TOGETHER, WE

RESPOND

FASTER

CYBERSEC 2019

MAR. 19 – 21

Taipei International Convention Center
Taipei World Trade Center Hall 1, 2F

CyberLAB

Gather with lots of industry experts and famous vendors at home and abroad, a series of training sessions are well-planned to focus on the latest cyber attack techniques along with the most effective counterattacks.

Security breaches increase daily as hacker techniques consistently evolve. In order to reduce the damage and recover from the losses, we have to examine the treats and take action then. There are many penetration testing courses provided by those industry leaders in CyberLAB. Through these courses, you will learn about the latest and most common risk scenarios encountered by modern enterprises. You will be able to understand the latest offensive techniques and learn the most effective counterattacks.

Grab your seat now! Register yourself at CYBERSEC and on-site registration for CyberLAB.

Mar. 19(Tue)
09:00 - 12:30
12:30 - 14:30

Target Ransom - Targeted Extortion without Using Malware

  • Time: 03/19 12:30 - 14:30
  • Venue:TICC Joy Lounge (4F)
  • Speaker

    Technical Consultant,Trend Micro Incorporated Chiu, Buo-han

  • Speaker

    Technical Consultant,Trend Micro Incorporated Ren, Zong-wei

  • Course Description

    Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.

    Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?

     

    This workshop will show you:

    • Why hackers can easily break into outward facing servers
    • The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective

    How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts

    Course Outline

    • Demonstration of intrusion techniques
    • Privilege escalation and lateral movement techniques
    • Root cause analysis
    • Timely response mechanisms

    Suggested equipment specifications for Attendee

    • All equipment is prepared by the co-organizers "Trend Micro".

    Attendee Prerequisite Skills for the Course

    • IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)

Learn security with hacking games

  • Time: 03/19 12:30 - 14:30
  • Venue:TICC Elegance Lounge (4F)
  • Speaker

    Department of Security Penetration Service,Acer Cyber Security Inc. ACSI Penetration test team

  • Course Description

    This course takes leads you to understand the various hacking attacks in the form of hacking games, and experience the hacker economy.

    Course Outline

    • Steganography analysis
    • Learn basic Cryptography
    • Dark net for the first time
    • Web Hacking skills

    Suggested equipment specifications for Attendee

    • notebook
    • Kali Linux VM installed

    Attendee Prerequisite Skills for the Course

    • Basic Linux command
    • Basic network knowledge

     

Malware Detection, Evidence Collection, and Forensics Analysis

  • Time: 03/19 12:30 - 14:30
  • Venue:TWTC 1 Conference Room No.4
  • Speaker

    Sales & Project Manager,iForensics Digital Inc. John Wu

  • Course Description

    Give attendees a general idea of unknown malware, and then inject and run a sample on the virtual machine. Teach them how to use various free tools with iForensics eDetector for to detect malware, analyze and retrieve the evidence. Then use Magnet AXIOM, the professional forensics software, with simulated sandbox for forensics investigation.

     

    • Malware detection and analysis:Explain how to identify a malware by analyzing its behavior in the memory, such as:internet connection, program injection, start-up sequence, whether it’s service, auto-run program, hidden…, etc.
    • Evidence Collection and Forensics: Using the complete tracing and evidence collection functions of eDetector with other tools to retrieve various samples associated with the malware, such as files and memory blocks. Next, teach the attendees how to conduct a deep investigation with AXIOM or sandbox software to draw the contextual map of malware infection.

    Course Outline

    • General Idea of Unknown Malware   
    • Sample Test of Unknow Malware
    • Detect Malware with iForensics eDetector
      • Install and Start the Server
      • Set-up the Server and Install eDetector on the Client
      • Detect Malware in the memory
      • Dump the memory block and the sample
      • Download and Search the Data of Windows Explorer
      • Collect and View Evidence
      • Other Functions and Disconnect the Server
    • Collect the evidence using eDetector and other tools
    • Conduct the forensics investigation using Magnet AXIOM, the professional forensics software, and the Sandbox tool.

    Suggested equipment specifications for Attendee

    • CPU: I5 of 6th Generation and above
    • RAM: 8GB
    • Disk Size:500GB and above
    • Computer with Virtual Machine Software installed

    Attendee Prerequisite Skills for the Course

    • Basic Computer Skills
    • Know how to use Virtual Machine software
    • Know how to use Command-line in CMD
15:30 - 17:30

Target Ransom - Targeted Extortion without Using Malware

  • Time: 03/19 15:30 - 17:30
  • Venue:TICC Joy Lounge (4F)
  • Speaker

    Technical Consultant,Trend Micro Incorporated Ren, Zong-wei

  • Speaker

    Technical Consultant,Trend Micro Incorporated Chiu, Buo-han

  • Course Description

    Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.

    Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?

