• XReward – A Return Day.

    2015.8.20 Beijing Bai Fu Yi Hotel

    Free to attend, XCon attendees first!

  • Welcome To XCon2015.

    2015.8.18-19 Beijing

XCon2015 Speakers !

Jason Shirk

Jason Shirk is a Principal Security Strategist at Microsoft and runs their Bug Bounty Program (aka.ms/bugbounty). He has spent a number of years in both the software security & user data privacy spaces with roles from owning Microsoft’s Fuzzing Strategy and toolkit to the Security Architect for Bing, penetration test and endpoint security at Bell Labs/Avaya, to now driving overall Security Ecosystem Strategy for Microsoft. Jason speaks regularly at external Security & Privacy conferences, as well as advising program owners across Microsoft and the industry on the evolving nature of building secure software, with user privacy in the forefront.

Microsoft Bug Bounty Program: Data Behind the Scenes

[ Read More ]
Microsoft Bug Bounty Program: Data Behind the Scenes

Microsoft has been working with security researchers for a long time as part of a robust security regimen, which we continue to value and drive passionately. Bug bounties are an increasingly important part of the vulnerability research and defense ecosystem. We believe that bounties will continue to evolve over time, and will be regularly managing the Microsoft Bounty Programs. In this talk Jason will be talking about what we've seen to date, what we've learned, and diving more deeply into the data behind running the Bug Bounty Programs at Microsoft


Funny Wei is a core member of XFocus Team, XCon speaker,Ph.D. He is mainly dig into software vulnerability analysis, industrial-control systems security and SDN security. He has many years of experience on vulnerabilities detection of OS、smart devices、cloud computing platform and engaged in the study and implementation of symbolic execution, fuzzing, massively distributed parallel detection techniques. Recently he is focusing his research on industrial-control system, SDN and Internet of vehicle security issues.

Construction of software vulnerability analysis infrastructure

[ Read More ]
Construction of software vulnerability analysis infrastructure

From the perspective of software testing for refinement, scalability, logic and visualization, Funnywei will present the point of ‘making’ a vulnerability rather than ‘finding’ a vulnerability, and construct a pipeline based on exploration, analysis, fault localization. The system focuses on providing path analysis and exploration ability. He will also introduce the corresponding analysis algorithm and related demos.

Zhong Chenming (Cos)

Cos (Zhong Chenming) is the Technical Vice President of Beijing Knownsec Information Technology Co., Ltd., head of 404 Security Team. With a long-term focus on Web2.0 hacking, he has an all-around knowledge and practices of cyber-attack/defense skills, particularly good at taking over targets with stealthy techniques. As the industrial practitioner of security and big data, he took the lead in creating the well-known ZoomEye Cyber-space Search Engine and bringing KCon into a brighter future. He is fond of seeking inspirations across different fields and wrote the popular book Web Front-End Hacker’s Handbook.

Hidden Battlefield: Flash-based Web Attacks

[ Read More ]
Hidden Battlefield: Flash-based Web Attacks

Among numerous attacks in the Web2.0 era, Flash-based attacks could be considered as unique. In this topic, we will thoroughly analyze the key technical points of such attacks and share multiple ideas in exploiting these vulnerabilities, consisting of user privacy acquisition, tampering, persistent identity hijacking, worm attacks etc. The vulnerability discovery process will also be discussed, including the build-ups of relevant tools.


Ph.D, the current general manager of Antiy Microelectronics and Embedded R&D Center. He is mainly interested in computer and external hardware security, information security of industrial systems, embedded systems and internet of things and etc. He is a geek who is addicted to technologies, all his working and hobbies are DIY hardware and hack. He and his team have rich experience in showing their work related to hardware security on XCon.

Evil Cleaning Maid, the Information Security Risks by Floor-sweeping Robots

[ Read More ]
Evil Cleaning Maid, the Information Security Risks by Floor-sweeping Robots

The wonderful life of smart home depicted by science fiction and futurists has not yet realized, the information security risk of previous intelligent home appliance also should not be neglected. This paper shows the analysis of research group on the hardware and software structures of several intelligent floor-sweeping robots and illustrates the possible security risks. It will demonstrate the hack of floor-sweeping robots so as to arouse people’s attention toward smart home security.

