Balancing The Pwn Trade Deficit – APT Secrets in Asia

DEF CON 19

Presented by: Jeremy Chiu, Anthony Lai (Darkfloyd), Peikan (PK), Benson Wu
Date: Friday August 05, 2011
Time: 10:00 - 11:50
Location: Track 3
Track: Track 3

In last year, we have given a talk over China-made malware in both Blackhat and DEFCON, which is appreciated by various parties and we would like to continue this effort and discuss over APT attacks in Asia this year. However, case studies are not just our main dish this time, we will carry out technical analysis over the samples. I have worked with 2 Taiwanese researchers and would like to talk about how to automate the APT attack analysis with our analysis engine, Xecure, and give comparison between samples from various Asian countries, giving similarity and difference analysis among them, which could be insightful to the audience. Finally, we will talk about our contribution to the rule and signature to detect APT attack.

Anthony Lai

Anthony Lai (aka Darkfloyd) has worked on code audit, penetration test, crime investigation and threat analysis and acted as security consultant in various MNCs. Anthony has worked with researchers to convey talks about Chinese malware and Internet Censorship in Blackhat 2010 and DEFCON 18. His interest falls on studying exploit, reverse engineering, analyse threat and join CTFs, it would be nice to keep going and boost this China-made security wind in malware analysis and advanced persistent threat areas. He has found VXRL (Valkyrie-X Security Research Group) in Hong Kong and keep themselves to connect to and work with various prominent and respectable hackers and researchers. Anthony Lai Twitter:: anthonation Facebook: Anthony Lai

Benson Wu

Benson Wu focuses research on detect and counter advanced persistent threat, code review, secure coding and SDLC process implementation. He graduated from National Taiwan University with PhD in Electrical Engineering and National Chiao-Tung University with MS in Computer Science; and held ECSP, CEI, CSSLP certifications. Currently, he is with Xecure Lab as Lead Security Researcher, and Research Center for Information Technology Innovation, Academia Sinica as Postdoctoral. He had spoken at NIST SATE 2009, DEFCON 18 (with Birdman), OWASP China 2010, BoT (Botnets in Taiwan) 2011, HIT (Hacks in Taiwan) 2011, and wrote the "Web Application Security Guideline" for the Taiwan government since year 2007.

Jeremy Chiu

Jeremy Chiu (aka Birdman) has more than ten years of experience with host-based security, focusing on kernel technologies for both the Win32 and Linux platforms. In early 2001 he was created Taiwan's first widespread trojan BirdSPY. The court dropped charges after Jeremy committed to allocate part of his future time to assist Taiwan law enforcement in digital forensics and incidence response. Jeremy specializes in rootkit/backdoor design. Jeremy also specializes in reverse engineering and malware analysis, and has been contracted by law enforcements to assist in forensics operations. Jeremy is a sought-after speaker for topics related to security, kernel programming, and object-oriented design; in addition to frequently speaking at security conferences, Jeremy is also a contract trainer for law enforcements, intelligence organizations, and conferences such as DEFCON 18, SySCAN (09 08), Hacks in Taiwan (07 06 05), HTICA(06 08) and OWASP Asia (08 07). In 2005, Jeremy founded X-Solve Inc. and successfully developed forensics and anti-malware products. In July 2007, X-Solve was acquired by Armorize Technologies. In Oct 2010, he left Armorize and created a new research team, Xecure-Lab.

Peikan

Peikan (aka PK) has intensive computer forensic, malware and exploit analysis and reverse engineering experience. He has been the speaker in Syscan and HIT (Hack In Taiwan) and convey various training and workshop for practitioners.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats