中文 English

Talks

A readable archive of 65+ public talks and 40 selected training sessions, organized by year.

Public Talks and Presentations

2025 (8 talks)
  1. Mars ChengBlue Team Sharing — Advanced Cybersecurity Exploration Conference and CODE Exercise 2025, Taipei, Taiwan, November 28, 2025
  2. Mars ChengCritical Infrastructure Threat Analysis and Protection — National Institute of Cyber Security Taiwan, October 31, 2025
  3. Mars ChengLet AI Auto-Generate Neural-ASR Rules for OT-specific Attacks via NLP ApproachDEF CON 33 Creator Stage, August 10, 2025
  4. Mars ChengLet AI Auto-Generate Neural-ASR Rules for OT-specific Attacks via NLP ApproachCYBERSEC 2025, April 17, 2025
  5. Mars Cheng, Jair Chen — Never Derail: Safeguarding Rail Systems in Critical InfrastructureCYBERSEC 2025, April 17, 2025
  6. Mars Cheng, Dexter Chen — The Last Mile of Blue Team Detection: Integrating Detection Engineering for Threat DetectionCYBERSEC 2025, April 16, 2025
  7. Mars ChengExploring Abuse Techniques and OPSEC Strategies in Active Directory and Entra IDOut Of The Box Jakarta, February 25, 2025
  8. Mars Cheng, Sheng-Hao Ma — Identifying Malware In Factory Program FilesS4x25, February 12, 2025
2024 (9 talks)
  1. Mars ChengCharting the Direction: The Top 10 Cybersecurity Trends in Critical Infrastructure for FutureBlack Hat MEA 2024, November 28, 2024
  2. Mars ChengDefending Active Directory from Abuse Techniques and OPSEC Actions with Enhanced DetectionBlack Hat MEA 2024, November 27, 2024
  3. Mars ChengDefending Active Directory from Abuse Techniques and OPSEC Actions with Enhanced DetectionAVTokyo, November 16, 2024
  4. Mars Cheng, Yi-An Lin, Sheng-Hao Ma — Attention Is All You Need for Semantics Detection: A Novel Transformer on Neural-Symbolic ApproachCODE BLUE 2024, November 14, 2024
  5. Mars ChengMapping the Landscape: Top 10 Cybersecurity Trends in Critical Infrastructure for 2024DEF CON 32 Creator Stage, August 9, 2024
  6. Sheng-Hao Ma, Yi-An Lin, Mars ChengAttention Is All You Need for Semantics Detection: A Novel Transformer on Neural-Symbolic ApproachBlack Hat USA 2024, August 8, 2024
  7. Mars ChengPublic-Private Cooperation for Cybersecurity (II) – Achieving Best Practices — Global Cooperation and Training Framework, May 29, 2024
  8. Mars ChengApplying Detection Engineering to Attacks Related to Kerberos in Active DirectoryCYBERSEC 2024, May 16, 2024
  9. Mars ChengAnatomy of the Top 10 Cybersecurity Current Terrain for Critical InfrastructureBSides Tokyo, March 30, 2024
2023 (8 talks)
  1. Mars Cheng, Dexter Chen — Abusing Active Directory Configuration and Implementing Effective OPSEC ActionsNo Hat 2023, October 21, 2023
  2. Mars Cheng, Dexter Chen — Active Directory Abuse Primitive and Operation SecurityROOTCON 17, September 27, 2023
  3. Mars ChengAnatomy of the Top 10 Cybersecurity Current Terrain for Critical InfrastructureDEFCON ICS Village, August 13, 2023
  4. Mars ChengRedefining Endpoint Detection for Next-Generation Cyber-Physical Systems SecurityBlack Hat USA 2023 Sponsored Sessions, August 10, 2023
  5. Mars Cheng, Dexter Chen — Priority for Effective Action - A Practical Model for Quantifying the Risk of Active Directory AttacksTroopers 2023, June 29, 2023
  6. Mars Cheng, Dexter Chen — Prioritize Your Enterprise Critical Risk - Start at Active DirectoryFIRSTCON23, June 8, 2023
  7. Mars Cheng, Dexter Chen — Do you really know your risk priorities? Risk quantification models applied to domain ADCYBERSEC 2023, May 11, 2023
  8. Mars Cheng, Dexter Chen — Active Directory Abuse Primitive and Operation SecurityHITB AMS 2023, April 21, 2023
2022 (13 talks)
