@straight_blast is a penetration tester based in US and Hong Konger,
he is passionate over CTF and pwnables, and is a core member of VXRL for years.
Hear the latest progress at VXRL.
Vulnerabilities discovery can be challenging for novice. In our talk, we will share the steps(and failure) we went through from beginner until finding 2 apple safari CVE (CVE-2019-8678,CVE-2019-8685)
In the first part of our talk, we will walkthrough some of the trick we used for target enumeration and corpus collection. Then ,we will share the steps we made to get the 2 CVE with public fuzzer. Lastly, we will go through the root cause analysis of these bugs and demonstrate how we do it for beginners.
Cloud security has been a hot topic. As more and more organizations go to the cloud, security breaches and incidents hitting the news headlines have been catching the eyes of the general public, making some people skeptical to embracing the cloud. However, when we look at the security controls of the cloud services providers, we find that most of them have actually been doing quite a nice and decent job, but then what actually happened in those cases to cause such impression?
The team recently conducted a 4-day-workshop coordinated by HKPC, the training is focusing on Red / Blue Team Testing.
The primary aim of this workshop is to train up the participants to equip with the skillset from the both sides of the world: RED team focuses on penetration testing of different systems and the levels of security programs, and to detect, prevent and eliminate vulnerabilities. Where BLUE team are there to find ways to defend, change and re-group defense mechanisms to make incident response much stronger.
Locality Sensitive Hashing is an algorithm for similarity between documents, and we can take it and apply this algorithm to cybersecurity area including malware comparison. This survey paper is not about how to compare Malware but give the audience a ground to understand the ground of LSH.
AVTOKYO is the Japanese community oriented Computer Security Short Conference.
AVtokyo used to be the drinking party right after the Black Hat Japan until 2007. It worked as the relaxed networking party to exchange information only among the Black Hat Japan attendees.
The Conference is organized by good friends of VXRL, our team will try to participate the conference every year :)
Defcon 27 was in Vegas from 8-Aug to 11-Aug 2019, this year VXRL team held the VX Village (Variety eXploitation Village) in the conference.
Defcon China 1.0 was in Beijing from 31-May to 2-Jun 2019, this year VXRL team held the VXCON Village in the conference like before. The Village got two tasks for the guests, for advanced soldering task, given a badge, the participants had to solder the LEDs on the badge, if it’s soldered properly, LEDs will be running on the badge.
The purpose of this post is to share how one would use a debugger to identify the relevant code path that can trigger the crash. I hope this post will be educational to people that are excited to learning how to use debugger for vulnerability analysis.
VXRL team has given two days workshop in Macao about Purple Team training and Hardware / IoT Hacking.
Day 1 (Alan and Anthony), VXRL team tailor-made this workshop for cyber security professionals to work on different scenarios from basic to advance level, to get hands-on experience in red team and blue team exercises. The Lab simulated an office environment with vulnerable applications as well as logging and monitoring systems. Students got the chance to attack the applications as red team and at same learned how to distinguish abnormal logs and alerts for hacking investigation.