Babayeva (Stratosphere laboratory in Czech Technical University

14:00 - 15:00

Yi-Hsien Chen (Member of BambooFox CTF team / CyCraft Technology Corp) & Yen-Ta Lin (Security Research intern, CyCraft Technology Corp)

15:00 - 16:00

Ashar Javed (Security Engineer, Hyundai AutoEver Europe GmbH)

END OF DAY 1

19th November

Track 1

13:00 - 14:00

Trust, but Verify: Maintaining Democracy In Spite of Информационные контрмеры

Allie Mellen (Security Strategist, Cybereason)

 

14:00 - 15:00

AEZAKMI: Browser Anonymity & Fingerprinting Bypass

Timur Nasirov (Creator of AEZAKMI Browser)

15:00 - 16:00

Jailbreaks Never Die: Exploiting iOS 13.7

@08Tc3wBB (Reverse-Bounty Researcher, ZecOps)


Track 2

13:00 - 14:00

RAMN: Resistant Automotive Minimal Network

Camille Gay (Senior Researcher, Toyota Motor Corporation), Tsuyoshi Toyama (Principal Researcher, Toyota Motor Corporation) and Hisashi Oguma (Group Manager, Toyota Motor Corporation)

14:00 - 15:00

Industrial Protocol Gateways: A Deep-Dive of Moxa MGate 5105-MB-EIP

Philippe Lin (Senior Threat Researcher, Trend Micro)

15:00 - 16:00

Kernel Exploitation with a File System Fuzzer

SeungPyo Hong (Vulnerability Analysis, BoB), HeoungJin Jo (Security Consulting, BoB), Dong Hee Kim (Security Consulting, BoB) & WonYoung Jung Vulnerability Analysis, BoB)

END OF DAY 2

HITB CommSec Track

Live streamed to Brella, Youtube, LinkedIn, Facebook, & Twitch
November 18th & 19th: 13:00 - 22:00 (GMT +4)

18th November

13:15 - 13:30

13:30 - 14:00

Hacking The 0day Marketplace

Andrea Zapparoli Manzoni (Director, Crowdfense)

The 0day vulnerability market developed over the years in a way that is unsafe, chaotic and rather inefficient. Today bad business practices, lack of professionalism and low levels of trust are still spread in this market and can seriously hamper the ability of law enforcement and intelligence agencies to acquire and maintain strategic cyber capabilities in order to fight organized crime, terrorism and hostile geopolitical actors.

Having a deep understanding of these issues and of their solutions, Crowdfense is “hacking the 0day market” in order to improve it for all the parties involved (researchers, brokers, integrators and end-users), by introducing new quality standards and best practices related to products, services and to the sustainability of the underlying business processes.

Talks

Youtube / Facebook / LinkedIn / Twitch 

14:00 - 14:30

The Work of Cyber in the Age of Mechanical Reproduction

Juan Andres Guerrero-Saade (Adjunct Professor of Strategic Studies
Johns Hopkins SAIS)

As we marvel at the true apex predators in the threat actor menagerie, part of their charm lies in the ability to productionize the development of exemplary operations. Their operations are systematic: relying on layers of abstraction meant to simultaneously scale to accommodate untold numbers of targets while also ‘idiotproofing’ for future generations of government-paid operators of every ilk. Codifying a culture of malware development and deployment a cut above more ‘artisanal’ malware ops presents interesting opportunities for malware paleontologists looking to understand the relationships between campaigns, malware families, and sometimes even between standalone threat actors.

This talk will focus on how particular threat actors have approached this mass production of high-end malware and what analysts can determine (at a technical level) when threat actors collaborate towards a common goal via a previously undisclosed missing link.

14:30 - 15:00

Your First Hardware Device and Firmware: Adventures in Building a CAN Bus Sniffer 

Andrey Voloshin (Head of Embedded Dept Thea Auto), Sasha Olenyev (Embedded Developer, Thea Auto) & Illia Tolokonnikov (Embedded Pentester)

Getting your first hardware device ready can be tough. There are many small details that need a lot of attention. We have developed many boards and want to share our experience with beginners to make this process easier.

We’ll cover step by step instructions on how to simplify hardware development, prepare all needed documentation, and order a small batch of their first devices.

