Security BSides is a community-driven framework for building events, by and for, information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent BSides-Approved event in Tokyo, for Japan.
Cost
¥0 - Free, just make sure you grab a ticket!
Call for Papers
Closed
Sponsors
Thank you for your interest, but we’re not looking for more sponsors yet.
Venue
TECH PLAY SHIBUYA
NMF Shibuya Koen-dori Building 8F, 20-17 Udagawacho, Shibuya-ku, Tokyo 150-0042, Japan
schedule
Welcome and Opening Remarks
seraph
He is the organizer of the tktk security study group and has presented on OSINT at the AVTOKYO security conference in Japan for three consecutive years. He also cooperates in creating questions for SECCON and is a member of the executive committee of the Ultimate Cyber Security Quiz.
An Intelligence Perspective on the Risks of IoT Devices
Koki Ohira
I like IPv6. Please give me your best regards.
IPv6 Hosts Lurking in IPv4 Networks, and What to Do About It
We were able to easily launch a successful DNS spoofing attack against a Windows 10 host connected to an IPv4 network. This attack allowed us to twist at will all subsequent server accesses by that Windows 10 host. This attack was caused by installing a rogue DHCPv6 server inside the IPv4 network and configuring the Windows 10 host in an unauthorized manner. This kind of PC poisoning by DHCP spoofing has been known for a long time. However, in a situation where there are IPv6-enabled PCs in a network that is only about IPv4, DHCPv6 spoofing would work more effectively for the following reasons.
- Legitimate networks do not have IPv6 configuration, so there are no legitimate DHCPv6 servers to compete with the attacker’s poisoning, and the attack can easily succeed.
- Since the legitimate network does not assume IPv6 configuration, the attacker’s poisoning does not cause the legitimate environment to be abandoned, and the victim is unlikely to notice the attack.
- Since the legitimate network does not assume the presence of IPv6, it is difficult to notice if an attacker subsequently communicates using IPv6
This problem has actually already been discussed by rfc7123. However, the surprising ease of this attack can be very well understood through actual verification.
Also, although rfc7123 talks about countermeasures, we feel that this problem and countermeasures are not sufficiently shared among security professionals.
In fact, there are surprisingly few Web pages in Japanese that explain rfc7123 and its countermeasures, such as DHCPv6-Shield and RA-Guard.
In addition, it is believed that countermeasures against LAN attacks have traditionally been insufficient.
However, we would like to educate the public about securing LANs through this presentation, considering that attacks will be long term due to APT attacks, etc., and that measures should be taken to deal with deployment behavior after intrusion, as well as to deal with internal crimes.
And with this presentation, we hope to contribute to a society in which implementations of DHCPv6-Shield, RA-Guard, etc., necessary for LAN security, become more active and implementations are rewarded.
ChingHsiung
I am an assistant engineer in the National Center for High-performance Computing and Network and Security Division, I am also the Contributor of The Honeynet Project Taiwan Chapter and OWASP Taiwan Chapter Member .now I have got the Certification of CEH and CSA STAR. My work includes Honeynet technology research, cybersecurity technology research and manage cloud platform. and assist with information education and training
The Lightway Approach to Build Cloud Security Training Platform
In the era of Cloud Service and Internet of Things, information security has already become a transnational issue. In recent years, the large scale cyber attack via the connection of BotNet has become a thorny issue of Global information security. Taiwan is always the main target of international hackers due to the high dense of information devices and computers in campuses are always the favorite of hackers. To help tackling such an issue, the Ezilla, which is considered as a private Cloud toolkit ( integrated with OpenNebula), has been implemented by the CyberSecurity research team in the National Center for High-performance Computing (NCHC), Taiwan .Through the Ezilla which leverages OpenNebula and CyberSecuirty techniques, Cloud users can easily customize and configure a specified Cloud security training environment. It is an extremely lightweight approach helping users to access virtual computing resources. The main feature of this project is simplifying the utilization of Clouds. Our goal is to make Cloud security scientists or users painlessly to run their own CyberSecurity jobs on Cloud platforms, including Cyber Defense Exercise, Malware Knowledge Base, etc.. Based on the proposed CyberSecurity Exercise Platform, we also develop new functions which are private Cloud information security training service, Captur the Flags (CTF) competition service, and virtual networking service for enterprise.
Mitsuaki Shiraishi
OSCE/OSCP/GCIH/CISSP/CISA/CREST Registered Tester/Information Security Specialist
Behind the Red Team Service - How a Diagnostic Technician Becomes a Red Teamer
The Red Team service is gradually gaining recognition in Japan as a cutting-edge service that simulates targeted attacks on organizations. In this presentation, the speaker, who is a security diagnostician, will share how he launched the Red Team service and his insights on the relationship between Red Team and various security services such as incident response, security monitoring, and security management, which he gained in the process. The presentation will not only be for security professionals in the organization, but also for the audience. This presentation will make you think about the significance of Red Team not only for security professionals in your organization, but also for security service providers.
