AHaving certain influence in the world, XCon Information Security Conference is one of the largest and most authoritative and famous information security conferences in China. For more than a decade, XCon has been upholding its rigorous work style and inviting the information security experts and fans, network security consultants from abroad and home. XCon commits to create a friendly, harmonious platform for communication.

Every summer XCon will come in time and meet you in Beijing--the capital of China. There will be hundreds of information security experts, scholars, researchers and related professionals come from different countries invited to present and give speeches. The meeting covers everything and new fields’ information security technologies. If you have new technologies, new discoveries or successful experiences in some fields and welcome to share with us!

Security Research toward Smart Cars – Understand the CAN Network in Tesla Motors

Sen Nie

Security Research toward Smart Cars – Understand the CAN Network in Tesla Motors

Wenkai Zhang

The view of information pipeline security about smart car “neuron”

Qing Yang

The threat of the traffic analysis in Bluetooth4.0 encrypted communication and safety protection technology

Shiliang Ao

Unearth The Hidden Treasure In Stack – Bypass CFG Via Stack Data Corruption

Bing Sun

How I Generally Bypassed CFG

Fengjun Yang

Finding Needles in a Haystack

LieJun Wang

Fixed, or not fixed, that is the question

Yunhai Zhang

Vulnerability Discovery Content for Safari Browser

Tongbo Luo

Vulnerability Discovery Content for Safari Browser

Bo Qu

A Trust Crisis with Sensors in Automobiles

Chen Yan

Evilsploit - The Provisioning Port Killer of Embedded System

Chui Yew Leong & Mingming Wan

Application of AI in Web Security

Jing Hui Feng

How I Exploit Uninitialized Uses on macOS Sierra

Zhenquan Xu

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

Jason Shirk

微软的安全战略家

AM

Registation 8:30-9:00

Beginning Speech 9:30-9:40

Casper

Evilsploit - The Provisioning Port Killer of Embedded System 9:40-10:40

Chui Yew Leong、Mingming Wan

Application of AI in Web Security 10:40-11:40

Jinghui Feng

Unearth the Hidden Treasure in Stack – Bypass CFG via Stack Data Corruption 11:40-12:30

Bing Sun

PM

Lunch 12:30-14:00

Security Research toward Smart Cars – Understand the CAN Network in Tesla Motors 14:00-15:00

Sen Nie、Wenkai Zhang

How I Generally Bypassed CFG 15:00-16:00

Junfeng Yang

Coffee Break 16:00-16:20

The View of Information Pipeline Security about Smart Car “neuron” 16:20-17:10

Qing Yang

AM

Fixed, or not fixed, that is the question 09:30-10:30

Yunhai Zhang

Vulnerability Discovery Content for Safari Browser 10:30-11:30

Tongbo Luo、Bo Qu

A Trust Crisis with Sensors in Automobiles 11:30-12:30

Chen Yan

Lunch 12:30-14:00

PM

How I Exploit Uninitialized Uses on macOS Sierra 14:00-15:00

Zhenquan Xu

The Threat of the Traffic Analysis in Bluetooth 4.0 Encrypted Communication and Safety Protection Technology 15:00-16:00

