CODE BLUE in Tokyo

On February 17th (MON) – 18th (TUE), 2014 we were at an event in Tokyo called “CODE BLUE”, a new international information security conference originating from Japan.


Even though this conference was being held for the first time, no less than 400 visitors attended, with people coming from about 10 different countries.

The overall atmosphere at the event was kind and friendly and everything seemed to go smooth and swiftly.

Topics on the first day were the keynote by Jeff Moss, followed by presentations about “The Current State of Automotive Security”, “A Security Barrier Device”, “Remote linux exploits” and hard-/software related hard disk matters.

For the Japanese speakers among you there’s a more detailed review of the event here.


The second day also offered plenty of interesting topics.

I must say that it was a big surprise to me that so many people attended an event held for the first time. I wasn’t sure what to expect but I am glad that I decided to attend.
While the event itself is ‘new’, the organizers and staff are all veterans in the security field with much experience and know-how.

During the two days of presentations I spotted only ONE person briefly sleeping in their seat; and that’s not because so much coffee was consumed (there was actually one moment where ALL the coffee had run out), but because the overall content of the program was too interesting to miss.

CODE BLUE will be held annually. One of the important aspects of the conference is that it tries to give opportunities to researchers from countries where English is not the native language.

The simultaneous interpreters did an amazing job, offering translations in to English and Japanese.

At the close of CODE BLUE, it was announced that the event will be held again before the end of 2014. So make sure to keep an eye on further announcements so as not to miss it.

CODE BLUE in Tokyo

Your email address will not be published. Required fields are marked *



The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox