VXCON 5 on Fire

posted Mar 21, 2016, 4:12 AM by Anthony Lai


Conference Page:

We are not silent :-)

posted Dec 21, 2015, 9:43 PM by Anthony Lai

Hi all,

We have not posted any update recently, but here is our update:

1. We have found a few sites with SQL Injection including HKAAA and Macau public web sites as well as casino, it is already reported to HKCERT and MOCERT team

2. We are now organising our next big event, VXCON 2016, of course, we will invite more prominent researchers and hackers.

3. We keep playing CTF, and hopefully, we could join some Attack-and-Defense style CTF game soon.

4. Sometimes, we got interview from media, it is for educational purpose.

5. We keep our forensics and malware analysis research as well as web hack

Merry Christmas and happy new year to you all :D


Recent VX Operations and Research

posted Sep 11, 2014, 8:33 AM by Anthony Lai

We have not updated you guys for a while:

1. We have got fellows to present at HITCON ( conference in Taipei and Blackhat USA 2014

2. We are now working on more CTF games, you could find us from

3. We have more interesting works to come in AVTokyo and CodeBlue in Japan :-)

Please stay tuned.

Disclaimer and Clarification on Similar VX Web Sites/Blogs

posted Sep 11, 2014, 8:29 AM by Anthony Lai   [ updated Sep 11, 2014, 8:34 AM ]

Dear buddies,

We have found the following sites and blogs with the similar name and interest as us:

We would like to clarify:
1. They are not our members and we have no connection with them.
2. Their work(s) and research do not relate to us.
3. We have not authorized any buddies to apply for other blogs and sites in other countries 
4. The legitimate domains include:, and
5. VXRL (Valkyrie-X Security Research Group) is found from Hong Kong.

Thank you, guys.


Recent VX Operation

posted Apr 16, 2014, 8:41 AM by Anthony Lai   [ updated Apr 23, 2014, 4:20 PM ]

Buddies, we didn't keep you update for a while, and we have got a wonderful Year 2014:

Research and Conference
AVTokyo 2013.5
Darkfloyd and Zetta has given a talk at Tokyo about "China is a victim, too". It is all about studying attack logs for the Single's Day (ecommerce day in mainland China) and analyse the attack trend and pattern as well as payload.

Researchers, Alanh0, Captain and Darkfloyd have presented Forensics and APT case studies respectively. APWG is a well-known organisation against Phishing for 10 years already, it is an international conference with professionals and practitioners from 19 countries.

They will head to Amsterdam in early May to give a workshop of Network Forensics Kungfu at DFRWS Europe, which is one of the top forensics conference in this planet

APT Research
Researcher Ran2 has finally wrapped up his research under his blog ( about APT attribution and DNS profiling, it is recognised and referenced by Harlan Carvey, who is the Windows Forensics expert, and SANS (

CTF Games
We still keep playing CTF game, please kindly find our world ranking from here:

For recent Plaid CTF 2014, please kindly find our write-up here, please stay tuned.
CurlCore: by Darkfloyd

  • Darkfloyd may give a talk and sharing session in Tokyo at NPA (National Police Agency) in September.
  • CFP submission to AVTokyo and CodeBlue :-)
  • VXCON 2014 is coming (Dec 2014)

Contribution and Others
  • We are invited as an advisory member for an information security round-table discussion by Hong Kong Government
  • Operation Saving Private Records:We have reported data leakage cases to PCPD from PDFOnline. We are interviewed by TVB and NowTV.
  • We have reported critical Web vulnerabilities for Macau web site(s) to Macau CERT.
  • We have got Domi and Lena to present at our VXCON 2013, they are readily talent and thank you so much to their coming.

Keep moving, buddies ;-)

VXCON 2013 on Fire

posted Oct 29, 2013, 9:50 AM by Anthony Lai   [ updated Dec 10, 2013, 9:27 AM ]

We would like to announce the VXCON 2013 will be held on 14/15 Dec 2013 (Sat/Sun) in HK Polytechnic University. We are thankful to HKPU Computing department to sponsor the lab to us.

