In this session, Dusan will provide an overview of the insecure object deserialization in Java and .NET and provide an in-depth look at 2 different cases of these vulnerabilities. In the first part of the presentation, Dusan will delve into the basics of object serialization and provide insight into why deserialization attack surfaces exist is applications built on top of Java and .NET.

In the second part of the presentation, Dusan will present an overview of two specific recent cases of deserialization vulnerabilities in Java and .NET, where he will provide an indepth look at the vulnerability in the 3 scenarios and how to detect these forms of attacks.

Treading along the line between privacy and security can be challenging in the digital era. While law enforcement agencies can take advantage of the latest technology in their efforts to fight crimes, the use of hi-tech tools, for example, ones used for online surveillance, has raised discussions about how it might violate data privacy rights.

In this session, Drexx will be shining a light on issues surrounding the use of technology in fighting crimes and the effect it has on data privacy

The ongoing pandemic compelled many organizations to shift from operating manually to maximizing various technologies for their day-to-day transactions. Due to this fact, there has been an increased traffic online, paving the way for threat actors to launch attacks against public and private institutions. For instance, there has been an increase in the number of phishing attacks using different web sharing services and cloud applications.

In this presentation, Karla and Joy will dive deep into how the current global trends have shaped the web threat landscape with the help of machine learning (ML).

Law enforcement (LE) agencies play a vital role in shaping down cybercrime trends. As a seconded researcher to an LE agency, Paul will be sharing some of his experiences on working with them.

This presentation will discuss how Trend Micro's provision of expert insights and datasets help LE agencies proceed in some investigations. The presentation will also highlight the dependencies of LE to private partners (cybersecurity firms) and vice versa by citing some cases. In addition, Paul will share some tips and tricks on how to utilize threat intelligence in order to move forward.

Technology provides solutions for managing risks surrounding COVID-19 and controlling the spread of the virus. In the rush to come up with technical solutions, standard constraints on collecting and processing private data have been disregarded or waived and compromises on security have been often made.

In this presentation, Andreas will be illustrating the complex management and minimization of the impact of compromised personally identifiable information (PII) at the time of a pandemic. He will be introducing the concept of privacy by design and privacy impact assessment. In addition, he will be discussing the controls and tools needed to minimize the adverse and long-lasting impacts of solutions deployed to fight COVID-19.

In this session, Marvin will share an inside scoop on recent trend and changes in ransomware threat tactics, techniques, and procedures (TTP). Ransomware threat actors nowadays are no longer into the shotgun approach of mass-mailing targets with ransomwarelaced emails but are more like a skilled sniper - a deliberate, patient, and resolute attacker with a clear focus on its target industry or company. Today, threat actors use phishing, info-stealers, exploits or outright purchase credentials in underground market to gain preliminary access to its victims.

Marvin will also discuss what action defenders need to do and think about to address this change in ransomware TTPs.

Criminal infrastructure is an important chain that binds the whole underground ecosystem. This presentation will focus on the evolution of technologies and approaches which underground actors use to maintain and protect their infrastructures. It will show how actors abuse legitimate hosting and cloud services, exploit geographical and cross-jurisdictional issues to avoid takedowns, or even maintain server farms located in private houses in rural areas.

The presentation will also discuss the shifts on underground hosting approaches, which are enforced by the introduction of new technologies. The presentation contains several case studies that are based on our investigations of cyber incidents.

In 2016, the Philippines launched its first National Cybersecurity Plan. It was a significant development that signaled the Philippine government's commitment to mitigate the risks and threats from the evolving cybersecurity landscape and ensure its competitiveness in the growing data-driven economy. A key objective of the plan was the establishment of greater public-private partnerships that would promote cross-sector collaboration in combatting malicious actors both in the physical and digital space. Four years since its launch, the framework for the proposed PPP and other joint-initiatives like nation-wide threat intelligence sharing mechanisms are yet to unfold.

In this talk, Mr. Manantan examines the emerging industry-led Public-Private Cybersecurity Partnership (PPP) in the Critical National Infrastructure in the Philippines. As part of his on-going research, he will discuss the key drivers and challenges in the cybersecurity partnership in the country with a sharp focus on the convergence and divergence on strategic priorities between the National government and the private sector. Recognizing potential prospects and underlying tensions, Mr. Manantan will provide recommendations to optimize the risks and maximize the opportunities of the emerging Public-Private Cybersecurity Partnership in the Philippines.

