To facilitate the development and communication of the Taiwan security community, the HITCON encourages the community to organize various network activities, launch the Taiwan Information Security Community Grant Program, and support the community to organize book clubs or seminars. We also subsidize activities and community programs. Feel free to apply to us!
What is the CTF hacker competition?
CTF (Capture the Flag) is a hacker competition to learn Attack and Defense. The CTF system is divided into three categories: Jeopardy, Attack & Defense and King of Hill. According to the competition rules, the teams use various hacker technologies to obtain hidden flags through decryption or vulnerability utilization.
HITCON CTF Team record
HITCON has been holding Wargame for 10 years since 2005. In 2014, HITCON entered DEFCON CTF, the world's largest hacker competition, and won the second place, winning honor for Taiwan. Since 2015, HITCON team has become the winning team in the world hacking contest, relying on the solidarity and cooperation of the team members to strive for glory for Taiwan.
We are a group of female expedition, we are exploring the world of information security!
We are a group of female adventurers who want to find new paths, hoping to find our own dreams in the world of information security. In 2014, we held the first Workshop to take the first step in encouraging women to learn information security. We use a variety of courses to encourage beginners to step into the world of information security. For example, opening locks, writing programs, blocking packages, analyzing malicious programs... These knowledge should not be dominated by men. We believe that gender should not be a barrier.
In 2015, we held our first reading and sharing session, which was not only the second external event, but also an important milestone of HITCON GIRLS 'learning journey, recording our journey. Information security is a part of our lives, our dreams and lives.
In 2017, some girls started going their own way, maybe graduating into the workforce, maybe loving their jobs more, maybe finding new goals through the community. We expect the changes made by HITCON GIRLS to fall around the world like windblown fruit and petals, and each new seedling represents "women can be information security experts, gender is not a barrier".
What is HITCON hackathon?
In order to accelerate the industrialization of information security industry and attract more talents, HITCON started to hold the hackathon competition of the Internet of things in 2017, aiming at looking into the future, bringing community, campus research and innovative energy into the information security industry, and attracting outstanding engineers and students to invest in industrial research and design.
HITCON Hackathon 2017
HITCON Hackathon 2017 sets the theme of competition according to the development trend of the industry, with information security vulnerabilities, product innovation, cross-border integration of talents and creativity as the theme of the event. In this activity, we also invited ASUS, a well-known domestic manufacturer, to provide Zenbo robot and ASUS Zenbo SDK, so that developers can use Zenbo sensors to develop new algorithms and provide new application methods to protect the Internet of things information security, such as enhancing face recognition and providing users with voice recognition.
Enterprise award - "ICRY" won "HITCON bright star award”
This work USES Asus Zenbo robot to capture the appearance of family members and strangers, and then uses the imported facial recognition technology to distinguish family members and strangers to help maintain the safety of the home. If the invasion of strangers is detected, Zenbo will send a warning to the family members. In addition, Zenbo can provide individualized services to different family members. If an elderly person falls down at home, Zenbo will notify the family members to seek assistance.
To promote the cultivation of information security talents, we launched HITCON HackDoor
HITCON takes it as its mission to promote the correct concept of information security and cultivate Taiwan's information security talents. HITCON continues to promote information security issues and nurture talent in the spirit of hacking. At this year's HITCON CMT conference, we launched the world's first hacker version of escape games HITCON HackDoor, so that the public can learn through games, and actually challenge the information security problems that may exist in various iot devices in life, and at the same time echo the government's policy of promoting information security talent cultivation.
Everyone can learn new information security knowledge
HITCON HackDoor is a new type of game that combines room escape games, puzzle solving, teaching, and competition to incorporate interesting information security issues into the game, along with workshops. Anyone who is interested in the game itself, or who wants to challenge the information security topics we have designed, can sign up. By learning while playing, your interest will be stimulated.
Implementation courses: three thematic workshops
The workshop implementation courses covers three major topics: access card replication, wi-fi password cracking, and mobile phone graphic password lock cracking. Incredible fast break techniques, you don't need to be super powerful, just choose the right tools, you can easily break them.
