CODE BLUE in Tokyo

On February 17th (MON) – 18th (TUE), 2014 we were at an event in Tokyo called “CODE BLUE”, a new international information security conference originating from Japan.


Even though this conference was being held for the first time, no less than 400 visitors attended, with people coming from about 10 different countries.

The overall atmosphere at the event was kind and friendly and everything seemed to go smooth and swiftly.

Topics on the first day were the keynote by Jeff Moss, followed by presentations about “The Current State of Automotive Security”, “A Security Barrier Device”, “Remote linux exploits” and hard-/software related hard disk matters.

For the Japanese speakers among you there’s a more detailed review of the event here.


The second day also offered plenty of interesting topics.

I must say that it was a big surprise to me that so many people attended an event held for the first time. I wasn’t sure what to expect but I am glad that I decided to attend.
While the event itself is ‘new’, the organizers and staff are all veterans in the security field with much experience and know-how.

During the two days of presentations I spotted only ONE person briefly sleeping in their seat; and that’s not because so much coffee was consumed (there was actually one moment where ALL the coffee had run out), but because the overall content of the program was too interesting to miss.

CODE BLUE will be held annually. One of the important aspects of the conference is that it tries to give opportunities to researchers from countries where English is not the native language.

The simultaneous interpreters did an amazing job, offering translations in to English and Japanese.

At the close of CODE BLUE, it was announced that the event will be held again before the end of 2014. So make sure to keep an eye on further announcements so as not to miss it.

CODE BLUE in Tokyo

Your email address will not be published. Required fields are marked *



Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

What did DeathStalker hide between two ferns?

While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.

Subscribe to our weekly e-mails

The hottest research right in your inbox