Supporting Event: Building Your Open Source Intelligence Capabilities (7 Nov 2018)

Supporting Event: Building Your Open Source Intelligence Capabilities (7 Nov 2018)

Building Your Open Source Intelligence Capabilities Date:  7 Nov 2018 (Wed)Time:  09:30 -...

Supporting Event:

Supporting Event: "Hong Kong Towards Faster Payment" Conference (16 Oct 2018)

"Hong Kong Towards Faster Payment" Conference (16 Oct 2018) Date: 16 October 2018, TuesdayTime:...

Supporting Event: Certified Cloud Security Professional (CCSP® ) certification (8-12 Oct 2018)

Certified Cloud Security Professional (CCSP®) certification Date: 8-12 Oct, 2018Time: 9:00am -...

  • Supporting Event: Building Your Open Source Intelligence Capabilities (7 Nov 2018)

    Supporting Event: Building Your Open Source Intelligence Capabilities (7 Nov 2018)

  • Supporting Event:

    Supporting Event: "Hong Kong Towards Faster Payment" Conference (16 Oct 2018)

  • Supporting Event: Certified Cloud Security Professional (CCSP® ) certification (8-12 Oct 2018)

PISA Security Jam 2016 (Event tag: #PISAJAM2016)

Theme: Security of everything - Big data / Forensic / Honeynet / Mobile

Date: 21 May (Sat) Full day event (AM and PM sessions)
Target Audience: PISA members and Public who are interested in security
Venue: Hong Kong Poly University
Language: Cantonese, with English terminology
Admission Fee: FREE

This year 2016 is the 15th anniversary of PISA establishment. PISA organizes a 1 day conference to gather security buddies to share their knowledge and information. Let’s Jam :)

In the morning section, experts from different areas of security will talk about the up-to- date security trends and their research and experience. In the afternoon section, each security interested group will provide a closed sharing, discussion or even workshop to the participants. Participants can join any groups to discuss and share, based on their interests. Everyone can gain and give through the platform of PISA Security Jam.


AM Seminar Session [Room HJ302] - Register HERE:

09:30-09:45  Registration
09:45-10:15  Opening -  Mr. Otto Lee, Current PISA Chairperson; Honorary Guest: Mr. Hon Charles Mok, JP, Legislative Councilor for IT; Mr. SC Leung, PISA Founding Chairperson; Mr. Frankie Leung, President of (ISC)2 HK Chapter
10:15-11:00  Way to Make Honeypot Smarter - Mr. Roland Cheung, Honeynet HK Chapter
11:00-11:45  A study of Android Apps' privacy policies - Dr. Daniel Luo, PolyU
11:45-12:15  Results and lessons learned from the mobile app SSL survey - Mr. Frankie Wong, PISA Mobile SIG


PM Workshop Session - Register HERE:

Track Alice (A) [Room Z509]

14:00-15:30  Defending the undetectables with Malware IOCs and malware intelligence - (Mr. Frankie Li, Dragon Threat Labs)


In May 2014, an article in Wall Street Journal quoted a senior executive from a top anti-virus software pioneer, who declared that anti-virus software was “dead” because their product missed 55% of attacks. Back 15-years ago, anti-virus detection could defense against most of the malicious software attacks with 'signatures'. The bad guys then launched significant amount of malicious attacks with their advance and evolving innovations which forced the defenders to acquire 'new' defensive technologies to build a supposedly smarter intelligenct solutions. That were later described as 'heuristic-based detection'.  Malware becomes increasingly complex in the post-APT period as adversaries adopted an attack pattern like the 'Cyber Attack Kill Chain' .  Take for an example, the current wide-spreading ransomeware, the Locky and its variances, pushed the detection rates even lower for both enterprise and domestic version of anti-virus software/security products.  In this presentation, we first discuss a bit about malware IOCs and malware intelligence. Then investigate the possibilities to build an automating solution to collect, store and allow preliminary analysis of the malicious artifacts. Finally, we demonstrate how some of the open source tools, like Yara, IOC_Parser, PyIOCe, Viper Frameworks, (recursive-Pdns) and Maltelligence can assist us to implement a self activated smart defence solution.

Minimal requirements for the participants' laptop:

  • Intel-compatible dual-core CPU i5, 8 GB RAM, 20+ GB of available disk space, USB port 2.0, Ethernet network interface card (NIC) or built-in Wi-Fi network card for accessing the Internet and Virtualization support enabled in the BIOS. The participants are required to pre-install VMWare Workstation/VM Fusion/VM Player or VIrtualBox on their laptop if they want to work with me on the demo.
  • In addition, if the participate wants to use Maltelligence, they have to register ( or “Join our community”) with VirusTotal and obtain their API before coming to the workshop. [They can register at here: and find their own API key after clicking their login name under the option of “My API Key”]

15:30-17:00  Hands on workshop, detects advanced attack as the blue team - (Mr. Paul Pang, Big Data SIG)


Mr. Pang has extensive experience on SIEM technology and had leaded more than 20 SOC (Security Operation Center) projects in Asia for customers. He would like to share with you how to make use of SIEM tool to detect advanced attack through a hands-on workshop.


  • Please bring your notebook computer with WIFI connectivity and web browser installed with Power support.

Track Bob (B) [Room Z507]

14:00-15:00  Session 1: Introduction to Incident Response and Network Forensics - (Alan Chung, PISA Forensics SIG)
15:00-16:00  Session 2: Introduction to Computer Forensics - (Frances Chu, PISA  Forensics SIG)
16:00-17:00  Session 3: Introduction to Penetration Testing - (Albert Hui, PISA Forensics SIG)


This is an introductory series of talks following the cyber kill chain, aiming at equipping beginners with the principles of properly identify an attack, stop the damage and retracing the attack method. After stopping attack and fixing the security hole, a penetration test is typically performed to test for weaknesses in order that future attacks can be prevented.

Session 1: How to identify an attack and start the IR process, collect live data and limit the losses. Also show the basic principles of Network Forensics, e.g. how to sniff the network and what information is important for troubleshooting and tracing the hacker.
Session 2: Forensics analysis to find the hacker's footprint, demonstrating principles of chain of custody, and shows a few tools accepted for court proceedings, etc.
Session 3: A sound penetration testing framework is introduced based on common real-world scenarios. We show what a pentest should include beyond a simple vulnerability assessment (VA) scanning, often mis-advertised as a pentest.


Corresponding hours for CPE can be claimed for the (ISC2) Credential Holder.
For any questions, please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it.


Supporting Organizations:

     CSA HKM               HKITF