Infosec in the City 2019, Marina Bay Sands Level 5, Singapore

Infosec in the City 2019, Marina Bay Sands Level 5, Singapore
18 - 20 June, Exhibition | 19 - 20 June, Conference

Overview Event Highlights Sponsors and Partners Programme
Infosec in the City, Singapore 2019 is organised in response to calls for a more techno-centric conference in Singapore from the industry, community and government agencies. The event will focus on sharing and discussions of deep-technical knowledge and insights, cybersecurity capabilities and capacity building.

A premier techno-centric cybersecurity event that brings together top cybersecurity leaders and experts from the East and the West, Infosec in the City, Singapore 2019 is set to build the next-generation cybersecurity capabilities and capacity around the globe.

For all students who are interested in registering for the conference, contact Junshu.Ong@ubm.com.

For all registrants who will be making payment via telegraphic transfer, contact Junshu.Ong@ubm.com if you require an invoice.

First 300 paid delegates will receive an exclusive IICSG 2019 electronic badge
Registration Fees

The 2-day conference will be held from 19 - 20 June 2019 at Marina Bay Sands Singapore. Topics covered include:

For registration enquiries, please contact Jun Shu at Junshu.Ong@ubm.com
For sponsorship enquiries, please contact Leon Kwek at leon.kwek@ubm.com

Co-located with:

CTA-logo

Held in:

SG-logo
Exhibition Foyer/ Cutting-edge Services & Solution Showcase Exhibition Foyer/ Cutting-edge Services & Solution Showcase

Experience cutting-edge cybersecurity products & solutions offered by our sponsors.

Community Night Community Night

In support of the local community, it's #IICSG tradition to host Singapore Cybersecurity Community's mini-conference. The Community Night features fun and insightful talks by leaders and experts from the cybersecurity community

CXO Luncheon Brief CXO Luncheon Brief

A by-invitation event for C-suites and senior officers from both the public and private sectors. Leaders and experts of various cybersecurity domains will come together to share and discuss cutting-edge techniques and solutions, and real-life scenarios and considerations when securing the critical information infrastructure (CII) and business cyberspace.

Thought Leadership / Lightning Stage Thought Leadership / Lightning Stage

On top of the main conference/premium talks and workshops, #IICSG2019 will be featuring 2 additional tracks, made available to all conference and exhibition ticket holders, at the exhibition foyer, spread over 3 days (18-20 Jun 2019).

Networking Lounge Networking Lounge

The central destination for #IICSG2019 attendees to network, enjoy food and beverages during breaks and conduct meetings and discussions in a relaxed setting within this sleek and fully furnished lounge.

Capture-the-Flag Capture-the-Flag

Whether you've just started your cybersecurity journey or you're looking for new, challenges, #IICSG2019 CTF competitions have something for you.

Relax in the City Relax in the City

Refreshments served at “that time in the afternoon” when ice-cold refreshment is needed.

Local Delights Local Delights

Irresistible tasty biscuit served throughout the conference.

Coffee in the City Coffee in the City

No more bad coffee to keep you going through the day. In #IICSG, we serve specially selected coffee and tea to keep you fresh and energised throughout the day.

VXCON (Variety Exploitation) Village VXCON (Variety Exploitation) Village

VXRL is founded by a group of passionate cybersecurity researchers and white-hat hackers in Hong Kong. The VXCON Village will be powering an in-depth hands-on playground.

Car Hacking Village Car Hacking Village

Singapore Cybersecurity Community — Division Zero (Div0)'s Car Hacking Quarter (CHQ)'s annual flagship showcase for car hacking enthusiasts.

Startup Village Startup Village

Singapore Cybersecurity Community — Division Zero (Div0)'s Startup Quarter's annual flagship showcase on how the community can support startups and small businesses with their cybersecurity challenges, and provide a platform to grow cybersecurity innovation and startups in Singapore.

Electronic Badge Village Electronic Badge Village

1st 300 conference registrants will be given an #IICSG2019 electronic badge. Learn all the fun stuff you can do with your new card-sized electronics.

