全球資安盛會「亞洲黑帽安全大會」（Black Hat Asia, BHASIA）今年以線上與實體混合方式舉辦，自 2021 年 5 月 10 日至 13 日（新加坡時間 UTC+8），為期3天的精彩議程（Black Hat Briefing）、專業深度培訓（Training），以及最新開源駭客工具的展示（Black Hat Arsenal），由頂尖資訊安全專家們傳授最新、第一手的技術與研究發現。

TeamT5 威脅情資研究員們連續第2年登上 BHASIA，發表兩場最新研究，與世界各地的資安研究人員交流最新的資訊安全風險、研究與趨勢。

第一場演講「[To Loot or Not to Loot? That Is Not a Question When State-Nexus APT Targets Online Entertainment Industry](https://www.blackhat.com/asia-22/briefings/schedule/#to-loot-or-not-to-loot-that-is-not-a-question-when-state-nexus-apt-targets-online-entertainment-industry-26143)」由 TeamT5 威脅情資分析師 Che Chang 與首席威脅情資分析師 Charles Li 介紹近年進階持續性威脅 (Advanced Persistent Threat, APT) 轉向線上娛樂/賭博產業之趨勢，動機不僅是財務勒索、更帶有間諜活動成分。演講中將以逾20個案例，說明駭客族群APT10 (又名 menuPass), APT41 (又名 Winnti, Amoeba)及 APT27 (又名 GreedyTaotie)的攻擊行為。

第二場演講「[The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT](https://www.blackhat.com/asia-22/briefings/schedule/#the-next-gen-plugxshadowpad-a-dive-into-the-emerging-china-nexus-modular-trojan-pangolinrat-25950)」，則由我們的威脅情資分析師 Silivia Yeh 與研究員 Leon Chang，剖析一個自2021年初開始嶄露頭角的「天吳(Tianwu)」族群。該群與 APT41 的入侵手法（TTPs）有不少相似之處；其專用後門（Proto8RAT）是一個高度模組化、且能支持八種協定的木馬程式。
根據此特徵，我們將該族群命名為「天吳(Tianwu)」，一個記載於《山海經》中八首人面的怪獸。目前，我們已經觀察到不少天吳針對亞太地區的攻擊，受害產業包括遊戲軟體業、交通運輸及電信。本演講將會分享分析結果與相關族群未來可能的發展動向。

**關於黑帽大會（Black Hat）**
<br>
黑帽大會（Black Hat）每年聚集全球資訊安全專家、優秀研究人員於一堂，透過資安研究、開發與最新趨勢交流，鼓勵學術界、世界級研究人員與各領域決策及領導者間的合作、成長。黑帽簡報會（Black Hat Briefing）與培訓（Training）每年也都在美國、歐洲與亞洲舉行，匯集全球資安頂尖人員參與盛會。

![https://uploads.teamt5.org/upload/original/20220412_Black-Hat-Asia-%E5%AE%A3%E5%82%B3_-facebook.jpg](
https://uploads.teamt5.org/upload/original/20220412_Black-Hat-Asia-%E5%AE%A3%E5%82%B3_-facebook.jpg)



【Black Hat Asia】TeamT5 研究員將於亞洲黑帽安全大會發表深度分析

This year, Black Hat Asia is held online and in-person, May 10-13, 2022 in Singapore Time (UTC+8). Our analysts & researchers will give 2 speeches on recent notable APTs.

One talk “[To Loot or Not to Loot? That Is Not a Question When State-Nexus APT Targets Online Entertainment Industry](https://www.blackhat.com/asia-22/briefings/schedule/#to-loot-or-not-to-loot-that-is-not-a-question-when-state-nexus-apt-targets-online-entertainment-industry-26143)” is given by Che Chang (Cyber Threat Analyst) and
Charles Li (Chief Analyst).  

This talk will focus on APT's targeted attack against online entertainment companies which have solid cash flow and a massive amount of personal data. In the talk, we will dissect more than 20 targeted attack operations TeamT5 has tracked since 2018. The analysis shows technical links between these targeted attacks and the infamous Chinese APT, including APT10 (aka menuPass), APT41 (aka Winnti, Amoeba), and APT27 (aka GreedyTaotie). The presentation will cover these attacks' Tactic Technique and Procedures (TTPs) as we have seen those APT groups adopt different TTPs aimed at the online entertainment industry. We believe that these APT attacks are the preliminary work of the Chinese government. 

The other talk “[The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT](https://www.blackhat.com/asia-22/briefings/schedule/#the-next-gen-plugxshadowpad-a-dive-into-the-emerging-china-nexus-modular-trojan-pangolinrat-25950)” is given by Silvia Yeh (Threat Intelligence Analyst) and Leon Chang (Threat Intelligence Researcher). 