At last year's Decode, Matsukawa's colleague Ryan Flores had a presentation about Industry 4.0 and the cyberthreats affecting relevant industries. While it is interesting to find out that old Conficker worms are prevalent in industrial environments, they wanted to dig deeper and find out what cyberthreats are really affecting the critical endpoints tasked at controlling various industrial equipment - the ICS/SCADA computer.

This presentation will show how they built their catalogue of industrial software and fingerprint endpoints for the presence of ICS/SCADA processes, and, with this information at hand, how they monitor these critical endpoints for cyberattacks.

As more industries adapt to cater to the increasingly mobile market, the financial industry is the latest to experience a shake-up. The Revised Payment Service Directive (PSD2) - also known as Open Banking - is a new set of rules for the European Union (EU) that's expected to affect the global financial industry.

With Open Banking, banks will have to provide APIs to share customers' banking data with third parties. Hear the results of our research into the challenges of protecting the larger attack surface created by open banking and the potential security issues associated with APIs, banking apps, and protocols

Under the Data Privacy Act of 2012, concealment of security breaches involving sensitive personal information is a crime punishable by imprisonment of up to five years and a fine of up to one million pesos. In this presentation, Atty. Michael will be providing an overview of the notification requirement on personal data breaches. He will also be discussing five key observations on data breaches from the point of view of the National Privacy Commission (NPC)

APT groups usually rely on backdoor shells to gain a foothold on the target environment. These tools open the victim machine to commands the attacker wants to perform from the outside of the system. Like any other piece of malware, having this tool run on a machine adds footprints that can be used to discover the attack.

In one case Gilbert and Abraham handled, the attacker did away with using backdoor shells and instead went full fileless. In this presentation, they will be discussing the tools the attacker used or may have used to achieve this. They will show the advantages and disadvantages the attacker has in using this approach.

User-After-Free (UAF) vulnerabilities have been widely used in developing web browser malware variants. A UAF vulnerability concerns the incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, malicious actors can use the error to hack the program.

In this presentation, Andy will introduce the technologies and tricks available to write a real shellcode exploit abusing a UAF vulnerability.

Serverless computing is a kind of cloud computing execution model that enables enterprises to use the computational power of a cloud service provider (CSP). It allows enterprises to focus on building apps and core products, rather than using manpower to maintain and secure server infrastructure. However, serverless technologies are not immune to risks and threats.

This presentation aims to shed light on the security considerations in serverless environments and help adopters in keeping their serverless deployments as secure as possible. It focuses on services offered by AWS, which has the widest range of offerings available in the serverless services market.

Detecting similar artifacts is crucial to identifying variants that malicious actors use to evade defenses. With static inspection of files or other parts of byte streams, using a similarity measure provides a quick mechanism to triage the vast sea of incoming unknowns.

This presentation will discuss the development and evolution of similarity measures adopted by the security community, comparing approaches for their search and clustering effectiveness and their runtime performance. In particular, the presentation will explain the algorithms used by SSDeep, SDHash, TLSH, LZJ and JA3. A demonstration on why Trend Micro leads the industry in this field, and its application to security problems, will also be showcased.

Reverse engineering routers and IoT devices may seem daunting for beginners. In this session, Vincent will guide you through hardware reverse engineering and vulnerability hunting processes through vulnerabilities affecting two routers. He will explore the hardware architecture and design of the TP-Link TLWR841N and the Belkin F7D2301 router.

In addition, he will look at the Linux-based firmware of the TP-Link and the RTOS-based firmware of the Belkin, then walk through the vulnerabilities reported in these routers.

There has been an ongoing evolution of the malware and security landscapes. In the last few years, we have seen the widespread adoption of machine learning (ML) into cybersecurity solutions. In response to this, we have seen changes in the methods adopted by malware authors to evade security solutions. It is a game of cat and mouse between the attackers and defenders, and unfortunately there are real-world consequences when cybercriminals succeed.

In this presentation, Jon will look at this ongoing evolution of security and malware. He will describe why ML is a key technology in understanding the interaction between malware and how security solutions can help maximize the benefits of ML-based security

Similarity hashing is an important tool for searching and analyzing malware samples which are similar to known malware samples. TLSH has been found to be particularly well-suited for finding related malware (and goodware) samples from known malware (and goodware) samples. In particular, TLSH has been shown to be good at finding the different variants of a given malware.

Previous works at Trend Micro have shown that TLSH hashes can be used to build fast search and clustering techniques, which can scale to tens of millions of items. In this presentation, Muqeet will present techniques that can scale to even larger data sizes by doing clustering in stages.