  1. Mars Cheng, Dexter Chen — Abusing Misconfigurations – Active Directory Attack Path to Domain Dominance — Black Hat MEA 2022, November 17, 2022
  2. Mars Cheng, Sheng-Hao Ma, Hank Chen — A New Trend for the Blue Team: Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/RansomwareCODE BLUE 2022, October 28, 2022
  3. Mars Cheng, Dexter Chen — Rethinking Defense - Risk Quantification for Active DirectoryCODE BLUE 2022, October 27, 2022
  4. Mars Cheng, Selmon Yang — How to Take Over an Industrial Control System – A Case Study of Mitsubishi ElectricCYBERSEC 2022, September 22, 2022
  5. Mars Cheng, Hank Chen — Let's stop ransomware from wreaking havoc on critical infrastructure!CYBERSEC 2022, September 22, 2022
  6. Mars Cheng, Canaan Kao — Real-world attack vectors and practical and effective mitigation strategies in smart manufacturing environmentsCYBERSEC 2022, September 22, 2022
  7. Mars Cheng, Dexter Chen — Troubleshooting Incorrect Configuration Settings - Taking an Active Directory Domain Environment as an ExampleCYBERSEC 2022, September 22, 2022
  8. Sheng-Hao Ma, Hank Chen, Mars ChengA New Trend for the Blue Team: Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/RansomwareHITCON PEACE 2022, August 20, 2022
  9. Mars Cheng, Dexter Chen — Critical Report - Risk Quantification and Defense Strategies for Domain ADHITCON PEACE 2022, August 19, 2022
  10. Sheng-Hao Ma, Mars Cheng, Hank Chen — A New Trend for the Blue Team: Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/RansomwareBlack Hat USA 2022, August 10, 2022
  11. Mars Cheng, Selmon Yang — Deconstructive Take-Over of Mitsubishi Electric EcosystemsRSA Conference 2022, June 9, 2022
  12. Mars ChengThe Solution to Industrial Control System Threats: In-depth Analysis from Zero Trust ArchitectureIndustrial Control Security Forum, May 16, 2022
  13. Mars ChengStop being superstitious! Critical infrastructure is not safe at all.Kernel Cybersecurity Forum, March 12, 2022
2021 (16 talks)
  1. How to Respond to Ransomware and Supply Chain Attacks: Lessons from the JBS Incident — incident analysis forum, December 7, 2021
  2. Taking Apart and Taking Over ICS-SCADA Ecosystems: A Case Study of Mitsubishi Electric — HITCON 2021, November 27, 2021
  3. Past and Future - The ICS Threat Terrain — CLOUDSEC 2021, November 16, 2021
  4. Practical Attack Vectors and Their Ideal Defensive Strategies for ICS & SCADA — control security protection seminar, November 12, 2021
  5. Breaking Entrypoint — An In-Depth Data Breaches Analysis on the Critical Infrastructure of APAC — SINCON 2021, November 5, 2021
  6. Data breaches at critical infrastructure revealed - an in-depth analysis using Taiwan as an example — SP-ISAC, September 3, 2021
  7. How to Dissect a Private ICS Ecosystem? — VXCON 2021, August 14, 2021
  8. Taking Apart and Taking Over ICS & SCADA Ecosystems: A Case Study of Mitsubishi Electric — DEFCON 29, August 6, 2021
  9. Breaking Entrypoint: An In-depth Data Breaches Analysis to the Critical Infrastructure of the Asia Pacific — ICS Cyber Security Conference Asia 2021, June 23, 2021
  10. Harmonizing ICS/SCADA with Cyber Defense: A Perspective on ATT&CK for ICS — ICS Cyber Security Conference Asia 2021, June 22, 2021
  11. The Hunt for Major League IoT-ICS Threats: A Deep Dive into IoT Threat Terrain — FIRST 2021, June 7, 2021
  12. Practical Attack Vectors and Their Ideal Defensive Strategies for ICS & SCADA — FIRST 2021, June 7, 2021
  13. Red Team Exercises for IoT Security — HITB AMS 2021, May 27, 2021
  14. The Hunt for Major League IoT-ICS Threats: A Deep Dive into IoT Threat Terrain — CYBERSEC 2021, May 6, 2021
  15. Data breaches at critical infrastructure revealed - an in-depth analysis using Taiwan as an example — CYBERSEC 2021, May 5, 2021
