REVULN '19 is a cybersecurity conference that took place the 2019 May 15-16 in Hong Kong at the Harbour Plaza North Point Hotel. The event is organized and financed by REVULN Limited Hong Kong and REVULN Limited Malta (EU) without any external sponsors. More information about us are available in the About page and by searching on the Internet. REVULN '19 is strictly focused on two topics for the whole 2-days event with a look at the asian region: - Hacktivism and countermeasures, cyber activism and attacks motivated by ideals - Open Source Intelligence (OSINT) The topics are presented from different points of view and based on the countries and personal experiences of the 12 international speakers in english. Each presentation takes 30/35 minutes and covers a slot of 45 minutes inclusive of questions. Main features of the event: - no sponsors, no sponsored talks and no marketing - invitation-only and free - two specific topics on which are based all the 12 sessions, for an in-depth experience during the whole event - topics focused on the region where the event is hosted (Asia) - no memberships, no subscriptions and no VIP statuses The participants are people working in journalism, government and law enforcement. Post-event blog post available.
The event is invitation-only. No tickets available.
|May 15||Wednesday - Open Source Intelligence|
|10:00||Registration and welcome coffee|
|10:30||Chun Pong CHOW (Hong Kong)
My user-experience and understanding of "OSINT" and "private intelligence agency" as a fresh intelligence analyst
|11:15||Setthawhut Saennam (Thailand)
Using OSINT in CERT Operations
|12:15||Egor Saltykov, Igor Lyrchikov (Singapore, Russia)
What you will able to gather from neighbor social networks?
|14:30||Hirokazu Kodera, Manabu Niseki (Japan)
Catch Phish If You Can: A Case Study of Phishing Website and Actor
|15:30||Da-Yu Kao (Taiwan)
The Investigation, Forensics, and Governance of ATM Heist Threats in Law Enforcement Agencies
|16:15||Chiawchan Chodhirat, Wongyos Keardsri (Thailand)
A Development of Cybersecurity Techniques and Law Enforcements for Royal Police Cadet Academy
|May 16||Thursday - Hacktivism and countermeasures|
|10:30||Dr. Rolando Rivera Lansigan (Philippines)
The Privacy Act of 2012, its compliance and implementation in the Philippines
|11:15||Yi-Lang Tsai (Taiwan)
Cyber Security, Threat Hunting and Defence Challenge in Taiwan Academic Network
|12:15||Yihao Lim (Singapore)
Hacktivism in South East Asia
|14:30||Dominic WAI (Hong Kong)
An analysis of s.161 of the Crimes Ordinance and sharing of case law on this offence
|15:30||Dasom Kim (South Korea)
How to find suspected phishing sites and malicious cryptocurrency addresses via OSINT
|16:15||Gareth Hayes (Hong Kong)
Subverting the State with Bitcoin
|16:30||Stewart Mackenzie (Hong Kong)
Enhancements of Named Data Networking protocol
Intelligence Analyst. Chun Pong has been working as a private intelligence analyst focusing on APAC region for around two years, including working in the corporate security and the corporate intelligence sectors in two private intelligence agencies; and is also currently a Master student of Criminology from the University of Hong Kong.
[PDF] 980 KB [SlideShare] This presentation provides a timeline of my story from a local to intelligence analyst and share the inspirations and insights with the private security companies and private intelligence agencies as an industry overview before I joined. Then, the presentation will describe the organizational structure and the involved parties in this intelligence service, including colleagues, managers and clients, and share my personal difficulties while working in such structures. Further, the second half of the presentation will focus on providing examples of the OSINT training I received and the supplementary use of HUMINT. Afterwards, the presentation will start breaking down the intelligence products by how I perceived it is used and how I find it meaningful for the corporate and government clients. In the end, this presentation would provide my opinion on how the private intelligence industry will develop in the upcoming era with the further utilization of big data. And what I, as a junior intelligence professional, would hope for in terms of training and career development in my upcoming future.
Security Engineer at ETDA (Thailand): - Incident response, digital forensics, malware analysis, and cyber threat intelligence. - Conference speaker and technical writer at ThaiCERT. - Interested research topics: criminology and cyber crime, incident response in national scale, malware data analysis.
