TOGETHER, WE

RESPOND

FASTER

CYBERSEC 2019

MAR. 19 – 21

Taipei International Convention Center
Taipei World Trade Center Hall 1, 2F

CyberLAB

Gather with lots of industry experts and famous vendors at home and abroad, a series of training sessions are well-planned to focus on the latest cyber attack techniques along with the most effective counterattacks.

Security breaches increase daily as hacker techniques consistently evolve. In order to reduce the damage and recover from the losses, we have to examine the treats and take action then. There are many penetration testing courses provided by those industry leaders in CyberLAB. Through these courses, you will learn about the latest and most common risk scenarios encountered by modern enterprises. You will be able to understand the latest offensive techniques and learn the most effective counterattacks.

Sign up for CYBERSEC 2019 and get a voucher to learn through practice. Sign up for our courses on-site following the instructions below:
  • 1.Open registration starts 25 minutes before each course starts. Please register on-site. Number of applicants is limited.
  • 2.Please enter the session with a voucher after registration is completed (One voucher per person only). Voucher will not be reissued if lost.
  • 3.Doors open 5 minutes prior the lecture, and will be closed once the session starts. Wait list is available situationally.
Other notes
  • 1.All courses are conducted in Mandarin Chinese.
  • 2.The authorities have the right to adjust course enrollment access and syllabus.

CyberLAB Overview

Topic
Speaker
Time
Venue
Target Ransom - Targeted Extortion without Using Malware
Trend Micro IncorporatedTechnical Consultant, Chiu, Buo-han
Trend Micro IncorporatedTechnical Consultant, Ren, Zong-wei
03/19 12:30-14:30
03/19 15:30-17:30
03/20 12:30-14:30
03/20 15:30-17:30
03/21 12:30-14:30
03/21 15:30-17:30
TICC Joy Lounge (4F)
All-In-One Soc Security Management Platform
Billows TechnologyChief Technology Officer, Benson Chung
03/21 15:30-17:30
TICC 401
How Advanced Multilayer Protection Helping You Tackling Cyber Threat
Zyxel Communications Corp.Senior System Engineer, Yi Tsen Liao
03/19 15:30-17:30
TICC 401
How to achieve Information security by Log management, and Audit/Management Access Control.
AMIYA CorporationSolution Engineer, Samore Kuo
03/21 15:30-17:30
TICC Elegance Lounge (4F)
Malware Detection, Evidence Collection, and Forensics Analysis
iForensics Digital Inc.Sales & Project Manager, John Wu
03/19 12:30-14:30
TWTC 1 Conference Room No.4
Targeted threat protection in the cloud- AKAMAI ENTERPRISE THREAT PROTECTOR
AkamaiPartner Enablement Manager of Greater China, Kevin Wang
03/21 12:30-14:30
TICC Elegance Lounge (4F)
Threat Hunting with Cloud: Traditional incident response is different from modern incident response.
Core Cloud Tech CorporationSecurity Consultant, Paul Nien
03/19 15:30-17:30
TWTC 1 Conference Room No.4
Digital Forensics Overview and Practice (120 minutes)
Acer Cyber Security Inc.Senior Manager, Aries Yeh
Acer Cyber Security Inc.Associate Tech. Manager, Chenting Hsin
03/20 12:30-14:30
TICC Elegance Lounge (4F)
Hacking Exposed Industrial Control Systems: ICS and SCADA Security (Basic)
Acer Cyber Security Inc.Senior Project Engineer, Luca.Chiou
Acer Cyber Security Inc.Senior Project Engineer, Bingo.Huang
03/19 15:30-17:30
TICC Elegance Lounge (4F)
Learn security with hacking games
Acer Cyber Security Inc.Department of Security Penetration Service, ACSI Penetration test team
03/19 12:30-14:30
TICC Elegance Lounge (4F)
Records and their origins (Trace Analysis)
Acer Cyber Security Inc.Associate Technical Manager, Tony Tsai
Acer Cyber Security Inc.Senior Project Engineer, Liam.Lin
03/20 15:30-17:30
TICC Elegance Lounge (4F)

Introduction to CyberLAB

Target Ransom - Targeted Extortion without Using Malware

  • Venue: TICC Joy Lounge (4F)
  • Speaker

    Trend Micro IncorporatedTechnical Consultant, Chiu, Buo-han

  • Speaker

    Trend Micro IncorporatedTechnical Consultant, Ren, Zong-wei

  • Attendee:20

    Course Description

    Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.

    Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?