15:00 - 15:30

To Be Announced

Speaker List Announced After Call for Papers Closes

15:30 - 16:00

To Be Announced

Speaker List Announced After Call for Papers Closes

Workshops

Zoom

16:00 - 19:00

Jonathan Tse (Community Leader, DIYRobocar Hong Kong / Co-Founder at Hong Kong Society of Autonomous Model Vehicles) & Dhillon ‘l33tdawg’ Kannabhiran (Founder / CEO, Hack In The Box)

Donkey Car is an open source hobbyist project powered by volunteers with a shared interest to build their own self driving car and is currently one of the most popular self-driving car repositories on Github.

Utilizing high-level self driving libraries written in Python, Donkey was developed with a focus on enabling fast experimentation and easy contribution. Built on Raspberry Pi and powered by a simple convolutional neural network (CNN), Donkey Car is the standard hardware car that most people build first. The parts cost about USD250 to USD300 and take 2 hours to assemble however you can do everything you’d normally do in The Donkey Gym! An OpenAI virtual environment for you to build, test and deploy your AI networks.

In this 3-hour hands-on interactive lab, you’ll learn how to build your own car, deploy a simulator for testing, capture data for your neural network, train and then deploy your model – oh and there will also be a virtual race!

17:00 - 19:00

Sol Ozzan (Security Researcher, Dreamlab Technologies)

Containers are a big revolution in the software industry. They bring production to the local environment without thinking about compatibilities: with a few commands anyone can have containers running on their machines. When using containers locally, they seem to be neither complex nor complicated to secure and developers have the power of packaging applications that will behave exactly as tested. Enterprises can then split them into scalable microservices.

However, this changes when the ecosystem grows dramatically and thousands of containers with a variety of roles and flavours are orchestrated to maintain availability. While these huge environments have great benefits, their complexity enlarges the attack surface exponentially. Just through a single misconfiguration of some of the infinite customization features they offer, chaos can arise. So what can be done to protect these containerized realms?

This workshop will explain how to implement advanced security features to secure the Docker daemon, its core components, container execution and Kubernetes orchestrated environments.

19th November

13:00 - 14:00

TBA

Talks

Youtube / Facebook / LinkedIn / Twitch 

14:00 - 14:30

To Be Announced

Speaker List Announced After Call for Papers Closes

14:30 - 15:00

To Be Announced

Speaker List Announced After Call for Papers Closes

15:00 - 15:30

To Be Announced

Speaker List Announced After Call for Papers Closes

15:30 - 16:00

To Be Announced

Speaker List Announced After Call for Papers Closes

Workshops

Zoom

16:00 - 18:00

CI/CD with SAST and DAST for Embedded Devices

Andrey Voloshin (Head of Embedded Dept Thea Auto), Sasha Olenyev (Embedded Developer, Thea Auto) & Illia Tolokonnikov (Embedded Pentester)

Learn about approaches to general quality assurance and security testing on real hardware in an automated way. We share our story about going from zero to full automation for multiple device families on a scale using FOSS and commercial tools blended with homebrew solutions and a pinch of creative thinking.

17:00 - 21:00

Analyzing Malicious Word and Excel Documents

Josh Stroschien (Assistant Professor of Cyber Security at Dakota State University)

Malicious office documents continue to be an effective tool for threat actors to compromise their victims and gain access to an organization’s network. While these documents have been around for a while, malware authors continue to find effective ways of abusing functionality to minimize their detection. This year alone we have seen a resurgence of such techniques through the use of Excel 4 Macros and other creative ways to bypass detection.

In this workshop, we will get hands-on with the latest Office-based threats to understand how they work, how to detect them and identify indicators of compromise. You will learn the tools and techniques to extract macros, tackle obfuscation and debug the code. This workshop will take you deep into malicious office documents and the tools required to analyze them so that you can better defend your organization and it’s users.

CommSec Track Exclusive Sponsor

Speakers

Andrea Zapparoli Manzoni

Director, Crowdfense

Andrea Zapparoli Manzoni manages Crowdfense Limited, which he designed in 2017 with a multidisciplinary team of ethical hackers, lawyers and vulnerability researchers.