Learning Lab Village Learning Lab Village

Cybersecurity range/lab which attendees can get their hands on learning offensive and defensive cybersecurity technique.

Career Village Career Village

Featuring Career Consultation, CV workshops, mentorship chat sessions, and more!

Interested in featuring your own village? Interested in featuring your own village?

Contact us here

Silver Sponsor

Bronze Sponsors

Additional Sponsors

Supporting Government Agencies

On-boarding exciting supporters

Supporting Organisations

Supporting Events



Interested in Sponsoring? Kindly contact Leon at leon.kwek@ubm.com.

Day 1 Opening Keynote

Wednesday, 19 June 2019,
Sands B 5201/5202, Level 5

9:45am - 10:00am
WELCOME ADDRESS

Adrian M. & Emil Tan

10:00am - 10:15am
OPENING ADDRESS

TBA

10:15am - 11:00am
OPENING KEYNOTE

Anton Shingarev, Kaspersky Lab

‘Deep Tech’ Track

Wednesday, 19 June 2019
Sands B 5201/5202, Level 5

11:30am - 12:15pm
EXPLOITING WINDOWS VISTA RESOURCE VIRTUALIZATION

James Forshaw, Google

One of the big changes in Windows Vista was the introduction of UAC. Many Windows applications were written assuming they had complete control over all file and registry locations, by separating our administrators UAC created an application compatibility nightmare. These existing applications would try and write to the Windows folder or HKEY_LOCAL_MACHINE and fail to work correctly or in the worse cases crash. In order to deal with the problem, Microsoft added file and registry virtualization which transparently redirects administrator only registry and file access to user accessible locations. This code is complex and inevitably have security implications. ​

This presentation will go into how these virtualization mechanisms work on Windows 10 and explain in detail how I was able to exploit them for local privilege escalation.

1:30pm - 2:15pm
REAL HARDWARE HACKING FOR S$30 OR LESS

Joe FitzPatrick, SecuringHardware.com

Without too much investment, you can download some software and tools and start hacking on them. Hardware, on the other hand, requires physical tools and target systems.

Luckily, with S$30 in your pocket and a trip to Sim Lim Tower, you can pick up an FT232H-based breakout board that is enough to get you started.

I'll walk through a series of demonstrations using that board as an all-in-one hardware hacking tool, including using it as:

• A logic analyzer to analyze testpoints on a board;

• A serial interface cable to interact with a console;

• A JTAG debugger to manipulate code in a live system;

• An SPI firmware dumper to extract firmware;

• An SPI firmware writer to write and boot a modified image;

• An I2C interface to manipulate configuration bits of a hardware device and;

• A bit-banging engine to craft hardware protocol packets.

I'll show and explain the hardware and software tooling for each technique, as well as one or more scenarios where the technique could be used to manipulate a hardware device.

Hopefully, by the end of the presentation, you'll see how accessible many hardware hacking techniques really are and you'll walk away with the confidence to tackle a few of them on your own.

2:30pm - 3:15pm
THE ART OF PERSISTENCE: LURKING BEHIND THE BROWSER

Samuel Pua, MWR InfoSecurity

Enterprise environments have never been more closely monitored, forcing adversaries — real and simulated alike — to focus on novel approaches to evade detection. Blue team capabilities are ever-improving and increasingly focused on expunging adversaries from their networks before they realise their objective, moving attention up the kill-chain. ​

This talk will explore one of the persistence mechanisms MWR developed while breaking into enterprise networks in Singapore and Hong Kong. ​

Internet Explorer, ubiquitous with its presence in enterprise environments, poses interesting opportunities for adversaries in the form of reliable, quiet, and adaptive persistence mechanism. In this talk, you'll learn how we use native Internet Explorer functionality within Browser Help Object, to maintain access to an environment. To realise this, various in-built-protection mechanisms were studied and evaded, resulting in our development of new techniques to fully-weaponise this approach. ​

By the end of the talk, red teamers will learn to leverage the easily-available browser in the corporate environment as a persistence technique. Blue teams benefit too, as they are able to defend against it through understanding the teechnique's process and artefacts left behind.