    This workshop will show you:

    • Why hackers can easily break into outward facing servers
    • The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective
    • How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts

    Course objectives

    Through hands-on experience, this workshop will allow students to quickly understand and learn how hackers can attack a system without using malware and the investigative defense measures to counter the attacks.

    Course Outline

    • Demonstration of intrusion techniques
    • Privilege escalation and lateral movement techniques
    • Root cause analysis
    • Timely response mechanisms

    Suggested equipment specifications for Attendee

    • All equipment is prepared by the co-organizers "Trend Micro".

    Attendee Prerequisite Skills for the Course

    • IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)

All-In-One Soc Security Management Platform

  • Venue: TICC 401
  • Speaker

    Billows TechnologyChief Technology Officer, Benson Chung

  • Attendee:20; Auditor:10

    Course Description

    The main Purpose of this course is to deliver to our attendees of an introduction and demonstration in  how to use AlienVault to analysis event correlations and find out the real threat. Users will be experiment from evaluating a risk to generating a real alarm and steps of incident report.

    Course Benefits:

    1. Understand the current security monitoring is no longer only SIEM
    2. Enhance the concept of security and understand how to find out the real threat of security through comprehensive event analysis
    3. How to use the Alienvault platform to achieve SOC self-monitoring

    Course objectives

    This integration platform is based on meeting the compliances of the National Cybersecurity Law. Therefore, this course will provide attendees with information of security concepts and basic maintenance knowledge by experiencing our automated information security management platform.

    Course Outline

    • The introduction of LogMaster, a big data collection platform.
    • The capabilities of AlienVault
    • AlienVault data analysis implementation                   
    • Report system implementation

    Suggested equipment specifications for Attendee

    • Notebook, hardware specifications CPU: CORE i5 or more, RAM: 8G

    Attendee Prerequisite Skills for the Course

    • Preferred with a slight cybersecurity concept and some Linux basic foundation

How Advanced Multilayer Protection Helping You Tackling Cyber Threat

  • Venue: TICC 401
  • Speaker

    Zyxel Communications Corp.Senior System Engineer, Yi Tsen Liao

  • Attendee:20; Auditor:10

    Course Description

    Malware is getting more and more complicated and they are overwhelming everywhere, posing serious threats to your organization. It is true challenge to security officer to adapt new technology to tackling the treat.

    In this session, we will analyze couple notorious malware tools damaging the community, and you will learn not only the behavior of the tool but also the ecosystem why the tool is prevailing. Not just lecturing, during the hands-on lab you will witness the tool in action and learn how Zyxel advanced multilayer technology mitigating the threat – spotting the threat at the first place and destroy it!

    Course objectives

    • Mastering the countermeasure against cyber threat by analyzing malware behavior and hacking methodology

    Course Outline

    • Cyber threat ecosystem
    • Malware behavior analysis
    • Demonstration of the attacking scenario
    • Detecting and preventing the malware
    • Advantage of cloud analytics

    Suggested equipment specifications for Attendee

    • Laptop, Win7 for basic OS or later.
    • Browser: Firefox and Chrome
    • VMware
    • Wireshark
    • Make sure the laptop have wireless connection module on it

    Attendee Prerequisite Skills for the Course

    • Basic TCP/IP knowledge
    • Basic network protocol knowledge.

How to achieve Information security by Log management, and Audit/Management Access Control.

  • Venue: TICC Elegance Lounge (4F)
  • Speaker

    AMIYA CorporationSolution Engineer, Samore Kuo

  • Attendee:30

    Course Description

    Introduce recent several important security incidents, and how to investigate / control incident by log management.

    Introduce importance of log management in information security

    Base on some real incident , to review whole picture of incident, and introduce ALog「detect internal fraud in advance」, and「how to trace when incident occurred」

    By hands on and basic operation to easily understand how to use ALog, also introduce some software management /maintenance.

    • Exercise #1「Hands on! How to trace incident!」
    • Exercise #2「How to Utilization and understand current situation by report!」
    • Exercise #3「Create and Utilization report for monitoring/management purpose!」
    • Exercise #4「Utilization to prevent unknown problem, Ultimate file of ALog!」

    Course Outline

    • Windows server system
    • How to achieve Information security by Log management , and Audit access record to keep management.
    • Install and configure ALog to collect log in Windows AD environment from ADDC / Fileserver .
    • Introduce several scenario and how to analyses by ALog.

    Suggested equipment specifications for Attendee

    • Hardware
      • CPU: I5 or higher
      • RAM: 16G or higher
      • HDD: 500G or higher
    • Software (either)
      • With Windows Server for ALog Install
          or
      • With Browser for ALog Report Handso

    Attendee Prerequisite Skills for the Course

    • Must know about Windows AD architecture, knowing about Auditing on Information Security, and knowledge about Windows and other system’s log management.

