Keren is a TED conference speaker this year. In her talk, she explained that the world actually needs hackers, and they play in an important role in this world. Keren has been employed with leading Israel security firms, government organizations, Big 4 and Forums 500 companies. Keren currently covers emerging security technologies as a security industry research analyst with GigaOm research. Keren has been a featured speaker at events like DLD2013, RSA Conference 2013, WIRED 2012 and the NATO international conference on Cyber Conflict. Keren holds a CISSP security certification, a BA in History and Philosophy of Science and is currently a research fellow and MA candidate with the prestigious Science, Security & Technology workshop at Tel Aviv University. In 2012, Keren held the position of Security Teaching Fellow with Singularity University, a private think tank in Mountain View, California.

Keynote : The 5 biggest problems of cyber security - and how security professionals & hackers can save the world.

Keren is a TED conference speaker this year, talked about the hackers are immune system. In her talk, she explained that the world actually needs hackers, and they play in an important role in this world.She said, "Hackers are my heroes, and the perspective I’d like to offer you today is that hackers represent an exceptional force for change with the power to literally save our digital future – and we need to think like hackers and take actions today. That’s why I’m here today. You might say I am naïve, a romantic - or worse of all, you could say I’m not 1337. But I really believe that hackers have the power to change a grim reality. I want to show you why now is the time – because every one of us in on the front lines, so it’s time to be the heroes!".



Hex-Ray's CEO, and one of the founders of IDA Pro which is used today by security specialists all over the world to dissect viruses and malware. His main expertise is binary program analysis, design and implementation of large software systems, information security, code audit. He's also interested in decompilation and software semantics in general. He became well known when he issued a free hot fix for the Windows Metafile vulnerabilities on 31 December 2005. His unofficial patch was favorably reviewed and widely publicized because no official patch was initially available from Microsoft at the moment. His author of "A Simple Type System for Program Reengineering” and "Fast Library Identification and Recognition Technology”.

Keynote : The story of IDA Pro

How and why the famous disassembler was created; how it grew into a tool of choice for many security analysts; what is the current state and what is in its agenda for tomorrow.


INBAR RAZ (Check Point)

Inbar has been teaching and lecturing about Internet Security and Reverse Engineering for nearly as long as he has been doing that himself. He started programming at the age of 9 on his Dragon 64. At 13 he got a PC, and promptly started Reverse Engineering at the age of 14 and through high-school he was a key figure in the Israeli BBS scene. He spent most of his career in the Internet Security field, and the only reason he's not in jail right now is because he chose the right side of the law at an earlier age. Inbar specializes in outside-the-box approach to analyzing security and finding vulnerabilities. Since late 2011, he has been running the Malware and Security Research at Check Point, using his extensive experience of over 20 years in the Internet and Data security fields. He has presented at a number of conferences, including Kaspersky SAS, Hack.lu, ZeroNights, ShowMeCon, several Law Enforcement events and Check Point events.

[ IoT ]Physical [In]Security: It’s not ALL about Cyber

Today's threat landscape is all about Cyber. We have cyber threats, cyber security, cyber warfare, cyber intelligence, cyber espionage... Cyber is a synonym for the Internet, but sometimes, it's not -all- about the internet. Focusing defences on the Internet front leads to some wrong assumptions and the overlooking of much simpler, yet just-as-dangerous attack vectors.



Masato Kinugawa is a professional bug hunter. He gained his ability of discovering many vulnerabilities of famous web applications and browsers from learning interestedly the web application security by himself. He spoke at OWASP AppSec APAC 2014. Also he won the bug hunting contest called "cybozu.com Security Challenge", and was a trainer of the Security Camp 2014 in Japan.

[ WebSecurity / XSS ]Bug-hunter's Joy

Recently, The number of enterprise which pays rewards for reporting security bugs is increasing. I am also received a large amount of rewards through the reward programs for reporting bugs. Actually, I earn a living with rewards, so it is not exaggeration to say that I am a professional bug hunter. I will make a speech such as how to be a professional bug hunter, actual of rules from the point of view of a positive attendance and how to discover vulnerabilities including technical topics.



Hiroshi Shinotsuka worked in Symantec as a security researcher. He have ten years working experience and spread information of such as the result of malware analysis through his blog. He have a experience of presentation in PacSec conference.

[ Malware / ReverseEngineering ]how to avoid the Detection by Malware

In this lecture, problems of existing antivirus software based of file scan will be discussed. For discussing the problem, latest methods of how attackers avoid the antivirus detection will be explained by dealing with a malware sample detected as Trojan.Blueso and by explaining with such as the construction of files and the principle of operation.



[DAVID SEIDMAN] (Microsoft)
David Seidman is a Senior Security Program Manager Lead on the Microsoft Security Response Center team, where he manages Microsoft's response to normal and high-priority security incidents such as active attacks using an unpatched vulnerability. Prior to working at the MSRC, David managed development of Microsoft Office security updates and service packs. He holds a Bachelor's degree in Computer Science and a Master's in Cognitive and Neural Systems from Boston University. When not putting out fires on the internet, David enjoys triathlon, mountain climbing, Brazilian jiu jitsu and brewing his own beer.

