台灣駭客年會 HITCON CMT 2023 共同筆記

# 台灣駭客年會 HITCON CMT 2023 共同筆記 --- - [歡迎來到 HITCON CMT 2023](/@HITCON/Bye4oqF22) - [HITCON 官方網站](https://hitcon.org/2023/CMT/) [target=_blank] - [議程表](https://hitcon.org/2023/CMT/agenda/) [target=_blank] # 08/18 #### 09:00 ~ 10:00 報到時間 #### 10:00 ~ 10:50 開幕＆活動介紹 ## R0 - 11:00 ~ 11:50 [Your Teammate Isn't Human: Mixing Decompilation and AI for Modern Reverse Engineering - Zion Basque](/2bIAm0aYSv2d-SNDrd_g_A) - 13:00 ~ 13:40 [新魔法時代 - CmdGPT - Birdman](/Tgk2HAfJT-mtd7DryS9V2A) - 14:00 ~ 14:40 [Firewall is on fire: Hacking the Juniper Firewall - 林宇翔](/7OE7o9fyTOKQd3pU56TOJw) - 15:10 ~ 15:50 [Playing with Fire: Exploring the Exploitable Side of ZyXEL VPN Firewall - atdog, Lays](/fBo7E9LLRyqOo4CSLkhhQA) - 16:10 ~ 16:50 [入無人之徑：於 MikroTik 蟄伏九載的 Pre-Auth RCE - NiNi](/NxuXRARbTvSEmA8APOTl_Q) ## R1 - 13:00 ~ 13:40 [Reaching Beyond Boundaries: Out-of-Bounds Exploration in Out-of-Band Management - 王建元 (kevingwn)](/aqz1bHiMTsGWLIPQ0OfZQQ) - 14:00 ~ 14:40 [AI 搭把手，推倒 PHP 加密源碼的高牆 - 李樸, 官澔](/-dIRksaCQA6vA9dWtAL-fw) - 15:10 ~ 15:50 [Prompt Injections in the Wild - Exploiting Vulnerabilities in LLM Agents - Johann Rehberger](/R6fxM-LIQM-sywsL72MBIQ) - 16:10 ~ 16:50 [Pennywise - Invisible privacy risk in the new AI era - Vic Huang, 何念修](/Tpc8apDFTCGOhGjM3k4Uhw) ## R2 - 13:00 ~ 13:40 [Why Panda Loves USB?: Observing Targeted Attacks by Chinese APTs - Yuta Sawabe, Kazuya Nomura](/HjBkBguqRceFmA1w3ud3Tw) - 14:00 ~ 14:40 [GroundPeony: Crawling with Malice - Rintaro Koike, Shota Nakajima](/0wE4NFlDTXCvs3Jpq6Lubw) - 15:10 ~ 15:50 [Unmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in East Asia - Still Hsu, DuckLL](/8gClWZ3ZQmmtfunxBs3Q3A) - 16:10 ~ 16:50 [Static Analysis on Malware Packed by AutoIt and NSIS - Zong-Yu Wu](/74lTLOybQCiqTpK2bbs5EA) ## R3 - 12:40 ~ 14:40 [ARM-ing for Android: Unraveling the Mysteries of Native Library Reverse Engineering - Ravi Rajput](/8rVYsp-0R7iI63YColhljw) - 14:50 ~ 16:50 [SOC200 - Log Monitorin - Ian Wilson](/dNXoV3cgTrqpgKP73BpzrA) # 08/19 #### 09:00 ~ 10:00 報到時間 #### 10:00 ~ 10:10 Opening 開幕 ## R0 - 10:10 ~ 11:00 [Advancements in JavaScript Engine Fuzzing - Carl Smith](/CcNB8axXQSGG9yJ5UEOIfQ) - 11:20 ~ 12:00 [A 3-Year Tale of Hacking a Pwn2Own Target: The Attacks, Vendor Evolution, and Lesson Learned - Orange Tsai](/NQdQSRmjS-CvTkgYZJedkg) - 13:00 ~ 13:40 [Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings. - Poh Jia Hao](/KumHEva8RtWkud-NQAxywA) - 14:00 ~ 14:40 [Endpoint Security or End of Security? Exploiting Trend Micro Apex One - Lays, Lynn](/Pau9maX8Qd29-PqS9nfJWw) - 15:10 ~ 15:50 [現代內核漏洞戰爭 - 越過所有核心防線的系統/晶片虛實混合戰法 - 馬聖豪](/PP-Ne3sfTDqik90YNjLzEg) ## R1 - 11:20 ~ 12:00 [How to hijack a VoLTE network - Pavel Novikov](/tEjDo3pgSR2D2M5DBmwhnA) - 13:00 ~ 13:40 [從硬體攻擊手段來解開機殼下的美麗祕密：網路通訊設備安全分析 - Ta-Lun Yen](/Mcu1egjkRS6EorCWhfLMgA) - 14:00 ~ 14:40 [ELECTRONizing macOS privacy - a new weapon in your red teaming armory - Wojciech Reguła](/vZ8kC2mnQAaSsJwo4JKEKg) - 15:10 ~ 15:35 [What You See IS NOT What You Get: Pwning Electron-based Markdown Note-taking Apps - Li Jiantao](/6TTYJtqZRR6kB3A9SO9qVg) ## R2 - 11:20 ~ 12:00 [打造公平的遊戲轉蛋：在不洩漏原始碼的前提下驗證虛擬轉蛋的機率 - Jing Jie Wang, 李安傑](/FtRqiNb3TRaWLm7czFWEPQ) - 13:00 ~ 13:40 [直搗核心：探索 AMD 驅動程式中的資安漏洞 - Zeze](/DPEaX9tSQHmYeKeDFH5Fvw) - 14:00 ~ 14:40 [搭配模糊測試對Linux核心遠端檔案系統進行漏洞挖掘 - Pumpkin](/jLB7zQ5eSwGwtqeQvD9icA) ## R3 - 14:00 ~ 16:00 [麋鹿在芝麻街 - ELK x BERT 資安分析實戰 - Sheng-Shan Chen, Yuki Hung](/7rI4E83bQK2CMzd7WoUS0w)