Talk 1: 7:00pm-7:45pm
Title: A Guide on Antivirus Evasion
Description
Antivirus evasion is crucial in many cybersecurity research and operations. For example, red team exercises are often conducted in a hardened production environment. While open-source tools may help in the enumeration or exploitations of services, they are often detected and flagged by antivirus.
In this talk, we will look into manual and partially automated ways to achieve antivirus evasion. In addition, we will explore two case studies on evading detection of popular hacking tools - SharpHound and mimikatz.
Speaker Bio
Glenice graduated from NUS Information Security in 2020 and is an alumnus of NUS Greyhats. She is currently working as an associate cybersecurity specialist at Government Technology Agency. Her work focuses on web security, cloud technology, and social engineering practices.
Talk 2: 7:45pm-8:30pm
Title: Dirty Deeds Done Dirt Cheap
Description
What are real world bugs made of? A miserable pile of secrets. This talk is not about cool exploit techniques, nor is it about the latest bypass using complex machinery. In this talk, I present some of the cheapest no-brainer techniques that have been used to find security bugs that you as a security professional should know. We will uncover some of the dirtiest tricks people use to write software and how to break it. You won’t like what you see, but don’t hate the player, hate the game.
Speaker Bio
Wai Tuck is a PhD student at SMU, focusing on the intersection between security and machine learning. He graduated from Carnegie Mellon University with a Masters in Information Security, where he actively participated in CTFs and worked on research in dynamic analysis of Javascript code. He also previously contributed to nmap, creating the first reliable scanning script for SambaCry. He is OSCP, OSCE, OSWP, and OSWE certified.