2019 Japan


Theme: Hacker versus counter-hacker: From retribution to attribution

Date: November 6th to 9th, 2019

Venue: Osaka, Japan


  • Paul Vixie – Farsight
  • Matthieu Faou – ESET
  • Thomas Dupuy – ESET
  • Yoshihiro ISHIKAWA – LAC
  • Augusto Remillano – TrendMicro
  • Hazel Poligratis – TrendMicro
  • Niranjan Jayanand – Microsoft
  • Ayako Matsuda – FireEye
  • Dinesh Devadoss – K7 Computing
  • Kaarthik R Muthukrishnan – K7 Computing
  • Takahiro Haruyama – Carbon Black
  • Venkatachalabathy S.R. – McAfee
  • Harikrishanan M. – McAfee
  • Michal Poslusny – ESET
  • Peter Kalnai – ESET
  • Boris Larin – Kaspersky
  • Randy Abrams – OPSWAT
  • Robert Lipovsky – ESET
  • Yoav Arad Pinkas – Checkpoint
  • Minseok (Jacky) Cha – Ahnlab
  • GenShen Ye – 360NetLab
  • Adolf Středa – AVAST
  • Luigino Camastra – AVAST
  • Nitin Shekokar – Symantec
  • Akshay Agarwal – Symantec
  • Akhil Reddy – FireEye
  • Steven Zhou – Microsoft
  • Itay Cohen – Checkpoint
  • Ari Eitan – Intezer
  • Mark Lechtik – Kaspersky
  • Ariel Jugnheit – Kaspersky
  • Anton Cherepanov – ESET
  • Jean-Ian Boutin – ESET
  • Josep Albors – Ontinet
  • Rommel Abraham D Joven – Fortinet
  • Dhanalakshmi Velusamy – K7 Computing
  • Mingwei Zhang – Symantec
  • Prakash Galande – Quickheal
  • Bajrang Mane – Quickheal
  • Aviran Hazum – Checkpoint
  • Zuzana Hromcova – ESET
  • Thomas Siebert – G DATA CyberDefense
  • Saurabh Sharma – Kaspersky
  • Vladimir Kononovich – Kaspersky
  • Hsun-Jen Hsu – AVAST
  • Jen-Yu Tsai – AVAST
  • Christopher Del Fierro – IBM X-Force IRIS
  • Simon Edwards – SE Labs
  • Heungsoo Kang – LINE
  • Ivan Korolev – Doctor Web
  • Igor G. Zdobnov – Doctor Web
  • Lokesh Janakiraman – K7 Computing
  • Raja Babu Annamalai – K7 Computing
  • Doina Cosovan – SecurityScorecard
  • Catalin Valeriu Lita – SecurityScorecard
  • Samir Mody – K7 Computing
  • Luis Corrons – Avast
  • Eddy Willems – G DATA CyberDefense
  • Paul Chung – AhnLab


Wednesday, November 6, 2019

16:00 – 18:30 Registration

19:00-22:00 Welcome Drinks Reception

Thursday, November 7, 2019

Stage AStage B
8:00-9:00 Last Minute Registration 
9:00-9:05 Welcome & Logistics 
9:05-9:10 AVAR Welcome 
9:10-10:00 Keynote: Benefits and Hazards of Non-Local DNS Resolution 
10:00-10:30 Operation Ghost: The Dukes aren`t back – they never left 
10:30-11:00 More about HYDSEVEN adversary and cryptocurrency threat 
11:00-11:20 Coffee Break11:00 – 11:20 Coffee Break
11:20 -11:40 The Mining Ninja11:20-11:40 ATT&CKing the threat intel sharing problem
11:40-12:00 Curious tale of 8.t used by multiple attack campaigns against South Asian countries11:40-12:00 Protecting Democracy – Elections Under Attack
12:00-12:30 Sweet`n Sour in Poison: Case Study of Espionage Campaigns Targeting Japan12:00-12:30 Hunting advanced IoT malware
12:30-14:00 LUNCH12:30-14:00 LUNCH
14:00-14:30 Mac Me MORE Money!! Exploitation of Mac in Targetted Attacks14:00-14:30 Tick Tock – Activities of the Tick Cyber Espionage Group in East Asia Over the Last 10 Years
14:30-15:00 Defeating APT10 Compiler-level Obfuscations14:30-15:00 EMOTET…… The end to end story
15:00-15:30 The journey of malware families evade sandbox15:00-15:30 Guildma: timers sent from hell
15:30-15:40 COFFEE BREAK15:30-15:40 COFFEE BREAK
15:40-16:10 Rich Headers: leveraging this mysterious artifact of the PE format for threat hunting15:40-16:10 Cybersecurity Parasite
16:10-16:40 Momigari: Overview of the latest Windows OS kernel exploits found in the wild16:10-16:40 Demystifying macOS: An investigation into the dynamics of macOS attacks
16:40-17:00 Multiscanning: Making Sense of the Numbers16:40-17:00 CTPH Clustering Analysis in Big Data Environment

