課程介紹

課程時間表下載:

課程大綱下載:

  • 09:30-10:30
  • 10:30-12:30
  • 12:30-13:30
  • 13:30-15:30
  • 15:30-17:30

開幕

工具安裝

資安事件 Case Study;SOC 功能、架構與營運

黃瓊瑩

隨著駭客思維的進步、網路入侵手法日新月異,導致網路資訊安全的問題不斷遭受考驗,SOC(Security Operation Center) 資安防護中心是將不同位置、不同系統中巨量的安全事件進行匯總、過濾、收集和關聯分析,得出全局角度的風險評估結果,並根據此進行回應和處理的綜合安全平臺。Acer eDC長期從事SOC服務,將在本日課程中分享本身實務經驗,藉由入侵攻擊案例的剖析搭配上機操作練習,與實際展示如何應用SIEM(Security Information & Event Management)來偵測與預防類似的資安事件發生,使學員暸解如何利用SOC協助蒐集與分析資安事件,來加強網路攻擊防禦。

休息

攻擊手法剖析與實作

蔡東霖

陳威安

隨著駭客思維的進步、網路入侵手法日新月異,導致網路資訊安全的問題不斷遭受考驗,SOC(Security Operation Center) 資安防護中心是將不同位置、不同系統中巨量的安全事件進行匯總、過濾、收集和關聯分析,得出全局角度的風險評估結果,並根據此進行回應和處理的綜合安全平臺。Acer eDC長期從事SOC服務,將在本日課程中分享本身實務經驗,藉由入侵攻擊案例的剖析搭配上機操作練習,與實際展示如何應用SIEM(Security Information & Event Management)來偵測與預防類似的資安事件發生,使學員暸解如何利用SOC協助蒐集與分析資安事件,來加強網路攻擊防禦。

SOC 事件分析實務與實作

孫明功

隨著駭客思維的進步、網路入侵手法日新月異,導致網路資訊安全的問題不斷遭受考驗,SOC(Security Operation Center) 資安防護中心是將不同位置、不同系統中巨量的安全事件進行匯總、過濾、收集和關聯分析,得出全局角度的風險評估結果,並根據此進行回應和處理的綜合安全平臺。Acer eDC長期從事SOC服務,將在本日課程中分享本身實務經驗,藉由入侵攻擊案例的剖析搭配上機操作練習,與實際展示如何應用SIEM(Security Information & Event Management)來偵測與預防類似的資安事件發生,使學員暸解如何利用SOC協助蒐集與分析資安事件,來加強網路攻擊防禦。

  • 09:30-12:30
  • 12:30-13:30
  • 13:30-15:30
  • 15:30-17:30

Making a security alarm for fun and profit

李倫銓

1. 常見攻擊手法介紹
2. 撰寫程式從 log 中分析相關攻擊
3. 於 Linkit connect 7681 開發板上發揮創意
4. 設定 7681 連接 MCS
5. 運用 API 呼叫 IoT 裝置觸發警告
所需工具與環境:Apache access log, windows event log, IoT 開發板 with WIFI(ex:7681) , IoT cloud(MCS)

休息

The development of CTFs

Tyler Nighswander

In the past 6 years there have been several large changes to the CTF scene. For example, the style of problems, the volume and level of competitions, the competitiveness of teams, and the development of tools have all had a large influence on competitions and strategies required to be successful. This course will walk through some history to help put tools and techniques in context with hands on lessons.

Reverse Engineering and Malware Analysis

Erye Hernandez

Required Tools and Environments: VirtualBox、Windows VM (WinXP or Win7 32-bit)

  • 09:30-12:30
  • 12:30-13:30
  • 13:30-15:30
  • 15:30-17:30

Binary, Exploitation, Pwning

Sean

以 CTF 題目為例,介紹漏洞的利用方法和實作。包含 Stack overflow / Heap overflow,以及一些繞過 DEP/ASLR 的技巧。建議對 x86 architecture, Linux 先有基礎認識。
所需工具及環境:Windows (>=win7) (or VM)、Linux (or VM)

休息

The development of CTFs

Tyler Nighswander

In the past 6 years there have been several large changes to the CTF scene. For example, the style of problems, the volume and level of competitions, the competitiveness of teams, and the development of tools have all had a large influence on competitions and strategies required to be successful. This course will walk through some history to help put tools and techniques in context with hands on lessons.

