Agenda

2026/03/14 (Sat.) 08:40 - 17:00

In 2026, AI is accelerating the scale and frequency of cyber attacks. Defenders can detect threats with greater precision, but attackers are also using AI to expand their capabilities and target organizations more effectively. The impact of these security challenges extends beyond internal defenses to supply chains and product security.

This conference focuses on technical depth and real-world experience. Sessions will present the latest vulnerability research and real Red Team Assessment cases. Topics include Red Team observations from the perspective of AI driven attacks, common security pitfalls in Wi-Fi implementations, practical threat hunting experience, and insights from the Pwn2Own competition, including an in-depth analysis of the 2025 full chain vulnerability React2Shell and its evolution in real world attacks and defenses.

09:20 — 09:30: Opening

09:30 — 10:00: The Red Team's AI Perspective: LLMs in Adversarial Exercises
講者：Alan ｜職位：Red Team Manager of DEVCORE
議程簡介：In recent years, many organizations have adopted generative AI to improve development efficiency and accelerate operational workflows. A common use case is the deployment of chat based LLM assistants for customer service or internal knowledge queries. Even without automated actions, these systems can introduce new challenges in data protection and access control. This session presents a Red Team perspective based on observations from attack and defense exercises. It examines common risks and blind spots in enterprise chat based LLM deployments and helps organizations develop a more complete understanding of the security risks involved.

10:00 — 10:10: Break

10:10 — 10:40: No Password, No Problem: From Wi-Fi to We-Fi
講者：Ray ｜職位：Security Researcher of DEVCORE
議程簡介：Wi-Fi is widely used and is the basis of most networks where many devices rely on a shared password for protection. A long Wi-Fi password does not always guarantee network security because small implementation issues can break this assumption. In this talk, we study Wi-Fi security by reverse engineering MCU firmware and kernel drivers to find real vulnerabilities in Wi-Fi implementation.

10:40 — 10:50: Break

10:50 — 11:30: Beyond CoGUI: Exposing the FishingMaster PhaaS Ecosystem Behind Global Phishing Campaigns
講者：Shadow & Albert ｜職位：Independent Researchers
議程簡介：CoGUI is a widely reported phishing kit, yet the infrastructure and operators behind it have remained largely in the shadows. In this talk, we trace CoGUI back to FishingMaster, a previously unreported Chinese Phishing-as-a-Service (PhaaS) platform, and expose its two reincarnations of infrastructure and business operations. Although most CoGUI campaigns focus on Japan, our analysis uncovers additional phishing operations targeting the United States, Europe, Australia, and beyond. Attendees will gain practical techniques for tracking modern China-based PhaaS operations, including infrastructure pivoting and methods for monitoring Telegram-driven phishing activities across regions.

11:30 — 11:40: Break

11:40 — 12:20: The Genesis Defiler: Hack the package registries
講者：Splitline ｜職位：Security Researcher of DEVCORE
議程簡介：You’re absolutely right. Watch out for typos, verify your developers, and always stick to those 'official' sources. That’s the textbook advice, isn’t it? But here’s the thing: What if the sanctuary itself is compromised? What if the entire package registry is the one that’s been hacked? Welcome to 'The Genesis Defiler'. In this session, we’re going to show you exactly how we breached the roots of the supply chain—hacking package repositories across 3+ programming languages, from the frontend all the way to the backend!

12:20 — 13:30: Lunch Break

13:30 — 14:00: The Last Mile: From Threat Hunting to Detection
講者：Joey ｜職位：Security Research Engineering Technical Leader of Cisco Talos
議程簡介：Threat hunting enables security teams to proactively leverage EDR (Endpoint Detection and Response) telemetry to search for hidden threats within their environments that have not yet been detected. The goal is to identify and eradicate attackers before they can cause greater damage, completing the security lifecycle from discovery to remediation. However, there is often a gap between theory and practice. In this talk, the speaker will share real-world cases encountered by threat researchers, providing a closer look at the challenges and scenarios that arise during threat hunting. The session will also examine a familiar question: “Why wasn’t it detected?” and reveal the stories behind it.

14:00 — 14:10: Break

14:10 — 14:50: Revenge Printing: Hacking Canon Printer at Pwn2Own 2025
講者：TwinkleStar03 ｜職位：DEVCORE Intern
議程簡介：“A cause planted by those before us two years ago finally bore fruit in 2025 — a story of successful revenge against a Canon printer.” In this talk, I’ll share how I worked alongside mentors from the DEVCORE Research Team: starting from attack-surface analysis, step by step completing vulnerability research, and carrying out a “psychic-guided” exploit development process — ultimately culminating in a successful compromise of a Canon printer at Pwn2Own 2025 Ireland, in what can only be described as a seance-like, hands-on war story.

14:50 — 15:20: Coffee Break

15:20 — 15:50: Turning Browser Features into Exploits
講者：Huli ｜職位：Owner of Technical Blog "Huli's blog"
議程簡介：What is more frightening than an unpatchable vulnerability? The answer is: “This is not a vulnerability, it is a feature.” Both web standards and browser implementations contain countless subtle details. On their own, these details appear to be ordinary browser features with nothing particularly remarkable. However, when discovered by security researchers, these same features can become powerful techniques for bypassing restrictions and creating unexpected openings in systems that appear to be secure. This session will present several real-world cases and explore which browser features can become surprisingly powerful in the hands of security researchers.

15:50 — 16:00: Break

16:00 — 16:40: Playing Cat and Mouse with WAF: the React2Shell Vercel CTF
講者：Ginoah & Maple ｜職位：Co-founder of Anatomist Security & Penetration Tester of DEVCORE
議程簡介：At the end of 2025, React2Shell (CVE-2025-55182) swept through like a nightmare. Almost no preconditions required. If your framework used React Server Components like Next.js or React Router, an unauthenticated attacker could achieve RCE with a single HTTP request. Vercel, at the center of the storm, made a bold move. $50k for every WAF bypass. Find a way through, and claim your Christmas gift. A cat-and-mouse game began. We bypassed, they patched. The rules kept changing, the battlefield kept shifting. From HTTP parser differentials to JavaScript black magic and gadget hunting. This session walks you through every bypass and every trick we pulled out of the hat.

16:40 — 17:00: Closing

DEVCORE CONFERENCE 2026

Agenda