Malware Detection, Evidence Collection, and Forensics Analysis

  • Venue: TWTC 1 Conference Room No.4
  • Speaker

    iForensics Digital Inc.Sales & Project Manager, John Wu

  • Attendee:25; Auditor:5

    Course Description

    Give attendees a general idea of unknown malware, and then inject and run a sample on the virtual machine. Teach them how to use various free tools with iForensics eDetector for to detect malware, analyze and retrieve the evidence. Then use Magnet AXIOM, the professional forensics software, with simulated sandbox for forensics investigation.

    Malware detection and analysis:Explain how to identify a malware by analyzing its behavior in the memory, such as:internet connection, program injection, start-up sequence, whether it’s service, auto-run program, hidden…, etc.
    Evidence Collection and Forensics: Using the complete tracing and evidence collection functions of eDetector with other tools to retrieve various samples associated with the malware, such as files and memory blocks. Next, teach the attendees how to conduct a deep investigation with AXIOM or sandbox software to draw the contextual map of malware infection.

    Course objectives

    • Getting a general idea of unknown malware
    • Collect the evidence using eDetector with the assistance of other tools
    • Conduct the forensics investigation using Magnet AXIOM, the professional forensics software

    Course Outline

    • General Idea of Unknown Malware   
    • Sample Test of Unknow Malware
    • Detect Malware with iForensics eDetector
      • Install and Start the Server
      • Set-up the Server and Install eDetector on the Client
      • Detect Malware in the memory
      • Dump the memory block and the sample
      • Download and Search the Data of Windows Explorer
      • Collect and View Evidence
      • Other Functions and Disconnect the Server
    • Collect the evidence using eDetector and other tools
    • Conduct the forensics investigation using Magnet AXIOM, the professional forensics software, and the Sandbox tool.

    Suggested equipment specifications for Attendee

    • CPU: I5 of 6th Generation and above
    • RAM: 8GB
    • Disk Size:500GB and above
    • Computer with Virtual Machine Software installed

    Attendee Prerequisite Skills for the Course

    • Basic Computer Skills
    • Know how to use Virtual Machine software
    • Know how to use Command-line in CMD
       

Targeted threat protection in the cloud- AKAMAI ENTERPRISE THREAT PROTECTOR

  • Venue: TICC Elegance Lounge (4F)
  • Speaker

    AkamaiPartner Enablement Manager of Greater China, Kevin Wang

  • Attendee:30

    Course Description

    The threat of business is rapidly evolving. The number of targeted threats such as malware, ransomware, data theft, and phishing is increasing, and the ability of malicious attackers to circumvent traditional security measures has intensified. Coupled with the adoption of SaaS, the cloud and the Internet of Things, the more sophisticated methods of threat delivery have triggered new challenges, control point complexity and security gaps that cannot be ignored.

    With Akamai's global insights into the Internet and the Domain Name System (DNS), Enterprise Threat Protector enables security teams to proactively block and mitigate targeted threats and enforce the principles of proper use across the enterprise for security. The team is proactive in identifying, blocking, and defending against targeted threats such as malware, ransomware, phishing, data breaches, and more using the Domain Name System (DNS). Leverage real-time intelligence from Akamai Cloud Security Intelligence and Akamai's proven, recursive DNS platform around the world to deliver enterprise security, control and visibility efficiently, while easily integrating with your existing network defenses.

    This hands-on course will give you an in-depth understanding of Akamai ETP's operating mechanism and hands-on experience to experience the speed, convenience, and high availability of Akamai ETP.

    Course objectives

    • This hands-on course will give you an in-depth understanding of Akamai ETP's operating mechanism and hands-on experience to experience the speed, convenience, and high availability of Akamai ETP.

    Course Outline

    • ETP operation process
    • ETP advantage
    • ETP main function
    • ETP background operation
    • ETP report view

    Suggested equipment specifications for Attendee

    • Laptop

    Attendee Prerequisite Skills for the Course

    • Basic network knowledge

Threat Hunting with Cloud: Traditional incident response is different from modern incident response.

  • Venue: TWTC 1 Conference Room No.4
  • Speaker

    Core Cloud Tech CorporationSecurity Consultant, Paul Nien

  • Attendee:20; Auditor:10

    Course Description

    Recently, we face a lot of cyber attack all around, especially APT is persist to increase.

    Due to the issue, we are using security products and services to reduce cyber security losses.

    But these products and services will increase our loading in daily work.

