Joint ICT Christmas Party Date: 14 Dec 2018 (Fri)Time: 5:45-7:00pm (registration starts at...
Modern Endpoint Security Date: 5-Dec 2018 (Wed)Time: 7:15pm - 9:00pmVenue: ADC 203, HKU SPACE...
Building Your Open Source Intelligence Capabilities Date: 7 Nov 2018 (Wed)Time: 09:30 -...
Date: 21 May (Sat) Full day event (AM and PM sessions)
Target Audience: PISA members and Public who are interested in security
Venue: Hong Kong Poly University
Language: Cantonese, with English terminology
Admission Fee: FREE
This year 2016 is the 15th anniversary of PISA establishment. PISA organizes a 1 day conference to gather security buddies to share their knowledge and information. Let’s Jam :)
In the morning section, experts from different areas of security will talk about the up-to- date security trends and their research and experience. In the afternoon section, each security interested group will provide a closed sharing, discussion or even workshop to the participants. Participants can join any groups to discuss and share, based on their interests. Everyone can gain and give through the platform of PISA Security Jam.
AM Seminar Session [Room HJ302] - Register HERE: https://goo.gl/e2d8Y2
09:45-10:15 Opening - Mr. Otto Lee, Current PISA Chairperson; Honorary Guest: Mr. Hon Charles Mok, JP, Legislative Councilor for IT; Mr. SC Leung, PISA Founding Chairperson; Mr. Frankie Leung, President of (ISC)2 HK Chapter
10:15-11:00 Way to Make Honeypot Smarter - Mr. Roland Cheung, Honeynet HK Chapter
11:00-11:45 A study of Android Apps' privacy policies - Dr. Daniel Luo, PolyU
11:45-12:15 Results and lessons learned from the mobile app SSL survey - Mr. Frankie Wong, PISA Mobile SIG
PM Workshop Session - Register HERE: https://goo.gl/pgD2QW
Track Alice (A) [Room Z509]
14:00-15:30 Defending the undetectables with Malware IOCs and malware intelligence - (Mr. Frankie Li, Dragon Threat Labs)
In May 2014, an article in Wall Street Journal quoted a senior executive from a top anti-virus software pioneer, who declared that anti-virus software was “dead” because their product missed 55% of attacks. Back 15-years ago, anti-virus detection could defense against most of the malicious software attacks with 'signatures'. The bad guys then launched significant amount of malicious attacks with their advance and evolving innovations which forced the defenders to acquire 'new' defensive technologies to build a supposedly smarter intelligenct solutions. That were later described as 'heuristic-based detection'. Malware becomes increasingly complex in the post-APT period as adversaries adopted an attack pattern like the 'Cyber Attack Kill Chain' . Take for an example, the current wide-spreading ransomeware, the Locky and its variances, pushed the detection rates even lower for both enterprise and domestic version of anti-virus software/security products. In this presentation, we first discuss a bit about malware IOCs and malware intelligence. Then investigate the possibilities to build an automating solution to collect, store and allow preliminary analysis of the malicious artifacts. Finally, we demonstrate how some of the open source tools, like Yara, IOC_Parser, PyIOCe, Viper Frameworks, Passive.py (recursive-Pdns) and Maltelligence can assist us to implement a self activated smart defence solution.
Minimal requirements for the participants' laptop:
15:30-17:00 Hands on workshop, detects advanced attack as the blue team - (Mr. Paul Pang, Big Data SIG)
Mr. Pang has extensive experience on SIEM technology and had leaded more than 20 SOC (Security Operation Center) projects in Asia for customers. He would like to share with you how to make use of SIEM tool to detect advanced attack through a hands-on workshop.
Track Bob (B) [Room Z507]
14:00-15:00 Session 1: Introduction to Incident Response and Network Forensics - (Alan Chung, PISA Forensics SIG)
15:00-16:00 Session 2: Introduction to Computer Forensics - (Frances Chu, PISA Forensics SIG)
16:00-17:00 Session 3: Introduction to Penetration Testing - (Albert Hui, PISA Forensics SIG)
This is an introductory series of talks following the cyber kill chain, aiming at equipping beginners with the principles of properly identify an attack, stop the damage and retracing the attack method. After stopping attack and fixing the security hole, a penetration test is typically performed to test for weaknesses in order that future attacks can be prevented.
Session 1: How to identify an attack and start the IR process, collect live data and limit the losses. Also show the basic principles of Network Forensics, e.g. how to sniff the network and what information is important for troubleshooting and tracing the hacker.
Session 2: Forensics analysis to find the hacker's footprint, demonstrating principles of chain of custody, and shows a few tools accepted for court proceedings, etc.
Session 3: A sound penetration testing framework is introduced based on common real-world scenarios. We show what a pentest should include beyond a simple vulnerability assessment (VA) scanning, often mis-advertised as a pentest.
Corresponding hours for CPE can be claimed for the (ISC2) Credential Holder.