Since mid-2020, TeamT5 has detected a new modular trojan emerging in the APAC region which has the potential to be their successor. We name this trojan "Pangolin8RAT" because its PDB string contains "pangolin" and its RTTI contains "p8rat." 

Its early features supported 8 communication protocols, including TCP, HTTPS, UDP, DNS, ICMP, HTTPSIPV6, WEB, and SSH. Pangolin8RAT has only been associated with a Chinese APT group we track as "Tianwu." In this talk, they will also give a brief attack timeline of Pangolin8RAT/Tianwu from 2020 to 2021 as well as our outlook on the group's future development.

**About Black Hat Asia**
<br>
Black Hat is the world leading cybersecurity event, and remains the best and biggest event of its kind. It provides attendees with cutting-edge security research, development and trends, and has the ability to define tomorrow’s information security landscape. Black Hat Asia is an Black Hat extended event which is held in Singapore annually.

![https://uploads.teamt5.org/upload/original/20220412_Black-Hat-Asia-%E5%AE%A3%E5%82%B3_-facebook.jpg](
https://uploads.teamt5.org/upload/original/20220412_Black-Hat-Asia-%E5%AE%A3%E5%82%B3_-facebook.jpg)

【Black Hat Asia】TeamT5 Will Give Talks on Notable APTs

世界的な情報セキュリティイベント「ブラックハットアジア（Black Hat Asia）」（BHASIA）が、今年は2021年5月10日から13日（シンガポール時間 UTC+8）までオンラインとオンサイトの混合方式で開催されました。3日間の開催期間で素晴らしいブリーフィング（Black Hat Briefing）、専門的かつ詳細なトレーニング（Training）、最新のオープンソースハッキングツールの展示（Black Hat Arsenal）、トップクラスの情報セキュリティ専門家たちによる最新の技術や研究による発見の共有などが行われました。

TeamT5の脅威インテリジェンス研究員たちは2年連続でBHASIAに参加して2つの最新の研究結果を発表し、世界各地の情報セキュリティ研究員と最新の情報セキュリティリスク、研究、トレンドについて交流しました。

最初の発表、「[To Loot or Not to Loot? That Is Not a Question When State-Nexus APT Targets Online Entertainment Industry](https://www.blackhat.com/asia-22/briefings/schedule/#to-loot-or-not-to-loot-that-is-not-a-question-when-state-nexus-apt-targets-online-entertainment-industry-26143)」では、TeamT5の脅威インテリジェンスアナリストのChe Changと脅威インテリジェンスチーフアナリストのCharles Liが、オンラインエンターテイメント/ギャンブル産業を狙った近年のAPT（Advanced Persistent Threat, 高度で持続的な脅威）は、身代金の要求だけでなく、スパイ活動が動機となっているというトレンドを紹介しました。20以上の例をあげ、サイバー攻撃グループのAPT10（別名menuPass）、APT41（別名Winnti, Amoeba）、APT27（別名GreedyTaotie）の攻撃行動について説明しました。

2回目の発表、「[The Next Gen PlugX/ShadowPad? A Dive into the Emerging China-Nexus Modular Trojan, Pangolin8RAT](https://www.blackhat.com/asia-22/briefings/schedule/#the-next-gen-plugxshadowpad-a-dive-into-the-emerging-china-nexus-modular-trojan-pangolinrat-25950)」，では、当社の脅威インテリジェンスアナリストのSilivia Yehと研究員のLeon Changが、2021年初頭から徐々に現れ始めた「天呉（Tianwu）」グループの分析について発表しました。同グループとAPT41の侵入方法（TTPs）には多くの類似点があります。その特殊なバックドア（Proto8RAT）は、8つのプロトコルに対応するよう高度にモジュール化されたトロイの木馬です。

この特徴から、当社は同グループを『山海経』に登場する人の顔を八つもつ人面獣にちなんで、「天呉（Tianwu）」と名付けました。現在、当社は、アジア太平洋地域におけるゲームソフトウェア、交通、輸送、電気通信業界に対して「天呉」の攻撃が多発していることを確認しています。今回の発表では、分析結果および今後考えられる関連グループの進化と方向性を共有しました。

