August 22, Kcon V3 is held at a low (Nan) (Zhao) literary place next to the Bird's nest. One day to sell more than 600 tickets, Massarati sponsored speakers dedicated car, Bitbays sponsored 100 Bitcoin, Hammer mobile sponsorship T1, mysterious singers come to help, these authors do not want to say. Just want to talk about hackers in the other side of attack and defense technology.
The morning is the media-oriented closed forum, several speakers together to answer the site media questions, first to a family photo.
Several hackers from left to right are: cosine, TK, color di snowball, Redrain, cold wind, evi1m0, Black elder brother. This tells us to be a hacker must first have a domineering code name.
According to cosine, hackers are mainly divided into the following categories:
System hackers: They are proficient in the operating system, read the assembly, write C language, to obtain the system administrator as the highest pursuit. The representative figures at the scene are TK and cold wind;
Script hackers: Commonly known as "Script Kid", they are proficient in scripting language, can find the major web site script vulnerabilities to attack, but also write their own script attacks. The scene represents the characters are cosine, heige and Blue di Snowball;
Wretched stream: Their attacks occur primarily on the Web front-end, usually passive, ready to trap and wait for the big fish to bite. The scene represents the character is Redrain and evi1m0 (why wretched flow age are all small?) )
Let's take a closer approach to the hackers here:
Cosine, know to create Yu Vice President, the general planning of the event, micro-letter public account "lazy people in thinking" (Lazy-thought), know the account cosine. Quietly tell everyone a gossip: the cosine of his wife is his high school classmate.
Tencent "Xuanwu" safety Laboratory director Yu Yu (@tombkeeper), a lot of people like to affectionately call him the TK guru, of course, some people prefer to call him "gynecological giant." There are many years of research experience in the fields of security vulnerabilities, apt/0-day detection, network attack and defense, mobile and wireless security, as well as security vulnerabilities, wireless security, Xkungfoo in CanSecWest, Hitcon, XCON, RootKit and other security meetings at home and abroad. Detection and other topics of speech; Microsoft exploits mitigation to bypass the bounty of the world's two 100,000-dollar jackpot winners. Of course, this 100,000 dollars is not white take, the Master's speech topic all of a sudden to the author can not understand the height of "ROPs are for the 99%": Unknown attack, how to know?
Sina Weibo security team security Engineer @ Blue di Snowball, mainly engaged in the safety testing of micro-blog products, security function architecture, and related automation Platform tool architecture and research and development work. Dedicated to the research and application of security, safety automation and safety operation and so on. The topic of the lecture was "use of OAuth to hijack user identities".
Don't forget beginner: I Choose to be a hacker ethically because it ' s fun
360 Network security Research and Defense laboratory security researcher Redrain, personal website Redrain, "Senior game stick", like all kinds of CTF, wargame, infiltration division, specializing in a variety of engineers. Set the Web dog, infiltrate the dog in a body, good at all kinds of mainstream, non-mainstream intrusion means. In the case of two pinch, can also come here to speak, and talk about such a sensitive topic "hidden in the dark world of interest Chain", the detailed flow of black production and mainstream black production technology used to make a big exposure. I can only feel that the hacker's friendship is really not common!
Tian Rong letter Alpha Laboratory safety researcher Cold Wind, CSDN blog experts, good technical direction: Trojan, virus, infiltration, APT attack analysis and research, cold humor. The morning also demonstrated the scene through a message made by mobile phone Trojan. The issue of "apt attack the secret of the Special Trojan Technology implementation", completely stand in the attacker's point of view for your secret APT attack the special Trojan technology to achieve, restore the real method of hacker attacks.
Know Chuang Yu security researcher @evi1m0, the founder of the Red Information Security organization, hackersoul.com Initiator. The standard is too small, keep a name "Big head" of the English short (right, that is the left one). Know the column evi1m0, micro-credit public account Evil-say. EVI1M0 's speech was "the client crossed last year": all input is harmful, and defense is a permanent topic. Experience: As a white hat, you should treasure every hole dug out, write exp.
Know Chuang Yu Safety researcher Superhei (heige), male giant. Doug in the "Chinese hacker Legends: I am Super black" in the article on the legendary life of Heige is described in detail. Someone once asked "why Heige (Superhei), the Archbishop (Tombkeeper) are the hospital background-born hackers?" "The answer is" this is the fact that there is no way to change as if there is no way to say why, "the archbishop's answer is" no special reason. " A lot of other backgrounds, but no medical background so conspicuous, so no one attention. "I understand that the network is also sick, have to cure!"
To share the best questions and answers to the closed forum:
Q: Ordinary user users in absolute disadvantage, basically no security knowledge, how to prevent attacks?
Mainly do the following: Try to choose a safe, trustworthy website. Don't expose your privacy, and don't let hackers find you a valuable target, and they can take you through the same tricks. For example, in the circle of friends to dazzle rich is a very dangerous behavior. Turn off the phone and laptop automatic connection WiFi, it is said that the same day there are WiFi traps, many of the recruit. Depending on the progress of applications and service providers, they have the most professional team to protect you. Of course you have to update it in time.
Q: Does the hacker have team collaboration? Is there a circle?
A: Domestic hackers and foreign situation is not the same.
About teamwork: The first generation hackers in China do very well, they communicate more, the direction of research in different fields, can learn from each other, share experience, promote the development of hacker security circles at home and abroad. Hacker sharing in this era has become increasingly scarce, relying mainly on the communication of colleagues.
Hackers have a circle of culture, the hacker Circle is also a lake. Especially in the era of the Big Bang, believe that the circle will gradually uncover the veil of mystery.
Q: What is the current security situation with smart hardware?
A: Smart hardware security threshold is not low, as a new thing, is still in the initial stage, did not undergo the baptism of blood and fire, the future is certainly a fresh blood rain. Smart phones are already a relatively safe device compared to smart hardware.
About the details of the speech, please go to colleagues ' article "The third session know the security forum bird Nest held know the creation of the new Zoomeye", lecturer ppt Download address: Https://github.com/knownsec/KCon
At the same time, the General Assembly has also opened a 5-day round table discussion, more exciting topics please move to the heartbeat of cyberspace.
After the dinner, finally have the opportunity and cosine close contact, the first sight is black rim of the eye. Cosine said this week did not how to sleep, now successfully concluded, there is no regret, look forward to seeing you next year, I hope to have a professional team, can do this thing. Cosine said the reason to do this meeting, really just want to do a pure thing, so that people learn more about hackers, do not want to involve business things. Know Chuang Yu also have a lot of products would like to do booth or speech, have been vice president of the cosine refused, leaving only Zoomeye. At the press conference, Zoomeye formally announced that it had been hardware, that is, it had been made, and I asked the cosine who would need to buy this product, Cosine said the country.
Children and beauties are always the most interesting:
13-Year-old small hacker to attend
This tells us that there are not only female hackers in the world, but also beauty hackers.
Finally, pay tribute to the hackers who have not forgotten beginner!