On June 11-12, sponsored by Tencent security, CO sponsored by Tencent security Cohen lab and Tencent Security Platform Department, the fourth Tencent Security International Technology Summit (Tencent 2019), CO sponsored by Tencent Security College, was held in Shanghai. As an annual event of international cutting-edge security technology, this tencec has attracted top security experts from Microsoft, arm, independent information security researchers and Tencent security teams to discuss and exchange cutting-edge network security research results. The top ten topics cover the current hot areas of cloud computing security, AI security applications, Internet of vehicles security, IOT security, virtualization security, big data security, etc.
[download topic ppt]
1. Internet of things and chip security: analysis of Internet of things attacks in real life
Speaker: ASAF Shen, vice president of arm IOT device line business
In the foreseeable future, billions of IOT devices are expected to be deployed. If IOT designers fail to cope with attacks from all aspects, important data will face risks, and the promise of IOT will not be fulfilled. In the past, the Internet of things vulnerability mitigation measures mainly focused on the software level. However, with the threshold of implementing physical attacks decreasing, the chip security needs to be improved. In this topic, we analyze a real attack case including chip level vulnerabilities, and then discuss the system methods needed to improve chip security and specific mitigation measures to solve chip vulnerabilities.
2. Growing hypervisor 0day with hyperseed
Speaker: Jin long, senior safety engineer of MSRC
At present, virtualization technology has become an important means to build platform security and cloud security. Hyper-V, Microsoft's virtualization platform, is the cornerstone of building Microsoft cloud azure, and its security is very important. In order to maintain its high standard of security, Microsoft's vulnerability reward program for Hyper-V provides a reward of up to $250000. Hypervisor provides hypercall interface to virtual machine. It can not only be used as attack vector of virtual machine escape, but also be used to bypass virtual security mode (VSM) under the situation of virtual security (VBS). This speech discusses the development of hyperseed, a fuzzy testing program based on format awareness, its background knowledge, design concept and its discovery.
3. Intrusion detection of large Internet enterprises
Speaker: Zhao bizheng, basic safety director of meituan
In the IDC production environment of hundreds of thousands to millions, hundreds of millions of lines of code are in the complex enterprise environment of complex loopholes, tens of thousands of employees and byod equipment, multi-point office, etc., how to design a reasonable intrusion detection scheme, and find out the really terrible opponents like looking for a needle in a haystack.
4. Topic: Dynamic Security Analysis of embedded devices and avatar2 framework based on Python
Speaker: Marius team stairs / eurecom
Tastless, a well-known CTF team from the European Union, introduced the dynamic security analysis of embedded devices and the relevant content of avatar2 framework based on Python on this tensec. The sharing related to the old version is more about analyzing specific devices / technologies or implementing utilization, but tastless focuses more on explaining why better tools are needed and introducing their relevant attempts to improve tool capabilities. The framework has been open-source on GitHub and disclosed for sharing at the 34c3 conference in 2017. Please look forward to their on-site sharing of the latest updates and changes of the framework.
5. Mac OS malware detection
Speaker: Wang Chaofei, security expert of Tencent mac
The security situation of Mac OS is increasingly severe. No attack, no defense. This topic first simulates the attack against Mac OS from the perspective of hackers. Next, combined with ATT & CK model, this paper introduces the typical intrusion attack techniques in each stage, and puts forward the detection methods; finally, it introduces the data sources needed to build Mac OS EDR and the related means to obtain data sources.
6. Topic: exploitation of kernel memory corruption vulnerability on Microsoft Windows 10 19h1
Speaker: Nikita tarakanov, information security researcher
Every new version of Windows operating system Microsoft enhances security by adding security mitigation mechanism. Since Windows 7, Microsoft has started to enhance the security of windows kernel pool allocator. In Windows 8, Microsoft failed almost all the methods that had been disclosed before that could stably exploit kernel pool corruption. However, Microsoft introduced a new kernel memory allocator on Windows 10 RS5, which makes the current pool memory processing technology useless. Zeronight's on-site discussion in tensec is about the difficulty of exploiting kernel memory corruption vulnerability on the new windows 10 19h1.
7. Reflection on the security construction of Internet enterprises
Speaker: Ma Songsong, R & D safety director of Tencent
Topic introduction: as the front line of attack and defense, the work of infrastructure security construction is difficult and tedious, but there is joy in pain. After 10 years of experience, I hope to share some thoughts with the industry.
8. Application of safety knowledge map mining underground industrial groups with community detection algorithm
Speaker: Deng Yong, senior researcher of Tencent security
The black production team has been threatening the information security. The traditional operation security analysis tends to analyze a single sample and its behavior, and then track its related entities, such as domain, IP and target. However, when security companies analyze network criminal gangs, they need to invest more manpower to conduct relevant individual samples, which is undoubtedly inefficient. Deng Yong shared a brand-new method in this tencec, that is, the underground black production mining framework with knowledge map, which can find the gang from the data level, and then the association analysis of virus samples, domains and IP used by the gang can promote a more complete and rapid discovery of the gang's infrastructure.
9. Practice of AI in data security
Speaker: Peng Sixiang, expert engineer of Tencent Cloud Security
With the advancement of enterprise digital process, data has become the core asset of the enterprise. Because it contains a lot of sensitive information of individuals and enterprises, it has also become a new target of attack. A large number of data security incidents show that the traditional information security defense scheme has been difficult to deal with these complex situations, so Tencent cloud security team proposed to build a data governance and defense solution from the perspective of data flow. AI, as the core of the whole scheme, analyzes and identifies massive data and various attack means: the data governance center constructed mainly by unsupervised AI perceives the abnormal events of data application; the center constructed mainly by supervised AI accurately identifies various security defense capabilities of malicious; through self-learning, semi supervised learning and migration learning, it self iterates and quickly responds to attacks, To provide a more effective and comprehensive protection system for the data flow security of enterprises.
10. Vulnerability discovery and development of cloud computing and desktop virtualization technology
Speaker: Marco Grassi, Xingyu Chen, security researcher of Tencent Cohen Laboratory
Marco and Kira from Tencent security Cohen lab first outlined virtualization technology and its attack surface. Then they introduced the VirtualBox architecture design and attack surface, and showed a VirtualBox escape demonstration video. In addition, they also shared the details of the vulnerability of QEMU virtual machine escape and its utilization process.
This article was published by seebug paper. If you need to reprint it, please indicate the source. Address: https://paper.seebug.org/961/