CyberLAB
Gather with lots of industry experts and famous vendors at home and abroad, a series of training sessions are well-planned to focus on the latest cyber attack techniques along with the most effective counterattacks.
Security breaches increase daily as hacker techniques consistently evolve. In order to reduce the damage and recover from the losses, we have to examine the treats and take action then. There are many penetration testing courses provided by those industry leaders in CyberLAB. Through these courses, you will learn about the latest and most common risk scenarios encountered by modern enterprises. You will be able to understand the latest offensive techniques and learn the most effective counterattacks.
Grab your seat now! Register yourself at CYBERSEC and on-site registration for CyberLAB.
Target Ransom - Targeted Extortion without Using Malware
- Time: 03/19 12:30 - 14:30
- Venue:TICC Joy Lounge (4F)
Speaker
Technical Consultant,Trend Micro Incorporated Chiu, Buo-han
Speaker
Technical Consultant,Trend Micro Incorporated Ren, Zong-wei
Course Description
Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.
Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?
This workshop will show you:
- Why hackers can easily break into outward facing servers
- The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective
How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts
Course Outline
- Demonstration of intrusion techniques
- Privilege escalation and lateral movement techniques
- Root cause analysis
- Timely response mechanisms
Suggested equipment specifications for Attendee
- All equipment is prepared by the co-organizers "Trend Micro".
Attendee Prerequisite Skills for the Course
- IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)
Learn security with hacking games
- Time: 03/19 12:30 - 14:30
- Venue:TICC Elegance Lounge (4F)
Speaker
Department of Security Penetration Service,Acer Cyber Security Inc. ACSI Penetration test team
Course Description
This course takes leads you to understand the various hacking attacks in the form of hacking games, and experience the hacker economy.
Course Outline
- Steganography analysis
- Learn basic Cryptography
- Dark net for the first time
- Web Hacking skills
Suggested equipment specifications for Attendee
- notebook
- Kali Linux VM installed
Attendee Prerequisite Skills for the Course
- Basic Linux command
- Basic network knowledge
Malware Detection, Evidence Collection, and Forensics Analysis
- Time: 03/19 12:30 - 14:30
- Venue:TWTC 1 Conference Room No.4
Speaker
Sales & Project Manager,iForensics Digital Inc. John Wu
Course Description
Give attendees a general idea of unknown malware, and then inject and run a sample on the virtual machine. Teach them how to use various free tools with iForensics eDetector for to detect malware, analyze and retrieve the evidence. Then use Magnet AXIOM, the professional forensics software, with simulated sandbox for forensics investigation.
- Malware detection and analysis:Explain how to identify a malware by analyzing its behavior in the memory, such as:internet connection, program injection, start-up sequence, whether it’s service, auto-run program, hidden…, etc.
- Evidence Collection and Forensics: Using the complete tracing and evidence collection functions of eDetector with other tools to retrieve various samples associated with the malware, such as files and memory blocks. Next, teach the attendees how to conduct a deep investigation with AXIOM or sandbox software to draw the contextual map of malware infection.
Course Outline
- General Idea of Unknown Malware
- Sample Test of Unknow Malware
- Detect Malware with iForensics eDetector
- Install and Start the Server
- Set-up the Server and Install eDetector on the Client
- Detect Malware in the memory
- Dump the memory block and the sample
- Download and Search the Data of Windows Explorer
- Collect and View Evidence
- Other Functions and Disconnect the Server
- Collect the evidence using eDetector and other tools
- Conduct the forensics investigation using Magnet AXIOM, the professional forensics software, and the Sandbox tool.
Suggested equipment specifications for Attendee
- CPU: I5 of 6th Generation and above
- RAM: 8GB
- Disk Size:500GB and above
- Computer with Virtual Machine Software installed
Attendee Prerequisite Skills for the Course
- Basic Computer Skills
- Know how to use Virtual Machine software
- Know how to use Command-line in CMD
Target Ransom - Targeted Extortion without Using Malware
- Time: 03/19 15:30 - 17:30
- Venue:TICC Joy Lounge (4F)
Speaker
Technical Consultant,Trend Micro Incorporated Ren, Zong-wei
Speaker
Technical Consultant,Trend Micro Incorporated Chiu, Buo-han
Course Description
Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.
Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?
This workshop will show you:
- Why hackers can easily break into outward facing servers
- The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective
How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts
Course Outline
- Demonstration of intrusion techniques
- Privilege escalation and lateral movement techniques
- Root cause analysis
- Timely response mechanisms
Suggested equipment specifications for Attendee
- All equipment is prepared by the co-organizers "Trend Micro".