Xiaobo Chen (DM557)

Xiaobo Chen is a member of the Pangu Team. He used to work as a senior research scientist at FireEye and McAfee. He has participated in network security field since 2000, and has over 15 years experience in network security, and now he focus is on innovative research on software vulnerability and exploitation on Microsoft and Apple systems.

Review and Exploit Neglected Attack Surfaces in iOS 8

[ Read More ]
Review and Exploit Neglected Attack Surfaces in iOS 8

The security design of iOS significantly reduces the attack surfaces for iOS. Since iOS has gained increasing attention due to its rising popularity, most major attack surfaces in iOS such as mobile safari and IOKit kernel extensions have been well studied and tested. This talk will first review some previously known attacks against these surfaces, and then focus on analyzing and pointing out those neglected attack surfaces. Furthermore, this talk will explore how to apply fuzzing testing and whitebox code auditing to the neglected attack surfaces and share interesting findings. In particular, this talk will disclose POCs for a number of crashes and memory corruption errors in system daemons, which are even triggerable through XPC (a lightweight inter-process communication mechanism) by any app running in the container sandbox, and analyze and share the POC for an out-of-boundary memory access 0day in the latest iOS kernel.

Lyon Yang

Lyon Yang is a senior security consultant at Vantage Point Security with a research focus on embedded systems hacking and exploitation. He is from sunny Singapore, the world’s first smart city. His regular discoveries of zero days in a variety of router models has earned him a reputation as the go-to guy for router hacking in Singapore, where he has been hired to do firmware source code reviews on popular router models. He is currently working on a comprehensive testing framework for ARM and MIPS based routers as well as shell code generation and post-exploitation techniques.

Advanced SOHO Router Exploitation

[ Read More ]
Advanced SOHO Router Exploitation

    In this talk we will look into how a series of 0-day vulnerabilities can be used to hack into tens of thousands of SOHO Routers. We will elaborate on the techniques that were used in this research to locate exploitable routers, discover 0day vulnerabilities and successfully exploit them on both the MIPS and ARM platforms. The talk will cover the following topics:
  • Dumping and analyzing router firmware from an ISP provided router.
  • Tips and Tricks to discovering vulnerabilities on the router
  • Identification of vulnerabilities
  • Explanation of how to write ARM / MIPS exploits
  • ROP Gadgets used for writing ARM and MIPS Proof-Of-Concept
  • Post exploitation concepts – creative use of exploits
  • The talk contains several 0day issues that allow enumerating and compromising (remote root) thousands of household routers currently connected to the Internet.


nEINEI is one of the core members of ByteHero team, he is a security researcher of Intel Security/McAfee Labs. One of designers of Bytehero Heuristic Detection Engine, he provided the BDV engine with Virustotal/OPSWAT platform. He has many years of experiences on Anti-virus techniques research and be interested in virus research/anti-virus engine design, vulnerability research, network attacks, reverse engineering and has spoken at security conferences such as Xcon2014,XCon2013, XCon2010,AVAR2012, and CanSecWest2014.

Application Level's Persistence of Attack Technology

[ Read More ]
Application Level's Persistence of Attack Technology

We focused three issues to explain what is application level's persistence of attack technology. 1) COM Hijack 2) Registry Hiding 3) Exploit MSI. We will discuss persistence of attack technology the nature of the problem and why we are difficult to defense of "security weakness”. With the rising of the threat that we used traditional technology to coupled SecureCloud, community of reputation to use it as cyber security protection system, but especially in the face of persistence of attack is feeble and ignored. Persistence of attack technology penetrated through the terminal of security architecture. This is the attacker want to the road must take on elaborate defense mechanisms. so, at the moment this attack technology is "one of biggest features that as all of the terminal security system".

Yang Qing (Ir0nSmith)

He is the manager of 360 Unicorn Team,  who first reported the vulnerability of subway WirelessNet and NFC card in China. He leaded his team made 360SkyScan-WIPS, NFC card protection, security charger and some other geek protection productions. He is the speaker of Defcon 23. Besides, his team is also going to make three speeches on Defcon 23 ,  which are GPS Spoofing, Zigbee Hack, and GPRS Hijack.

