Papers & presentations published by VNSECURITY members. Copyright and all rights therein are maintained by the authors or by other copyright holders.

2016

  • Nguyen Anh Quynh, Keystone: A Next Generation Assembler Framework, Presentation, HITB GSEC 2016, Aug 2016 (slides)
  • KaiJern Lau, Reverse Engineering Trilogy, Presentation, KCON Beijing 2016, Aug 2016
  • Nguyen Anh Quynh, Keystone Engine: Next Generation Assembler Framework, Presentation, BlackHat USA 2016, Aug 2016 (slides)
  • Hoang Quoc Thinh, XXX Injection - Beyond classical injection methods, Presentation, Tra Da Hacking #01, Jun 2016 (slides)
  • Loi Anh Tuan, IPS và một số kỹ thuật vượt rào, Presentation, Tra Da Hacking #01, Jun 2016 (slides)
  • KaiJern Lau, Mouse Jack implementation for poor people, Presentation, QCon 2016, April 2016 (slides)
  • Nguyen Anh Quynh, Building next generation security tools with Unicorn engine, Presentation, Tetcon 2016, Jan 2016
  • Pham Van Toan, Làm thế nào để tìm 0-day trong Microsoft Edge, Presentation, Tetcon 2016, Jan 2016

2015

  • Thanh Nguyen, Nguyen Phi Kha, Targeted Attack Operations Against Internet Industry in Vietnam, Keynote Presentation, Anti-virus Asia Researchers International Conference 2015, Dec 2015
  • Nguyen Anh Quynh, Dang Hoang Vu, Unicorn: Next Generation CPU Emulator Framework, Presentation, BlackHat USA 2015, Aug 2015
  • Nguyen Anh Quynh, Building a “perfect” X86 diassembly framework, Presentation, Tetcon 2015, Jan 2015.
  • Hoang Quoc Thinh, The #bugbounty comic, Presentation, Tetcon 2015, Jan 2015.

2014

  • Nguyen Anh Quynh, Capstone: Next Generation Disassembly Framework, Presentation, BlackHat USA 2014, Aug 2014. (slides)
  • Bodo Möller, Thai Duong, Krzysztof Kotowicz, This POODLE Bites: Exploiting The SSL 3.0 Fallback, Advisory/Paper, Sept 2014. (paper)

2013

  • Nguyen Anh Quynh, OptiROP: hunting for ROP gadgets in style, Presentation, BlackHat USA 2013, Aug 2013. (slides)
  • Le Dinh Long, Exploiting nginx chunked overflow bug, the undisclosed attack vector, Presentation, SECUINSIDE, Jul 2013.
  • Nguyen Anh Quynh, OptiCode: Machine Code Deobfuscation for Malware Analysis, Presentation, SysCan SG, Apr 2013.
  • Nguyen Anh Quynh, OptiSig: Semantic Signature for Metamorphic Malware, Presentation, BlackHat Europe 2013, March 2013.
  • Nguyen Anh Quynh, Phát hiện virus đa hình với chữ ký ngữ nghĩa, Presentation, TetCon, Jan 2013.

2012

  • Le Dinh Long & Thanh Nguyen, PEDA: Polishing Up GDB for Exploit Development, Workshop, Hack in The Box, October 2012
  • Thai Duong & Juliano Rizzo, The CRIME attack, Presentation, Ekoparty, September 2012
  • Le Dinh Long, Linux Interactive Exploit Development with GDB abd PEDA, Workshop, Black Hat USA, August 2012
  • Thanh Nguyen, Cyber Warfare, Keynote, Tetcon, Jan 2012
  • Thai Duong, Những lỗ hổng ít được biết đến và cách phòng chống, Presentation, Tetcon, Jan 2012. (slides)
  • Pham Van Toan, Finding Software Vulnerabilities via Smart Fuzzing, Presentation, Tetcon, Jan 2012. (slides)

