Open Ticket - MYR 300.00
Student Ticket - MYR 90.00 (Limited to Foundation, Diploma & Undergraduate only)
#All tickets include lunch.
#On-site activity, Malware Village, will run concurrently on the event day.
Announcement
Due to unforeseen circumstances, Chen Yin will not be able to participate in MYHack. However, he has graciously agreed to host an online session for the MYHack participants on October 30 at 5:00 PM (KL time). Please check your email for this update.
Join us for the thrilling Malware Village CTF competition!
Compete for a chance to win one of four CREST Practitioner Security Analyst (CPSA) exam vouchers.
Bring your laptop and get ready for an unforgettable challenge!
Updates
#As of September 30, 2025, there are 15 open tickets and 18 student tickets available.
#As of September 15, 2025, there are 18 open tickets and 20 student tickets available.
#As of September 05, 2025, there are 26 open tickets and 26 student tickets available.
#As of August 29, 2025, there are 31 open tickets and 27 student tickets available.
#A registration is deemed complete only upon the full payment of the ticket.
#As of August 22, 2025, there are 39 open tickets and 35 student tickets available.
Time | Agenda/ Topic | Speaker |
|---|---|---|
0830 to 0900 | Registration | - |
0900 to 0905 | Welcome Remark | Jason Glassberg |
0905 to 0915 | Opening Remark | Hairil Izwar Abd Rahman |
0915 to 1015 | Android’s gray-market attack surface and OEM countermeasures | YuanPeng Zhu |
1015 to 1115 | Predicting the predictors: Weakness in AI-generated code | Alfredo Ortega |
1115 to 1130 | Break | - |
1130 to 1230 | Blockchain and Crypto Security in Fintech Ecosystems | Pasi Koistinen |
1230 to 1330 | Lunch and Networking | - |
1330 to 1430 | Ghost in the Machine: Exploiting Hardware & Network Fingerprints for Tracking | Aditya Singh |
1430 to 1530 | Panda in the Wire: HoneyMyte's Trail of Espionage in SEA | Fareed Radzi |
1530 to 1545 | Break | - |
1545 to 1645 | Agent Network Protocol (ANP) | Heyi Wu |
1645 to 1700 | Closing Remark | bk + Muhammad Haziq |
Abstract: This presentation focuses on the various attack vectors and techniques used in mobile black and gray market activities, such as ad fraud and deepfakes. It will break down how these activities infiltrate and operate within mobile ecosystems. Additionally, the talk outlines a comprehensive defense strategy that encompasses threat intelligence, forensics, and detection tools. This strategy culminates in the development of a mobile security risk engine. This end-to-end framework is designed to proactively identify, block, and neutralize these types of attacks, with real-world case studies demonstrating its effectiveness in mitigating risks.
About: YuanPeng Zhu is the Head of Black and Gray Industry Countermeasures at vivo kM1rr0rs Security Lab, where he focuses on combating black and gray market activities within the mobile security sector. His work primarily involves managing malicious applications and developing threat intelligence systems. YuanPeng has successfully led various special countermeasure projects aimed at addressing new variants of malicious apps and methods of industrial chain attacks, significantly reducing potential large-scale security risks for users. In addition to his project work, YuanPeng has delivered keynote speeches at professional summits, including China's SDC and the Threat Hunter Salon. During these events, he has shared innovative countermeasure ideas and technical practices relevant to the industry.
Abstract: AI coding has taken the software development industry by storm. Microsoft’s CEO revealed that AI currently writes up to 30% of the company’s code. But is there a study of the weaknesses of this generated code? Can we predict vulnerabilities introduced by AI? In this presentation, we will present several studies that show how AI-generated code and passwords are predictable due to the inherent low entropy of the generation, much lower even than that of human-generated code/data. We will also explain how a malicious attacker can take advantage of this by predicting the behavior and bugs introduced by AI code generation.
About: Alfredo Ortega, CEO and founder of Neuroengine.ai, brings over 20 years of professional experience as a cybersecurity expert and bug-hunter. He holds a PhD in Computer Science from the Instituto Tecnológico de Buenos Aires. Throughout his career, Alfredo has made significant contributions to the field by discovering and publishing numerous high-impact vulnerabilities in prominent software systems such as OpenBSD, Signal, and voting machines.
Abstract: The convergence of artificial intelligence and cybersecurity is reshaping the threat and defense landscape at an unprecedented speed. AI now acts as both a powerful defender and a highly capable attacker; automating reconnaissance, crafting sophisticated phishing campaigns, generating adaptive malware, and exploiting vulnerabilities invisible to traditional tools. At the same time, defenders are deploying AI for detection, response, and predictive analysis, while struggling with new risks such as model poisoning, prompt injection, data leakage, and opaque decision-making. This is no longer a theoretical frontier; it’s an operational reality that demands new strategies, architectures, and governance to secure intelligent systems before the gap between.
About: Pasi Koistinen is a cybersecurity executive, author, and speaker with over 25 years of experience protecting digital infrastructures across startups, financial institutions, and global enterprises. Currently, the CISO at a major cryptocurrency platform in Singapore, and he specializes in securing environments shaped by blockchain, AI, and digital finance. An entrepreneur in offensive security testing, threat intelligence, and adversary simulation, Pasi holds multiple industry certifications and received the ASEAN CSO30 Award in 2024. He frequently speaks at international conferences and is an author of multiple books that bridge technical cybersecurity and strategic leadership.
