We continue to introduce the talks at JSAC2024. This third issue covers workshops and lightning talks. Workshop Introduction to Investigation of Unauthorised Access to Cloud Speakers: Hayate Hazuru and Takahiro Yamamoto (ITOCHU Cyber Intelligence Inc.), Norihide Saito (Flatt Security Inc.), Daisuke Miyashita (Sterra Security Co.,Ltd.) Hayate, Takahiro, Norihide, and Daisuke explained how the cloud works and the attack methods targeting cloud in their workshop, followed by a log investigation demonstration...

Read more

This second blog post features the Main Track talks on the Day 2 of JSAC. XFiles: Large-Scale Analysis of Malicious MSIX/APPX Speakers: Kazuya Nomura, Teruki Yoshikawa, Masaya Motoda (NTT Security Japan) Slides (Japanese) The speakers discussed Microsoft’s new packaged files, MSIX and APPX, which have been exploited in recent years in attack campaigns. They explained the points to focus on when analyzing the structure, operation mechanisms, and characteristics of the...

Read more

JPCERT/CC held JSAC2024 on January 25 and 26, 2024. The purpose of this conference is to raise the knowledge and technical level of security analysts, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response. The conference was held for the seventh time and, unlike last year, returned to a completely offline format. 17 presentations, 3 workshops, and...

Read more

We continue to introduce the talks at JSAC2023. This third issue covers the workshops on Day 2. Surviving the hurt locker: or How I Learned to Stop Worrying and Love the Bom Speakers: Simon Vestin, Manabu Niseki (LINE) Simon and Manabu explained the SBOM (Software Bill of Materials) and gave a hands-on session on creating a program to generate one. SBOM is a list of software or system components. They...

Read more

This article reports on JSAC Day 2, following the previous article about Day1. How Do We Fight against Evolving Go Language Malware? Practical Techniques to Increase Analytical Skills Speakers: Tsubasa Kuwabara (FFRI Security Inc.) Slides (English) Tsubasa presented the current situation and problems of Go language malware, which has been increasing in recent years, and explained basic and advanced analysis techniques. He explained that Go malware was easy to write...

Read more

JPCERT/CC held JSAC2023 on January 25 and 26, 2023. The purpose of this conference is to raise the knowledge and technical level of security analysts in Japan, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response. This year was the sixth time the conference was held, and 12 presentations, 2 workshops, and 7 lightning talks were presented...

Read more

JPCERT/CC held JSAC2022 online on January 27, 2022. The purpose of this conference is to raise the knowledge and technical level of security analysts in Japan, and we aimed to bring them together in one place where they can share technical knowledge related to incident analysis and response. This year was the fifth time the conference was held. 9 presentations and 2 workshops, selected from 18 CFP and CFW submissions,...

Read more

This blog post focuses on the Day 2 of JSAC2022, following the previous report on the Day 1.An Introduction to macOS Forensics with Open Source SoftwareSpeaker: Minoru Kobayashi (Internet Initiative Japan Inc.)SlidesVideoMinoru provided the basic knowledge of macOS forensics, and its analysis methods using mac_apt, followed by hands-on training on macOS forensics.He mentioned that when it comes to forensics, information is acquired and analysed at the same priority as macOS...

Read more

This blog post focuses on the 1st track of JSAC2021, following the previous reports on the 2nd and 3rd track.Opening Talk: Looking Back on the Incidents in 2020Speaker: Takayoshi Shiigi (JPCERT/CC)Slides (English)VideoTakayoshi opened the JSAC2021 with an overview of incidents that JPCERT/CC confirmed in 2020, focusing on targeted attack and widespread attack.Targeted attack in 2020 is characterised by leveraging cloud services for malware operation in multiple stages of attacks from...

Read more

This blog post focuses on the 2nd track of JSAC2021, following the previous report on the 3rd track.Workshop: Malware Analysis at Scale - Defeating EMOTET by Ghidra -Speaker: Shota Nakajima (Cyber Defense Institute), Hiroaki Hara (Trend Micro)Slides (Japanese)VideoShota and Hiroaki presented how malware analysis can be easily done using Ghidra, an open source reverse engineering tool, and the participants tried automating the analysis of Emotet during the hands-on training.Ghidra provides...

Read more