Attendee Prerequisite Skills for the Course
- IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)
Hacking Exposed Industrial Control Systems: ICS and SCADA Security (Basic)
- Time: 03/19 15:30 - 17:30
- Venue:TICC Elegance Lounge (4F)
Speaker
Senior Project Engineer,Acer Cyber Security Inc. Luca.Chiou
Speaker
Senior Project Engineer,Acer Cyber Security Inc. Bingo.Huang
Course Description
The number of disclosures of vulnerabilities in industrial control systems has risen sharply in recent years. The industrial control environment and even the critical incidents of critical infrastructure intrusion in the country have been frequently occurred. However, compared with the IT environment, the industrial control environment mostly uses proprietary protocols, proprietary equipment (such as PLC, RTU). For the security researchers, the entry threshold is relatively high. Through this course, students can not only quickly acquire the basic knowledge of industrial control system information security, but also learn how to penetrate into the industrial control network, and analyze industrial control system protocol packets, industrial control system protocol attacks and so on.
Course Outline
- Overview of industrial control systems
- ICS proprietary protocols packet analysis
- Industrial control system service identification
- Industrial control system protocol attack implementation: Modbus, Ethernet/IP, Siemens S7
Suggested equipment specifications for Attendee
- Need to bring your own notebook
- Need to bring your own Kali Linux
Attendee Prerequisite Skills for the Course
- Basic packet analysis capabilities
- Basic Linux operating capabilities
- Basic network knowledge
How Advanced Multilayer Protection Helping You Tackling Cyber Threat
- Time: 03/19 15:30 - 17:30
- Venue:TICC 401
Speaker
Senior System Engineer,Zyxel Communications Corp. Yi Tsen Liao
Course Description
Malware is getting more and more complicated and they are overwhelming everywhere, posing serious threats to your organization. It is true challenge to security officer to adapt new technology to tackling the treat.
In this session, we will analyze couple notorious malware tools damaging the community, and you will learn not only the behavior of the tool but also the ecosystem why the tool is prevailing. Not just lecturing, during the hands-on lab you will witness the tool in action and learn how Zyxel advanced multilayer technology mitigating the threat – spotting the threat at the first place and destroy it!
Course Outline
- Cyber threat ecosystem
- Malware behavior analysis
- Demonstration of the attacking scenario
- Detecting and preventing the malware
- Advantage of cloud analytics
Suggested equipment specifications for Attendee
- Laptop, Win7 for basic OS or later.
- Browser: Firefox and Chrome
- VMware
- Wireshark
- Make sure the laptop have wireless connection module on it
Attendee Prerequisite Skills for the Course
- Basic TCP/IP knowledge
- Basic network protocol knowledge.
Threat Hunting with Cloud: Traditional incident response is different from modern incident response.
- Time: 03/19 15:30 - 17:30
- Venue:TWTC 1 Conference Room No.4
Speaker
Security Consultant,Core Cloud Tech Corporation Paul Nien
Course Description
Recently, we face a lot of cyber attack all around, especially APT is persist to increase.
Due to the issue, we are using security products and services to reduce cyber security losses.
But these products and services will increase our loading in daily work.
In order to solve the problem, we provide a service which canl do a wide range of incident response in time.
The service we named IPaaS.
In this lesson, you will know how to hunting threat, tracing hacker’s behaviors, analysis malware, do incident response with cloud and get cyber security incident response of experience.
Course Outline
- Do Incident response with EDR.
- Threat hunting with MDR.
- Hands on training: Analysis with IPaaS.
Suggested equipment specifications for Attendee
- A Laptop which can access wifi and installed chrome or firefox.
Attendee Prerequisite Skills for the Course
- Experience in cyber security and operating system(Windows).
Agenda
Target Ransom - Targeted Extortion without Using Malware
- Time: 03/20 12:30 - 14:30
- Venue:TICC Joy Lounge (4F)
Speaker
Technical Consultant,Trend Micro Incorporated Ren, Zong-wei
Speaker
Technical Consultant,Trend Micro Incorporated Chiu, Buo-han
Course Description
Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.
Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?
This workshop will show you:
- Why hackers can easily break into outward facing servers
- The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective
How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts
Course Outline
- Demonstration of intrusion techniques
- Privilege escalation and lateral movement techniques
- Root cause analysis
- Timely response mechanisms
Suggested equipment specifications for Attendee
- All equipment is prepared by the co-organizers "Trend Micro".