     

    This workshop will show you:

    • Why hackers can easily break into outward facing servers
    • The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective

    How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts

    Course Outline

    • Demonstration of intrusion techniques
    • Privilege escalation and lateral movement techniques
    • Root cause analysis
    • Timely response mechanisms

    Suggested equipment specifications for Attendee

    • All equipment is prepared by the co-organizers "Trend Micro".

    Attendee Prerequisite Skills for the Course

    • IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)

Hacking Exposed Industrial Control Systems: ICS and SCADA Security (Basic)

  • Time: 03/19 15:30 - 17:30
  • Venue:TICC Elegance Lounge (4F)
  • Speaker

    Senior Project Engineer,Acer Cyber Security Inc. Luca.Chiou

  • Speaker

    Senior Project Engineer,Acer Cyber Security Inc. Bingo.Huang

  • Course Description

    The number of disclosures of vulnerabilities in industrial control systems has risen sharply in recent years. The industrial control environment and even the critical incidents of critical infrastructure intrusion in the country have been frequently occurred. However, compared with the IT environment, the industrial control environment mostly uses proprietary protocols, proprietary equipment (such as PLC, RTU). For the security researchers, the entry threshold is relatively high. Through this course, students can not only quickly acquire the basic knowledge of industrial control system information security, but also learn how to penetrate into the industrial control network, and analyze industrial control system protocol packets, industrial control system protocol attacks and so on.

    Course Outline

    • Overview of industrial control systems
    • ICS proprietary protocols packet analysis
    • Industrial control system service identification
    • Industrial control system protocol attack implementation: Modbus, Ethernet/IP, Siemens S7

    Suggested equipment specifications for Attendee

    • Need to bring your own notebook
    • Need to bring your own Kali Linux

    Attendee Prerequisite Skills for the Course

    • Basic packet analysis capabilities
    • Basic Linux operating capabilities
    • Basic network knowledge

How Advanced Multilayer Protection Helping You Tackling Cyber Threat

  • Time: 03/19 15:30 - 17:30
  • Venue:TICC 401
  • Speaker

    Senior System Engineer,Zyxel Communications Corp. Yi Tsen Liao

  • Course Description

    Malware is getting more and more complicated and they are overwhelming everywhere, posing serious threats to your organization. It is true challenge to security officer to adapt new technology to tackling the treat.

    In this session, we will analyze couple notorious malware tools damaging the community, and you will learn not only the behavior of the tool but also the ecosystem why the tool is prevailing. Not just lecturing, during the hands-on lab you will witness the tool in action and learn how Zyxel advanced multilayer technology mitigating the threat – spotting the threat at the first place and destroy it!

    Course Outline

    • Cyber threat ecosystem
    • Malware behavior analysis
    • Demonstration of the attacking scenario
    • Detecting and preventing the malware
    • Advantage of cloud analytics

    Suggested equipment specifications for Attendee

    • Laptop, Win7 for basic OS or later.
    • Browser: Firefox and Chrome
    • VMware
    • Wireshark
    • Make sure the laptop have wireless connection module on it

    Attendee Prerequisite Skills for the Course

    • Basic TCP/IP knowledge
    • Basic network protocol knowledge.

Threat Hunting with Cloud: Traditional incident response is different from modern incident response.

  • Time: 03/19 15:30 - 17:30
  • Venue:TWTC 1 Conference Room No.4
  • Speaker

    Security Consultant,Core Cloud Tech Corporation Paul Nien

  • Course Description

    Recently, we face a lot of cyber attack all around, especially APT is persist to increase.

    Due to the issue, we are using security products and services to reduce cyber security losses.

    But these products and services will increase our loading in daily work.

     

    In order to solve the problem, we provide a service which canl do a wide range of incident response in time.

    The service we named IPaaS.

    In this lesson, you will know how to hunting threat, tracing hacker’s behaviors, analysis malware, do incident response with cloud and get cyber security incident response of experience.

    Course Outline

    • Do Incident response with EDR.
    • Threat hunting with MDR.
    • Hands on training: Analysis with IPaaS.

    Suggested equipment specifications for Attendee

    • A Laptop which can access wifi and installed chrome or firefox.

    Attendee Prerequisite Skills for the Course

    • Experience in cyber security and operating system(Windows).
Mar. 20(Wed)
09:00 - 12:30
12:30 - 14:30

Target Ransom - Targeted Extortion without Using Malware

  • Time: 03/20 12:30 - 14:30
  • Venue:TICC Joy Lounge (4F)
  • Speaker

    Technical Consultant,Trend Micro Incorporated Ren, Zong-wei

  • Speaker

    Technical Consultant,Trend Micro Incorporated Chiu, Buo-han

  • Course Description

    Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.

    Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?