  16. Shared Historical Flaws - Common Defects of Public and Private Industrial Control System Communication Protocols — CYBERSEC 2021, May 4, 2021
2020 (10 talks)
  1. Confirming Red Alerts — Taking Over & Compromising ICS & SCADA — SINCON 2020, January 2, 2021
  2. The Hunt for Major League IoT-ICS Threats: A Deep Dive into IoT Threat Terrain — Black Hat Europe 2020, December 10, 2020
  3. ICS Threat Landscape Change and Critical Attack Case Study — CLOUDSEC 2020, November 25, 2020
  4. Red Team vs. Blue Team Exercises for ICS/SCADA Security — HITB+CyberWeek, November 19, 2020
  5. Data Breaches Related To Critical Infrastructure – An In-Depth Analysis Of Cyber Risk To the Critical Infrastructure of the United States of America — HITB+CyberWeek, November 18, 2020
  6. Data Breaches Related to Critical Infrastructure - Analysis of Cyber Risk to U.S. Critical Infrastructure — InfoSec Taiwan 2020, November 2, 2020
  7. Common Flaws in Public and Private ICS Network Protocols — SecTor 2020, October 21, 2020
  8. Data Breaches Related to Critical Infrastructure - Analysis of Cyber Risk to U.S. Critical Infrastructure — ICS Cyber Security Conference USA 2020, October 20, 2020
  9. Public and Private, Common Flaws in ICS Network Protocols — HITB Singapore 2020, July 26, 2020
  10. Public and Private, The Common Flaws in ICS Communication Protocols — ICS Cyber Security Conference Asia 2020, June 16, 2020
2019 (6 talks)
  1. Dissecting the Industrial Communication Protocols for Cybersecurity Risks — ICS Cyber Security Conference USA 2019, October 21, 2019
  2. The Sum of All Fears, When ICS/SCADA are Compromised — HITB+CyberWeek Abu Dhabi, October 16, 2019
  3. A Brief Discussion on Cybersecurity Threats of Industrial Control Systems — TWISC@NCHU industrial control security seminar, September 5, 2019
  4. About ICS/SCADA, You Must Need to Know — HITCON Community 2019, August 24, 2019
  5. The Distance Between Us and Industrial Control System Security — Line Becks No. 2, June 3, 2019
  6. In-house Research Presentations — Internal sharing, 2019

Training and Instructor Experience

2026 (1 session)
  1. Introduction to IoT/ICS Security & Firmware Analysis Skills — Global Cybersecurity Camp 2026, Ho Chi Minh City, Vietnam, March 3, 2026
2025 (6 sessions)
  1. OT Fundamentals and IT in CI — CIIP Course of NATO CCDCOE, Tallinn, Estonia, November 12, 2025
  2. Government Cybersecurity Defense Practical Elite Training-2 — Administration for Cyber Security, moda, Taipei, Taiwan, October 30, 2025
  3. Government Cybersecurity Defense Practical Elite Training-1 — Administration for Cyber Security, moda, Taipei, Taiwan, October 29, 2025
  4. Crownless Defense - An Analysis of Blue Team's Core Techniques-Version 2025 — HITCON Training 2025, Taipei, Taiwan, July 25-26, 2025
  5. The Laws of Good and Evil in Domain AD (Basic Edition) — NICS Elite Practical Training Program, Tainan, Taiwan, June 15, 2025
  6. Building a defense for your Industrial Control System (ICS) from scratch — NICS Elite Practical Training Program, Tainan, Taiwan, June 14, 2025
2024 (3 sessions)
  1. Crownless Defense - An Analysis of Blue Team's Core Techniques — NICS Elite Practical Training Program, Taipei, Taiwan, November 2-3, 2024
  2. Building a defense for your Industrial Control System (ICS) from scratch — NICS Elite Practical Training Program, Tainan, Taiwan, October 5-6, 2024
  3. Deep Dive into Active Directory Attack Techniques — Global Cybersecurity Camp 2024, Bangkok, Thailand, February 19, 2024
2023 (6 sessions)