** ブラックハット（Black Hat）について**
<br>
ブラックハット（Black Hat）では、毎年世界の情報セキュリティ専門家、優秀な研究員が一堂に会します。情報セキュリティの研究開発や最新のトレンドについて交流することで、学界、世界レベルの研究員、各分野における意思決定、リーダー同士の協力、成長が促進されます。ブラックハットブリーフィング（Black Hat Briefing）とトレーニング（Training）は、世界トップクラスの情報セキュリティ担当者が参加するイベントで、毎年アメリカ、ヨーロッパ、アジアで開催されます。

![https://uploads.teamt5.org/upload/original/20220412_Black-Hat-Asia-%E5%AE%A3%E5%82%B3_-facebook.jpg](
https://uploads.teamt5.org/upload/original/20220412_Black-Hat-Asia-%E5%AE%A3%E5%82%B3_-facebook.jpg)


【Black Hat Asia】TeamT5の研究員がブラックハットアジア（Black Hat Asia）で詳細な分析を発表

We were glad to announce that TeamT5 was again accepted at Black Hat USA. And this time, our vulnerability research team, D39, presented their latest exploit research on Samsung S10 secure bootloader at the Black Hat Briefings. We were very honored to share our research findings with researchers and security experts all over the world in this annual flagship conference.

![BHUSA_cover](https://res.cloudinary.com/dvgomg5gh/image/upload/v1596699298/BHUSA_cover_48fcf0b266.jpg)
_TeamT5's vulnerability researcher presented on Black Hat USA 2020._

## About D39's Vulnerability Research Finding

D39 has been focusing on vulnerability research and has identified several critical security flaws. We have found several vulnerabilities in Samsung Secure boot, which can break through Samsung Knox protections. In Black Hat USA 2020, we elaborated how did we discover and exploit the vulnerabilities in detail, demonstrated the exploit on a Samsung Galaxy S10 smartphone, and had a discussion on the possible impact of these vulnerabilities.

![Disclosure timeline](https://res.cloudinary.com/dvgomg5gh/image/upload/v1596699297/Disclosure_timeline_422975e76a.jpg)
_Timeline of the vulnerability disclosure, patch release and assignment of SVE IDs._

## About Black Hat
Black Hat is the world’s leading information security event, and remains the best and biggest event of its kind. It provides attendees with cutting-edge security research, development and trends, and has the ability to define tomorrow’s information security landscape. Black Hat USA 2020 went fully virtual this year, held over the same dates from 1 to 6 August, in light of the coronavirus pandemic.

*Image courtesy of Black Hat from https://www.blackhat.com/us-20/

Black Hat’s Talk: D39 Shares Their Research on Breaking Samsung Secure Boot at Black Hat USA 2020

TeamT5はBlack Hat USAへ再度招かれたことを発表させていただきます。今回、当社の脆弱性調査チームであるD39が、Black HatのブリーフィングでSamsung S10セキュアブートローダーで起こった侵害に関する最新の調査結果を発表しました。当社はこのメジャーな年次カンファレンスで、世界中の研究者やセキュリティ専門家へ調査結果を発表できることを光栄に感じています。

![BHUSA_cover](https://res.cloudinary.com/dvgomg5gh/image/upload/v1596699298/BHUSA_cover_48fcf0b266.jpg)
_TeamT5の脆弱性専門家がBlack Hat USA 2020で調査結果を発表しました。_

## D39の脆弱性調査結果について

D39は脆弱性の調査に焦点を当てており、数種類の深刻なセキュリティの脆弱性を見つけています。当社はSamsungセキュアブートで複数の脆弱性を発見し、Samsung Knoxの保護を突破できることが判明しました。Black Hat USA 2020では、脆弱性を見つけた方法と侵害方法を詳細に解説し、Samsung Galaxy S10スマートフォンで侵害を実演し、こうした脆弱性が与える影響について話し合いました。

![Disclosure timeline](https://res.cloudinary.com/dvgomg5gh/image/upload/v1596699297/Disclosure_timeline_422975e76a.jpg)
_Timeline of the vulnerability disclosure, patch release and assignment of SVE IDs._

## Black Hatについて
Black Hatは世界的な情報セキュリティイベントであり、同種では最高レベルかつ最大規模のイベントです。セキュリティで最先端の調査、開発、状況を参加者に伝えるため、将来の情報セキュリティ環境を整えることが可能です。COVID-19のパンデミックを受け、Black Hat USA 2020は今年度すべてバーチャルにて同じ8月1日～6日に開催されました。

*画像のソース: Black Hat, from https://www.blackhat.com/us-20/

Black Hatでの講演：D39がBlack Hat USA 2020にて、Samsungのセキュアブートへの侵害に関する調査結果を披露します。

News

>TeamT5 is a leading APT threat intelligence provider in the Asia & Pacific region. In Black Hat Asia 2022, TeamT5 published our analysis of modular backdoor Pangolin8RAT and its associated threat group "Tianwu”. As modular backdoors and shared malwares are becoming key trends in the threat landscape, Silvia Yeh (Threat Intelligence Analyst) and Leon Chang (Threat Intelligence Researcher) from TeamT5 warn the public that previous APT analysis mindset might not be suitable.