Attendee Prerequisite Skills for the Course
- IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)
Digital Forensics Overview and Practice (120 minutes)
- Time: 03/20 12:30 - 14:30
- Venue:TICC Elegance Lounge (4F)
Speaker
Senior Manager,Acer Cyber Security Inc. Aries Yeh
Speaker
Associate Tech. Manager,Acer Cyber Security Inc. Chenting Hsin
Course Description
Did you feel lost and doesn’t know where to start when dealing cyber-attacks? This course is designed for personnel who is new to Information Security and covers the fundamental techniques and tools to digital forensics, includes information analysis to locate malicious connections and malwares. Practices involve with memory blocks extraction of malicious process for potential C&C(Command & Control) server and furthermore, the attacker’s tactics and techniques.
Course Outline
- Initiative of investigation
- Investigation to malicious connections
- Investigation to malwares
- Memory blocks extraction of malicious process
Suggested equipment specifications for Attendee
- Notebook / VM
- 2GB of RAM
- Vmware Workstation for Windows (Trial)
- Cellular phone for Wifi Hotspot (other wireless or wired connection is prohibited)
Attendee Prerequisite Skills for the Course
- Familiar to common Operation Systems, knowledge to Information Security is recommended
Target Ransom - Targeted Extortion without Using Malware
- Time: 03/20 15:30 - 17:30
- Venue:TICC Joy Lounge (4F)
Speaker
Technical Consultant,Trend Micro Incorporated Ren, Zong-wei
Speaker
Technical Consultant,Trend Micro Incorporated Chiu, Buo-han
Course Description
Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.
Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?
This workshop will show you:
- Why hackers can easily break into outward facing servers
- The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective
How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts
Course Outline
- Demonstration of intrusion techniques
- Privilege escalation and lateral movement techniques
- Root cause analysis
- Timely response mechanisms
Suggested equipment specifications for Attendee
- All equipment is prepared by the co-organizers "Trend Micro".
Attendee Prerequisite Skills for the Course
- IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)
Records and their origins (Trace Analysis)
- Time: 03/20 15:30 - 17:30
- Venue:TICC Elegance Lounge (4F)
Speaker
Associate Technical Manager,Acer Cyber Security Inc. Tony Tsai
Speaker
Senior Project Engineer,Acer Cyber Security Inc. Liam.Lin
Course Description
From time to time we need to provide evidence after attacks but wonder where to look. This course is designed for personnel involved in incident investigation, to locate attacker’s traces and entry points for corresponding records as well as attacker’s tactics and techniques.
Course Outline
- Windows Security Logs Analysis
- Web Logs Analysis
- Hacker’s Trace Analysis
Suggested equipment specifications for Attendee
- Notebook / VM
- 2GB of RAM
- Vmware Workstation for Windows (Trial)
- Cellular phone for Wifi Hotspot (other wireless or wired connection is prohibited)
Attendee Prerequisite Skills for the Course
- Familiar to common Operation Systems, knowledge to Information Security is recommended
Agenda
Target Ransom - Targeted Extortion without Using Malware
- Time: 03/21 12:30 - 14:30
- Venue:TICC Joy Lounge (4F)
Speaker
Technical Consultant,Trend Micro Incorporated Ren, Zong-wei
Speaker
Technical Consultant,Trend Micro Incorporated Chiu, Buo-han
Course Description
Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.
Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?
This workshop will show you:
- Why hackers can easily break into outward facing servers
- The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective
How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts
Course Outline
- Demonstration of intrusion techniques
- Privilege escalation and lateral movement techniques
- Root cause analysis
- Timely response mechanisms
Suggested equipment specifications for Attendee
- All equipment is prepared by the co-organizers "Trend Micro".
Attendee Prerequisite Skills for the Course
- IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)
Targeted threat protection in the cloud- AKAMAI ENTERPRISE THREAT PROTECTOR
- Time: 03/21 12:30 - 14:30
- Venue:TICC Elegance Lounge (4F)
Speaker
Partner Enablement Manager of Greater China,Akamai Kevin Wang
Course Description
The threat of business is rapidly evolving. The number of targeted threats such as malware, ransomware, data theft, and phishing is increasing, and the ability of malicious attackers to circumvent traditional security measures has intensified. Coupled with the adoption of SaaS, the cloud and the Internet of Things, the more sophisticated methods of threat delivery have triggered new challenges, control point complexity and security gaps that cannot be ignored.
With Akamai's global insights into the Internet and the Domain Name System (DNS), Enterprise Threat Protector enables security teams to proactively block and mitigate targeted threats and enforce the principles of proper use across the enterprise for security. The team is proactive in identifying, blocking, and defending against targeted threats such as malware, ransomware, phishing, data breaches, and more using the Domain Name System (DNS). Leverage real-time intelligence from Akamai Cloud Security Intelligence and Akamai's proven, recursive DNS platform around the world to deliver enterprise security, control and visibility efficiently, while easily integrating with your existing network defenses.