    In order to solve the problem, we provide a service which canl do a wide range of incident response in time.

    The service we named IPaaS.

    In this lesson, you will know how to hunting threat, tracing hacker’s behaviors, analysis malware, do incident response with cloud and get cyber security incident response of experience.

    Course objectives 

    • Learning Incident Response with Cloud Service(IPaaS), feeling IPaaS convenient.

    Course Outline

    • Do Incident response with EDR.
    • Threat hunting with MDR.
    • Hands on training: Analysis with IPaaS.

    Suggested equipment specifications for Attendee

    • A Laptop which can access wifi and installed chrome or firefox.

    Attendee Prerequisite Skills for the Course

    • Experience in cyber security and operating system(Windows).

Digital Forensics Overview and Practice (120 minutes)

  • Venue: TICC Elegance Lounge (4F)
  • Speaker

    Acer Cyber Security Inc.Senior Manager, Aries Yeh

  • Speaker

    Acer Cyber Security Inc.Associate Tech. Manager, Chenting Hsin

  • Attendee:30

    Course Description

    Did you feel lost and doesn’t know where to start when dealing cyber-attacks? This course is designed for personnel who is new to Information Security and covers the fundamental techniques and tools to digital forensics, includes information analysis to locate malicious connections and malwares. Practices involve with memory blocks extraction of malicious process for potential C&C(Command & Control) server and furthermore, the attacker’s tactics and techniques.

    Course objectives

    • Summarize all assembled information for attacker’s tactics

    Course Outline

    • Initiative of investigation
    • Investigation to malicious connections
    • Investigation to malwares
    • Memory blocks extraction of malicious process

    Suggested equipment specifications for Attendee

    • Notebook / VM
    • 2GB of RAM
    • Vmware Workstation for Windows (Trial)
    • Cellular phone for Wifi Hotspot (other wireless or wired connection is prohibited)

    Attendee Prerequisite Skills for the Course

    • Familiar to common Operation Systems, knowledge to Information Security is recommended

Hacking Exposed Industrial Control Systems: ICS and SCADA Security (Basic)

  • Venue: TICC Elegance Lounge (4F)
  • Speaker

    Acer Cyber Security Inc.Senior Project Engineer, Luca.Chiou

  • Speaker

    Acer Cyber Security Inc.Senior Project Engineer, Bingo.Huang

  • Attendee:20

    Course Description

    The number of disclosures of vulnerabilities in industrial control systems has risen sharply in recent years. The industrial control environment and even the critical incidents of critical infrastructure intrusion in the country have been frequently occurred. However, compared with the IT environment, the industrial control environment mostly uses proprietary protocols, proprietary equipment (such as PLC, RTU). For the security researchers, the entry threshold is relatively high. Through this course, students can not only quickly acquire the basic knowledge of industrial control system information security, but also learn how to penetrate into the industrial control network, and analyze industrial control system protocol packets, industrial control system protocol attacks and so on.

    Course objectives

    • Understand industrial control system components
    • Understand the widely used industrial control system protocol packet analysis method
    • Understand the techniques and tools of industrial control system protocol attacks

    Course Outline

    • Overview of industrial control systems
    • ICS proprietary protocols packet analysis
    • Industrial control system service identification
    • Industrial control system protocol attack implementation: Modbus, Ethernet/IP, Siemens S7

    Suggested equipment specifications for Attendee

    • Need to bring your own notebook
    • Need to bring your own Kali Linux

    Attendee Prerequisite Skills for the Course

    • Basic packet analysis capabilities
    • Basic Linux operating capabilities
    • Basic network knowledge

Learn security with hacking games

  • Venue: TICC Elegance Lounge (4F)
  • Speaker

    Acer Cyber Security Inc.Department of Security Penetration Service, ACSI Penetration test team

  • Attendee:30

    Course Description

    This course takes leads you to understand the various hacking attacks in the form of hacking games, and experience the hacker economy.

    Course objectives

    The course shows how the hacker completes the thinking and process of a successful attack, and defends each endpoint from the various attack points of the hacker to enhance the security awareness.

