Registration and doors open

Opening remarks

Dr. Rolando R. Lansigan

With more than 25 years of academic and data privacy experience

Three bachelor’s degree, one master’s degree and one Doctorate degree

Pioneer in data privacy compliance in the Philippines with more than 200 talks delivered nationwide

First Chief, Compliance and Monitoring Division

National Privacy Commission

Philippines

The Only Filipino member of GDPR Coalition Awareness Ambassador

Implementation of Data Privacy Act in the Philippines

The Data Privacy Act of the Philippines was enacted into law in March of 2012. Thus, the creation of the National Privacy Commission (NPC) last 2016, which is mandated to administer its implementation. After more than two years after its creation, NPC had successfully championed its cause from awareness, compliance and enforcement with the registration of more than 30,000 Data Protection Officers (DPO), accepted more than 1,000 complaints and cases and has made headlines in the Philippines as one of the most popular government because of its strict implementation of the law. Among its most popular implementation is its Five Pillars of Compliance which was regarded as one of the most successful implementation among other countries. Republic Act 10173, otherwise known as the Data Privacy Act (DPA) of 2012 was passed into law last 2012 in the Philippines. The law requires that all Personal Information Controllers (PIC) and Personal Information Processors (PIP) must appoint a Data Protection Officer (DPO) to manage compliance with the DPA and other applicable laws and policies. In addition, having a DPO will ensure the protection of personal data collection and processing in accordance with the requirement of the law.

Having a DPO will also ensure the organization’s competitive advantage in this digital age of data protection.

As a data protection officer, he/she must be must monitor the organization’s compliance with the DPA, its implementing rules and regulations and other issuances by the National Privacy Commission. Including the conduct of Privacy Impact Assessment, creation of a Privacy Management Program and Privacy Manual and the conduct of Breach Reporting Procedure.

In addition, a DPO should cultivate awareness to promote the culture of privacy not only within the organization, but as well as for the entire country.

The presentation will also present some issues surrounding the digital world. Including some potential breaches that may affect each individual and organization. Will also present a compilation of the most common breaches that has happened in the Philippines and how to avoid them. Technical, physical and organization security measures will also be discussed in the presentation.

sec_chick

Occupation: Security analyst at a private SOC (mainly engaged in alert monitoring and rule tuning for SIEM products)

Career Background:

Joined an IT company in 2013

May 2013 - May 2015: Worked in security monitoring at an external SOC, analyzing alerts detected by IDS/IPS. Although she was a novice in security, she developed an interest in security while analyzing actual attacks.

May 2015 - Present Worked as a security analyst in a private SOC, monitoring alerts and tuning rules for SIEM products. Currently focused on creating scenarios to find threats from various security devices.

Detective Trends and Attack Examples Observed by Honey Potter

Honeypots are systems that observe cyber attacks by attackers.

Honeypots are systems that observe attacks against servers that are made to appear vulnerable as decoys, and can observe realistic attack methods.

While honeypots can be operated by individuals, we believe that there is little information being transmitted.

Therefore, the analysis of honeypots using observation data collected by the presenter from January to the end of July 2019 will be presented in this presentation. The latest threats against external servers and what information can be obtained from honeypots will be shared.

The presentation will aim to generate interest in honeypots and increase the dissemination of information about honeypots.

@b4sh5i

The state of the art device exploit tech for IoT and Router

We will present the overall process of exploitation in IoT and Router device from how We derive the vulnerabilities. It plans to talk from a point of view system Hacking. It is going to show IoT Hub devices and NETGEAR vulnerabilities as examples.

Break for Lunch

Emilio

Emilio Couto is a Security Consultant with more than 20 years of experience in the network and security field. Born and raised in Argentina, he is currently located in Japan where multitasking between language, culture and technologies is a must. Over the last decade focusing mainly on Finance IT and presenting tools in conferences (DEFCON, BlackHat Asia, HITB, AV Tokyo and SECCON) In his spare time he enjoys 3D printing, tinkering electronics and home-made IoT devices.

DFEX (DNS File EXfiltration)

“DFEX (DNS File EXfiltration)

Data exfiltration is a common technique used for post-exploitation, DNS is one of the most common protocols through firewalls. We take the opportunity to build a unique protocol for transferring files across the network.

Existing tools have some limitations and NG Firewalls are getting a bit “smarter”, we have been obliged to explore new combinations of tactics to bypass these. Using the good old fashion “HIPS” (Hidden In Plain Sigh) tricks to push files out

We are looking to deep-dive into:

• Asymmetric Flow (Upload vs Download)
• Control and Data Separation
• Threading/Parallel File Support
• AES-256 Encryption
• Scalability
• Firewalls & IPS
• Error Free
• Re-transmission”
  
  

0x9k

0x9k is a ctfer & pwner & exploiter & gopher

hunting jsbridge bug for android

Interact with native to H5 become more convenient for developping applications quickly which are called hybrid app. Through the jsbridge,the h5 app could communicate with the native app. The hybrid app become more and more popular and at the some time,it also exposes a wide attack chain.