Shiliang Ao

Coffee Break 16:00-16:20

Finding Needles in a Haystack 16:20-17:10

Liejun Wang

Closing Speech 17:10-17:20

coming soon

A1M

进场

签到 依到场顺序入座

进场 8:00-8:30

签到 依到场顺序入座

开幕致辞 8:00-8:30

董本洪 阿里巴巴集团首席市场官

开幕致辞 8:00-8:30

杨光 阿里巴巴消费者事业群资深总监

杨光 阿里巴巴消费者事业群资深总监 8:00-8:30

范凌 特赞创始人

吴春松 阿里巴巴AI设计项目负责人

设计与人工智能行业报告与商业实践

范凌 特赞创始人

吴春松 阿里巴巴AI设计项目负责人

PM

进场

签到 依到场顺序入座

进场 8:00-8:30

签到 依到场顺序入座

开幕致辞 8:00-8:30

董本洪 阿里巴巴集团首席市场官

开幕致辞 8:00-8:30

杨光 阿里巴巴消费者事业群资深总监

杨光 阿里巴巴消费者事业群资深总监 8:00-8:30

范凌 特赞创始人

吴春松 阿里巴巴AI设计项目负责人

设计与人工智能行业报告与商业实践

范凌 特赞创始人

吴春松 阿里巴巴AI设计项目负责人

AM

进场

签到 依到场顺序入座

进场 8:00-8:30

签到 依到场顺序入座

开幕致辞 8:00-8:30

董本洪 阿里巴巴集团首席市场官

开幕致辞 8:00-8:30

杨光 阿里巴巴消费者事业群资深总监

杨光 阿里巴巴消费者事业群资深总监 8:00-8:30

范凌 特赞创始人

吴春松 阿里巴巴AI设计项目负责人

设计与人工智能行业报告与商业实践

范凌 特赞创始人

吴春松 阿里巴巴AI设计项目负责人

AM

进场

签到 依到场顺序入座

进场 8:00-8:30

签到 依到场顺序入座

开幕致辞 8:00-8:30

董本洪 阿里巴巴集团首席市场官

开幕致辞 8:00-8:30

杨光 阿里巴巴消费者事业群资深总监

杨光 阿里巴巴消费者事业群资深总监 8:00-8:30

范凌 特赞创始人

吴春松 阿里巴巴AI设计项目负责人

设计与人工智能行业报告与商业实践

范凌 特赞创始人

吴春松 阿里巴巴AI设计项目负责人

LOCATION

Organizer

Sponsor

主办方

承办方

赞助商

Previous Review

XCon2016 XFocus Information Security Conferense XCon2015 XFocus Information Security Conferense XCon2014 XFocus Information Security Conferense XCon2013 XFocus Information Security Conferense XCon2012 XFocus Information Security Conferense XCon2011 XFocus Information Security Conferense XCon2010 XFocus Information Security Conferense XCon2009 XFocus Information Security Conferense XCon2008 XFocus Information Security Conferense XCon2007 XFocus Information Security Conferense XCon2006 XFocus Information Security Conferense XCon2005 XFocus Information Security Conferense XCon2004 XFocus Information Security Conferense XCon2003 XFocus Information Security Conferense XCon2002 XFocus Information Security Conferense

往届回顾

XCon2016 安全焦点信息安全技术峰会 XCon2015 安全焦点信息安全技术峰会 XCon2014 安全焦点信息安全技术峰会 XCon2013 安全焦点信息安全技术峰会 XCon2012 安全焦点信息安全技术峰会 XCon2011 安全焦点信息安全技术峰会 XCon2010 安全焦点信息安全技术峰会 XCon2009 安全焦点信息安全技术峰会 XCon2008 安全焦点信息安全技术峰会 XCon2007 安全焦点信息安全技术峰会 XCon2006 安全焦点信息安全技术峰会 XCon2005 安全焦点信息安全技术峰会 XCon2004 安全焦点信息安全技术峰会 XCon2003 安全焦点信息安全技术峰会 XCon2002 安全焦点信息安全技术峰会

Registration fee will include: Access to 2 days conference (23rd -24th August), coffee breaks and lunch per day

Early birdbefore 21st July

$550/per person

Regular registrationbefore 18th August

$650/per person

At door

$800/per person

Please use the subject as XCon2017 Registration and send to xcon@xfuturesec.com,Subject: XCon2017 Registration

Please mail us your registration information and it should cover with: Last name, first name, email address, company, country, city, address and special diet (None, Vegetarian, Muslim)

Topic:Fixed, or not fixed, that is the question

SPEAKER:Yunhai Zhang

Yunhai Zhang is a security researcher of NSFOCUS Security Team, working on computer security for more than a decade, mainly focused on exploit detection and prevention. He has spoken at security conferences such as Blackhat and BlueHat. He has won the Microsoft Mitigation Bypass Bounty 4 years in a row since 2014.