4:00pm - 4:45pm
CLOUDY CLUSTERS CATASTROPHE

Rory McCune, NCC Group

Kubernetes and containerization in general have been taking the computing industry by storm, with huge adoption across a wide range of business sectors.

As with any new technology, especially one as fast moving as containerization, there is always the risk of new security weaknesses creeping in to deployments. ​

This talk will provide an overview of containerization and the major security challenges that come with it as well as providing practical guidance on how to address them.

5:00pm - 5:45pm
PWNING AWS CLOUD SERVICES

Mohammed Aldoub

In this talk, I will talk and demo the many ways to skin and attack multiple essential AWS cloud services, such as attacks against Serverless functions (AWS Lambda) (e.g. Serverless Event Injection), attacks against EC2 instances (even without having access to SSH keys!), methods to backdoor compromised AWS accounts, cloud-wide credential theft, and other attacks. ​

In the talk I'll also demo my new tool "barq", the customer AWS post-exploitation tool!

‘Insights’ Track

Wednesday, 19 June 2019
Sands B 5301, Level 5

11:30am - 12:15pm
BODY LANGUAGE BEHIND SOCIAL ENGINEERING ATTACKS

Sarka Pekarova

1:30pm - 2:15pm
RESKINNING THE ROBOT: THINGS I WOULD LOVE TO TELL MY YOUNGER SELF

Quentyn Taylor, Canon

2:30pm - 3:15pm
DATA BREACHES: BARBARIANS IN THE THRONE ROOM

Dave Lewis, Cisco

4:00pm - 4:45pm
FIXING SECURITY RISK ASSESSMENT

Phil Huggins, The Risk Crowd

5:00pm - 5:45pm
ATTACKING OFFENSIVELY FOR DEFENSE

Aamir Lakhani, Fortinet

'Workshop' Track

Wednesday, 19 June 2019
Sands B 5302, Level 5

11:30am - 12:15pm
DESIGNING SECURE SYSTEMS: VALUE DRIVEN THREAT MODELING

Avi Douglen, Bounce Security

What if we could get developers to apply threat modeling techniques, and embed secure design right in the product from the beginning?

Threat Modeling is a great method to identify potential security weaknesses and can enable architects and developers to efficiently prioritize their security investment, thus mitigating and preventing those vulnerabilities that would most likely cause the most damage.

Unfortunately, though threat modeling provides a far greater return than most any other security technique in a development process, it is apparently “common knowledge” that threat modeling is supposed to heavily resource intensive, require a full team of expensive security professionals, take up far too much developer time, and does not scale at all.

But the common knowledge is wrong! In fact, using a lightweight, value-driven approach, skilled development teams can very efficiently ensure that the features they build can protect themselves, the application, and the business value that the features are intended to generate. Value Driven Threat Modeling offers an alternative to top-heavy, big-model-up-front threat modeling, in favor of agility, speed, and integration with the existing development cycle to not just to minimize risk, but to lower security costs. ​

This talk will describe Value Driven Threat Modeling, and show how to incorporate it into your existing agile methodologies. We will discuss how developers can efficiently threat model their application to improve development and walk through some example scenarios. And of course, we will see how security can participate productively in the agile development process, leveraging developers own habits to their benefit.

1:30pm - 3:15pm
CATCH ME IF YOU CAN — SEEING THE RED THROUGH THE BLUE

Owen Shearing & Will Hunt, in.security

This workshop will help improve both red and blue skillsets through a series of live hacks, where you as an attendee will have to identify malicious activities on a series of targets.

The trainer (Red Team) will perform a series of attacks on the hosts within the in.security LAB, running commands, tools and utilising techniques used in the field. You (the Blue Team) will then need to use the in-LAB ELK stack to identify the malicious activities and raise the alarm! This will up-skill both attackers in understanding the various attack flows that can compromise their cover and defenders in understanding how to detect them.