This hands-on course will give you an in-depth understanding of Akamai ETP's operating mechanism and hands-on experience to experience the speed, convenience, and high availability of Akamai ETP.
Course Outline
- ETP operation process
- ETP advantage
- ETP main function
- ETP background operation
- ETP report view
Suggested equipment specifications for Attendee
- Laptop
Attendee Prerequisite Skills for the Course
- Basic network knowledge
Target Ransom - Targeted Extortion without Using Malware
- Time: 03/21 15:30 - 17:30
- Venue:TICC Joy Lounge (4F)
Speaker
Technical Consultant,Trend Micro Incorporated Ren, Zong-wei
Speaker
Technical Consultant,Trend Micro Incorporated Chiu, Buo-han
Course Description
Historically, digital extortion has been carried out with malicious emails, compromised websites, or malvertisements, which infect victims' computers with ransomware. But as multiple recent cases have shown, cybercriminals are beginning to leverage targeted attack techniques in digital extortion. They compromise corporate systems from the outside and gain access to the systems and sensitive data. Then, they navigate across corporate networks with lateral movement techniques while encrypting files on critical servers along the way using legitimate tools to prevent the security teams from effectively investigate their attacks.
Faced with increasingly rampant cybercrime, how can security teams actively look for signs of attacks and discover how their systems are breached, while at the same time helping their companies build an investigative defense mechanism and promote security awareness?
This workshop will show you:
- Why hackers can easily break into outward facing servers
- The common techniques that hackers use to gain privileged system access and move laterally within corporate networks, plus the counter measures from system administrators' perspective
How IT security or network administration teams can investigate into such activities in order to deploy defenses and set up security alerts
Course Outline
- Demonstration of intrusion techniques
- Privilege escalation and lateral movement techniques
- Root cause analysis
- Timely response mechanisms
Suggested equipment specifications for Attendee
- All equipment is prepared by the co-organizers "Trend Micro".
Attendee Prerequisite Skills for the Course
- IT security administrators with experience in Windows administration and command-line operations (MS-DOS prompt)
How to achieve Information security by Log management, and Audit/Management Access Control.
- Time: 03/21 15:30 - 17:30
- Venue:TICC Elegance Lounge (4F)
Speaker
Solution Engineer,AMIYA Corporation Samore Kuo
Course Description
Introduce recent several important security incidents, and how to investigate / control incident by log management.
Introduce importance of log management in information security
Base on some real incident , to review whole picture of incident, and introduce ALog「detect internal fraud in advance」, and「how to trace when incident occurred」
By hands on and basic operation to easily understand how to use ALog, also introduce some software management /maintenance.
- Exercise #1「Hands on! How to trace incident!」
- Exercise #2「How to Utilization and understand current situation by report!」
- Exercise #3「Create and Utilization report for monitoring/management purpose!」
- Exercise #4「Utilization to prevent unknown problem, Ultimate file of ALog!」
Course Outline
- Windows server system
- How to achieve Information security by Log management , and Audit access record to keep management.
- Install and configure ALog to collect log in Windows AD environment from ADDC / Fileserver .
- Introduce several scenario and how to analyses by ALog.
Suggested equipment specifications for Attendee
- Hardware
- CPU: I5 or higher
- RAM: 16G or higher
- HDD: 500G or higher
- Software
- Need a VMware workstation
- With following environment:
- Windows ADDC
- Windows File server
- Windows server for install ALog
Attendee Prerequisite Skills for the Course
- Must know about Windows AD architecture, knowing about Auditing on Information Security, and knowledge about Windows and other system’s log management.
All-In-One Soc Security Management Platform
- Time: 03/21 15:30 - 17:30
- Venue:TICC 401
Speaker
Chief Technology Officer,Billows Technology Benson Chung
Course Description
The main Purpose of this course is to deliver to our attendees of an introduction and demonstration in how to use AlienVault to analysis event correlations and find out the real threat. Users will be experiment from evaluating a risk to generating a real alarm and steps of incident report.
Course Benefits:
- Understand the current security monitoring is no longer only SIEM
- Enhance the concept of security and understand how to find out the real threat of security through comprehensive event analysis
- How to use the Alienvault platform to achieve SOC self-monitoring
Course Outline
- The introduction of LogMaster, a big data collection platform.
- The capabilities of AlienVault
- AlienVault data analysis implementation
- Report system implementation
Suggested equipment specifications for Attendee
- Notebook, hardware specifications CPU: CORE i5 or more, RAM: 8G
Attendee Prerequisite Skills for the Course
- Preferred with a slight cybersecurity concept and some Linux basic foundation
Agenda
Introduction
Go to Introduction Page-
part of 