2011

  • Le Dinh Long & Thanh Nguyen, ARM Exploitation ROPmap, Presentation, PacSec Japan, November 2011.
  • KaiJern Lau, Malware Sandboxing the Xandora Way, Presentation, Hack in The Box Malaysia, October 2011
  • Thai Duong & Juliano Rizzo, BEAST: Surprising crypto attack against HTTPS, Presentation, Ekoparty, Sept 2011. (paper)
  • Le Dinh Long & Thanh Nguyen, ARM Exploitation ROPmap, Presentation, Black Hat USA, August 2011. (slides)
  • Thai Duong & Juliano Rizzo, Cryptography in the Web: The Case of Cryptographic Design Flaws in ASP.NET, Technical Paper, IEEE Symposium on Security & Privacy, May 2011. (paper)

2010

  • Thanh Nguyen, Payload already inside: data re-use for ROP exploits, Presentation, DeepSec Austria, November 2010.
  • Le Dinh Long & Thanh Nguyen, Payload already inside: data re-use for ROP exploits, Presentation, Hack in The Box Malaysia, October 2010.
  • Nguyen Anh Quynh, Detecting Malicious Documentations, Presentation, SyScan HCM, September 2010.
  • Thai Duong & Juliano Rizzo, Padding Oracles Everywhere, Presentation, Ekoparty, September 2010.
  • Nguyen Anh Quynh, Operating System Fingerprinting for Virtual Machines, Presentation, Defcon 18, July 2010 and SyScan Taipei, August 2010. (slides)
  • Nguyen Anh Quynh, Virt-ICE: next generation debugger for malware analysis, White paper and Presentation, Black Hat USA, July 2010. (papers, slides)
  • Le Dinh Long, Payload already inside: data re-use for ROP exploits, White paper and Presentation, Black Hat USA, July 2010 and SyScan HCM, September 2010. (papers, slides)
  • Thai Duong & Juliano Rizzo, Practical Crypto Attacks Against Web Applications, White paper and Presentation, Black Hat Europe, April 2010 and USENIX Workshop on Offensive Technologies, August 2010. (papersslides)

2009

  • Nguyen Anh Quynh, eKimono: A Malware Scanner for Virtual Machines, Presentation, DeepSec Austria, November 2009 and Hack in The Box Malaysia, October 2009. (slides)
  • Thai Duong & Juliano Rizzo, Flickr’s API Signature Forgery Vulnerability, Technical paper, September 2009. (paper)
  • Nguyen Anh Quynh, Memory forensic and incident response for live virtual machine (VM), Presentation, FRHACK France, September 2009.
  • Nguyen Anh Quynh, Detecting rootkits inside Virtual Machine, Presentation, XCON China, August 2009.
  • Nguyen Anh Quynh, Outspect: Live Memory Forensic and Incident Response for Virtual Machine, Presentation, Syscan Singapore, July 2009.

2007

  • Nguyen Anh Quynh, Hijacking Virtual Machine Execution, Presentation, Black Hat Japan, October 2007.
  • Thanh Nguyen (Red Dragon) and Mikado, Cheating Massively Multiplayer Online Game for Fun and Profit, Presentation, VNSECON, July 2007.
  • Nguyen Anh Quynh, Hijacking Virtual Machine Execution for Fun and Profit, Presentation, VNSECON, July 2007 and Bellua Cyber Security Asia, October, 2008 and DeepSec Austria, December 2007. (slides)
  • Nam Nguyen, Unintrusive Back in Time Java Tracers: Methods and Practices, Presentation, VNSECON, July 2007.
  • Thai Duong, Zombilizing The Web Browsers Via Flash Player 9, Presentation, VNSECON, July 2007.
  • Thanh Nguyen (Red Dragon), UPnP Hacking - You Plug n Pray, Presentation, VNSECON, July 2007.

2006

2003

2002

  • Thanh Nguyen (Red Dragon), Linux Kernel Keylogger, Technical paper, Phrack Magazine #59, June 2002.