Reverse Engineering and Malware Analysis

Erye Hernandez

Required Tools and Environments: VirtualBox、Windows VM (WinXP or Win7 32-bit)

  • 09:30-12:30
  • 12:30-13:30
  • 13:30-15:30
  • 15:30-17:30

Binary, Exploitation, Pwning

Sean

以 CTF 題目為例,介紹漏洞的利用方法和實作。包含 Stack overflow / Heap overflow,以及一些繞過 DEP/ASLR 的技巧。建議對 x86 architecture, Linux 先有基礎認識。
所需工具及環境:Windows (>=win7) (or VM)、Linux (or VM)

休息

The development of CTFs

Tyler Nighswander

In the past 6 years there have been several large changes to the CTF scene. For example, the style of problems, the volume and level of competitions, the competitiveness of teams, and the development of tools have all had a large influence on competitions and strategies required to be successful. This course will walk through some history to help put tools and techniques in context with hands on lessons.

Reverse Engineering and Malware Analysis

Erye Hernandez

Required Tools and Environments: VirtualBox、Windows VM (WinXP or Win7 32-bit)

  • 09:30-12:30
  • 12:30-13:30
  • 13:30-16:30
  • 16:30-17:30

各種 reversing 實例經驗談

Aaron Luo

一些 wargame 的解題技巧, 分析 windows 裡的 undocument API 並加以利用, 解析 malware protocol 並還原通訊資料等
所需工具與環境:WinDBG, OllyDBG, IDA Pro, VMWare… etc.

休息

各種 reversing 實例經驗談

Aaron Luo

一些 wargame 的解題技巧, 分析 windows 裡的 undocument API 並加以利用, 解析 malware protocol 並還原通訊資料等
所需工具與環境:WinDBG, OllyDBG, IDA Pro, VMWare… etc.

討論

  • 09:30-12:30
  • 12:30-13:30
  • 13:30-16:30
  • 16:30-17:30

網頁應用程式安全

翁浩正 (Allen Own)

休息

網頁應用程式安全

翁浩正 (Allen Own)

討論

  • 09:30-12:30
  • 12:30-13:30
  • 13:30-16:30
  • 16:30-17:30

Exploring decoys and honeypots

Fyodor Yarochkin

This talk will walk attendees through common methodologies of building and deploying decoys and honeypot networks as well as will discuss a number of case studies of incidents identified on honeypt networks.

休息

資料科學家未曾公開之資安研究事件簿

陳昇瑋

網路安全是一個特殊的研究領域,其中一個原因是在網路安全問題中,"對手"不是文字、影像或任何形式死板板的資料,而是活生生的人;這些製造問題的黑客 (black hat hackers) 終日找尋各種系統及網路漏洞,企圖提出更高明的攻擊方式來獲取各種可能的利益。因此,在網路安全研究中,我們無法"預設"黑客會有什麼樣的攻擊行為,而必須從真正的資料中尋找蛛絲馬跡,從大量資料中發現及解決各種已發生或將發生可能危害使用者資料安全及隱私的行為。在這場研究中,我將介紹 data-driven network security research 並以幾個實際的研究案例來展示真實資料的統計分析可以幫助我們解決什麼樣的安全問題。

討論

  • 09:30-12:30
  • 12:30-13:30
  • 13:30-16:30
  • 16:30-17:30

Automatic exploit generation

黃世昆

Software crash is inevitable and the most common type of software failures. This type of failures is characterized in software testing, reliability, and quality assurance, but not in the cyber security. We have studied the software crash behaviors by constructing symbolic failure models, and automatically produce software attacks through the manipulation of the symbolic model. This work has revealed a severe cyber security threats against software quality. That is, software crash failures introduced by bugs are able to be automatically exploited. If bugs are exploited and attacked, arbitrary code can be executed and a backdoor channel will be built. That is the concept and talk title of Bugs as a Backdoor...

休息

行動軟體(APP)安全檢測

陳培德

在目前新興的行動軟體檢測上,則會教導同學實務的操作方法與風險評估,並視情況帶領同學實際針對Google Play/App Store/MS Marketplace上的APP軟體檢測操作,瞭解實際各APP市集架上常見的APP弱點,並討論如何預防與避免。透過交互討論思考,建立未來可行的創新的應用服務。
所需工具與環境:VMware Player or VMware WorkStation
VM Instance (guest OS): MobiSec v1.3.1 (download link: http://sourceforge.net/projects/mobisec/files/v1.3/)
RAM: 2G

討論

  • 09:30-12:30
  • 12:30-13:30
  • 13:30-16:30
  • 16:30-17:30

APT 攻守地圖與惡意程式家族

吳明蔚

Coming soon

休息

AIS3 Challenge

黃俊穎

蕭旭君

閉幕