3 posts categorized "Thailand" Feed

Nov 19, 2014

Malware Analysis Competition in Thailand

Hello, this is Osamu from Global Coordination Division. It’s been 2 years since I posted the last article here. Today, I am going to share our experience at the event organized in Thailand last month.

In late October, ThaiCERT, a member of ETDA (Electronic Transactions Development Agency), and JPCERT/CC organized an event “Malware Analysis Competition 2014 (MAC 2014)” in Bangkok, Thailand. The event consisted of 3 parts: Basic Malware Analysis Training, Advanced Malware Analysis Training and Malware Analysis Competition. The participants of the event were students from universities in Thailand. Following the Basic Malware Analysis Training delivered by ThaiCERT colleagues, JPCERT/CC, - Dr. Terada (Technical Committee), Tsuru (Analysis Center), and I - conducted the Advanced Malware Analysis Training and served as judges at the Competition.

At the technical session of the competition, 4 pieces of malware were prepared for around 40 participants (13 teams) from 9 universities. The participants were requested to address several problems corresponding to each malware (e.g. revealing process/registry/network activities). Based on the knowledge and skills gained from the trainings, they worked with enthusiasm to solve them.

Img_8591_editParticipants at the technical session

After the technical session, there was a session where each team delivered a presentation to show their approach to the problems. The presentations were very productive for all in terms of sharing their ideas and understanding the various/different approaches among the participants.

From total added points gained both at the technical and presentation sessions, two teams (King Mongkut's University of Technology Thonburi and Mahidol University) were awarded. Especially, the team who gained the highest score (King Mongkut's University of Technology Thonburi) is to be invited to the next APCERT Annual General Meeting which will be held in 2015 in Malaysia (The prize was sponsored by ThaiCERT/ETDA). Besides the two teams above, JPCERT/CC also gave a prize to one team (King Mongkut's Institute of Technology Ladkrabang) who gained the highest score at the presentation session.

At the award ceremony, Dr. Terada gave a talk about MWS in Japan. MWS stands for “anti-Malware engineering WorkShop” and has been held for years in conjunction with academic conferences. The format of MWS was referred to by MAC 2014. He proposed promoting such joint activities between Thailand and Japan and to extend the initiative to other ASEAN countries.

Img_8900Dr. Terada at the talk

Overall, the event was very successful, and we were happy to have been a part of it. This type of event is very useful for technical transfer and raising awareness as well as information sharing in the field of IT security. So we are hoping to continue the effort in Thailand and also to extend it to more ASEAN countries as Dr. Terada proposed.

Img_8951Group photo of the event

Last but not least, I would like to say “Kob Khun Krap” (Thank you in Thai language) to ThaiCERT/ETDA colleagues who gave cordial hospitality to us. We definitely enjoyed the event and the short stay in Bangkok. We hope to keep our friendship and collaboration with them.

For more information, here is the blog article by ThaiCERT/ETDA about the event (in Thai language).

https://www.thaicert.or.th/events/2014/ev2014-11-08-1.html

- Osamu Sasaki

Nov 16, 2012

CSIRT Trainings for ThaiCERT and LaoCERT

Hello, this is Osamu Sasaki. I belong to the Global Coordination Division in JPCERT/CC, responsible for overseas CSIRT trainings. Today I would like to introduce you two of our CSIRT trainings conducted recently - in September/Tokyo and October/Vientiane. I think it turned out to be a good model of CSIRT collaboration by sharing the knowledge and capability that each team have.


Training in September/Tokyo

In late September, two engineers from ThaiCERT came to Tokyo and participated in an on-the-job training on incident response, malware analysis and TSUBAME, a network monitoring system in the Asia Pacific region headed by JPCERT/CC. ThaiCERT, the national CSIRT in Thailand established in 2000, is in the process of extending its services and strengthening the staffs’ capability after it’s reformation in February, 2011.