  1. The Return of the King - The Laws of Good and Evil in Domain AD (Basic, Advanced, and Cloud Edition) — NICS Elite Practical Training Program, Taipei, Taiwan, November 4-5 and 11, 2023
  2. Crownless Defense - An Analysis of Blue Team's Core Techniques — NICS Elite Practical Training Program, Taipei, Taiwan, October 28-29, 2023
  3. Red Team vs. Blue Team Exercises for IoT Security — Fiscal Information Agency, Ministry of Finance, Taipei, Taiwan, October 4 and 11, 2023
  4. Red Team vs. Blue Team Exercises for Active Directory — Fiscal Information Agency, Ministry of Finance, Taipei, Taiwan, September 13 and 20, 2023
  5. The Return of the King - The Laws of Good and Evil in Industrial Control Systems — NICS Elite Practical Training Program, Tainan, Taiwan, September 2, 9-10, 2023
  6. The Return of the King - The Laws of Good and Evil in Domain AD (Basic and Advanced Edition) — NICS Elite Practical Training Program, Taipei, Taiwan, July 15-16, 2023
2022 (6 sessions)
  1. The Blue Team from Scratch — CCoE 2022, Tainan, Taiwan, November 5-6, 2022
  2. In-depth analysis of Internet of Things attacks and defenses — CCoE 2022, Tainan, Taiwan, October 15-16 and 22, 2022
  3. In-depth analysis of attacks and defenses in Industrial Control Systems — CCoE 2022, Taipei, Taiwan, July 30-31, 2022
  4. Zero Trust is Coming - Attack and Defense of Critical Infrastructure — AIS3 2022, Taipei, Taiwan, July 26-27, 2022
  5. Advanced Active Directory Techniques — HITCON Summer Training 2022, Taipei, Taiwan, July 24, 2022
  6. In-depth analysis of domain AD attacks and defenses — Center of Excellence for Cybersecurity, Taipei, Taiwan, July 15-17, 2022
2021 (5 sessions)
  1. IoT Attack and Defense Practice — Center of Excellence for Cybersecurity, Taipei, Taiwan, December 3-5, 2021
  2. IoT Threat Vectors and Practical Analysis — National Defense University, Taiwan, October 15, 2021
  3. Offense and defense of industrial control systems — Yuan Ze University, Taiwan, September 30, 2021
  4. Forensics Exercise and Sharing — National Defense University, Taiwan, August 12, 2021
  5. Offense and defense of industrial control systems — AIS3 2021, Taipei, Taiwan, July 27-28, 2021
2020 (5 sessions)
  1. Red Team Exercises for Active Directory and ICS/SCADA — National Defense University, Taoyuan, Taiwan, October 15, 2020
  2. Red Team Exercises for Active Directory — HITCON Winter Training 2020, Taipei, Taiwan, September 9, 2020
  3. Red Team vs. Blue Team Exercises for ICS/SCADA Security — HITCON Winter Training 2020, Taipei, Taiwan, September 7-8, 2020
  4. Red Team vs. Blue Team Exercises for IoT Security — HITCON Winter Training 2020, Taipei, Taiwan, September 5-6, 2020
  5. ICS Threat Landscape and Research Trend Analysis — Ministry of Economic Affairs project training, Taipei, Taiwan, August 22, 2020
2019 (8 sessions)
  1. IoT Security Practice and Analysis — HITCON Winter Training 2019, Taipei, Taiwan, December 17-18, 2019
  2. When ICS/SCADA meets Hackers — HITCON Winter Training 2019, Taipei, Taiwan, December 16, 2019
  3. Penetration Test on Critical Infrastructure — Ministry of National Defense project training, Taipei, Taiwan, September 29-30, 2019
  4. Penetration Test on Critical Infrastructure — Ministry of National Defense project training, Taipei, Taiwan, September 23-24, 2019
  5. IoT Security Practice and Analysis — Information Security Incubation Program, Ministry of Education, Taipei, Taiwan, September 21-22, 2019
  6. When IoT meets Hackers — HITCON Summer Training 2019, Taipei, Taiwan, August 20, 2019
  7. When ICS/SCADA meets Hackers — HITCON Summer Training 2019, Taipei, Taiwan, August 19, 2019
  8. Private Enterprise In-house Training — Selected internal corporate programs, 2019