ThaiCERT usually uses information from cyber threat intelligence to support the incident response operations, threat monitoring, and also assist law enforcement agencies to investigate cyber crime incidents. In many cases, OSINT is one of the useful information source. This presentation will focus on how we use OSINT to support ThaiCERT operations. The topic will include interesting tools, case studies (e.g. hacktivist, fraud, malware), and challenges and limitations. This presentation is based on our observed and real problems when using OSINT. For example, limitations of information gathering on social media, GDPR and effect on IR operations, and legal concerns when using contents from internet archive or cached services. Some topics are intentionally be open discussion in order to have participation and share experience between attendees.
Pentester at Digital Security, bugbounty hunter(Bugcrowd, h1, Yandex HOF),Cobalt Core Researcher, DAPP researcher. Performed a talk about Recon & OSINT at Positive Hack Days 8 Conference. Twice was a ZeroNights speaker.
Egor Saltykov is Independent Researcher from Singapore. Pentester, bugbounty hunter(h1,Synack), OSCP, Apple security researcher (CVE-2017-7038, Apple Web Server Notification acknowledge), Conference speaker (Russia, Singapore).
The development of ML and AI allowed us to create search engines to find people by photo, API gradually become unnecessary, but what if we combine them together and understand what can be learned from social networks knowing very little about the target? Also consider what it lead to in real life and how to protect against it. In the report, we plan to describe the methodology of operation of these api, the statistics on the data that we were able to extract and automate this process to search for people by key criteria, such as a photo, phone number or a surname / name combination.
Researcher, NTT Secure Platform Laboratories. Member of NTT-CERT since 2015, FIRST TC speaker, OSS contributor, CISSP.
Researcher, NTT Secure Platform Laboratories. Member of NTT Secure Platform Laboratories since 2017, CISSP.
[PDF] 3,310 KB [SlideShare] Phishing, an old and traditional attack, is still a thing. Hundreds of phishing website are launched every day and it threats people around the world. Anti-Phishing Working Group (APWG) says that APWG detected 150,000+ phishing websites for the 3rd quarter of 2018. Sometimes phishing actors make OPSEC failures and, thanks to that, researchers can obtain a phishing kit (a kit to deploy a phishing website). We have collected 18,000+ phishing kits based on OSINT and analyzed mechanisms of phishing websites and phishing actors themselves. In this presentation, we will show the following findings. - How to collect phishing kits based on OSINT data. - Analysis of phishing actors: - Who develops a phishing kit, How to distribute it, etc. - Including a methodology to find out a phishing actor based on information (email, username and signature) inside a phishing kit. - We will show an analysis of Indonesian phishing actors who target Asian countries. - Especially focusing on an actor named DevilScream/Z1Coder who develops an infamous phishing kit“16shop”. Finally, we will show countermeasures we have taken against phishing websites and actors.
Associate Professor in Central Police University, Taiwan. Da-Yu Kao is an Associate Professor at Department of Information Management, College of Police Science and Technology, Central Police University, Taiwan. He is responsible for various recruitment efforts and training programs for Taiwan civil servants, police officers or ICT technicians. He has an extensive background in law enforcement and a strong interest in information security, ICT governance, technology-based investigation, cyber forensics, human resource development, and public sector globalization. He was a detective and forensic police officer at Taiwan's Criminal Investigation Bureau (under the National Police Administration). With a Master degree in Information Management and a PhD degree in Crime Prevention and Correction, he had led several investigations in cooperation with police agencies from other countries for the past 20 years. He is now the director of Computer Crime Investigation Lab in Central Police University and the webmaster of Cybercrime Investigation and Digital Forensics in Facebook Group.