QT402 (Mac Lab), Hong Kong Polytechnic University

Here is the tentative agenda:
  • 14 Dec (Sat)

  • 0900-0915: Welcome Remark
  • 0930 - 1300: Morning:   Crypto Technique by Lena, Hackerdom, Russia
  • 1430 - 1830:Afternoon: Binary Reserve Engineering by Domi, Hackerdom, Russia

  • 15 Dec (Sun)
  • 0930-1300: Morning:  Fuzzing and Software Test by Steven Mak
  • 1400-1700: Afternoon:Secret Agenda by VX brothers (Alanh0, OZetta and 0xDF)
  • 1700-1715: Closing 

Talks are subject to change and confirm, as there are only 3 VIP seats available, please send email to darkfloyd[at] for registration, payment details will be sent to you.

Fee: <contact me>

See you all soon.

PS: Recording and photograph taking are prohibited :-)

Latest Update from VX

posted Oct 29, 2013, 8:18 AM by Anthony Lai

Hi guys, we have not updated here for a while, here are some updates from us:

- VXCON 2013 On Fire
We have invited two Russian security researchers to provide Crypto and Binary Reverse Engineering workshop, please register as soon as possible, the fee is 2500 HKD per head! Only 13 seats are available (29 Oct)

- Post-Swoden Response
OGCIO from Hong Kong government has invited us to be one of the attendees to advise on cyber security in their Information security round table meeting. During the meeting, our security researcher has expressed opinions over education, detection and APT attack. Afterwards, there are follow up works are now in progress with OGCIO.

- Operation "Saving Private Record" 
We have submitted another batch of leaked privacy data to PCO (, it shows that many organizations have made somewhat efforts on privacy leak out. But we keep working on it regularly.

- Ongoing Research
Several research operations in APT, software security and forensics are in progress :-)

- Conference
Several VX bros incuding MT, Avenir and Leng have presented in Blackhat USA 2013, DEFCON 21 and coming Pacsec Japan in Tokyo (Nov 2013), salute and respect on their work and passion

Ran2 and 0xDF will present APT research in Singapore in March 2014.

- Media exposure
Express corporate and personal security advice and comment over existing traveling alert system from Security Bureau; Express expert opinion over Swoden's statement and claim in RTHK and TVB; Involved in News Magazine's Cyber security programme from TVB.

EBCTF 2013: Ranked at 37

posted Aug 8, 2013, 12:44 AM by Anthony Lai   [ updated Aug 17, 2013, 6:10 PM ]

We have just enjoyed a CTF (Capture The Flag) held by De Eindbazen, which a well-known winning team in various CTF contests from Netherland. 

On behalf of VXRL, I would like to be thankful to UDomain ( to sponsor the venue and drinks to us for our game, it is our real pleasure to be sponsored.

For the game, we have got a first blood for Web 300 by Zetta. The MVPs are Zetta, Darkfloyd and Neo@TheOne.

It is good to have various VXRL CTF crew fellows to join the game, you guys rock!

Figure 1: 1200 points ranked at 37

First blood Web300 by Zetta
Figure 2: Our first blood with Web 300. Well done and salute, Zetta.

We will publish the write up here and please stay tuned.

Write-up List:
Bin100: It's easy, no write-up :-)
Bin200: Attachment by Darkfloyd
For100: Attachment by Alanh0
For200: TBA by Captain
Net100: Attachment by Neo@theone

SQL Injection flaws discovery

posted Aug 1, 2013, 2:01 AM by Anthony Lai   [ updated Aug 1, 2013, 2:35 AM ]

VXRL researchers have found out several "critical" SQL injection flaws from various local Hong Kong universities.

We may plan to notify relevant party to fix it before real attacker does any harm against them.

This is our spirit . This is VXRL :-)

Hit Blackhat USA 2013 and DEFCON 21 (Slide and WP published)

posted Jul 27, 2013, 10:21 AM by Anthony Lai   [ updated Aug 1, 2013, 2:06 AM ]

Three VX brothers, Mr. Tony MIU (aka MT), Dr. Daniel LUO, Dr. Leng LEE (aka Leng) and Mr. Alan Chung (aka Avenir), have involved in a DDoS project held by a private company, will be presenting at
Blackhat USA and DEF CON 21 conferences. It is a real pride that all technical ideas and implementation are done by them. It is the first time
the entire team from Hong Kong as the CFP acceptance is not easy.

For more details, please visit and

We will keep you posted if whitepaper and presentation are released.

Blackhat Presentation and Whitepaper archive available for download now:

VX brothers Miu Tung Ngai, Dr Daniel Luo, Dr. Wai Leng Lee and Alan K L Chung ):

Hunt the Shadow from Taiwan brothers Fyodor Bom, Benson Wu, PK and Birdman) - Our good VX friends

1-10 of 67