The company’s main goal is to develop and apply new standards and processes to the vulnerability trading industry, which has become too strategic and complex to be managed with the old “crafts of the trade” methods. After more than two decades working in, studying in and consulting in the industry, Manzoni realized that there had to be a smarter and safer way to buy and sell active cyber-defense capabilities and decided to launch the Crowdfense Vulnerability Research Hub.

Since 2012, he has served as a board member of Clusit (Italian ICT Security Association). In 2011, he started an in-depth analysis of the most severe national and international cyber-attacks (researching and classifying more than 7,700 attacks over 84 months). This work is published in Clusit’s yearly “Report on ICT Security.” To his great surprise, over the last seven years, this research has become a reference for private and public organizations in Italy and abroad.

Sol Ozzan

Security Researcher, Dreamlab Technologies

Sol Ozzan has been a Developer, Software Architect, Security Analyst and DevOps technologist for the past four years. She works as a Backend Developer and Security Researcher at Dreamlab Technologies. Her previous role was at one of the biggest ecommerce in Latin America.

Her technical background includes development in Go, Python, Java, Ruby and Javascript. She has worked with advanced CI/CD pipeline technologies including Jenkins, Docker, Kubernetes, Ansible, AWS CodeDeploy and Terraform among others. Sol is a specialist in container-based development and deployment, and has dealt with productive environments that handle +30k distributed VMs with ~150k containers that host +2k distributed services that are deployed +3k per day.

When she’s not working she’s volunteering organizing free security events and trainings for beginners, playing Overwatch or listening to vinyl records.

Juan Andres Guerrero-Saade

Adjunct Professor Strategic Studies, Johns Hopkins SAIS

Juan Andrés is a security researcher focused on tracking cyberespionage groups. He’s an adjunct professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS) and private consultant. Juan Andrés was Chronicle Security’s Research Tsar and founding researcher of the Uppercase team. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky’s GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. Juan Andrés comes from a background of interdisciplinary research in Philosophical Logic. His publications include ‘The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage’, ‘Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks’, and ‘Walking in your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell’. His joint work on Moonlight Maze is featured in the International Spy Museum’s permanent exhibit in Washington, DC.

Josh Stroschien

Assistant Professor of Cyber Security at Dakota State University

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is an accomplished trainer, providing training in the aforementioned subject areas at BlackHat, DerbyCon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues.

Josh is an Assistant Professor of Cyber Security at Dakota State University where he teaches malware analysis and reverse engineering, He is also the Director of Training for OISF, an author on Pluralsight, and a threat researcher for Bromium/HP.

Andrey Voloshin

Head of Embedded Dept Thea Auto

Andrey Voloshin, Head of Embedded dept at Thea Auto, a connected cars company, developing systems & software for car telemetry.

Additionally teaching application security at TechMaker (https://techmaker.ua) – a special appsec course for software developers explaining every aspect of the backend, frontend, mobile applications security, hardware security, including side-channel attacks and RF-signals hacking.

Sasha Olenyev

Embedded Developer, Thea Auto

Sasha Olenyev, embedded developer at Thea Auto, a connected cars company, developing systems & software for car telemetry.

Additionally teaching firmware development at TechMaker (https://techmaker.ua) – an embedded programming course featuring STM32 ARM-based development boards.

Illia Tolokonnikov

Embedded Pentester

Illia is an embedded pentester. He also teaches about cryptography and binary exploitation as a part of application security course at TechMaker (https://techmaker.ua)

Jonathan Tse

Community Leader, DIYRobocar Hong Kong / Co-Founder at Hong Kong Society of Autonomous Model Vehicles

Jonathan Tse is the project maintainer of the open source Donkey Car project. He is also the founder of robocarstore.com, the official store selling Donkey Car Starter Kit for people who want to build their own self-driving car. He believes that AI education should be for everyone and AI should be made easier to learn for students. He is actively promoting Donkey Car to K12 schools and designed a curriculum suitable for K12 students. 

Dhillon Kannabhiran

Founder / CEO, Hack In The Box

Dhillon Andrew Kannabhiran (@l33tdawg on Twitter) is the Founder and Chief Executive Officer of Hack in The Box (http://www.hitb.org), organiser of the HITBSecConf series of network security conferences which has been held annually for over a decade in various countries including Malaysia, The Netherlands and the UAE.