[PDF] 1,951 KB [SlideShare] In July 2016, the ATM heist of Taiwan First bank is based on well-known Carberp malware family. The threat of cybercrime is becoming increasingly complex and diverse on putting citizen’s data or money in danger. Cybercrime threats are often originating from trusted, malicious, or negligent insiders, who have excessive access privileges to sensitive data. The analysis of ATM heist threats presents many opportunities for improving the quality and value of digital evidence. This talk will introduce some OSINT methods that can help investigators to perform a cybercrime investigation process in a forensically sound and timely fashion manner. This talk further points out cybercrime investigation, digital forensics, and ICT governance for fighting against cybercrime issues. It requires the sincere examination of all available data volumes at a crime scene or in a lab to present digital evidence in a court of law. References: Exploring the cybercrime investigation framework of ATM Heist from ISO/IEC 27043:2015 WhatsApp Network Forensics: Discovering the Communication Payloads behind Cybercriminals Forensic Analysis of Network Packets from Penetration Test Toolkits Practical Packet Analysis: Exploring the Cybercriminal behind the LINE Voice Calls
Captain Police Chiawchan Chodhirat, Lecturer. Faculty of Police Science, Royal Police Cadet Academy, Royal Thai Police. Education: BA in Public Administration, Royal Police Cadet Academy, Thailand. MA in Criminal Justice: Cybercrime Investigation and Cybersecurity, Boston University, USA Executive Education: Cybersecurity, Harvard Kennedy School, USA.
Captain Police Wongyos Keardsri, Lecturer Faculty of Forensic Science, Royal Police Cadet Academy, Royal Thai Police. Education: BSc in Computer Science, Prince of Songkhla University, Thailand. MSc in Computer Science, Chulalongkorn University, Thailand. PhD in Business Administration, IIC University of Technology, Cambodia.
[PDF] 15,715 KB [SlideShare] Nowadays, the knowledge and skills of cyber security are necessary for the work of police officers in Thailand which conforms to the changing world society to the digital society. Currently, the nature of crime in Thailand is related to the offense on computer and digital systems more than in the past. Therefore, Royal Thai Police assigned the Police Cadet Academy to establish the guideline and the special cybersecurity project for enhancing and training the future law enforcement leaders, police cadets, in understanding cybersecurity and cybercrime. In this paper presents the program outline in cybersecurity training for Thai police cadets at Royal Police Cadet Academy. The main knowledge and skills, which are highly needed for police cadets, consist of 7 parts: computer programming, digital forensics, reverse engineering, cryptography, web security, exploitation and network monitoring. Moreover, military forces and police department have initiated the cyber security competition for the military-police academies in 2018. This challenge made changes in encouraging police cadets to equip themselves more efficiently for the prevention of threats in computer system. The Royal Police Cadet Academy is the main institution in Thailand to prepare cybersecurity knowledge to the law enforcement leaders. The department of police science is adapting the cybercrime cases from different to cadets. The department of forensic science is training to fight the cybercrime in the proper methods under the law. Kali Linux will be used as the main training software in Royal Police Cadet Academy, Royal Thai Police. References: 8th INTERPA, February 11-13, 2019, GFSU, Gujarat, India
Independent Consultant on Data Privacy with more than 25 years of academic and data privacy experience. Three bachelor’s degree, one master’s degree and one Doctorate degree. Pioneer in data privacy compliance in the Philippines with more than 200 talks delivered nationwide. First Chief, Compliance and Monitoring Division – National Privacy Commission – Philippines. The Only Filipino member of GDPR Coalition Awareness Ambassador.
