HITCON CMT 2024

# 台灣駭客年會 HITCON CMT 2024 共同筆記 --- - [歡迎來到 HITCON CMT 2024](/@HITCON/rJlBNMXsA) - [HITCON 官方網站](https://hitcon.org/2024/CMT/) [target=_blank] - [議程表](https://hitcon.org/2024/CMT/agenda/) [target=_blank] # 08/23 #### 09:00 ~ 10:00 報到時間 #### 10:00 ~ 10:50 開幕＆活動介紹 ## R0 - 11:00 ~ 11:50 [The Big Bang of Cybersecurity Emergencies - Costin Raiu](/DTufBRyvTayBJ-OtcWJdlg) - 13:00 ~ 13:40 [What the hell is Windows's CLIP Service - Reversing and exploiting the obfuscated code at its core. - Philippe Laulheret](/BY5ajyvvS9uCWZNz-9QSsw) - 14:00 ~ 14:40 [Proxying to Kernel : Manipulate Flow to Make Windows Kernel Great Again - angelboy](/1zEtGSD1RlKXo13ZGLmuJg) - 15:10 ~ 15:50 [Post AI - Vitaly](/iLJo9XpqThSyhh49ifhecg) - 16:10 ~ 16:50 [Performing enterprise-wide DFIR and Threat Hunting with Yamato Security OSS tools - Akira Nishikawa, Fukusuke Takahashi, Zach Mathis](/oEPWeJ8-TaSY_nOu7AzrlQ) ## R1 - 13:00 ~ 13:40 [Phishing-as-a-Service: The Underground Card Shop’s Arsenal against 3DSecure - Strawberry Donut](/OYNc_CmXRkayD-1KgZlWaA) - 14:00 ~ 14:40 [A phish and a detection engineer walk into a bar… - Manabu Niseki, Wah Dekai](/l_qizMjoR4uh7TnGY3ixAw) - 15:10 ~ 15:50 [Lessons Learned from a 4-Year Journey on Developing a Generic Fuzzing Framework - Akira Moroo, Ren Kimura](/DJuThQKwSWG-5MX0xuCUrg) - 16:10 ~ 16:50 [全境擴散：從 Windows 11 到 libarchive 的深層威脅與全面影響 - NiNi](/uixcMmRkRGKaBV8LjXi73w) ## R2 - 13:00 ~ 13:40 [Open RAN Vulnerabilities: Near-RT RIC and E2 Interface - Richard Lin](/K-T4K6ieQoGSwA1-xj7YZg) - 14:00 ~ 14:40 [使用語言模型與知識圖技術建構高可性度情報鏈：以分析資料外洩事件為例 - 陳勝舢, 洪幸里](/Q-TkjcoXTwqTQWQld_qu7A) - 15:10 ~ 15:50 [Exploiting overlooked vulnerability in Published work - An analysis of Realtek SoC SDK exploitation - Bronson113](/8b-XyX6YQyCc7oIncUiBYQ) - 16:10 ~ 16:50 [Sailing the Seven SEAs: Deep Dive into Polaris' Arsenal and Intelligence Insights - Still Hsu](/xebg9rIiSBqNHOVyT0TIUw) ## R3 - 11:00 ~ 12:20 [手把手教你重現 DeFi Exploit 與偵測攻擊事件 - Seal Cao](/yfVxdkFMQrqI7NJdiiZkJg) - 13:00 ~ 15:00 [cheeto_lock.jpg. Look how I use your lock to enter your house - Pwning AD with AD CS. - Jimmy Su](/tdB6rU5QRIuxOwkzp3lfSQ) - 16:10 ~ 16:50 [TBD] # 08/24 #### 09:00 ~ 10:00 報到時間 #### 10:00 ~ 10:10 Opening 開幕 ## R0 - 10:10 ~ 11:00 [25 YEARS OF ATTACKS AND DEFENSE - Saumil Shah](/zJ99QFJAQba95At4gzNF5A) - 11:20 ~ 12:00 [Evasive attacks against AI-powered antivirus software - Yu Arai](/zcdg8MCCT8m0vV1CE6bgLQ) - 13:00 ~ 13:40 [Background of those glitches in Zelda BoTW & ToTK - Yuda](/1GglvumfQYaLVM2aqrJlkQ) - 14:00 ~ 14:40 [Pirates of The Nang Hai: Follow the Artifacts of Tropic Trooper, No One Knows - Yusuke Niwa, Suguru Ishimaru](/AUnYVaEFTkSmYkcpT4Q_6w) - 15:10 ~ 15:50 [Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! - Orange Tsai](/VIwb_MC4R42WRL9KEzr64w) - 16:10 ~ 16:40 [Lightning Talk](/K44VJteVQ3KMdzIViq_ZJQ) ## R1 - 11:20 ~ 12:00 [你的雲端攝影機安全嗎？ - 王凱慶, Weber Tsai](/la5XBNzsRoC_PoGBJZR29g) - 13:00 ~ 13:40 [Reverse engineering and hacking Ecovacs robots - the bad and the really bad - Dennis Giese, Braelynn](/XVEH3NpvQLKTTaR2V6VhKQ) - 14:00 ~ 14:40 [From Surveillance to Espionage: Unraveling the Latest Strategies of the Kimsuky Group - Seongsu Park](/UNo7iUfmQ_yK1qe9z7yQGw) - 15:10 ~ 15:50 [從零開始的資安防護：公民團體與 Helix 服務的合作之路 - Toomore Chiang](/C_TJ6LMjQyO647uyBA5erw) ## R2 - 11:20 ~ 12:00 [穿梭於秘密通道：揭秘那些深藏在 VPN 的漏洞 - Zeze](/pu8tMeK-RzKEhwwzl3JhhQ) - 13:00 ~ 13:40 [Breaking LLM Applications – Advances in Prompt Injection Exploitation - Johann Rehberger](/wAyijP6GRAeTVkHNvzk61A) - 14:00 ~ 14:40 [Clash, Burn, and Exploit: Manipulate Filters to Pwn kernelCTF - HexRabbit](/XzZSISKVSly_TrLI1zm58w) - 15:10 ~ 15:50 [Breaking network crypto in almost every popular Chinese keyboard app - Jeffrey Knockel, Mona](/8oEyPOtVT6S3cm0gx_r_NA) ## R3 - 11:00 ~ 12:20 [藍隊綜合培訓：惡意程式偵測技術的整合訓練 - Joey Chen](/YTY81H8MQ8amzXUynwKrAw) - 13:10 ~ 15:50 [Machine Learning For Security Professionals: Building And Hacking ML Systems - Sagar Bhure](/gM-956olTlCJJxDYznxdGw)