Friday, November 8, 2019

Stage AStage B
09:10-09:30 The Red Square – Mapping the connections inside Russia`s APT Ecosystem09:10-09:30 Unwanted world – from chaos to rules
09:30-10:00 The North Korean AV Anthology: a unique look on DPRK’s Anti-Virus market09:30-10:00 TITANIUM: the PLATINUM group strikes again
10:00-10:30 Buhtrap metamorphosis: From cybercrime to cyberespionage10:00-10:30 A Chronicle of Fallout
10:30-11:00 Attacks Against Financial Institutions and Cryptocurrencies10:30-11:00 Fast Rev-eng Is Definitely Awesome (Android Frida tutorial)
11:00 – 11:20 COFFEE BREAK11:00-11:20 COFFEE BREAK
11:20-11:40 Digital Skimmers: How crooks are spying your online shopping11:20-11:40 What is Really Happening with MegaCortex
11:40-12:00 MoqHao: Targeted Attacks on Android and iOS in Japan11:40-11:50 An introduction to CTA: Cyber Threat Alliance
 11:50-12:00 Buying, selling and analysing security: Following the money, time and expertise behind a trillion dollar industry
12:00-12:30 A deep look into the recent “Living off the Land” threats in the wild12:00-12:30 Discretion in APT: Recent APT attack on crypto exchange employees
12:30-14:00 LUNCH12:30-14:00 LUNCH
14:00-14:30 Targeting Japan: a story from infection vector to C&C server hidden using fast flux and everything in between14:00-14:30 Unrevealing the architecture behind the Counter-Strike 1.6 botnet: zero-days and Trojans
14:30-15:00 AgentSmith – A New species of Mobile Malware14:30-15:00 Into the Land of the Dark(hydrus)
15:00-15:30 The IoT in Jeopardy: The Abuse of Mobile Applications and Cloud Services15:00-15:30 Panel discussion: “Governments and Encryption, Offensive Security, IoT”
15:15-15:30 COFFEE BREAK 
15:30-16:00 ATTOR: Spy platform with curious GSM fingerprinting 
16:00-16:45 Judgement Day 
16:50-16:55 CARO 2020 Announcement 
16:55-17:00 Closing 
17:00-18:00 AVAR Members Meeting 

Saturday, November 9, 2019 : Networking Day


Take a break and enjoy a wonderful day with us. The historic Kyoto and fun Cupnoodles Museum in Osaka are waiting for you. Socialize with fellow attendees and visit once-in-a-lifetime sites.


Duration 10,5 hours / 9.00 – 19.30

  • CupNoodles Museum in Osaka
  • Traditional Lunch in Kyoto
  • Bamboo Grove in Kyoto
  • Tenryu-ji temple in Kyoto
  • Fushimi Inari Shrine in Kyoto



  • 10-hour tour
  • Private coach
  • Local english speaking guide
  • Entrance fee to Tenryu-ji & Bamboo grove
  • Entrance fee to Cup Noodles Museum
  • Lunch at traditional restaurant in Kyoto


  • Additional entrance fees
  • Food or drinks during the day (excl. Lunch)
  • Gratuities (optional)


Who knew noodles could be this fun? Regardless of your age or eating habits, the Instant Ramen Museum is packed with hands-on experiences and visual appeal, making it fun for anyone. This colorful wonderland stimulates much more than your taste buds.

You can make chicken ramen by hand or create your own completely original Cupnoodles package which is unavailable anywhere else in the world.


You’ve probably seen photos of the Arashiyama Bamboo Grove, but no picture can capture that sense of otherness, different than any other forests you ever visited. And right next to it is Tenryu-Ji Temple, with its famous 14th century Zen garden and pond, which catches the reflection of the surrounding maple trees.

Home to a seemingly endless stretch of over 5000 iconic orange torii gates spread across an entire mountain, Fushimi-Inari-Taisha Shrine is perhaps the single most fascinating sight in all of Kyoto and among the oldest Shinto shrines in Japan. Don’t miss it!



Situated along a scenic riverside in Osaka Business Park, Hotel New Otani Osaka offers guests an array of guestrooms and suites and numerous restaurants and bars for superior dining. The hotel is also just steps away from Osaka Castle and its surrounding 264 acre park, giving guests spectacular views of the natural and beautiful areas.


540-8578 Osaka Prefecture,

Osaka, Chuo-ku Shiromi 1-4-1, Japan


Paul Vixie

Benefits and Hazards of Non-Local DNS Resolution

Chairman, CEO and cofounder of Farsight Security, Inc.

Since commercialization and privatization of the Internet first began in the 1990’s, there has been a steady push to move access side DNS (called “recursive”) away from customer networks and towards first ISP’s and later Cisco, Google, IBM, and Cloudflare. What are the real motives for this trend? What are the risks and costs, and who pays them?

Vixie has worked in the DNS field since 1989 and has invented many of the monitoring and filtering capabilities now used by nearly all DNS services, and he will try to explain what’s happening. Special attention will be paid to the new web-based “DNS over HTTP” or “DoH” protocol now being strongly pushed by Mozilla and others.

Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, CEO and cofounder of Farsight Security, Inc. Dr. Vixie was inducted into the Internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source Internet software including BIND 8, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first commercial anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a breakthrough European data sharing collective to fight cybercrime. Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.

November 7 at 09:10 – 10:00, Stage A

We sit down with internet pioneer and Farsight Security CEO Dr. Paul Vixie, co-inventor of some of the services that are central to the internet’s fabric, including Domain Name System (DNS) architecture. As an authoritative voice on a range of matters that concern the global internet, the discussion with Dr. Vixie weaves together issues connecting DNS and its effect on security and privacy.


Gold Sponsor


Silver Sponsor


Welcome Drinks Reception

Wi-Fi Sponsor

Conference Shirt Sponsor

Attendee Name Badges

Lanyards Sponsor

Supporting Organization