Brief introduction

Microsoft has continued to complement and improve mitigations in Windows in recent years.Thus, mitigation bypass gradually becomes the most important step in vulnerability exploit, and many novel techniques emerge.Microsoft has fixed most of those techniques to keep mitigations effectively.However, it is very hard to fix mitigation bypass due to usability, compatibility, stability, performance and other reasons, and the fix itself may be vulnerable. This talk will show two examples, exploit ATL Thunk Pool and exploit Chakra JIT Engine, and discuss how to find vulnerability in the fix of mitigation bypass.

Topic:How I Generally Bypassed CFG

SPEAKER:Jun Feng Yang

Fengjun Yang is currently a staff researcher at DiDi Labs. He previously worked at NSFOCUS and FireEye as a vulnerability researcher. Junfeng has a keen interest in anything security and especially exploitation. He received bounties from the Microsoft Mitigation Bypass programme for his contributions during 2016 - 2017.

Brief introduction

Over the years, Microsoft has introduced many forms of exploit mitigation in an effort to drive up the costs of exploitation. In Windows 10, Microsoft introduced the control flow guard (CFG) mitigation, further increasing the difficulty of exploitation on the Windows platform. However, as history has shown, nothing is perfect. Even though CFG has already been around for some time and many researchers have contributed to improving CFG, subtle flaws still exist. In this talk, I will present several amazing exploitation techniques which bypassed CFG easily and generically, given a read/write primitive - something not uncommon in modern exploits. These techniques I will share can be applied to exploit various software such as Edge, IE, Adobe Reader, Flash and Microsoft Office. I will also share some exploitation tricks I have developed, some of which are novel enough to earn bounties with Microsoft's Mitigation Bypass programme.

Topic:Evilsploit - The Provisioning Port Killer of Embedded System

SPEAKER:Chui Yew Leong、 Mingming Wan

Chui Yew Leong is the system architect of GuangZhou TYA. Embedded system development is his job scope on a daily basis. Mingming Wan is the senior hardware engineer of GuangZhou TYA. Embedded system development is his job scope on a daily basis.

Brief introduction

Evilsploit is a universal hardware hacking toolkit. It is targeting to attack the provisioning port of embedded system. In conventional approach, two sets of tools are required for bus identification and manipulation, respectively. In such a case, the gap between the bus identification and manipulation process will prevent the hardware hacking process to be automated. Besides, it is also prone to human errors and deter software-oriented hackers from exploring further to the embedded hardware. In fact, by only controlling the provisioning port, it is all set for most of the software-oriented hackers to start hacking a hardware, due to the reason of most embedded hardware are software driven. So, Evilsploit is the one to bridge the gap between the process of bus identification and manipulation. With a single piece of hardware, it is capable to enumerate the provisioning port and transfer the resulting connection pattern to the high level. From now on, it is ready to be controlled by those well-known tools such as OpenOCD, UrJtag, or Minicom. Hence, the whole hardware hacking process is dummy proof and ready to be automated now. On the other hand, Evilsploit is also suitable to be used as an assistive tool in varieties of hardware and software attacks such as Side Channel Analysis (SCA), Fault Injection (FI), code emulation, and static analysis.

Topic:Vulnerability Discovery Content for Safari Browser

SPEAKER:   Bo Qu

Bo Qu is now a distinguished engineer in Palo Alto Networks and the distinguished expert of National Engineering Laboratory for Mobile Internet System and Application Security of China. His research interests lie in system and application security.

Brief introduction

Fuzzing is an efficient way of hunting software vulnerabilities. In this topic, we will introduce a novel fuzzing method which minimizes human interaction and intervention. We will then talk about building test pages containing DOM, JavaScript and WebGL content for Safari browser. And we will also share our code in github which keeps revealing different vulnerabilities since last year.