“The best defence is a good offence” applies as much in cyber as it does in sport. Understanding the attack flow is important in consolidating knowledge, so you’ll get to see every attack the trainer carries out before you’re set off to hunt down the evidence. This heightened mindset will then up your game in the field to better detect the traces, logs and data that can give an attacker away.

4:00pm - 5:45pm
LINUX-KERNEL RESEARCH FOR KERNEL-NEWCOMERS: WHERE TO START FROM?

Ron Munitz, The PSCG

In this workshop, we will give you the tools, and invaluable tips to start your Linux kernel research. ​

The Linux kernel is as you can probably imagine huge, and open-source. This has the advantage that you don't need to reverse engineer the entire universe to get to know what is going on (with the exception of binary blobs, customizations, additions, etc, but this is not a GPL legal class, although we will address it). ​

Unfortunately, it also has the disadvantage that when you have so much information at the tip of your hand and don't know how to handle it, even the simplest development (not to mention research) task may be unbearably overwhelming, and indeed, getting into kernel development, and security research is challenging and sometimes frightening.

Community Night

Wednesday, 19 June 2019
Sands B 5201/5202, Level 5

6:45pm - 7:00pm
COMMUNITY NIGHT WELCOME ADDRESS

Emil Tan & Fadli Sidek, Division Zero (Div0)

7:00pm - 7:30pm
COMMUNITY NIGHT OPENING KEYNOTE

Dhillon 'L33tdawg' Kannabhiran, Hack in the Box (HITB)

7:30pm - 8:15pm
FINDING A BIG SUPPLY CHAIN ATTACK

Vitaly Kamluk, Kaspersky Lab

8:15pm - 9:00pm
OLD-SKOOL COPY PROTECTION: DRM IN THE AGE OF MARIO

Aliz Hammond, MWR InfoSecurity

Day 2 Opening Keynote

Thursday, 20 June 2019
Sands B 5201/5202, Level 5

9:30am - 9:45am
WELCOME BACK ADDRESS

Emil Tan

9:45am
OPENING KEYNOTE

TBA

‘Deep Tech’ Track

Thursday, 20 June 2019
Sands B 5201/5202, Level 5

11:00am - 11:45am
YOU ARE NOT HIDING FROM ME .NET!

Aden Chung, MWR InfoSecurity

For years, we have seen adversaries across the threat pyramid make use of PowerShell toolkits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handle that relatively well.

However, adversaries being adversaries don’t just give up. They have migrated toolkits to areas where visibility is still limited – such as .NET. favoured by adversaries due to its wide range of functionalities, ease of development, and default presence on modern Windows platforms, we have seen a significant increase in exploitation toolkits leveraging .NET to perform usual activities - but in an area where they are relatively hidden.

First, we’ll take a look at these tools – what they do, and how they work. Techniques such as DCOM object abuse run-time code compilation and in-memory assembly loading (performed by the DotNetToJscript project) would be examined in detail. These techniques are used by exploitation toolkits such as GhostPack, SharpShooter, and SilentTrinity, and thus are very relevant to defenders. We’ll then focus on detection. We’ll examine the indicators such toolkits and techniques leave behind, and how we can detect them utilising various sources of telemetry, collected via open source tooling, such as process logging, DLLs imports and ETW tracing of JIT compilation or Interop events.

At the end of the day, attendees will walk away with an understanding of the inner workings of various .NET techniques as well as how they can be used to compromise a windows machine stealthily. Additionally, attendees will learn how a defender can leverage open source tooling to detect and hunt for .NET attacks.