Hacking GPS - Generate fake GPS signal step by step

[ Read More ]
Hacking GPS - Generate fake GPS signal step by step

It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong position results. There are many companies provide commercial GPS emulators which can be used for the above attack, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce a fake GPS signal through SDR tools, e.g. USRP / bladeRF / HackRF. This makes the attack cost very low. It may influence all the civilian use GPS chipset, especially the independent GPS receiver without cellular network assistance. This topic is about the content that has never been published before.

Wenbin Yan(Wanming)

He has been engaged in researching computer viruses, software protection and cryptology for many years;BBS Moderator of pediy.com and currently works as CTO in NAGA. He has spoken at security conferences such as Xcon, Xkungfoo

The Principle of Binary Instruction Compiler and its Application on Android Native Layer

In the previous part, we have introduced binary instruction compiler and its principle. First, the compiler identifies the architecture of the machine and disassembles the structure of object files (ELF, PE, MACH-O). Next, it identifies the common properties of the object files and the model of file structure. The compiler analyzes the binary instructions and builds instruction model based on different architectures. According to the instruction model, the compiler transforms the instructions of different system architecture (X86, ARM, MIPS etc.) to virtual pseudo assembly code uniformly, and restores the source code. Then, it recompiles the source code by using the pseudo code assembler. During the compiling, it controls the output based on the instruction generation template and finally generates real binary code with anti-reverse-analysis functions without changing the original logic.

Cui Xiaochen(Hannibal)

Network ID:Hannibal. Co-founder of team509 security technology research team. He has focused on the field of Reverse Engineering and Computer forensics over ten years. Translator of surreptitious software (simplified Chinese version), and speaker of xkungfoo 2008 (raid5 internals) 2013 (From 1day to forensic)and XCon2012(File Analysis Vs File System Analysis)

The Imitation Game

[ Read More ]
The Imitation Game

Sensitive data erasing has always been a main security problem; attackers will do everything for recovering the user’s sensitive data. Currently there’s misunderstanding when we’re erasing these data. Especially when data is encrypted through error propagation mode such as CBC and etc., it is easily to misuse some cryptography principle. This topic will combine with file-based recovery technology for getting user login credentials of a well-known software, and discuss the issue with put forward the solutions.

Renguang Yuan(yuange)

ID:yuange who is well-known as one of the elites representative of Chinese network security and hacking technology, the first finder of Windows9X share password using underlying analysis of Microsoft Windows system and first one who digging IIS Unicode system vulnerabilities. He has worked for many famous security companies such as Nsfocus and 360.

Forum: Present and Future of vulnerability & vulnerability mining

Alexander Timorin, Sergey Gordeychik

Sergey Gordeychik is the Director and Scriptwriter of the Positive Hack Days forum, captain of SCADAStrangeLove.org team and Web Application Security Consortium (WASC) contributor. Industrial cyber-disasters researcher and speaker at S4, CCC, POC, Kaspersky SAS, etc. The main areas of his work are the development of the enterprise security products in Sergey has developed a number of training courses, including "Wireless Networks Security" and "Analysis and Security Assessment of Web Applications", published several dozens of articles in various titles and a book called "Wireless Networks Security".

Alexander Timorin, SCADAStrangeLove network protocols ninja.

Practical security assessment of European SmartGrid

[ Read More ]
Practical security assessment of European SmartGrid

Electrical Grid is one of the sophisticated systems humanity ever built. New technologies such as IEC 61850 and Europe-wide initiatives to create continent-wide SmartGrid systems makes it more and more complex.

Our latest research was devoted to the analysis of the threat, landscape architecture and implementation of the modern Smart Grid elements, including relay protection, wind and solar energy generation.

It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security.

In this talk, we summarize our practical experience in security assessment of different components of European SmartGrid technologies: from housekeeping and rooftop PV systems to digital substations. We will release new (but responsibly disclosed) vulnerabilities in SmartGrid systems, Cloud SCADA technologies as well as new tools for security assessment of SmartGrid industrial protocols.