[ Vulnerability / BugHunter ]Microsoft Vulnerability Research: How to be a Finder as a Vendor

Here at Microsoft, our people often find security issues in other vendors' products, fueling the need for a coordinated approach to working with those vendors to get those bugs fixed. Microsoft Vulnerability Research (MSVR) was created to help ensure that our company demonstrates the same management, in the role of a finder, that we'd like to see from other companies and researchers when reporting vulnerabilities. MSVR has played an important role working with internal bug hunters to fix many vulnerabilities in top software during the lifetime of this proactive program. After you know how we work, you how you can start a vulnerability coordination program at your company too.



Jon Erickson is an engineer within the research lab at iSIGHT Partners. Before joining iSIGHT he made the rounds with various government contractors and before that was in the United States Air Force. He has a short list of CVE’s and other hackery’ish accomplishments to his name. Jon has previously presented at Blackhat Asia and SyScan360. He is currently pursuing a security focused Master degree at George Mason University and holds a Bachelors degree in Computer Science.

[ Vulnerability / ReverseEngineering ]Persisted: The active use and exploitation of Microsoft's Application Compatibility Framework

Microsoft has often used Fix It patches, which are a subset of Application Compatibility Fixes, as a way to stop newly identified active exploitation methods against their products. At Derbycon 2013 Mark Baggett discussed ways that attackers can use them for creating rootkits. Then in March of 2014 I presented an analysis of the previously undocumented in-memory patch and showed how attackers could use these to create patches and maintain persistence on a system.
This talk will provide an overview and summary of the previous work and then show how it’s currently being used in the wild. I’ll first show how third parties are using the application toolkit for valid reasons. I will then show two instances, active and ongoing in the wild, of malware using the methods we’ve described.



He has worked at Research Institute for Secure Systems (RISEC) of National Institute of Advanced Industrial Science and Technology (AIST). He got his Ph.D (Computer Science) from the University of Tokyo. His research interests are security on operating systems and virtual machines. He was a board member of Cloud Security Alliance Japan Chapter (2010-13). He got IPA's OSS contribution awards (2010) by maintenance of KNOPPIX Japanese edition. He made presentations at ICSJWG'14 Fall (a meeting hosted by U.S. DHS), BlackHat SaoPaulo'14, S4x14 (SCADA Security Scientific Symposium), EuroSec'12, EuroSec'11, Ottawa Linux Symposium'11,, BlackHat'10, etc.

[ Virtualization / APT ]DeviceDisEnabler : A hypervisor which hides devices to protect cyber espionage

Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.

In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.

Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).

Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.


DAVID JACOBY (Kaspersky Lab)

I have spoken at some of the largest security confreres around the world, and is a known face in the security industry. Ive also been involved in several book projects, pod casts and closed indoor events.

[ IoT ]How I Hacked My Home

In the IT-security industry, we are at the moment releasing articles about how hackers and researchers find vulnerabilities in for example cars, refrigerators, hotels or home alarm systems. All of these things go under the term IoT (Internet of Things), and is one of the most hyped topics in the industry. The only problem with this kind of research is that we cannot really relate to all of it. I decided to conduct a some research from which I thought was relevant, trying to identify how easy it would be to hack my own home. What can the attacker actually do if these devices are compromised? Is my home “hackable?”. Before I started my research I was pretty sure that my home was pretty secure, I mean, ive been working in the security industry for over 15 years, and I’m quite paranoid when it comes to applying security patches! It turned out I was wrong, and that i had a lot of devices connected to my network which was very vulnerable.



He works as a senior consultant at ETAS Embedded Security (ESCRYPT) where he provides solutions and performs consulting for automotive security. He is involved in threat analyses, risk analyses, defining security requirements, security training etc. He has presented at AsiaCyCAR, escar, JSAE, EVTeC, IV (Intelligent Vehicles)、VTC (Vehicular Technology Conference), AutoNet, Vehi-Mobi, WiSec, SAFECOMP etc. Ph.D.


He works at FFRI where he is investigating future threats and is involved in R&D of countermeasures. Previously, he has worked on various consulting projects, vulnerability analyses, investigation and research of malware, R&D of fuzzing tool and as security training instructor. He has presented at Computer Security Symposium, MWS etc. He is a member of the MWS program committee, an instructor of Security Camp 2014. Ph.D., CISSP.