     

    This workshop will show you:

    • Why hackers can easily break into outward facing servers
    • The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective

    How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts

    Course Outline

    • Demonstration of intrusion techniques
    • Privilege escalation and lateral movement techniques
    • Root cause analysis
    • Timely response mechanisms

    Suggested equipment specifications for Attendee

    • All equipment is prepared by the co-organizers "Trend Micro".

    Attendee Prerequisite Skills for the Course

    • IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)

Digital Forensics Overview and Practice (120 minutes)

  • Time: 03/20 12:30 - 14:30
  • Venue:TICC Elegance Lounge (4F)
  • Speaker

    Senior Manager,Acer Cyber Security Inc. Aries Yeh

  • Speaker

    Associate Tech. Manager,Acer Cyber Security Inc. Chenting Hsin

  • Course Description

    Did you feel lost and doesn’t know where to start when dealing cyber-attacks? This course is designed for personnel who is new to Information Security and covers the fundamental techniques and tools to digital forensics, includes information analysis to locate malicious connections and malwares. Practices involve with memory blocks extraction of malicious process for potential C&C(Command & Control) server and furthermore, the attacker’s tactics and techniques.

    Course Outline

    • Initiative of investigation
    • Investigation to malicious connections
    • Investigation to malwares
    • Memory blocks extraction of malicious process

    Suggested equipment specifications for Attendee

    • Notebook / VM
    • 2GB of RAM
    • Vmware Workstation for Windows (Trial)
    • Cellular phone for Wifi Hotspot (other wireless or wired connection is prohibited)

    Attendee Prerequisite Skills for the Course

    • Familiar to common Operation Systems, knowledge to Information Security is recommended
15:30 - 17:30

Target Ransom - Targeted Extortion without Using Malware

  • Time: 03/20 15:30 - 17:30
  • Venue:TICC Joy Lounge (4F)
  • Speaker

    Technical Consultant,Trend Micro Incorporated Ren, Zong-wei

  • Speaker

    Technical Consultant,Trend Micro Incorporated Chiu, Buo-han

  • Course Description

    Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.

    Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?

     

    This workshop will show you:

    • Why hackers can easily break into outward facing servers
    • The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective

    How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts

    Course Outline

    • Demonstration of intrusion techniques
    • Privilege escalation and lateral movement techniques
    • Root cause analysis
    • Timely response mechanisms

    Suggested equipment specifications for Attendee

    • All equipment is prepared by the co-organizers "Trend Micro".

    Attendee Prerequisite Skills for the Course

    • IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)

Records and their origins (Trace Analysis)

  • Time: 03/20 15:30 - 17:30
  • Venue:TICC Elegance Lounge (4F)
  • Speaker

    Associate Technical Manager,Acer Cyber Security Inc. Tony Tsai

  • Speaker

    Senior Project Engineer,Acer Cyber Security Inc. Liam.Lin

  • Course Description

    From time to time we need to provide evidence after attacks but wonder where to look. This course is designed for personnel involved in incident investigation, to locate attacker’s traces and entry points for corresponding records as well as attacker’s tactics and techniques.

    Course Outline

    • Windows Security Logs Analysis
    • Web Logs Analysis
    • Hacker’s Trace Analysis

    Suggested equipment specifications for Attendee

    • Notebook / VM
    • 2GB of RAM
    • Vmware Workstation for Windows (Trial)
    • Cellular phone for Wifi Hotspot (other wireless or wired connection is prohibited)

    Attendee Prerequisite Skills for the Course

    • Familiar to common Operation Systems, knowledge to Information Security is recommended
Mar. 21(Thu)
09:00 - 12:30
12:30 - 14:30

Target Ransom - Targeted Extortion without Using Malware

  • Time: 03/21 12:30 - 14:30
  • Venue:TICC Joy Lounge (4F)
  • Speaker

    Technical Consultant,Trend Micro Incorporated Ren, Zong-wei

  • Speaker

    Technical Consultant,Trend Micro Incorporated Chiu, Buo-han

  • Course Description

    Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.

    Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?

     

    This workshop will show you:

    • Why hackers can easily break into outward facing servers
    • The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective

    How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts

    Course Outline

    • Demonstration of intrusion techniques
    • Privilege escalation and lateral movement techniques
    • Root cause analysis
    • Timely response mechanisms

    Suggested equipment specifications for Attendee

    • All equipment is prepared by the co-organizers "Trend Micro".

    Attendee Prerequisite Skills for the Course

    • IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)

Targeted threat protection in the cloud- AKAMAI ENTERPRISE THREAT PROTECTOR

  • Time: 03/21 12:30 - 14:30
  • Venue:TICC Elegance Lounge (4F)
  • Speaker

    Partner Enablement Manager of Greater China,Akamai Kevin Wang

  • Course Description

    The threat of business is rapidly evolving. The number of targeted threats such as malware, ransomware, data theft, and phishing is increasing, and the ability of malicious attackers to circumvent traditional security measures has intensified. Coupled with the adoption of SaaS, the cloud and the Internet of Things, the more sophisticated methods of threat delivery have triggered new challenges, control point complexity and security gaps that cannot be ignored.

