AHaving certain influence in the world, XCon Information Security Conference is one of the largest and most authoritative and famous information security conferences in China. For more than a decade, XCon has been upholding its rigorous work style and inviting the information security experts and fans, network security consultants from abroad and home. XCon commits to create a friendly, harmonious platform for communication.

Every summer XCon will come in time and meet you in Beijing--the capital of China. There will be hundreds of information security experts, scholars, researchers and related professionals come from different countries invited to present and give speeches. The meeting covers everything and new fields’ information security technologies. If you have new technologies, new discoveries or successful experiences in some fields and welcome to share with us!

AM

TBD 8:30-9:00

TBD 9:30-9:40

TBD 9:40-10:40

TBD 10:40-11:40

TBD 11:40-12:30

PM

TBD 12:30-14:00

TBD 14:00-15:00

TBD 15:00-16:00

TBD 16:00-16:20

TBD 16:20-17:10

AM

TBD 09:30-10:30

TBD 10:30-11:30

TBD 11:30-12:30

TBD 12:30-14:00

PM

TBD 14:00-15:00

TBD 15:00-16:00

TBD 16:00-16:20

TBD 16:20-17:10

TBD 17:10-17:20

LOCATION

Organizer

Sponsor

Previous Review

XCon2017 XFocus Information Security Conferense XCon2016 XFocus Information Security Conferense XCon2015 XFocus Information Security Conferense XCon2014 XFocus Information Security Conferense XCon2013 XFocus Information Security Conferense XCon2012 XFocus Information Security Conferense XCon2011 XFocus Information Security Conferense XCon2010 XFocus Information Security Conferense XCon2009 XFocus Information Security Conferense XCon2008 XFocus Information Security Conferense XCon2007 XFocus Information Security Conferense XCon2006 XFocus Information Security Conferense XCon2005 XFocus Information Security Conferense XCon2004 XFocus Information Security Conferense XCon2003 XFocus Information Security Conferense XCon2002 XFocus Information Security Conferense

Registration fee will include: Access to 2 days conference (28 -29th August), coffee breaks and lunch per day, conference souvenirs and free to attend XPwn2018 on 30th August at 751D-Park.

Registration before 24th June

$450/per person

Registration before 13rd July

$550/per person

Registration before 24th August

$650/per person

At door

$750/per person

Mail us your registration information and it should cover with: Last name, first name, email address, company, country, city, address and special diet (None, Vegetarian, Muslim). Please use the subject as XCon2018 Registration and send to xcon@xfuturesec.com.

XCon organizing committee could help you booking the room of conference hotel at a better price, if you need us help please send email to us XCon2018 Room reservation including: Last name, first name, passport number and check-in and check-out time.

Topic:Fixed, or not fixed, that is the question

SPEAKER:Yunhai Zhang

Yunhai Zhang is a security researcher of NSFOCUS Security Team, working on computer security for more than a decade, mainly focused on exploit detection and prevention. He has spoken at security conferences such as Blackhat and BlueHat. He has won the Microsoft Mitigation Bypass Bounty 4 years in a row since 2014.

Brief introduction

Microsoft has continued to complement and improve mitigations in Windows in recent years.Thus, mitigation bypass gradually becomes the most important step in vulnerability exploit, and many novel techniques emerge.Microsoft has fixed most of those techniques to keep mitigations effectively.However, it is very hard to fix mitigation bypass due to usability, compatibility, stability, performance and other reasons, and the fix itself may be vulnerable. This talk will show two examples, exploit ATL Thunk Pool and exploit Chakra JIT Engine, and discuss how to find vulnerability in the fix of mitigation bypass.

Topic:How I Generally Bypassed CFG

SPEAKER:Jun Feng Yang

Fengjun Yang is currently a staff researcher at DiDi Labs. He previously worked at NSFOCUS and FireEye as a vulnerability researcher. Junfeng has a keen interest in anything security and especially exploitation. He received bounties from the Microsoft Mitigation Bypass programme for his contributions during 2016 - 2017.

Brief introduction

Over the years, Microsoft has introduced many forms of exploit mitigation in an effort to drive up the costs of exploitation. In Windows 10, Microsoft introduced the control flow guard (CFG) mitigation, further increasing the difficulty of exploitation on the Windows platform. However, as history has shown, nothing is perfect. Even though CFG has already been around for some time and many researchers have contributed to improving CFG, subtle flaws still exist. In this talk, I will present several amazing exploitation techniques which bypassed CFG easily and generically, given a read/write primitive - something not uncommon in modern exploits. These techniques I will share can be applied to exploit various software such as Edge, IE, Adobe Reader, Flash and Microsoft Office. I will also share some exploitation tricks I have developed, some of which are novel enough to earn bounties with Microsoft's Mitigation Bypass programme.

Topic:Evilsploit - The Provisioning Port Killer of Embedded System

SPEAKER:Chui Yew Leong、 Mingming Wan

Chui Yew Leong is the system architect of GuangZhou TYA. Embedded system development is his job scope on a daily basis. Mingming Wan is the senior hardware engineer of GuangZhou TYA. Embedded system development is his job scope on a daily basis.