[PDF] 2,271 KB [SlideShare] The Data Privacy Act of the Philippines was enacted into law in March of 2012. Thus, the creation of the National Privacy Commission (NPC) last 2016, which is mandated to administer its implementation. After more than two years after its creation, NPC had successfully championed its cause from awareness, compliance and enforcement with the registration of more than 30,000 Data Protection Officers (DPO), accepted more than 1,000 complaints and cases and has made headlines in the Philippines as one of the most popular government because of its strict implementation of the law. Among its most popular implementation is its Five Pillars of Compliance which was regarded as one of the most successful implementation among other countries. Republic Act 10173, otherwise known as the Data Privacy Act (DPA) of 2012 was passed into law last 2012 in the Philippines. The law requires that all Personal Information Controllers (PIC) and Personal Information Processors (PIP) must appoint a Data Protection Officer (DPO) to manage compliance with the DPA and other applicable laws and policies. In addition, having a DPO will ensure the protection of personal data collection and processing in accordance with the requirement of the law. Having a DPO will also ensure the organization’s competitive advantage in this digital age of data protection. As a data protection officer, he/she must be must monitor the organization’s compliance with the DPA, its implementing rules and regulations and other issuances by the National Privacy Commission. Including the conduct of Privacy Impact Assessment, creation of a Privacy Management Program and Privacy Manual and the conduct of Breach Reporting Procedure. In addition, a DPO should cultivate awareness to promote the culture of privacy not only within the organization, but as well as for the entire country. The presentation will also present some issues surrounding the digital world. Including some potential breaches that may affect each individual and organization. Will also present a compilation of the most common breaches that has happened in the Philippines and how to avoid them. Technical, physical and organization security measures will also be discussed in the presentation. References: National Privacy Commission Philippines
TWCSIRT Leader / NCHC Research Fellow - Leader, TWCSIRT (Taiwan Computer Security Incident Response Team) - Researcher Fellow, NCHC (National Center for High-performance Computing) - Leader, Security Operation Center for NCHC (National Center for High-performance Computing) - Leader / Project Manager, Security Operation Center for TANet (Taiwan Academic Network) - Leader, The Honeynet Project Taiwan Chapter - Leader, OWASP Taiwan Chapter - Leader, Cloud Security Alliance Taiwan Chapter - Chairman, Taiwan Cyber Security Alliance (Since 2013) - Chairman, HoneyCon (Since 2009), CSA Taiwan Summit (Since 2013), OWASP - AppSec Taiwan (Since 2017), IRCON (Since 2015) - Freelance, Published 35 books and over 80 articles (Since 1997)
[PDF] 5,614 KB [SlideShare] TWCSIRT is a full member of FIRST and mainly focuses on the protection of NARLabs, TANet and TWAREN. We are defense cyber-attack from internet and according to government policy to handling incident every day. I am a research fellow with National Center for High-performance Computing and lead cyber security team to operation security operation center to handling incident in Taiwan Academic Network. In our research project from government, we are deployed the biggest honeynet in Taiwan and used over 6000 IP address to detection malicious network attack come from internet. We have published our malware knowledge base to sharing malware samples and reports for many researchers, students, research center and sharing our data set for deep tracking about cyber security. There are many new types of cyber-attack that’s is include ransomware, website mining, DDoS and hybrid malicious attack. Main Points: - What’s TWCSIRT Mission and Scope - How to coordinate in National level with ISAC, CERT and SOC - Cyber-attack and threat hunting in Taiwan Academic Network - How to develop cyber security platform for incident handling - How to do red team and blue team training by CDX References: TWCSIRT Malware DB Cyber Defense Exercise SP-ISAC
Senior Cyber Threat Intelligence Analyst at FireEye. He focuses on identifying and proactively dealing with cyber security threats for his clients in Asia Pacific. Yihao is well-versed in monitoring intelligence sources for actionable indicators/information, including open and internal sources to assess and catalogue threat indicators to convey urgency, severity, and credibility to his clients. Clients include organizations in government agencies, information technology, energy, aviation, maritime, land transport, healthcare, media, water treatment, financial services, industrial control systems and critical infrastructure. Prior to joining FireEye, Yihao was the lead threat intelligence analyst in a cyber security startup where he was the in-house subject matter expert. He led a team of six supporting customers across Asia Pacific. Yihao served as an Army infantry officer with the Singapore Armed Forces and was chosen to participate in bilateral military exercises with Thailand, Brunei, Taiwan and Australia.