     

    With Akamai's global insights into the Internet and the Domain Name System (DNS), Enterprise Threat Protector enables security teams to proactively block and mitigate targeted threats and enforce the principles of proper use across the enterprise for security. The team is proactive in identifying, blocking, and defending against targeted threats such as malware, ransomware, phishing, data breaches, and more using the Domain Name System (DNS). Leverage real-time intelligence from Akamai Cloud Security Intelligence and Akamai's proven, recursive DNS platform around the world to deliver enterprise security, control and visibility efficiently, while easily integrating with your existing network defenses.

     

    This hands-on course will give you an in-depth understanding of Akamai ETP's operating mechanism and hands-on experience to experience the speed, convenience, and high availability of Akamai ETP.

    Course Outline

    • ETP operation process
    • ETP advantage
    • ETP main function
    • ETP background operation
    • ETP report view

    Suggested equipment specifications for Attendee

    • Laptop

    Attendee Prerequisite Skills for the Course

    • Basic network knowledge
15:30 - 17:30

Target Ransom - Targeted Extortion without Using Malware

  • Time: 03/21 15:30 - 17:30
  • Venue:TICC Joy Lounge (4F)
  • Speaker

    Technical Consultant,Trend Micro Incorporated Ren, Zong-wei

  • Speaker

    Technical Consultant,Trend Micro Incorporated Chiu, Buo-han

  • Course Description

    Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.

    Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?

     

    This workshop will show you:

    • Why hackers can easily break into outward facing servers
    • The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective

    How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts

    Course Outline

    • Demonstration of intrusion techniques
    • Privilege escalation and lateral movement techniques
    • Root cause analysis
    • Timely response mechanisms

    Suggested equipment specifications for Attendee

    • All equipment is prepared by the co-organizers "Trend Micro".

    Attendee Prerequisite Skills for the Course

    • IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)

How to achieve Information security by Log management, and Audit/Management Access Control.

  • Time: 03/21 15:30 - 17:30
  • Venue:TICC Elegance Lounge (4F)
  • Speaker

    Solution Engineer,AMIYA Corporation Samore Kuo

  • Course Description

    Introduce recent several important security incidents, and how to investigate / control incident by log management.

    Introduce importance of log management in information security

     

    Base on some real incident , to review whole picture of incident, and introduce ALog「detect internal fraud in advance」, and「how to trace when incident occurred」

     

    By hands on and basic operation to easily understand how to use ALog, also introduce some software management /maintenance.

     

    • Exercise #1「Hands on! How to trace incident!」
    • Exercise #2「How to Utilization and understand current situation by report!」
    • Exercise #3「Create and Utilization report for monitoring/management purpose!」
    • Exercise #4「Utilization to prevent unknown problem, Ultimate file of ALog!」

    Course Outline

    • Windows server system
    • How to achieve Information security by Log management , and Audit access record to keep management.
    • Install and configure ALog to collect log in Windows AD environment from ADDC / Fileserver .
    • Introduce several scenario and how to analyses by ALog.

    Suggested equipment specifications for Attendee

    • Hardware
      • CPU: I5 or higher
      • RAM: 16G or higher
      • HDD: 500G or higher
    • Software
      • Need a VMware workstation
      • With following environment:
        • Windows ADDC
        • Windows File server
        • Windows server for install ALog

    Attendee Prerequisite Skills for the Course

    • Must know about Windows AD architecture, knowing about Auditing on Information Security, and knowledge about Windows and other system’s log management.

All-In-One Soc Security Management Platform

  • Time: 03/21 15:30 - 17:30
  • Venue:TICC 401
  • Speaker

    Chief Technology Officer,Billows Technology Benson Chung

  • Course Description

    The main Purpose of this course is to deliver to our attendees of an introduction and demonstration in  how to use AlienVault to analysis event correlations and find out the real threat. Users will be experiment from evaluating a risk to generating a real alarm and steps of incident report.

    Course Benefits:

    1. Understand the current security monitoring is no longer only SIEM
    2. Enhance the concept of security and understand how to find out the real threat of security through comprehensive event analysis
    3. How to use the Alienvault platform to achieve SOC self-monitoring

    Course Outline

    • The introduction of LogMaster, a big data collection platform.
    • The capabilities of AlienVault
    • AlienVault data analysis implementation                   
    • Report system implementation

    Suggested equipment specifications for Attendee

    • Notebook, hardware specifications CPU: CORE i5 or more, RAM: 8G

    Attendee Prerequisite Skills for the Course

    • Preferred with a slight cybersecurity concept and some Linux basic foundation