Brief introduction

Evilsploit is a universal hardware hacking toolkit. It is targeting to attack the provisioning port of embedded system. In conventional approach, two sets of tools are required for bus identification and manipulation, respectively. In such a case, the gap between the bus identification and manipulation process will prevent the hardware hacking process to be automated. Besides, it is also prone to human errors and deter software-oriented hackers from exploring further to the embedded hardware. In fact, by only controlling the provisioning port, it is all set for most of the software-oriented hackers to start hacking a hardware, due to the reason of most embedded hardware are software driven. So, Evilsploit is the one to bridge the gap between the process of bus identification and manipulation. With a single piece of hardware, it is capable to enumerate the provisioning port and transfer the resulting connection pattern to the high level. From now on, it is ready to be controlled by those well-known tools such as OpenOCD, UrJtag, or Minicom. Hence, the whole hardware hacking process is dummy proof and ready to be automated now. On the other hand, Evilsploit is also suitable to be used as an assistive tool in varieties of hardware and software attacks such as Side Channel Analysis (SCA), Fault Injection (FI), code emulation, and static analysis.

Topic:Vulnerability Discovery Content for Safari Browser

SPEAKER:   Bo Qu

Bo Qu is now a distinguished engineer in Palo Alto Networks and the distinguished expert of National Engineering Laboratory for Mobile Internet System and Application Security of China. His research interests lie in system and application security.

Brief introduction

Fuzzing is an efficient way of hunting software vulnerabilities. In this topic, we will introduce a novel fuzzing method which minimizes human interaction and intervention. We will then talk about building test pages containing DOM, JavaScript and WebGL content for Safari browser. And we will also share our code in github which keeps revealing different vulnerabilities since last year.

Topic:Vulnerability Discovery Content for Safari Browser

SPEAKER: Tongbo Luo

Tongbo Luo works as a principal security researcher at Palo Alto Networks where he build state-of-art products on cyber security, mobile security and IoT security. He leads research on detecting malware using deep learning, and exploiting vulnerabilities on browser and mobile system. He obtained his M.S. and Ph.D. in computer science from Syracuse University in 2014. He has spoken at numerous security conferences including Black Hat (Asian, USA), Virus Bulletin.

Brief introduction

Fuzzing is an efficient way of hunting software vulnerabilities. In this topic, we will introduce a novel fuzzing method which minimizes human interaction and intervention. We will then talk about building test pages containing DOM, JavaScript and WebGL content for Safari browser. And we will also share our code in github which keeps revealing different vulnerabilities since last year.

Topic:Security Research toward Smart Cars – Understand the CAN Network in Tesla Motors

SPEAKER: Wenkai Zhang

Wenkai Zhang, Security Researcher in Keenlab, Tencent. Wenkai Zhang now lays focus on vehicle CAN network test and ECU firmware analysis in Keen Lab. With plenty of embedded system basic software development experience, he is familiar with ECU hardware design process and vehicle CAN network architecture. He was responsible for the FSAE vehicle electronic system and ECU design. In September 2016, he was participated in the Tesla hacking.

Brief introduction

In today's world of connected cars, security is of vital importance. The security of these cars is not only a technological issue, but also an issue of human safety. In our research we focused on perhaps the most famous connected car model: Tesla. In this talk, firstly we’ll share details about the whole remote attack chain toward the Tesla car. However, this time we will put more efforts in the study of CAN network, such as the architecture of Tesla CAN network and how we compromise it. In the end we’ll also share our thoughts about the security design of modern CAN network in smart cars.

Topic:Security Research toward Smart Cars – Understand the CAN Network in Tesla Motors

SPEAKER:Sen Nie

Sen Nie, Security Researcher in Keenlab, Tencent. Sen Nie is a security researcher of Keen Lab. Currently his research is mainly focused on car hacking, before that he has many years' research experiences on program analysis, such as symbolic execution, smart fuzzing and other vulnerability detection technologies.

Brief introduction

In today's world of connected cars, security is of vital importance. The security of these cars is not only a technological issue, but also an issue of human safety. In our research we focused on perhaps the most famous connected car model: Tesla. In this talk, firstly we’ll share details about the whole remote attack chain toward the Tesla car. However, this time we will put more efforts in the study of CAN network, such as the architecture of Tesla CAN network and how we compromise it. In the end we’ll also share our thoughts about the security design of modern CAN network in smart cars.

Topic:Unearth The Hidden Treasure In Stack – Bypass CFG Via Stack Data Corruption

SPEAKER:Bing Sun

Bing Sun is a senior information security researcher, and now he is leading the IPS security research team of Intel Security Group (formerly McAfee). He has extensive experiences in operating system kernel and information security technique R&D, with especially deep diving in advanced vulnerability exploitation and detection, Rootkits detection, firmware security and virtualization technology. Moreover, Bing is also a regular speaker at international security conference, such as XCon, Black Hat and CanSecWest.