Topic:Vulnerability Discovery Content for Safari Browser

SPEAKER: Tongbo Luo

Tongbo Luo works as a principal security researcher at Palo Alto Networks where he build state-of-art products on cyber security, mobile security and IoT security. He leads research on detecting malware using deep learning, and exploiting vulnerabilities on browser and mobile system. He obtained his M.S. and Ph.D. in computer science from Syracuse University in 2014. He has spoken at numerous security conferences including Black Hat (Asian, USA), Virus Bulletin.

Brief introduction

Fuzzing is an efficient way of hunting software vulnerabilities. In this topic, we will introduce a novel fuzzing method which minimizes human interaction and intervention. We will then talk about building test pages containing DOM, JavaScript and WebGL content for Safari browser. And we will also share our code in github which keeps revealing different vulnerabilities since last year.

Topic:Security Research toward Smart Cars – Understand the CAN Network in Tesla Motors

SPEAKER: Wenkai Zhang

Wenkai Zhang, Security Researcher in Keenlab, Tencent. Wenkai Zhang now lays focus on vehicle CAN network test and ECU firmware analysis in Keen Lab. With plenty of embedded system basic software development experience, he is familiar with ECU hardware design process and vehicle CAN network architecture. He was responsible for the FSAE vehicle electronic system and ECU design. In September 2016, he was participated in the Tesla hacking.

Brief introduction

In today's world of connected cars, security is of vital importance. The security of these cars is not only a technological issue, but also an issue of human safety. In our research we focused on perhaps the most famous connected car model: Tesla. In this talk, firstly we’ll share details about the whole remote attack chain toward the Tesla car. However, this time we will put more efforts in the study of CAN network, such as the architecture of Tesla CAN network and how we compromise it. In the end we’ll also share our thoughts about the security design of modern CAN network in smart cars.

Topic:Security Research toward Smart Cars – Understand the CAN Network in Tesla Motors

SPEAKER:Sen Nie

Sen Nie, Security Researcher in Keenlab, Tencent. Sen Nie is a security researcher of Keen Lab. Currently his research is mainly focused on car hacking, before that he has many years' research experiences on program analysis, such as symbolic execution, smart fuzzing and other vulnerability detection technologies.

Brief introduction

In today's world of connected cars, security is of vital importance. The security of these cars is not only a technological issue, but also an issue of human safety. In our research we focused on perhaps the most famous connected car model: Tesla. In this talk, firstly we’ll share details about the whole remote attack chain toward the Tesla car. However, this time we will put more efforts in the study of CAN network, such as the architecture of Tesla CAN network and how we compromise it. In the end we’ll also share our thoughts about the security design of modern CAN network in smart cars.

Topic:Unearth The Hidden Treasure In Stack – Bypass CFG Via Stack Data Corruption

SPEAKER:Bing Sun

Bing Sun is a senior information security researcher, and now he is leading the IPS security research team of Intel Security Group (formerly McAfee). He has extensive experiences in operating system kernel and information security technique R&D, with especially deep diving in advanced vulnerability exploitation and detection, Rootkits detection, firmware security and virtualization technology. Moreover, Bing is also a regular speaker at international security conference, such as XCon, Black Hat and CanSecWest.

Brief introduction

Control Flow Guard (CFG) is an exploitation mitigation mechanism that prevents exploit from hijacking the control flow. Among all the currently known CFG bypass methods, the return address corruption is most commonly used. Now vendors have started trying to solve this problem from both software and hardware sides, and we believe this particular CFG bypass method will be invalidated in the near future. Thus, as vulnerability exploitation researchers, we can’t help ask ourselves besides return address isn’t there any other data useful for exploitation? After in-depth research, we found in addition to return address there are indeed some other interesting data that can be leveraged to bypass CFG, however comparing to the method of return address corruption, it requires more advanced exploitation techniques. In this presentation, we’ll use a couple of interesting examples to demonstrate our research findings. We’ll introduce some reliable stack address leak and exploitation tricks that correspond to different attack scenarios, such as the combination of data-only attack and race condition techniques. We’ll also provide live demonstrations of the attacks discussed on the latest Windows 10 Insider Preview build.

