We have not posted any update recently, but here is our update:
1. We have found a few sites with SQL Injection including HKAAA and Macau public web sites as well as casino, it is already reported to HKCERT and MOCERT team
2. We are now organising our next big event, VXCON 2016, of course, we will invite more prominent researchers and hackers.
3. We keep playing CTF, and hopefully, we could join some Attack-and-Defense style CTF game soon.
4. Sometimes, we got interview from media, it is for educational purpose.
5. We keep our forensics and malware analysis research as well as web hack
Merry Christmas and happy new year to you all :D
We have not updated you guys for a while:
1. We have got fellows to present at HITCON (www.hitcon.org) conference in Taipei and Blackhat USA 2014
2. We are now working on more CTF games, you could find us from www.ctftime.org
3. We have more interesting works to come in AVTokyo and CodeBlue in Japan :-)
Please stay tuned.
We have found the following sites and blogs with the similar name and interest as us:
We would like to clarify:
1. They are not our members and we have no connection with them.
2. Their work(s) and research do not relate to us.
3. We have not authorized any buddies to apply for other blogs and sites in other countries
4. The legitimate domains include: vxrl.org, valkyrie-x.org and vxsecurityresearch.org
5. VXRL (Valkyrie-X Security Research Group) is found from Hong Kong.
Thank you, guys.
Buddies, we didn't keep you update for a while, and we have got a wonderful Year 2014:
Research and Conference
Darkfloyd and Zetta has given a talk at Tokyo about "China is a victim, too". It is all about studying attack logs for the Single's Day (ecommerce day in mainland China) and analyse the attack trend and pattern as well as payload.
Researchers, Alanh0, Captain and Darkfloyd have presented Forensics and APT case studies respectively. APWG is a well-known organisation against Phishing for 10 years already, it is an international conference with professionals and practitioners from 19 countries.
They will head to Amsterdam in early May to give a workshop of Network Forensics Kungfu at DFRWS Europe, which is one of the top forensics conference in this planet
Researcher Ran2 has finally wrapped up his research under his blog (http://espionageware.blogspot.com) about APT attribution and DNS profiling, it is recognised and referenced by Harlan Carvey, who is the Windows Forensics expert, and SANS (www.sans.org)
We still keep playing CTF game, please kindly find our world ranking from here:
For recent Plaid CTF 2014, please kindly find our write-up here, please stay tuned.
BBOS: https://ctftime.org/writeup/1107 by Alanh0
ZFS: https://ctftime.org/writeup/1083 by Alanh0
CurlCore: http://goo.gl/JYXnJH by Darkfloyd
Contribution and Others
Keep moving, buddies ;-)
QT402 (Mac Lab), Hong Kong Polytechnic University
Here is the tentative agenda:
Talks are subject to change and confirm, as there are only 3 VIP seats available, please send email to darkfloyd[at]vxrl.org for registration, payment details will be sent to you.
Fee: <contact me>
See you all soon.
PS: Recording and photograph taking are prohibited :-)
Hi guys, we have not updated here for a while, here are some updates from us:
- VXCON 2013 On Fire
We have invited two Russian security researchers to provide Crypto and Binary Reverse Engineering workshop, please register as soon as possible, the fee is 2500 HKD per head! Only 13 seats are available (29 Oct)
- Post-Swoden Response
OGCIO from Hong Kong government has invited us to be one of the attendees to advise on cyber security in their Information security round table meeting. During the meeting, our security researcher has expressed opinions over education, detection and APT attack. Afterwards, there are follow up works are now in progress with OGCIO.
- Operation "Saving Private Record"
We have submitted another batch of leaked privacy data to PCO (www.pcpd.org.hk), it shows that many organizations have made somewhat efforts on privacy leak out. But we keep working on it regularly.
- Ongoing Research
Several research operations in APT, software security and forensics are in progress :-)
Several VX bros incuding MT, Avenir and Leng have presented in Blackhat USA 2013, DEFCON 21 and coming Pacsec Japan in Tokyo (Nov 2013), salute and respect on their work and passion
Ran2 and 0xDF will present APT research in Singapore in March 2014.
- Media exposure
Express corporate and personal security advice and comment over existing traveling alert system from Security Bureau; Express expert opinion over Swoden's statement and claim in RTHK and TVB; Involved in News Magazine's Cyber security programme from TVB.
We have just enjoyed a CTF (Capture The Flag) held by De Eindbazen, which a well-known winning team in various CTF contests from Netherland.
On behalf of VXRL, I would like to be thankful to UDomain (http://www.udomain.com.hk/) to sponsor the venue and drinks to us for our game, it is our real pleasure to be sponsored.
For the game, we have got a first blood for Web 300 by Zetta. The MVPs are Zetta, Darkfloyd and Neo@TheOne.
It is good to have various VXRL CTF crew fellows to join the game, you guys rock!
We will publish the write up here and please stay tuned.
Bin100: It's easy, no write-up :-)
Bin200: Attachment by Darkfloyd
For100: Attachment by Alanh0
For200: TBA by Captain
Net100: Attachment by Neo@theone
VXRL researchers have found out several "critical" SQL injection flaws from various local Hong Kong universities.
We may plan to notify relevant party to fix it before real attacker does any harm against them.
This is our spirit . This is VXRL :-)
Three VX brothers, Mr. Tony MIU (aka MT), Dr. Daniel LUO, Dr. Leng LEE (aka Leng) and Mr. Alan Chung (aka Avenir), have involved in a DDoS project held by a private company, will be presenting at
Blackhat USA and DEF CON 21 conferences. It is a real pride that all technical ideas and implementation are done by them. It is the first time
the entire team from Hong Kong as the CFP acceptance is not easy.
For more details, please visit www.blackhat.com and www.defcon.org
We will keep you posted if whitepaper and presentation are released.
Blackhat Presentation and Whitepaper archive available for download now:
VX brothers Miu Tung Ngai, Dr Daniel Luo, Dr. Wai Leng Lee and Alan K L Chung ):
Hunt the Shadow from Taiwan brothers Fyodor Bom, Benson Wu, PK and Birdman) - Our good VX friends
1-10 of 67