Brief introduction

Control Flow Guard (CFG) is an exploitation mitigation mechanism that prevents exploit from hijacking the control flow. Among all the currently known CFG bypass methods, the return address corruption is most commonly used. Now vendors have started trying to solve this problem from both software and hardware sides, and we believe this particular CFG bypass method will be invalidated in the near future. Thus, as vulnerability exploitation researchers, we can’t help ask ourselves besides return address isn’t there any other data useful for exploitation? After in-depth research, we found in addition to return address there are indeed some other interesting data that can be leveraged to bypass CFG, however comparing to the method of return address corruption, it requires more advanced exploitation techniques. In this presentation, we’ll use a couple of interesting examples to demonstrate our research findings. We’ll introduce some reliable stack address leak and exploitation tricks that correspond to different attack scenarios, such as the combination of data-only attack and race condition techniques. We’ll also provide live demonstrations of the attacks discussed on the latest Windows 10 Insider Preview build.

Topic:The threat of the traffic analysis in Bluetooth4.0 encrypted communication and safety protection technology

SPEAKER:Shiliang Ao(ID: Red Cat)

Graduate student, and a trainee in Micro-Electronics & Embedded Technology Security R&D Center, from Antiy Labs.

Brief introduction

As we enter the Internet-of-Things(IOT) era, the deployment and application of Bluetooth devices with low power consumption are becoming more and more widespread. However, with the development of software radio technology, and driven by techniques of machine learning and data analysis, the attacks on the IOT communication are no longer limited to the traditional sniffer-crack, traffic analysis of communication channels has become a new security threat. It can capture the communication data packet sequence without decrypting, and explore the possible communication behavior of the current user, then use it for behavior feature recognition, target identification. It can even achieve the prediction of action plan. This report shows the team’s preliminary thinking and experimental exploration for the related issues. This paper briefly introduces the security mechanism of Bluetooth4.0 and the construction process of machine learning prediction model. Taking Bluetooth4.0 communication process as an example, we track frequency hopping through radio equipment, capture and crack the data entered by Bluetooth keyboard. By analyzing the encrypted communication data, the plaintext message after the crack and the traffic characteristics recorded at the same time, we explore the relationship between these three and the possible information threat brought. Finally, some simple experiments are made to demonstrate the security risks.

Topic:The view of information pipeline security about smart car “neuron”

SPEAKER:Qing Yang

Qing Yang is the founder of UnicornTeam & Radio Security Research Department in 360 Technology. He has rich experiences in information security area. He presented at Black Hat, DefCon, CanSecWest, HITB, Ruxcon, POC, XCon, China ISC etc

Brief introduction

The neurons (electronic control unit) of smart car, which are connected by bus, so information could transmit by high speed. Beside, part of the neurons also can receive data which come from outside inner bus. So we can find a new type of attack about smart car. In this speech, we would explain when the attackers have not yet penetrated into the smart car, which will use what way of attack to disturb, control the smart car with the perception of these outside information "neurons".

Topic:Finding Needles in a Haystack

SPEAKER:Liejun Wang

Topic:A Trust Crisis with Sensors in Automobiles

SPEAKER: Chen Yan

Chen Yan is a Ph.D. student at Zhejiang University, and a member of Ubiquitous System Security Laboratory (USSLab). His research focuses on the security and privacy of vehicles and internet-of-things devices. He was a recipient of Tesla Motors Information Security Recognition, and a speaker on DEFCON, PoC, GeekPwn, etc. His team was acknowledged by the Tesla Security Researcher Hall of Fame twice.

Brief introduction

Sensors are indispensable components in complex control systems like modern automobiles, and especially critical for autonomous vehicles. As the bottom layer of data source in vehicular systems, sensors are normally trusted, and used for diagnosing other systems. However, the problem is, are sensors really secure? If sensor data are not trustworthy, the vehicular control systems will suffer from great instability, which can lead to serious safety issues, most notably for self-driving vehicles. This talk will analyze the security vulnerabilities of (autonomous) vehicles from a sensor perspective, and introduce our research on the security and trustworthiness of both passive and active sensors, including MEMS accelerometers, ultrasonic sensors, MMW radars, cameras, etc. We will present contactless attacks on these sensors, and show how they can affect real systems, such as a Tesla Model S.

Topic:How I Exploit Uninitialized Uses on macOS Sierra

SPEAKER: Zhenquan Xu

intern researcher @ Team Pangu. Postgraduate student @ Shanghai Jiao Tong University majoring in Information Security. Focusing on vulnerability discovery and exploitation in macOS kernel and Safari

Brief introduction

macOS Sierra is the latest operating system developed by Apple Inc. Apple has spent great effort on improving the security of macOS. Firstly, we will introduce the improvements in macOS Sierra from a security perspective. Then, we will discuss the kernel vulnerabilities used in Pwnfest2016, including the cause and how we exploited them. Lastly, we will summarize the common ways to exploit uninitialized use vulnerabilities and how to reduce the damage caused by these vulnerabilities from a system perspective.