In the incident response training, JPCERT/CC gave a lecture on JPCERT/CC's workflows/operations. JPCERT/CC also conducted exercises, which would require the knowledge acquired in the lecture. The exercise was designed based on a real incident which happened just recently and it required analysis of log files containing a bunch of texts. It should have been quite tough, but ThaiCERT colleagues managed to handle it with their capability.


In the malware analysis training, JPCERT/CC conducted a variety of analysis methods of malware. JPCERT/CC also conducted some exercises, and the most interesting one for them seemed to be the analysis of a web defacement case. From this exercise, they gained the techniques to understand what has to be done when someone accessed to a defaced site.


Dsc05063_2
Training in Tokyo


As a part of the training, ThaiCERT colleagues visited the SOC (Security Operation Center) of a Japanese private company to learn from their operation.


Training in October/Vientiane

Two weeks after the training held for ThaiCERT colleagues in Tokyo, Sparky, ThaiCERT Colleagues and I traveled to Vientiane, the capital of Lao. JPCERT/CC and ThaiCERT provided a five-day training course for LaoCERT staffs. LaoCERT, the national CSIRT in Lao, is a very new organization established in May, 2012.


The main topics of the training were CSIRT operations/tools and incident response. In the incident response training, JPCERT/CC introduced our ways of incident handling. Additionally, JPCERT/CC gave a lecture on how to use PGP in order to communicate securely. ThaiCERT colleagues conducted a lecture on RTIR. RTIR is a request tracking freeware for incident response. They also conducted hands-on exercise on RTIR, with step-by-step procedures.


Dsc05386_2
Training in Vientiane, conducted by ThaiCERT


The training was conducted in English, but since all of us were non-native English speakers, Lao, Thai and Japanese were also spoken in the room to confirm the correct understanding among us. (How interesting that was for me!) Thanks to ThaiCERT colleagues, they contributed a lot in narrowing the language barrier, because of the similarity in Thai and Lao language and their good skill in English.


As a final word, I would like to extend my sincerest appreciation for LaoCERT staff for their warm hospitality. I would also like to thank the Japanese Ministry of Economy, Trade and Industry (METI) for their understanding of the importance of the overseas CSIRT development. I hope LaoCERT will start their incident response shortly and I look forward to visiting Lao again!


Img_2049
Group photo of LaoCERT Training

Jun 03, 2011

Secure Coding Seminar in C/C++ Successfully Completed!

In May, JPCERT/CC sent our technical specialists to the Secure Coding Seminar in C/C++ held in 3 cities: Bangkok, Nakhon Pathom and Surabaya.

The seminar provided the explanation of common programming errors in C/C++ that could lead to software vulnerabilities, how these errors can be exploited, and effective mitigation measures for preventing such errors.

Seminar in Bangkok (Thailand)
Date: May 9th-10th, 2011
Venue: Siam City Hotel
Organizer: ThaiCERT
Number of Participants: 30

Image002_2

 

Seminar in Nakhon Pathom (Thailand) as part of JCSSE 2011 Tutorial
Date: May 11th, 2011
Venue: Mahidol University
Organizer: ThaiCERT / Mahidol University
Number of Participants: 15

Image004_2

 

Seminar in Surabaya (Indonesia) as part of Workshop Seminar Keamanan Informasi
Date: May 25th-26th, 2011
Venue: Institut Teknologi Sepuluh Nopember (ITS)
Organizer: Id-SIRTII
Number of Participants: 70

Image006_2

 

Special thanks to Mr. Kitisak Jirawannakool (ThaiCERT), Dr. Vasaka Visoottiviseth (Mahidol University) and Mr. IGN Mantra (Id-SIRTII) for helping make the seminars a success.

JPCERT/CC provides a variety of information security training courses for newly established CSIRT staff, potential workforce in CSIRTs and software developers across Asia and beyond. If you are interested, please contact the Global Coordination Division at JPCERT/CC.