XCon2015 Venue: Beijing Bai Fu Yi Hotel
Beijing Bai Fu Yi Hotel

Adress: No.19 South Erlizhuang Dongzhimen Street Dongcheng District Beijing.

XCon2015 Venue: Banquet Hall

Venue: The biggest meeting hall of hotel.

Bai Fu Yi Lobby

Venue: Lobby elevator to 2nd floor to our venue.

XCon2015 Agenda
2015-8-18 Tuesday 1st Day
8:30-9:30XCon2015 Registration
9:30-9:40Beginning Speech
9:40-10:40FunnyWeiConstruction of software vulnerability analysis infrastructure
10:40-11:40NEINEIApplication Level's Persistence of Attack Technology
13:30-14:30YangQingHacking GPS - Generate fake GPS signal step by step
14:30-15:30Lyon YangAdvanced SOHO Router Exploitation
15:30-16:00Rest & Coffee Break
16:00-17:00Cui Xiaochen (Hannibal)The Imitation Game
17:00-18:00XiaoBo Chen(DM557)Review and Exploit Neglected Attack Surfaces in iOS 8
2015-8-19 Wednesday 2nd Day
9:30-10:30Jason ShirkMicrosoft Bug Bounty Program: Data Behind the Scenes
10:30-11:30CosHidden Battlefield: Flash-based Web Attacks
13:30-14:30Alexander Timorin, Sergey GordeychikPractical security assessment of European SmartGrid
14:30-15:30ESoulEvil Cleaning Maid, the Information Security Risks by Floor-sweeping Robots
15:30-16:00Rest & Coffee Break
16:00-17:00Forum: Present and Future of vulnerability & vulnerability mining
Special Events

XCon XFocus Information Security Conferense

AHaving certain influence in the world, XCon Information Security Conference is one of the largest and most authoritative and famous information security conferences in China. For more than a decade, XCon has been upholding its rigorous work style and inviting the information security experts and fans, network security consultants from abroad and home. XCon commits to create a friendly, harmonious platform for communication.

Every summer XCon will come in time and meet you in Beijing--the capital of China. There will be hundreds of information security experts, scholars, researchers and related professionals come from different countries invited to present and give speeches. The meeting covers everything and new fields’ information security technologies. If you have new technologies, new discoveries or successful experiences in some fields and welcome to share with us!

We are only the feasts of technologies. You should be here!

Sending your papers to cfp@huayongxingan.com Registration,

XCon2015 Call For Paper

XFocus Team

Xfocus is a non-profit and free technology organization, which was founded in 1998 in China. We are devoting to research and demonstration of weaknesses related to network services and communication security.

We hope that we can use new technical tools to achieve our goals, and to broaden our outlook. Also we can communicate and help with each other through this amazing Internet.

From Internet, for Internet!

Go To XFocus Website

XReward – A Return Day

Within many years of grow-up through Internet, we have got so many things from it such as knowledge, friends, career, chances and money. This is time for return to Internet. That’s the real meaning of our slogan:From Internet, For Internet! To express XCon gratitude to Internet and every friends who contribute their efforts to make this virtual world safe, a special event named XReward will be held at the same place of XCon2015 venue on 20th August. Everyone is Free to come in this day for meeting and communicating with XFocus Team members and big shots in famous internet enterprises. Due to the limited space,XCon attendees are in priority. Coming soon for more details!

Go to XReward Website
  • Registration fee will include:
  • Access to 2 days conference (18th -19th August), coffee breaks and lunch per day and conference souvenirs.
Early registration
payment before 08/5
Regular registration
payment before 08/14
Late registration
payment at door:
$700/per person$750/per person$800/per person
  • Please use the subject as XCon2015 Registration and send to xcon@huayongxingan.comxcon@huayongxingan.com
  • Please mail us your registration information and it should cover with: Last name, first name, email address, company, country, city, address and special diet (None, Vegetarian, Muslim).
  • he XCon organizing committee could help you book the room of conference hotel at a better price, if you need us help please send email to us use the subject of XCon2015 Room reservation.  XCon2015 Room reservation
Past conferences