Abstract: Traditional fingerprinting techniques often rely on easily spoofed software attributes, making them unreliable for security-critical applications. In this talk, we present a new generation of resilient fingerprinting methods that leverage hardware-level quirks and network-layer anomalies such as RTC drift, packet timing, JA4 signatures, Bluetooth/Wi-Fi signals, and even favicon caching without JavaScript. These methods work even when users employ privacy tools like VPNs or anti-fingerprinting browsers. We’ll demonstrate how organizations can use these techniques for fraud detection and authentication, while also revealing how adversaries can exploit them for stealth tracking. Through live demos and case studies, attendees will gain a practical framework for building or defending against these advanced fingerprinting systems.
About: Aditya Singh is a Cybersecurity Analyst at Turtleneck Systems & Solutions, with over two years of experience building decoy systems, sandboxes, and security tools. His research on fingerprinting and Mirai botnet analysis has been presented & accepted at Black Hat, Nullcon Goa, BSides Bloomington, Connecticut, Sydney, Hackred Con, VulnCon, and other major conferences worldwide.
Abstract: The presentation will first introduce the HoneyMyte profile, focusing on observed victimology across multiple campaigns, shedding light on targeted sectors, regional trends, and potential strategic objectives. In this case, we will focus on attacks that happened in Southeast Asia. Then, we will cover a range of implants and tools used by the group, from PlugX and ToneShell to lesser-known payloads like ToneDisk, ToneIns, Qreverse, keyloggers, document stealers, and custom credential arvesters. There’s also a look at how proxyware like StarProxy has been used for covert communications and persistence. The talk will then further discuss attribution, supported through analysis of infrastructure, code reuse, and operational tradecraft that collectively point toward HoneyMyte’s involvement.
About: Fareed Radzi is a Security Researcher at Kaspersky with a focus on malware analysis, threat intelligence, and reverse engineering. His research often centers on APT activity in Asia, with particular interest in espionage-driven malware and tooling. He has over five years of experience in malware reverse engineering and regularly presents at community talks, trainings, and local and global conferences across the region.
Abstract: As artificial intelligence advances, autonomous agents are becoming crucial in the internet landscape. Traditional communication protocols often fail to enable collaboration among these agents securely. The Agent Network Protocol (ANP) offers an open-source framework focused on decentralized identity authentication, behavioral coordination, and transaction execution without centralized intermediaries. This presentation outlines ANP’s design and components, including decentralized identifiers and verifiable credentials. Using hotel booking as a case study, we show how agents can collaborate under the ANP framework. We also discuss challenges like standardization and infrastructure immaturity, suggesting future directions such as schema unification and improved key management. ANP aims to establish a trusted environment for agent collaboration, promoting identity sovereignty and paving the way for resilient digital ecosystems.
About: Heyi Wu has contributed to research and product development in AI security and intelligence hunting. He has presented at notable security conferences, including POC, Black Hat MEA, and HITB, and holds several certifications, such as CCSSP, CCSK, CDPSE, and PMP. Additionally, he has reported multiple zero-day vulnerabilities, addressed security issues in self-developed Linux systems, and produced advanced reports on attack hunting traceability.
Malware Village dedicated to providing a safe and engaging environment for participants to learn and share knowledge about malware analysis. Our mission is to equip attendees with the skills, techniques, and historical context needed to understand, research, and combat malware. Participants will gain hands-on experience with real-world analysis techniques, guided by seasoned infosec professionals.
Beyond technical training, Malware Village fosters a strong community where researchers, enthusiasts, and professionals can connect. We welcome everyone—whether you're an artist creating malware-inspired art, a hardware researcher discovering unexpected connections to malware analysis, or a seasoned analyst reminiscing about early malware history. Even children can explore malware through Malmons (aka Malware Monsters by Lena Yu aka LambdaMamba), making cybersecurity education more accessible.
At its core, Malware Village is about uniting people "newcomers and experts alike" with a shared mission: understanding, analyzing, and defending against malware to protect society.
Adversarial Techniques and Practical Strategies in Red Team Assessments: This presentation provides an in-depth exploration of advanced adversarial techniques and practical strategies employed in red team assessments against well-defended environments. Grounded in the MITRE ATT&CK framework, it covers key phases such as reconnaissance, initial access, lateral movement, and antivirus evasion. Through real-world case studies, the presentation reconstructs critical stages of the attack chain, offering technical insights into the planning and execution of modern offensive operations.
About: Chen Yin, the CTO of DefenseN, is a cybersecurity expert with the Hohhot Public Security Bureau and serves as a training coach for the national Ministry of Defense. He has extensive experience in research and secure development, and has spoken at conferences such as ISC and FCIS. Additionally, he has authored or translated several cybersecurity books, contributing to the advancement of technical expertise and professional education in the field.
This event has limited open tickets for 50 participants and student tickets for 40 participants.
To register, please get in touch with BK via WhatsApp at +60 14 9600 291 or by email at info@casaba.com.my. In your message or email, kindly include your name, organization (if applicable), contact information and proof of payment. For the student ticket, please ensure you attach a copy of your student card.
Please ensure that payment is completed by 2025 October 15, based on the wire transfer details provided.
Wire Transfer Instructions
Bank Name: CIMB Bank Berhad
Branch: Plaza Damansara
Address: Menara Southern Bank, 83 Medan Setia 1, Plaza Damansara, Bukit Damansara, 59490 Kuala Lumpur, Malaysia.
SWIFT Code: CIBBMYKL
Account Name: Casaba Security Sdn. Bhd.
Account No.: 8010211960
#This is a profit-neutral event.
