HITBLab: Malware Hunting – Using Python as an Attack Weapon

DELIVERY: VIRTUAL LIVE STREAM  DATE: 27 August 2021 TIME: 20:30 to 22:30 SGT/GMT+8 The purpose of this presentation is to use python scripts to perform some tests of efficiency and detection in various endpoint solutions, during our demonstration we`ll show a defensive security analysis with an offensive mind performing an execution some python scripts responsible […]

HITBLab: Car Hacking Lab – Intermediate CAN Bus Attacks and Diagnostic Protocols

DELIVERY: VIRTUAL LIVE STREAM  DATE: 26 August 2021 TIME: 19:00 to 21:00 SGT/GMT+8 Automotive security is a field of rising importance worldwide. Vehicles are becoming smarter than ever, equipped with processors, sensors, and new communication technologies to improve road safety and consumer comfort. Despite hosting a myriad of different technologies, the most fundamental factor differentiating […]

HITBLab: Introduction to Software-Defined Radio Hacking

DELIVERY: VIRTUAL LIVE STREAM  DATE: 27 August 2021 TIME: 18:30 to 20:30 SGT/GMT+8 Overview RF communications are present in major devices to exchange important data over the air, but also for our current use through our mobile phone by example. Nevertheless, as there is no wire to directly interact with such communication we need the […]

HITBLab: Modern Malware Analysis for Threat Hunters

DELIVERY: VIRTUAL LIVE STREAM  DATE: 26 August 2021 TIME: 22:00 to 00:00 SGT/GMT+8 Overview Malware authors go to great lengths to bypass enterprise security to deliver malware, avoid detection after the initial intrusion and maintain persistence to compromise an organization. To achieve this, malware authors employ a wide variety of obfuscation and anti-analysis techniques at […]

Stay Off My Private Data: A Framework to Examine Mobile App Privacy Claims

PRESENTATION SLIDES (PDF) In recent years, we have witnessed many major companies being penalized by regulators due to violations of personal data privacy. Many countries and territories, such as the US, the EU and China, have put in place strict regulations for security compliance and privacy. Users’ concerns on how applications collect and use their […]

Securing Webviews and The Story Behind CVE-2021–21136

PRESENTATION SLIDES (PDF) Webview: An in-app Web Browser created to ensure seamless user experience without context switching between browser and mobile application. It allows developers to display web content directly into their mobile application and supports the concept of code reuse thus Webviews are extensively used in current mobile application development. This presentation will cover […]

Malware Protocol Simulations in Distributed Networks

PRESENTATION SLIDES (PDF) Discovering and identifying malicious activities in large networks is challenging as they can blend in, use commercial services or just go under radar with newer protocols. Another challenge is while defensive teams expect Red Team to assist on simulations, Red Team goes for their own objectives. Furthermore, cyber defence teams using real […]

Summer of Fuzz: MacOS

PRESENTATION SLIDES (PDF) Thinking of fuzzing applications on OS X can quickly lead to a passing conversation of “ooh exotic Mac stuff”, “lets fuzz the kernel” or it can otherwise not be thought of as an exciting target, at least for looking for crashes in stuff other than Safari or the iPhone. While there are […]