Story about UniBean
Story of Transformation
Unibean Consultant is found by Anthony Lai (aka Darkfloyd) since 1999. At the beginning, Anthony and other HKUST fellows work on it for software and system development project, as partners married and Anthony has experienced a hacking incident by a system development manager in a local Hong Konger-invested listed bank, the manager hacked into his fellow's machine and installed a Dameware remote controller software so as to monitor his parnter's work without pre-notification, which is not investigated or even allowed by IT manager and auditor finally even reporting to police, he is inspired to commit to application security and dig the bad guys out, more than less like a dark knight, and the objective is to help the people and companies to against external and internal attackers.
"All that is necessary for the triumph of evil is that good men do nothing" - Edmund Burke
Biography
Anthony is the lead security consultant and researcher, connecting himself to other world class researchers for ideas and projects. He has worked in various banks and MNCs and done various security projects, penetration test assignment and training in government and commercial sectors.
He has spoken in two top security conferences, Blackhat and DEFCON in 2010 and 2010-2012 respectively in US and at Hack-In-Taiwan conference (www.hitcon.org). Anthony has found the first security research group, VXRL(www.vxrl.org), in HK and hold the first security conference, VXCON, since Dec 2010.
Anthony holds CISSP, CISA, CSSLP and CISM for general security certifications. Committing with specialist professionals, he holds SANS GREM (Gold paper), GCFA and GWAPT. Meanwhile, he is the chairman of OWASP (Hong Kong Chapter) and project committee in PISA.
Research, Presentation and Publication
APT Research (Singapore, Mar 2014)
URL: http://www.suitsandspooks.com/2014/03/suits-and-spooks-singapore/
DDoS Black and White Kungfu (lead by Tony MIU, co-author with Kelvin Wong and Alan Chung),
presented in DEF CON 20 and AVTokyo Security Conference in 2012
URL: http://www.youtube.com/watch?v=GrvKtMJbCQE
URL: http://en.avtokyo.org/avtokyo2012/speakers#LAI
Evidence of Advanced Persistent Threat: A case study of malware for political espionage in IEEE
Malware 2011 Conference, co-author with Frankie Li and DDL:
URL: http://www.computer.org/csdl/proceedings/malware/2011/0031/00/06112333-abs.html
Facebook Forensics (lead by Kelvin Wong and co-author with Jason Yeung, Dr. Leng Lee, P.H
Chan) in 2011:
URL: www.fbiic.gov/public/2011/jul/ facebook forensics -finalized.pdf
URL: http://hakin9.org/hakin9-extra-711-7/
Comprehensive Blended Malware Threat Dissection: Analyze Fake Anti-Virus Software and PDF
Payload. Published in SANS in 2010
URL: http://www.sans.org/reading-room/whitepapers/malicious
APT Secrets in Asia presentation in DEF CON 19 conference and AVTokyo in Y2011 as well as
Codegate security conferences in 2012, co-author with his Taiwanese APT research fellows from
Xecure Lab.
URL: http://www.youtube.com/watch?v=S8cyDdyVHAc
URL: http://en.avtokyo.org/avtokyo2011/speakers#Anthony
Power of Chinese Security with Jacob Appelbaum and Jon Oberheide in DEF CON 18 (in 2010)
conference (Analyzing China Green Dam software security):
URL: http://www.youtube.com/watch?v=687aMDiHqyQ
Balancing Pwn Trade Deficit with Val Smith and Colin Ames in Blackhat USA 2010 and DEF CON
18 (Analyzing China-made malware).
URL: http://www.youtube.com/watch?v=kEYziNBrltA
URL: http://www.youtube.com/watch?v=IHU_YiO0rkQ
Google Scholar
URL: http://scholar.google.com.hk/citations?user=YcjzoFkAAAAJ&hl=en
Training and Lecture
Guest trainer, Tactical Exploitation, Blackhat USA 2011 (www.blackhat.com)
SANS Mentor in GREM, GCFA and GWAPT (http://www.sans.org/instructors/anthony-lai)
Penetration Test workshop in Hong Kong Productivity Council (http://www.hkitssm.org/workshops.html), Macau Manetic, Hong Kong Jockey Club, Hong Kong Monetary Authority, Law enforcement and Utility firm in Macau
Reverse Engineering and Penetration Test workshops in IS Showcase (2012)(http://www.hkitssm.org/2012/workshops.asp)
Guest lecturer of COMP444 Internet Infrastructure Security in HKPU (For three intakes, http://www4.comp.polyu.edu.hk/~comp444/)
Reference Clients
Hong Kong Exchange
Hong Kong Monetary Authority
Hong Kong Jockey Club
Hong Kong Government
Dah Sing Bank
SHK Financial
LIM Advisor
Local Internet Service Provider
NGOs
Utility corporation in Macau
Casino in Macau
Media and Interview
Anthony has been interviewed to express expert and technical opinion by media including TVB, Cable TV, Hong Kong Police, RTHK, SCMP, MingPao and Apple Daily.
TVB新聞透視: 看不見的戰爭
URL:http://www.youtube.com/watch?v=IArMn-hbBSU
捷旅700客私隱任睇 22機構網上泄3000個人資料
補習網1.2萬人私隱任下載 告知資料外泄仍懶理 議員促修例嚴懲
網上保安專家組隊 年尋萬人外泄資料
URL: http://news.sina.com.hk/news/20130123/-2-2878493/1.html
Achievement and Award
Senior information security professional category, ISLA (ISC)2 (2013)
https://www.isc2.org/PressReleaseDetails.aspx?id=10857
http://finance.yahoo.com/news/isc-2-r-announces-honorees-010000266.html
Community
VXRL has been invited as one of the advisory members in OGCIO (www.ogcio.gov.hk) Information Security Roundtable meeting in Y2013 after Swoden's case. Moreover, VXRL officially reported over 100,000 leaked personal records to PCPD (www.pcpd.org.hk) before the real criminals manipulate the victims' privacy. In addition, Anthony has partnered with other researchers to give workshops at Law Enforcement and NGOs.