HITCON FreeTalk 2022 - Cyber Angle of Russian Ukrainian Conflict & CTF research sharing

This FreeTalk session leverages recent cybersecurity incidents to provide an in-depth analysis, aiming to enhance public awareness of the severity of recent domestic and international cybersecurity events, and to expand corporate knowledge on cybersecurity. The recent Russia-Ukraine conflict has had a widespread impact globally. In the realm of cyberspace, cyber warfare has ensued. In conjunction with physical warfare, tactics such as DDoS attacks, fake news, APTs (Advanced Persistent Threats), and destructive malware have been extensively deployed. This session will delve into what happens in the unseen battlefield of cyberspace.

Furthermore, CTF (Capture The Flag) competitions often mirror real-world vulnerabilities. We have invited CTF team members to share how they exploit vulnerabilities such as path traversal, deserialization, and cryptographic flaws to construct a comprehensive attack.

The latter part of the meeting is dedicated to fostering community and technical exchanges, featuring a "HITCON Submission Survival Guide" as a career and research guide for cybersecurity talents.

Event Details

• Venue: GIS NTU Convention Center, B1 Locke Hall
• Time：2022/06/06 14:00 - 17:00
• Organizers: Industrial Development Bureau, Ministry of Economic Affairs; Association of Hackers in Taiwan (HIT)
• Executing Organizations: Association of Hackers in Taiwan (HIT); Industrial Technology Research Institute

HITCON FreeTalk 2021  Analysis of recent supply chain and ransomware incidents

This FreeTalk session will delve into recent cybersecurity incidents to conduct an in-depth analysis, aiming to enhance public awareness of the severity of recent domestic and international cybersecurity events, and to improve corporate knowledge on cybersecurity.

Since the second half of last year, many local Taiwanese companies have been threatened by ransomware, with attack tactics and threats evolving over time. Globally, the Solargate supply chain attack stands out as one of the most severe cybersecurity breaches in recent times, causing significant impact and warranting a thorough examination and reflection on supply chain security. In the realm of smart devices, supply chain risks are also prevalent, and we will invite researchers to analyze supply chain security on mobile devices. The next part of the agenda will feature a sharing session from TSMC, offering a corporate perspective on cybersecurity challenges and solutions to these threats. Finally, the session will conclude with sharing on corporate blue team Best Practices, discussing concepts and methods for establishing cybersecurity defenses. Through case studies and shared experiences of attacks both domestically and internationally, this session aims to deepen understanding of corporate cybersecurity issues.

Event Details

• Venue: Chinese Culture University Extension Education Department
• Time: 2021/01/27 14:00 - 17:10
• Organizer: Association of Hackers in Taiwan (HIT)

The recent outbreak of the Meltdown & Spectre flaw has affected a wide range of platforms of almost all CPU manufacturers. The processors produced since 2005 May be at risk. Although the severity of this flaw is relatively low for general computers, this flaw has a great impact on cloud operators.

Event Details

• Venue: GIS MOTC Convention Center - International Conference Center
• Time: 2018/01/19 13:20 - 17:00
• Organizer: Association of Hackers in Taiwan
• Co-organizer: Northeastern Taiwan, Kinmen, and Matsu Regional Science and Technology Policy Group, Commerce Development Research Institute

The number of hacker attacks is increasing. Recently, the well-known system cleaner "CCleaner" was implanted with a backdoor program.

In the history of information security, component replacement attacks are nothing new. Through this sharing, information security experts will discuss with you the origins and technical analysis of this intrusion, and how enterprises and government departments should deal with the security of this "legitimate" software with a formal digital signature.

Event Details

• Venue: GIS NTU Convention Center - International Conference Hall
• Date: 2017/10/13 14:00 - 17:30
• Organizer: Association of Hackers in Taiwan (HIT)
• Co-organizer: Northeastern Taiwan, Kinmen, and Matsu Regional Science and Technology Policy Group, Commerce Development Research Institute
• Supporting Organizers: ICT Software Innovation Talent Promotion Program Office, Ministry of Education; Information Security Practical Research and Development Project, Ministry of Science and Technology

Attacks on Banks have intensified in recent years, from the ATM heist in Taiwan in 2016 to the SWIFT cyber heist by Lazarus, a financial crime group, which has made many friends concerned about Fintech security take the issue more seriously. The purpose of this event is to share financial security technologies and lead financial and government departments to explore how to respond to the latest threats in real time.

Event Details

• Venue: National Taiwan University of Science and Technology, IB101
• Time: 2017/04/21 13:00 - 16:20
• Organizers: Association of Hackers in Taiwan (HIT)
• Co-organizers: Program for Promoting Innovation in Information and Communication Technology Talent, Ministry of Education; Practical Research and Development Program in Information Security, Ministry of Science and Technology

HITCON studied the recent severe financial information security incidents in various countries, from the various information security threats to the banking industry by new criminal groups in Europe and the three cases of SWIFT attack in the financial industry this year. From the actual cases, we discussed the information security crisis in various industries and analyzed how to deal with these situations.

Event Details

• Time: 2016/10/05 13:00 - 17:00
• Organizers: Association of Hackers in Taiwan (HIT)
• Supporting Organizers: Department of Information Technology Services, Financial Supervisory Commission; TWCERT/CC

In the first information session of 2015, we will discuss the internal secrets of the serious APT attacks on Sony and South Korea's nuclear power plants, as well as the complete analysis of well-known games that have been embedded in the back door program of Chinese Internet army. In addition, we invite police, information security industry experts and players to discuss computer crimes to information security incident handling. Would you like to know the general situation of the year's sorting out vulnerability statistics and corporate information security? Then you must not miss HITCON FreeTalk!

Event Detail

• Time: 2015/11/09 14:00 - 17:30

HITCON team studied major recent information security events, discussed GNU Bash vulnerability in depth, including analysis of vulnerability principles, affected host statistics, prevention and actual case presentation. Recently, apps provided by Banks or public departments have aroused a lot of discussion on mobile phone security. We will also discuss the security issues and vulnerabilities of Android system, as well as the security detection methods and key points of APP software.

Event Details

• Venue: NCCU Center for Public and Business Administration Education C201
• Time: 2014/10/06 14:00 - 17:00

This event invited Taiwan's leading information security experts to demonstrate the power of OpenSSL HeartBleed and provide the right way to fix the major brands. In addition to the OpenSSL vulnerability, RTF 0day which can bypass Office 2010 and the sandbox protection mode in 2013 also began to cause harm at the same time. At that time, APT attackers began to send a large number of malicious files containing RTF 0day. At that time, the information security environment was very dangerous, from the server to the endpoint was full of crisis, which highlighted the importance of HITCON FreeTalk.