    Course Outline

    • Steganography analysis
    • Learn basic Cryptography
    • Dark net for the first time
    • Web Hacking skills

    Suggested equipment specifications for Attendee

    • notebook
    • Kali Linux VM installed

    Attendee Prerequisite Skills for the Course

    • Basic Linux command
    • Basic network knowledge

     

Records and their origins (Trace Analysis)

  • Venue: TICC Elegance Lounge (4F)
  • Speaker

    Acer Cyber Security Inc.Associate Technical Manager, Tony Tsai

  • Speaker

    Acer Cyber Security Inc.Senior Project Engineer, Liam.Lin

  • Attendee:30

    Course Description

    From time to time we need to provide evidence after attacks but wonder where to look. This course is designed for personnel involved in incident investigation, to locate attacker’s traces and entry points for corresponding records as well as attacker’s tactics and techniques.
    Course objectives

    • Verify the attack trace by logs analysis

    Course Outline

    • Windows Security Logs Analysis
    • Web Logs Analysis
    • Hacker’s Trace Analysis

    Suggested equipment specifications for Attendee

    • Notebook / VM
    • 2GB of RAM
    • Vmware Workstation for Windows (Trial)
    • Cellular phone for Wifi Hotspot (other wireless or wired connection is prohibited)

    Attendee Prerequisite Skills for the Course

    • Familiar to common Operation Systems, knowledge to Information Security is recommended

CyberLAB Schedule

3/19 (Tue)

TimeSchedule
 TICC 202TICC 203TICC Joy Lounge (4F)TICC Elegance Lounge (4F)TICC 401TWTC Hall 1 Con Room 4
12:30 - 14:30
Target Ransom - Targeted Extortion without Using Malware
Chiu, Buo-han
Trend Micro Incorporated Technical Consultant,
Ren, Zong-wei
Trend Micro Incorporated Technical Consultant,
Learn security with hacking games
ACSI Penetration test team
Acer Cyber Security Inc. Department of Security Penetration Service,
 
Malware Detection, Evidence Collection, and Forensics Analysis
John Wu
iForensics Digital Inc. Sales & Project Manager,
15:30 - 17:30
Target Ransom - Targeted Extortion without Using Malware
Ren, Zong-wei
Trend Micro Incorporated Technical Consultant,
Chiu, Buo-han
Trend Micro Incorporated Technical Consultant,
Hacking Exposed Industrial Control Systems: ICS and SCADA Security (Basic)
Luca.Chiou
Acer Cyber Security Inc. Senior Project Engineer,
Bingo.Huang
Acer Cyber Security Inc. Senior Project Engineer,
How Advanced Multilayer Protection Helping You Tackling Cyber Threat
Yi Tsen Liao
Zyxel Communications Corp. Senior System Engineer,
Threat Hunting with Cloud: Traditional incident response is different from modern incident response.
Paul Nien
Core Cloud Tech Corporation Security Consultant,

3/20 (Wed)

TimeSchedule
 TICC 202TICC 203TICC Joy Lounge (4F)TICC Elegance Lounge (4F)TICC 401TWTC Hall 1 Con Room 4
12:30 - 14:30
Target Ransom - Targeted Extortion without Using Malware
Ren, Zong-wei
Trend Micro Incorporated Technical Consultant,
Chiu, Buo-han
Trend Micro Incorporated Technical Consultant,
Digital Forensics Overview and Practice (120 minutes)
Aries Yeh
Acer Cyber Security Inc. Senior Manager,
Chenting Hsin
Acer Cyber Security Inc. Associate Tech. Manager,
15:30 - 17:30
Target Ransom - Targeted Extortion without Using Malware
Ren, Zong-wei
Trend Micro Incorporated Technical Consultant,
Chiu, Buo-han
Trend Micro Incorporated Technical Consultant,
Records and their origins (Trace Analysis)
Tony Tsai
Acer Cyber Security Inc. Associate Technical Manager,
Liam.Lin
Acer Cyber Security Inc. Senior Project Engineer,
 

3/21 (Thu)

TimeSchedule
 TICC 202TICC 203TICC Joy Lounge (4F)TICC Elegance Lounge (4F)TICC 401TWTC Hall 1 Con Room 4
12:30 - 14:30
Target Ransom - Targeted Extortion without Using Malware
Ren, Zong-wei
Trend Micro Incorporated Technical Consultant,
Chiu, Buo-han
Trend Micro Incorporated Technical Consultant,
Targeted threat protection in the cloud- AKAMAI ENTERPRISE THREAT PROTECTOR
Kevin Wang
Akamai Partner Enablement Manager of Greater China,
 
15:30 - 17:30
Target Ransom - Targeted Extortion without Using Malware
Ren, Zong-wei
Trend Micro Incorporated Technical Consultant,
Chiu, Buo-han
Trend Micro Incorporated Technical Consultant,
How to achieve Information security by Log management, and Audit/Management Access Control.
Samore Kuo
AMIYA Corporation Solution Engineer,
All-In-One Soc Security Management Platform
Benson Chung
Billows Technology Chief Technology Officer,