We're not trying to teach you to do bad things. Instead, we're trying to get you to experience the dangers of ignoring information security, and to raise public awareness of information security, so that more people who study information security technologies can be on the right track.Team practice: Test the ability and cohesion of the team
The topic is combined with the Internet of things devices, such as printer, IP CAM, office card punching system, electronic bulletin board system, access control system, etc., we design a variety of questions to challenge the participating teams.
HITCON Knowledge Base (KB) introduction
HITCON Knowledge Base (KB) is an information security Knowledge and technology sharing platform. There are a variety of excellent information security articles on the Internet, such as analysis of information security incidents, research on vulnerabilities, CTF's writeup, etc. However, there is a lack of a good platform to collect these articles. Many beginners in Taiwan also hope that there is a platform to quickly read a variety of quality articles. At present, there are dozens of selected articles on the platform, including CTF competition experience sharing, problem solving methods, vulnerability analysis, information security event analysis and high-quality information security translation articles. HITCON hopes to provide a platform to collect various good articles for readers to enter the information security field, and look forward to information security experts to contribute!
HITCON ZeroDay is a public benefit program established by HITCON. Our mission is to help information security experts and enterprises to communicate and benefit, so that security experts and enterprises stand in the same line, creating a good information security environment. HITCON ZeroDay launched in 2015. The reliable vulnerability notification platform helps enterprises to effectively deal with and fix the vulnerability, and enables notifiers to know the relevant progress in a timely manner, thus creating a communication channel of mutual trust and cooperation.
In recent years, we have organized the Bug Bounty Program through this platform. Enterprises can give appropriate rewards to the notifier according to the severity and usefulness of each notification. Enterprises can also actively recruit information security experts for testing. In addition to highlighting the importance that enterprises attach to information security and obtain first-hand vulnerability information, information security experts can feel that they are taken seriously, so as to make continuous returns for enterprises and avoid the leakage to the black market.
The task of the reporting platform
‧ Make sure the communication between the enterprise and the notifier is smooth
‧ Validate vulnerability
‧ Avoid malicious exploitation of vulnerabilities by notifiers
‧ Avoid corporate accountability without fixing loopholes
‧ Reward to notifier (credit, bonus)
‧ Give enterprises access to talent
‧ Matchmaking between enterprises and information security vendorsFeatures
‧ Inform the company of vulnerabilities
‧ Bug details support Markdown writing
‧ Update status of vulnerability immediately
‧ Communicate with business in private
‧ Open message boards for discussion
‧ The points ranking shows the degree of contributionEnterprise
‧ Exclusive enterprise account background
‧ Get the latest vulnerabilities immediately
‧ Update vulnerability status instantly
‧ Communicate private information to ZD team or notifier
‧ Reward the notifierOpen Data
‧ RSS Feed provides feeds for the latest vulnerability information
‧ The API interface gives the partner vendor cascading data
HITCON Cyber Range 為一場資安事件調查為主的企業藍隊競賽。此競賽模擬企業遭受網路攻擊，參賽隊伍需扮演資安應變團隊的角色，從大量威脅告警資料及系統日誌中找出攻擊者的足跡，並針對攻擊事件應變，以增強企業資安威脅的防禦能力。
此競賽為臺灣難度最高的藍隊 (防禦) 資安競賽之一，更是培育優秀資安人才最佳的舞台。透過競賽不僅考驗參賽隊伍的技術實力及團隊默契，更重要的是培養參賽隊伍的實戰經驗與防禦技巧，從中熟悉資安事件的調查流程與技術。透過參與競賽可提升面對資安威脅的實戰解決能力，培育出企業與政府單位最需要的防禦性資安人才。
HITCON Enterprise 會議討論企業資安技術與管理的相關議程，強化企業資安能量，以應變各種資安問題。
HITCON CISO Summit 採全邀請制形式匯聚國內外頂尖產官學界的資安決策者，透過深度議程與圓桌會議的交流，建構與完善企業的資安政策與未來發展方向。