[ BinaryAnalysis / Embedded / Car ]A security assessment study and trial of Tricore-powered automotive ECU

ECU software is responsible for various functionality in the vehicle, e.g., engine control and driver assistance systems. Therefore, bugs or vulnerabilities in such systems may have disastrous impacts affecting human life. We consider possible vulnerabilities in ECU software categorized into memory corruption vulnerabilities and non-memory corruption vulnerabilities, and examine attack techniques for such vulnerabilities. Since we did not acquire and reverse-engineer actual ECU software, we first consider in theory how and if attacks are possible under the assumption that there would exist memory corruption vulnerabilities in ECU software. For our investigation, we consider the ECU microcontroller architecture TriCore1797 (TriCore Architecture 1.3.1) from Infineon which exists in a number of ECUs. In contrast to x86 architecture, the return address is not stored on the stack; therefore, we assumed that performing code execution by stack overflow would not be easy. We investigated if it would be possible to perform arbitrary code execution based on approaches from the PC environment and also if other attack approaches could be considered. We considered the following attack approaches:
1) Overwriting a function pointer stored on the stack by performing a buffer overflow to execute code;
2) Overwriting the memory area handling context switching used by TriCore itself to execute code;
3) Overwriting the vector tables used by interrupt and trap functions.
Moreover, using a TriCore evaluation board and software created to perform the experiments, we tested the various attack approaches. We confirmed that several attack approaches are not possible due to security mechanisms provided by the microcontroller or differences in the microcontroller architecture compared to traditional CPUs. However, under certain specific conditions, as a result of performing a buffer overflow attack to overwrite a function pointer, we manage to make the TriCore jump to an address of our choosing and execute the code already stored on that location.



Develops an anti-decompiler and anti-reverse engineering tool for Android and Unity applications.
Qualified 5 times for DefCon CTF hacking contest finals.
Organized SecuInside, Codegate and ISEC hacking contests.
Developed Android and Windows Mobile (R) antivirus applications in 2009.
Presented on many security conferences including SecuInside and HitCon.

[ BinaryAnalysis / Malware / IoT ]Drone attack by malware and network hacking

Recently, drone systems are rapidly taking over markets around the world, and drone systems are also made and developed rapidly as well. However, its security aren’t in the same way as you think.
I am going to demonstrate you how to ultimately compromise a drone by using drone's convenient features. My malware, also known as HSDrone, enables itself to spread from one device to an another and takes privileges over to compromise and control them.



A leading expert in the field of not being an expert, plays with computers for more than 30 years, holds a degree in Economics and a MBA, writes a somewhat famous blog, breaks copy protections for fun, annoys HackingTeam, trolls Apple's product security policy, loves to solve weird problems, tries to spread some knowledge and write a different biography for each conference. Lately interested in improving OS X security and malware research. Wrote a long OS X rootkits article for Phrack and still trying to finish a book about the same subject.

[ BinaryAnalysis / Malware / Mac ] BadXNU, A rotten apple!

You got root access in OS X and now what?
Apple introduced mandatory code signing for kernel extensions in the new Yosemite version.
You are too cheap to buy a code signing certificate, or your OPSEC is against this?
You can't or don't want to steal someone's else certificate?

This presentation is about solving these problems with techniques that allow you to bypass all code signing requirements and regular kernel extensions loading interfaces.
The goal is to convince you that code signing isn't a serious obstacle in OS X, especially when its design is flawed and public known vulnerabilities remain "unpatched".
And if bad designs and vulnerabilities aren't enough then I'll also show you how to (ab)use an OS X feature for the same evil purposes.

The only requirement for this talk is uid=0(root). Well, the world isn't perfect!



[BEN SCHMIDT] (Narf Industries)
As the Lord Commander of Security Research at Narf Industries, Ben relentlessly penetrates complex systems, performing embedded device exploitation, malware analysis, penetration testing, and vulnerability research. He has discovered and reported major vulnerabilities in man popular products and platforms, such as Wireshark, Wordpress, Android, and various widely used embedded devices. He is a passionate practitioner of memory corruption, a strong believer in the awesome power of "strings", and a leading expert in the field of completely epic pwnage.


[PAUL MAKOWSKI] (Narf Industries)
Paul Makowski serves as Narf Industries' Director of World Domination where he identifies problematic ideas (and means to fix them) deployed in places you might not expect. In his spare time, Paul enjoys studying cryptocurrency extensions, state of the art exploit mitigations, and reading manuals for deliciously complex processor architectures. His current area of interest is at the boundary between hardware and software, focusing on low-level software exploitation and the use of hardware-backed trust primitives.

[ BinaryAnalysis / Embedded / ReverseEngineering ]Embedded Security in The Land of the Rising Sun

Embedded device security is an issue of global importance, and one that has grown exponentially over the last few years. Because of their slow patch cycles and the increasing difficulty of exploiting other,more traditional platforms, they have quickly become a favorite target for researchers and attackers alike. While deeply fragmented, each country has its own unique “footprint” of these devices on the Internet, based largely on the embedded devices distributed by major ISPs. We will use our survey of Japanese devices as an example of how, by fingerprinting and examining popular devices on a given country's networks, it is possible for an attacker to very quickly go from zero knowledge to widespread remote code execution.

During this talk, we provide an in-depth analysis of various routers and modems provided by popular Japanese ISPs, devices which we had never heard of on networks we had never used . We discuss how we approached surveying approximate market usage, reverse engineering obfuscated and encrypted firmware images, performing vulnerability analysis on the recovered binaries, and developing of proof-of-concept exploits for discovered vulnerabilities, all from the United States. In addition, we provide recommendations as to how ISPs and countries might begin to address the serious problems introduced by these small but important pieces of the Internet.

All vulnerabilities discovered were promptly and responsibly disclosed to affected parties.