South East Asia is a rapidly growing economy, and many countries have aggressively sought to modernize its information technology capabilities as they assimilate into the global digital economy. However, this rapid expansion without adequate security considerations has led to the creation of the perfect storm – with multiple open critical vulnerabilities across governments and institutions in the region. As the name suggests, Hacktivism is largely spurred by politically motivated activists, using tools which exploit cyber security vulnerabilities. Geo politics is the main driver for Hacktivism. A significant example would be the 2012 Scarborough Shoal incident between China and Philippines. Chinese hacktivists defaced websites of the University of the Philippines website, Philippine Department of Budget and Management and that sparked off a chain of retaliation activities by Hacktivists groups in the Philippines on Chinese entities. Hacktivists groups also demonstrated remarkable maturity to organize cross-national campaigns in #OpChina. In this campaign, FireEye Intelligence identified Indonesian hacktivists partnering with Filipino and Vietnamese hacktivists in #OpChina, and they launched defacements, distributed denial-of-service (DDoS) attacks, data leaks, cross-site scripting (XSS) attacks, and spam activity on Chinese targets. In retaliation, nationalistic Chinese hacktivist groups and communities started operation "Kill the Monkey," which targeted Philippine, Vietnamese and a few US websites. While the threat activity conducted in support of #OpChina and "Kill the Monkey" was low in sophistication, this activity was remarkable due to the high levels of participation on both sides. There are indications which suggest that at the peak of activity was on May 30, 2015, more than 20,000 Chinese Internet users were participating in chat rooms that had been created to organize pro-China cyber threat activity. Hacktivists are also starting to challenge international affairs outside of the geopolitical scene in SEA. For example, Indonesia-based actor "Minion Ghost" (@Scode404) participated in #OpIsrael and #OpCatalunya campaigns. Traditionally, the threat level emanating from hacktivists groups have been low, but over the last 24 months FireEye Intelligence has been observing hacktivism attacks take on a more destructive role as compared to traditional website defacements / DDoS attacks. In 2016, pro-ISIS hacktivist group Islamic Cyber Army compromised and deleted sensitive records from the U.S. Department of Commerce (DOC) website in retaliation for the death of Junaid Hussain. In 2019, it is possible that hacktivists adopt more complex TTPs such as leveraging data destruction as an anti-forensic technique in their campaigns. Since 2018, FireEye Intelligence has observed with moderate confidence that the threat of hacktivism in support of the Islamic State (ISIS) terrorist organization has declined since its peak in 2015 – this is consistent with the substantial losses in ISIS territory and personnel in Syria. Hacktivism attacks historically consists of the following methods – Data leakage, Doxing, Denial of Service Attacks, Website Defacements, Website Redirects – but as Information Operations (Fake news) gains traction as an effective medium to incite public sentiments, we could see hacktivists adopting this weapon in 2019 – where it is election season in 2 prominent SEA countries (Indonesia, Thailand).
Partner, ONC Lawyers. Before joining the legal profession, Dominic has worked in the banking sector and as well as in the Independent Commission Against Corruption (ICAC). Dominic’s practice focuses on advising clients on matters relating to anti-corruption, white-collar crime, law enforcement, regulatory and compliance matters in Hong Kong, including advice on anti-money laundering. He also handles cases involving corporate litigation, shareholders' disputes and insolvency matters, defamation cases, domestic and international arbitration cases, cybersecurity, data security and privacy law issues, competition law matters, e-Discovery and forensic investigation issues as well as property litigation.
Junior CyberOperations Engineer of Horangi Pte LTD. Her research interests include digital forensics, offender profiling, Dark Web, Deep Web, log analytics, and data analytics. She focused on Dark Web, Deep Web, and OSINT for 2 years.
Recently many cryptocurrency exchange websites and users have been targeted by phishing attempts. While analyzing the various cases, the Horangi R&D team adopted OSINT techniques for retrieving information about the malicious websites, the target cryptocurrency addresses and the attackers. In this presentation, the Horangi R&D team will show “how to find suspicious information from Deep Web & Surface Web” and describe the best ways for reaching this goal. The team will share some real cases related to malicious phishing websites and crypto addresses on Deep Web. The first case is about fake giveaway websites looking like real news portals, while the second case is about phishing websites imitating those of the exchanges. The final part of the presentation is dedicated to finding korean data leaks with some real examples.
Director of Technology at EmurgoHK. Gareth was drawn to Bitcoin by the cypherpunk ethos and trustless architecture. He conducts research and regularly presents his findings at technical conferences and universities.
Bitcoin Security Model | Bitcoin Governance | Bitcoin Regulation The full presentation is available on YouTube: https://www.youtube.com/watch?v=X_xgmVLyB94
The talk aims to share knowledge about how tech monopolies arise as an emergent behaviour of doing a data dissemination over a point-to-point communication system. The problem has shifted, we no longer use TCP/IP to just connect to machines, we're also using it to do content dissemination in the form of videos, audio, websites and advertising. Some 90+% of the internet traffic today is content dissemination. A new Named Data Networking protocol is needed to ameliorate this problem. A design that divorces data from location, is IoT friendly, and builds strong security directly into the protocol.