Prior to quitting his day job to lead the HITB team on crazy adventures around the world, Dhillon started off at the height of the dotcom craze as a technology journalist with PC World, ZDnet, MIS Asia and CNet. When the bubble burst, he moved on to a Malaysian telco as Chief IT Officer to spend his days in the world of Cisco AS5300s, in a land of packet switched networks at a time when Asterisk did not just mean ‘*’

HITB Labs

120-Minute Intensive, Hands-On Sessions

18th November

16:00 - 18:00
By: Munawwar Hussain Shelia

In this lab, participants will write ARM Linux shell code to spawn a shell. We will also discuss a few tips on how to make your shellcode smaller and reliable so that it could be executed even in a very stringent environment where there is a restriction on the payload size and we will later do the hands-on on those concepts.

Writing a shellcode for Bare-metal system is very different from writing it for Operating System like Linux or Windows. I explain in detail how this shell code is different and how it is injected in the device, and I will also explain how this payload manages to control the hardware component connected to the device.

A demo attack on a vulnerable ARM-based IoT Device running a Bare-Metal firmware in which a buffer overflow vulnerability  is exploited to take control of the GPIO pins of the hardware will be shown.

19th November

16:00 - 18:00
By: Mars Cheng

There is a considerable gap between the background knowledge of industrial control systems and information security practitioners. Often, practitioners in the industrial control field do not understand information security, and the information security practitioners do not know anything about the industrial control field.

This LAB will specifically target students of various backgrounds so that they can get a glimpse of the mystery of industrial control information security. Based on MITRE ATT&CK for ICS, we will share and implement how to successfully obtain control of ICS from attacking industrial control protocols, and then share and implement how to detect and defend malicious attacks on these protocols.

18:00 - 20:00
By: Slawomir Jasek

In this lab you will get familiar with the very basics of BLE and its (in)security. You will however leave surprised – how many devices it is possible to “hack” using such simple techniques. Following a short introduction, we will dive straight into hands-on practical exercises with specially designed software  on the radio layer works exactly as real BLE device. You will only need a typical Windows 10 laptop and (preferably Android) phone to participate

18:00 - 21:00
By: Jorge Orchilles

In this two hour hands-on workshop you will play the role of both the red team and the blue team. We have set up an isolated environment for each attendee to go through a Purple Team Exercise. Attendees will be able to create adversary emulation campaigns with SCYTHE and run them in a small environment consisting of a domain controller, member server, and a Linux system. Attendees will learn the basics of adversary emulation (powered by SCYTHE) and blue team tools such as Sysmon, WireShark, and others. It will be a fun two hours of hands-on learning!

20:00 - 22:00
By: Kaijern Lau, Wu ChenXu & Kong ZiQiao

In this lab we show you how to build your own fuzzers based on 1day bugs. We will discuss how we can use Qiling to work with IDA Pro, to combine the greatest static analysis tools with an emulation engine to archive cross platform and multi arch analysis. We also cover how we can dynamically analyze MBR binary (eg petya) with Qiling Framework.

20:00 - 22:00
By: Mathieu Favreaux

Timeless Analysis & Debugging builds upon captures of a time slice of a program or a full system execution to provide unique analysis features. By alleviating the need for iterative debugging sessions, it brings a new and powerful perspective to reverse-engineering problems such as vulnerability analysis.

This hands-on lab will use the Tetrane’s REVEN platform to introduce the concepts of Timeless Analysis and Debugging on a full system trace. You will be proposed exercises on pre-recorded reverse-engineering scenarios related to software running on Microsoft Windows.

18th November

10:00 - 11:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

11:00 - 12:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

LUNCH BREAK

13:00 - 14:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

14:00 - 15:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

15:00 - 16:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

16:00 - 17:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

17:00 - 18:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

END OF DAY 1

19th November

10:00 - 11:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

11:00 - 12:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

LUNCH BREAK

13:00 - 14:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

14:00 - 15:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

15:00 - 16:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

16:00 - 17:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

17:00 - 18:00

To Be Announced

Speaker List Announced After Call for Papers Closes on the 18th of October

END OF DAY 2