12:00pm - 12:45pm
RED TEAM: CONVERTING OPERATIONS INTO TOOLS

Vincent Yiu, SYON

2:00pm - 2:45pm
GARGOYLE HUNTING IN-DEPTH: DETECTING 'GARGOYLE' CODE-HIDING VIA AUTOMATED WINDOWS KERNEL ANALYSIS

Aliz Hammond, MWR InfoSecurity

Detecting certain user-mode code-hiding techniques, such as Josh Lospinoso's 'Gargoyle', is almost impossible from user-space. In this talk, I will examine Gargoyle, and explain how it can be detected from kernel mode. I will first walk through using WinDbg to locate hidden code and then write a Volatility plugin to turn this process into a practical method of detecting real-world attacks — in the process, adding a reliable method of differentiating these from legitimate behavior. ​

No prior kernel knowledge is needed, but those with a background in WinDbg, Windows internals, forensics, and/or Volatility will get the most from this talk.

3:00pm - 3:45pm
ANALYZING KONY MOBILE APPLICATIONS

Terry Chia, Centurion Information Security

Kony is a popular mobile app development platform that allows developers to write cross-platform applications using JavaScript rather than traditional mobile development tools. As a result, security testers and practitioners will need to adapt their approach to reviewing the security of applications developed with Kony. This talk will demonstrate how to effectively analyse Kony based mobile applications and demonstrate new tools to help in this process.

4:00pm - 4:45pm
SPEED-UP RECON & PWN ON BUG BOUNTY? BUILD YOUR OWN TOOL!

Igor Lyrchikov & Egor Saltyko

‘Fix It’ Track

Thursday, 20 June 2019
Sands B 5301, Level 5

11:00am - 12:45pm
OFFICE IOT: THE ELEPHANT IN THE ROOM

Quentyn Taylor, Canon

2:00pm - 3:45pm
P@SSW0RD MAKING & BREAKING

Will Hunt, in.security

4:00pm - 4:45pm
HIDDEN TREASURES: NOVEL APPROACH TO COMPLEX ATTACKS DETECTION

Oleg Ishanov, Acronis

'Workshop' Track

Thursday, 20 June 2019
Sands B 5302, Level 5

11:00am - 12:45am
ATTACKS ON GSM-ALARMS, SMART HOMES & SMARTWATCHES FOR KIDS

Aleksandr Kolchanov

This workshop will cover different attacks on popular GSM-devices: alarms, smart home systems, access control systems and smartwatches for kids. GSM-devices are popular and easy for use: for example, you just need to insert SIM-card in GSM-alarm, and the system is ready for use. But the security of these devices is questionable.

Common alarm-devices was tested properly, researchers found different vulnerabilities and attacks. At this training will be coerced attacks on the GSM part of devices, because this part is not covered properly and there are some easy and effective attacks.

2:00pm - 3:45pm
AN INTRODUCTION TO SAP FORENSICS

Jordan Santarsieri, Vicxer

SAP is a core part of the business-critical infrastructure of 95% of the biggest companies in the world. These companies rely on SAP to perform their most sensitive daily operations such as processing employees payroll and benefits, managing logistics, managing suppliers/customers, material management, releasing payments to providers, credit cards processing, business intelligence making it an ideal target for cyber-attacks.

This mini-workshop will start with a brief introduction to SAP (No previous SAP knowledge is required), you will learn about the SAP security logs, their default status, what information is available, how to activate them, correctly configure them and how to parse the different formats.

After we learn about the security logs, we will parser one of the security logs and trace a simulated incident together!

3:00pm - 4:45pm
MACHINE LEARNING & SECURITY

Clarence Chio

Sands B 5301, Level 5

4:00pm - 4:45pm
HARDWARE HACKING LIVE: WORKSHOP, Q&A

Joe FitzPatrick, SecuringHardware.com

Hands-on time of Joe FitzPatrick talk — "Real Hardware Hacking for S$30 or Less".

Closing Address

Thursday, 20 June 2019
Sands B 5201/5202, Level 5

5:00pm - 5:20pm
CLOSING ADDRESS, PRIZE GIVING & LUCKY DRAW

Adrian M. & Emil Tan

After Party

Thursday, 20 June 2019
Venue: TBA

6:00pm - 12:00am
All training and conference pass holders are welcome to attend

ConnecTechAsia

Incorporating

 

 

Organiser

Supported by

Held in

Join Mailing List

For information on exhibitors and products, registration details, activities and conference updates, and more!