Becks Japan #3

Becks Japan #3

Third edition of Becks in Japan. Talks by @chpie, @pwn_panda, and @k2wanko

Twitter Hashtag : #becks_jp

Featured talks (see below for details):

1. Build your own Iron Legion to attack WebKit by chpie (Cheol Ung Lee)
2. Security is for everyone! (or, Being a newbie at security) by pwn_panda (Robin Lunde)
3. New security features in Android and the Web by k2wanko

Schedule

• 18:50 Open
• 19:20 Welcoming words (10min)
• 19:30 Build your own Iron Legion to attack WebKit (50 min)
• 20:20 Break (10 min)
• 20:30 Security is for everyone! (30 min)
• 21:00 New security features in Android and the Web (40 mins)
• 21:40 Social event (with beers!)
• 23:00 End

Talk details:

1. Build your own Iron Legion to attack WebKit by chpie (Cheol Ung Lee)

• Abstract: In this talk, I'd like to introduce how I combined Kubernetes with public open source fuzzers. It includes how I simplified the management of infrastructure and fuzzers on multiple containers each running on multiple machines.
  I will cover the following topics:
  
  • Public open source fuzzers I used
  • Dockerizing webkitgtk fuzzing environment for JS/DOM layer
  • Use of Kubernetes, great for easy scale-out, update, durable running
  • Fuzzing results
    Finally, I'll introduce the infrastructure resources that I used to implement this project. The infrastructure is part of LINE's internal cloud, and is proved to all LINE developers
• Profile: Cheol Ung Lee (chpie) is an old-school rootkit coder. He worked for the Cyber Command of Republic of Korea and the Grayhash security consulting company prior to joining the security team at LINE Plus.
  Now he mainly focuses on LINK coin (LINE's cryptocurrency) security, LINE's base infrastructure security at the application layer, and working on various risk assessments projects.
• Language: English (with Japanese translation)

2. Security is for everyone! by pwn_panda (Robin Lunde)

• Abstract: This talk will be about my experience about starting out in security. I'll share my journey from a researcher, with a mostly academic background and little practical experience, to becoming an effective security engineer. In particular, I'll discuss where to find good resources, how to get started, and what challenges lie ahead.
  Next, I will give an overview of what it's like being a security engineer at LINE, what we do, and the approach we take to securing LINE services. Finally, I'll briefly introduce the main differences between of the Application Security and Infra Protection teams at LINE.
• Profile: Robin works as a security engineer on LINE's Application Security Team. His work is mainly code review and pen testing Web and Android apps, as well as Bug Bounty triage and evaluation.
  He joined LINE as a new graduate in October 2018, and while still fairly new to security, he has quickly become an indispensable member of the security team.
  
• Language: English (with Japanese translation)

3. New security features in Android and the Web by k2wanko

• Abstract: In this talk I'll introduce the new security features announced at Google I/O 2019, focusing on Android and Web.
  I will cover the following topics:
  
  • Android Q privacy checklist
  • Jetpack Security
  • Modern Web App Security
  • misc. Google I/O impressions and other interesting announcements
• Profile: コキチーズ (@k2wanko / Connpass: @k2_wanko) is a security engineer running a bug bounty and doing security assessment. He likes the Web, Android, Firebase, GCP, and Splatoon.
• Language: Japanese (with English translation)