Topic:The threat of the traffic analysis in Bluetooth4.0 encrypted communication and safety protection technology

SPEAKER:Shiliang Ao(ID: Red Cat)

Graduate student, and a trainee in Micro-Electronics & Embedded Technology Security R&D Center, from Antiy Labs.

Brief introduction

As we enter the Internet-of-Things(IOT) era, the deployment and application of Bluetooth devices with low power consumption are becoming more and more widespread. However, with the development of software radio technology, and driven by techniques of machine learning and data analysis, the attacks on the IOT communication are no longer limited to the traditional sniffer-crack, traffic analysis of communication channels has become a new security threat. It can capture the communication data packet sequence without decrypting, and explore the possible communication behavior of the current user, then use it for behavior feature recognition, target identification. It can even achieve the prediction of action plan. This report shows the team’s preliminary thinking and experimental exploration for the related issues. This paper briefly introduces the security mechanism of Bluetooth4.0 and the construction process of machine learning prediction model. Taking Bluetooth4.0 communication process as an example, we track frequency hopping through radio equipment, capture and crack the data entered by Bluetooth keyboard. By analyzing the encrypted communication data, the plaintext message after the crack and the traffic characteristics recorded at the same time, we explore the relationship between these three and the possible information threat brought. Finally, some simple experiments are made to demonstrate the security risks.

Topic:The view of information pipeline security about smart car “neuron”

SPEAKER:Qing Yang

Qing Yang is the founder of UnicornTeam & Radio Security Research Department in 360 Technology. He has rich experiences in information security area. He presented at Black Hat, DefCon, CanSecWest, HITB, Ruxcon, POC, XCon, China ISC etc

Brief introduction

The neurons (electronic control unit) of smart car, which are connected by bus, so information could transmit by high speed. Beside, part of the neurons also can receive data which come from outside inner bus. So we can find a new type of attack about smart car. In this speech, we would explain when the attackers have not yet penetrated into the smart car, which will use what way of attack to disturb, control the smart car with the perception of these outside information "neurons".

Topic:Finding Needles in a Haystack

SPEAKER:Liejun Wang

Topic:A Trust Crisis with Sensors in Automobiles

SPEAKER: Chen Yan

Chen Yan is a Ph.D. student at Zhejiang University, and a member of Ubiquitous System Security Laboratory (USSLab). His research focuses on the security and privacy of vehicles and internet-of-things devices. He was a recipient of Tesla Motors Information Security Recognition, and a speaker on DEFCON, PoC, GeekPwn, etc. His team was acknowledged by the Tesla Security Researcher Hall of Fame twice.

Brief introduction

Sensors are indispensable components in complex control systems like modern automobiles, and especially critical for autonomous vehicles. As the bottom layer of data source in vehicular systems, sensors are normally trusted, and used for diagnosing other systems. However, the problem is, are sensors really secure? If sensor data are not trustworthy, the vehicular control systems will suffer from great instability, which can lead to serious safety issues, most notably for self-driving vehicles. This talk will analyze the security vulnerabilities of (autonomous) vehicles from a sensor perspective, and introduce our research on the security and trustworthiness of both passive and active sensors, including MEMS accelerometers, ultrasonic sensors, MMW radars, cameras, etc. We will present contactless attacks on these sensors, and show how they can affect real systems, such as a Tesla Model S.

Topic:How I Exploit Uninitialized Uses on macOS Sierra

SPEAKER: Zhenquan Xu

intern researcher @ Team Pangu. Postgraduate student @ Shanghai Jiao Tong University majoring in Information Security. Focusing on vulnerability discovery and exploitation in macOS kernel and Safari

Brief introduction

macOS Sierra is the latest operating system developed by Apple Inc. Apple has spent great effort on improving the security of macOS. Firstly, we will introduce the improvements in macOS Sierra from a security perspective. Then, we will discuss the kernel vulnerabilities used in Pwnfest2016, including the cause and how we exploited them. Lastly, we will summarize the common ways to exploit uninitialized use vulnerabilities and how to reduce the damage caused by these vulnerabilities from a system perspective.