Lunch Break
Daiki Ichinose
He is a security engineer belonging to Mitsui Bussan Secure Directions. He is involved in vulnerability detection work such as web application diagnosis, network diagnosis, penetration testing, and IoT diagnosis, utilizing the infrastructure knowledge and Perl programming skills he has cultivated as a SIer over many years. I have a great sense of urgency about IoT diagnosis, which has been attracting attention in recent years, because it often involves dangerous implementations that are unthinkable according to the common sense of web application diagnosis and network diagnosis. I would like to explain the anti-patterns of implementation that developers of IoT systems should know about. https://twitter.com/mahoyaya
Toshitsugu Yoneyama
Toshitsugu Yoneyama is a Security Researcher and Manager on the Mitsui Bussan Secure Directions, Inc. He has reported several vulnerabilities in Juniper, Nessus, Amazon, Apache and various routers. He participated alone in Hack2win which is a hacking competition in CodeBlue 2017, and he pwned several devices by remote attack and get the 3rd prize. https://twitter.com/yoneyoneyo
A BugHunter’s Perspective on Vulnerability Assessment of IoT Devices in Our Home -Security Measures Learned from Unauthorized Telnet Launching
With the recent proliferation of smart homes, the number of IoT devices connected to the network in the home has been increasing. The presenter wondered how these devices are connected, how services are provided, and how security is ensured and countermeasures are taken, while making the home more convenient, and conducted an independent survey of IoT devices. As a result of this investigation, we succeeded in launching Telnet and logging in to several devices, and we keenly felt that this is an immature field in which many devices have serious security holes remaining. Based on our findings, we introduce anti-patterns that tend to be implemented in IoT devices and propose countermeasures against them.
Shota Sato
He is a software engineer, social game engineer, technical consultant, and certified Mindmap instructor, and is widely involved in the development of human resources, while also contributing to the improvement of security literacy in the region as a chapter leader of OWASP Natori. In 2017, he launched the “Attack and Defense Project” for practical training of developers, bringing together security specialists in Japan to provide a forum for active technical exchange. OWASP Chapter Handbook, which is translated into Japanese, and other activities are underway to promote more active participation in the project. In addition to community activities such as “Hajimete no IT Study Session” for young and novice users, we have been a speaker at Agile Japan 2015 Sendai Satellite and cooperate with local human resource development to support the ICT industry at GLOBAL Lab SENDAI supported by Sendai City in Miyagi Prefecture.
New Possibilities for “Attack & Defense” Platform Connecting Dev and Seq
Developers play an important role in application security. Currently, however, developers and security personnel are often vertically separated.
I started the OWASP chapter to solve this problem. Within this chapter, I launched the OWASP A&D Project, the first OWASP Project in Japan.
A&D works to make it easier for developers to experience the importance of security in an environment closer to the field.
While holding events since 2017, we became convinced that A&D would attract interest in security, raise awareness, and gain defensive capabilities.
In his presentation, he will report on the history of A&D’s inception, the most recent event, and future prospects.
Katsuhiro Mochida
Kagoshima University Graduate School of Science and Engineering Information and Bio-Systems Engineering Department of Information and Bio-Systems Engineering
A discussion of darknet and honeypot observation data at Kagoshima University
We will present a discussion on the darknet traffic observed by the observation server (2031IP) set up on the darknet at Kagoshima University. We will also present a discussion on the data observed by the honeypot (T-Pot) set up with 7 assigned IPs owned by Kagoshima University.
Camille Gay
Security Consultant at Synopsys (Japan). I have been doing penetrating testing of automotive components for a few years.
What are the risks with open-source software in your car?
What do Firefox and your car have in common? They are both mostly made of open-source software! So, what are the risks with open-source software in your car? To answer the question, we begin by introducing the audience to automotive software and trends. We will cover how automotive technology and software has changed over the past decades and what the new challenges are. Then, we go deeper on the role of open-source software, especially for software related to the connected car. To get a better understanding of actual risks, we performed practical evaluation of ten automotive software packages (in-vehicle infotainment software and mobile apps) with the focus on analyzing open-source software risks. All ten software contain open-source components with critical vulnerabilities. We share an analysis of the identified vulnerabilities in popular components such as zlib, libpng, curl etc. in more detail with the audience. We compare our findings in the automotive space to results from a broader analysis of applications in various industries and debate the implications of risks in the automotive industry. Finally, we encourage a dialogue on best practices for managing open-source risk across the automotive supply chain. The talk is aimed at anyone interested in car software and requires no prior knowledge about cars, and we will address questions based on the level of the audience.
Break
Yoshinori Matsumoto
Yoshinori Matsumoto is an information security researcher at Capy Inc. He is currently a member of the development team focused on authentication services. His expertise lies in web application security, particularly honeypot development. He has presented at many public and private conferences including Blackhat USA 2016 Arsenal and OWASP AppSec APAC 2014.
The War Against Bots
While password list-type attacks caused by the reuse of passwords are becoming more serious in Japan, attacks by BOTs are continuously increasing. In addition to these attacks on login screens, there are still other types of damage caused by bots, such as “bots that abuse functions such as user registration to collect user IDs,” “bots that spam inquiry forms,” “bots that make unauthorized purchases,” and “bots that act as cheats for smartphone games. The IP addresses of the attackers also fluctuate. The IP addresses of attack destinations also fluctuate, and many of them are in Japan. In this presentation, we will analyze the latest trends of bot attacks, and introduce countermeasures against attacks and the status of the fight against bot attacks, including cooperation with ISPs in Japan, where the bots are generated.
Roman APARISI
In the past, he worked as a security analyst at Verizon and Symantec. Currently working as an I.R consultant at Secureworks. I mainly do forensic investigations and hunting.
The World of Threat Hunting
“Hunting” is well known as a buzzword due to EDR products in recent years, and in fact, “hunting” has become necessary in Japan, where information security is lagging behind.
In this lecture, we will introduce what “hunting” is, why it is necessary, and how to “hunt” with examples.
For those who want to become a hunter or train to become a hunter, we will also introduce recommended training, skill sets, and tools that we often use in hunting.