Daiki Ichinose

Mitsui Bussan Secure Directions Co., Ltd. Security Engineer, Information Processing Safety Assurance Specialist, BSidesTokyo2018 Speaker

Isao Takaesu

Mitsui Bussan Secure Directions Co., Ltd. Security Engineer, Information Security Support Specialist, CISSP. Black Hat Arsenal/DEFCON DemoLab/BSidesSG2019 Speaker

Retro-Game Style Security Incident Visualization Tool 8vana

We have developed “8vana,” a tool to visualize security incidents in a retro-game style. Existing visualization tools have hurdles such as “unfamiliar UI,” “rich operating environment,” and “high cost.” 8vana, however, has realized a “user-friendly UI” and “low specification requirements” by making the UI and drawing engine look like retro games, and released it as OSS. Our goal is to contribute to the world’s incident response by making 8vana available to as many people as possible. 8vana can also visualize the behavior of offensive tools. In other words, 8vana can be used in tool demos, CTFs, and cybersecurity exercises, which can be a great eye-catcher.

Break

Irfan Asrar

Irfan Asrar is Head of Threat Research at Blue Hexagon. Irfan previously led the Malware and Threat Research team (GSRT) team at Palo Alto Networks. He has been in Malware Research/Threat Intelligence for over ten years working with several security vendors across Asia and North America. Having discovered the first botnet targeting mobile devices in 2009; he developed a deep interest for threats targeting emerging technologies such as IoT and mobile handsets as well as threats with a political theme or targeting the Middle East. He has led teams at various organizations in discovering malware/targeted campaigns, forensics and malvertising campaigns, and has been credited with the discovery of over 25 threat families/campaigns targeting various regions from South Korea to the US. Irfan has previously presented at Virus Bulletin, CARO and AVAR and has presented at several conferences organized by Government agencies globally.

[No photo / video / audio recording] Dawn of the Smart Surveillance State

As smartphones evolve and play a vital role in how people communicate and connect to the internet, it is now the ideal weapon of choice for the illegal surveillance and tracking of individuals and groups in developing countries. Smartphones pose a significant concern for governments. They serve as a platform to organize and coordinate efforts as well as a very cost-effective way to disseminate information. It is this very fact that gives rise to targeted attacks against groups that governments want to suppress.

To get a better impartial understanding of how surveillance operations can impact society, we will look at three new distinct campaigns from different parts of the world.Pakistan, Iran, and China. We will take a deep dive into the tactics used to distribute spyware, the reversed engineered code to get a better idea of the level of monitoring that is taking place. We will also look into the consequence of the actions where applicable. Although all the respective authorities that are the focus of this study, justify the measures of using surveillance software as an increasingly necessary tool preventing violence and for the greater good. Critics question the veracity of reports and claim that the exaggerated risk to suppress human rights and civil liberties in order to maintain control and censorship.

Dr. Christian Doerr

Dr. Christian Doerr is an assistant professor in network security at Delft University of Technology in the Netherlands. He is the director of the cyber threat intelligence lab, a research lab which investigates attacks, studies adversarial techniques, tactics and procedures to inform organizations for best practices to defend themselves.

From Random Domain Names to the Blockchain - 20 Years of Innovation in the Malware Ecosystem

Whenever our defenses become “good enough” to significantly hurt their income, cyber criminals change their modus operandi and introduce some innovation that renders existing security best practices ineffective. In the past 20 years of this ““cat and mouse”” game, we have seen criminals deploy peer-to-peer overlays, domain generation algorithms, or hidden forwarding layers to their malware. While each iteration required new approaches to defense, each technique left however sufficient room to develop effective countermeasures that could be deployed in enterprise and operator networks.

Recently, this slowly evolving cat and mouse game has experienced an unprecedented leap, when malware authors discovered the bitcoin blockchain for their purposes. Designed to be fault-tolerant and un-interruptable, information placed into the blockchain cannot be removed by anyone. Malware authors have begun to use this principle to distribute malware instructions via the blockchain, where they are safe from blocking or takedown requests from law enforcement or security companies.

In this talk, we review how the past 20 years of malware development have led to this recent innovation, and what the impact on current countermeasures is with respect to its detectability. Bitcoin-based malware coordination was deployed in the Cerber ransomware, and we will analyze in detail how the cyber criminals rolled out the technique, made and learned from their operational mistakes and cycled through some several optimization steps having tested the reaction and response of their victims.

Closing remarks

Networking

After Party