Speakers
|
Karen possesses over 7 years of in-depth experiences in offensive security regarding technical red teaming exercises, malware attack simulation, penetration testing, IT risk and governance services for a wide range of industries in Hong Kong and across Asian Pacific including conglomerate, retail, financial services, public utility, critical infrastructure, property development, gambling and entertainment, automotives, luxury goods and information technology.
With understanding of continuously refreshing cybersecurity trends, Karen keeps refreshing the adversarial tactics, techniques and procedures (“TTPs”) in the key areas of expertise include red teaming, attack surface management, network penetration test, cyber attack simulation, web/mobile application penetration test, threat and vulnerability assessment, and infrastructure security reviews.
Karen is also the member of ISACA CNHK - SheLeadsTech Committee and speaker of the SheLeadsTech program.
Amos has over 7 years of experience in offensive security, red teaming, IT risk and governance services and security-related services, focused on banking and other financial service sectors.
With in-depth understanding of cyber security requirements from financial regulators in Hong Kong, Macau, Singapore (e.g., Hong Kong Monetary Authority (“HKMA”), Securities and Futures Commission (“SFC”), Autoridade Monetária de Macau (“AMCM”)), Amos is specialised in penetration testing for E-banking systems, intelligence-led of cyber attacker simulation testing (“iCAST”) and security assessment on the innovation utilization for financial institutions, and assist them in fulfilling regulatory compliance requirements with continuously enhanced security posture.
Amos also leads Capture the flag (CTF) competitions with designing hands-on offensive security labs for participants.
|
Synopsis
|
The goal of this workshop is to provide cybersecurity knowledge and skills for the students regarding Artificial Intelligence (”AI”) as an adversary. The instructor will focus on 2 areas on the adversarial attacks related to AI, i) Unleashing Power of AI to assist in hacking and adversarial attacks; ii) Unveiling Vulnerabilities of AI by hacking the AI systems and examining the potential associated risks and vulnerabilities. The instructor will lead students to participate in group discussions, hands-on lab exercise in adversarial attacks and presentation, so that students can develop adversarial attacks skills related to AI.
Workshop Learning Outcome
After completing the workshop, the participants will
- Understand the fundamental concept of adversarial attacks on and with AI;
- Acquire the skills to utilize AI for advanced and innovated adversarial attacks;
- Gain the hands-on experience as pentester/hacker with the help of AI;
- Understand the potential cyber risk and security vulnerabilities of AI systems;
- Acquire the hands-on experience to hack AI systems in multiple scenarios.
Workshop Outline
I. Adversarial Artificial Intelligence: Unleashing Power
- Trends of utilizing AI for adversarial attacks
- Common attack scenarios and applicable attack cases by AI
- AI-enabled Social Engineering - Exploring how AI technologies can be leveraged for social engineering attacks
- AI-powered Hacking tool development – Exploring how AI technologies are being used to develop malicious software
- AI in Cyber Threat Intelligence: Exploring the use of AI in cyber threat intelligence, in the areas of analysing and detecting patterns in large-scale security data
- Privacy and Ethical Considerations in AI Hacking
II. Adversarial Artificial Intelligence: Unveiling Vulnerabilities
- Introduction of common attack types on AI
- OWASP AI Top 10 Security Risk - common security risks and vulnerabilities of AI systems
- Securing AI Systems - Discussing best practices and strategies for securing AI systems against hacking attempts, including topics such as secure model training, robustness testing, and adversarial defense mechanisms
- Discussion of Future Trends in Hacking AI Systems
III. Practical Exercises in Adversarial Artificial Intelligence
i. Unleashing Power
- How to use AI for hacking - demonstration of common attack scenarios and applicable attack cases by AI
- Hands-on lab exercises for students (e.g., malicious software development to facilitate penetration testing, social engineering attacks development, etc)
- Presentation of the exercise results
ii. Unveiling Vulnerabilities
- How to hack AI systems - demonstration of common AI attacks
- Hands-on lab exercises for students (e.g., attacks on AI systems, Prompt injection attacks, etc)
- Presentation of the exercise results
- Wrap up: Holistic attack path for AI hacking - MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems)
|
Prerequisites
|
Students need to have a basic understanding of AI, information system, offensive security, vulnerability assessment, penetration testing and risk methodologies. This workshop covers many of the core areas of offensive security and AI and assumes a basic understanding of technology, system, and security.
|