The latest news

✎ Add Post

• Sharing in Hong Kong Intitute of Vocational Education (Chai Wan)

  Training Sharing Community June 14, 2018

  

  VXRL Team was invited to provide a sharing session in Hong Kong Intitute of Vocational Education (Chai Wan), Anthony shared his experience on entering the security field and his experience on reesarch and studing. Alan talked about the career path and corresponding certificates, and recommend to write some research papers. Captain shared his journey to different conferences all over the world. Finally Harry and Samuel introduced CTF, different CTF games in Hong Kong and shared some techniques on playing CTF.

  Read More

• Advanced usage of MobSF and Genymotion

  Pentest Mobile Research June 01, 2018

  Introduction

  Mobile-Security-Framework is a powerful automated tool which can perform penetration test for (Android/iOS/Windows). It can perform static, dynamic analysis and malware analysis for the above mobile applications. MobSF can also provide dynamic runtime testing with a powerful security scanner CapFuzz.

  Read More

• My POC Walkthrough for CVE-2018-6789

  Exploit Cve Poc Research May 01, 2018

  @straight_blast is a penetration tester based in US and Hong Konger,

  he is passionate over CTF and pwnables, and is a core member of VXRL for years.

  The blog could be found from this URL

  Read More

• Target Attack Analysis Training in Hacker's Party

  Training Workshop Malware Apt Targeted-attack January 31, 2018

  

  Anthony Lai, Chairperson of VXRL, gave the Target Attack Analysis Training in Hacker’s Party in Tokyo. Students came from all over Japan including top-tier Japanese enterprises like NTT. The training course covers in-depth malware analysis, windows internal, IDA Pro, reverse engineering and defense with Yara rules.

  Read More

• About Spectre

  Meltdown Spectre Kernel Cpu Hardware Chinese Community Research January 30, 2018

  

  This is a community article written by Kelvin Chan, kernel researcher from the VXRL Community. Originally posted in Windows kernel and software security.

  引言

  現今操作系統(OS)設計一般分為應用層 (Ring 3) 與 內核層(Ring 0) ，應用層屬於普通應用程式級別，而內核層屬於OS的代碼，Intel CPU Spectre漏洞產生後，有大量的非技術性文章，但Google Project Zero的文章講得比較艱深，因此筆者在這做一個比較簡單的解釋與定義。

  Read More

• Economic Journal Interviewed Anthony Lai: "App monitoring, cryptojacking: Cyber-threats to watch out for"

  Press Interview Hkej Community January 13, 2018

  

  Fom WannaCry ransomware to malicious malware and data breaches, 2017 saw a new wave of cyber-attacks and hacks. Given all the data exposed around us, security concern comes as no surprise.

  The Hong Kong Economic Journal recently interviewed VXRL founder Anthony Lai about the cybersecurity threats to watch out for in 2018. Here are brief excerpts from the interview:

  Excerpts in English

  Video and Fuller Article in Chinese

  Read More

• VXCON 2018 - Call for Papers, Workshops, and Sponsors

  Vxcon Vxcon 2018 Community Conference December 30, 2017

  

  VXRL is planning the VXCON event to be held on 19 to 22 April 2018 (Thursday to Sunday) in Hong Kong. The event includes 2 days training workshop, 1 day conference and 1 day playground. We are expecting about 250 attendees to join. You will find more information about our past conference at www.vxcon.hk.

  Main Conference
  Saturday, 21 April 2018

  Village (Tentative Date)
  Sunday, 22 April 2018

  Workshop (Tentative Date)
  Wednesday-Friday, 18-20 April 2018

  Venue
  8/F, The Wave, 4 Hing Yip Street, Kwun Tong, Hong Kong

  Read More

• Investigation and Intelligence Framework - DFIR Summit 2015

  Research Incident response Forensics December 29, 2017

  

  This framework was first introduced in DFRWS EU 2014 (the first DFRWS conference in Europe) at Amsterdam held in May and later presented at Hacks in Taiwan 2014 (HITCON) which is a high-tech security conference in Taiwan held in August.

  In 2015 July, VXRL Kelvin and Alan was invited to present Investigation and Intelligence Framework research in SANS Digital Forensics & Incident Response (DFIR) Summit.

  Read More

• Targeted Attack Against Hong Kong Chief Executive Election Candidate

  Hongkong Targeted-attack Apt Malware December 22, 2017

  On 1 March 2017, one of the candidates has received a phishing mail about a survey form from a gmail account against one of the candidates in chief executive election in Hong Kong and we got the report on 9 March 2017.

  Read More

• Popular Travel Agencies Websites Lack Privacy Protections

  Web security Pentest Interview December 04, 2017

  

  After the incident of Worldwide Package Travel Service Ltd (縱橫遊, WWPKG), public raises concerns about the security of their personal data obtained by travel agencies. NOW TV invited VXRL researchers, Anthony Lai and Alan Ho, to test the security of the websites of local travel agencies. We discovered that many of the websites have insufficient privacy protection when transmitting sensitive personally identifiable information (PII) including name and passport number. We demonstrated that it is possible for an attacker to steal sensitive information from users of these websites using a fake Wi-Fi.

  Read More