In the past, modular malware like PlugX and ShadowPad have been the most popular shared trojans used in Chinese state-sponsored cyber operations. Since mid-2020, TeamT5 has detected a new modular trojan emerging in the APAC region which has the potential to be their successor. The trojan was named "Pangolin8RAT" after "pangolin" and “p8rat" found in its PDB string and RTTI. Pangolin8RAT is modular, as its functionalities can be expanded by downloading DLL from its C2. Its early feature supported 8 communication protocols, including TCP, HTTPS, UDP, DNS, ICMP, HTTPSIPV6, WEB, and SSH.

TeamT5 researchers names the threat group behind Pangolin8RAT as “Tianwu”, a beast with 8 human heads in Chinese mythology. From 2020 to 2021, TeamT5 has observed Tianwu leveraging Pangolin8RAT to snipe at online gaming/gambling industry, transportation, telecom, government, and dissidents in the Asia Pacific region.

In this talk, TeamT5 researchers also explored Tianwu’s connections with the notorious Chinese APT group Amoeba (aka APT41) by illustrating the similarities in the two group’s modular malware structure, TTPs, and target scope.

TeamT5 researchers concluded that modular backdoor has become a trend as it can reduce the cost of malware development by APT groups. For that reason, previous analysis frameworks and categories might not be suitable for future APT attacks. In order to have an overview of the threat landscape, enterprises should defend themselves with all-level intelligence from tactical & operational level to strategic level.


- Presentation slides: [link](https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf)
- Speech video: [link](https://topicplay.com/v/477689)

## About Black Hat Asia
Black Hat is the world’s leading information security event, and remains the best and biggest event of its kind. It provides attendees with cutting-edge security research, development and trends, and has the ability to define tomorrow’s information security landscape. Black Hat Asia is an Black Hat extended event which is held in Singapore annually.


【Black Hat Asia 2022】New Trend of Modular Backdoor and APT Attacks, TeamT5 Researchers Publish Analysis at Black Hat Asia

>TeamT5 杜浦數位安全長期致力於亞太地區駭客團體研究，於今年度亞洲最大資安研討會 Black Hat Asia 發布最新研究，說明新興的模組化後門程式 Pangolin8RAT 與其關聯駭客團體。有鑑於後門程式模組化及多駭客團體共用的趨勢，TeamT5 威脅情資分析師 Silvia Yeh 與威脅情資研究員 Leon Chang 警示既有 APT 攻擊分析方法可能不再適合，企業組織宜運用多層次威脅情資，掌握駭客動態。

過去像是 PlugX、ShadowPad等模組化惡意軟體製作而成的木馬程式，常見於中國國家級支持的網路行動。自2020年中，TeamT5 偵測到模組化木馬程式 Pangolin8RAT 在亞太區域區域，有可能是前述模組化惡意軟體的後繼者。Pangolin8RAT 命名來自其 PDB string "pangolin" 和其 RTTI “p8rat”，該模組化特徵為可經由C2指令，進行DLL下載，而擴展功能。其早期版本支援8種通訊協定，包含 TCP, HTTPS, UDP, DNS, ICMP, HTTPSIPV6, WEB, SSH。

TeamT5 將使用 Pangolin8RAT 後門程式的駭客團體命名為「天吳」，為記載於《山海經》的八首人面怪獸。2020-2021年之間，該駭客團體鎖定線上娛樂產業、賭博業、資訊業、電信業、交通運輸業、政府單位、異議人士等，進行網路攻擊。

本次演講中，TeamT5 研究團隊並探索「天吳」與惡名昭彰的中國 APT 團體 Amoeba (別名 APT41)的關聯，兩者的相似性來自他們使用之模組化惡意程式結構、攻擊手法(TTPs)與攻擊範圍。

TeamT5 研究團隊指出由於模組化後門程式可以降低駭客團體研發惡意軟體的成本，模組化後門程式成為趨勢。有鑑於此，先前針對 APT 攻擊的研究架構與分類可能不再適用於未來出現的 APT 攻擊，建議企業組織宜運用從戰術(tactic)、實戰(operation)、戰略(strategy)等層級的威脅情資，掌握網路威脅的全貌。

- 演講完整演講簡報檔: [連結](https://i.blackhat.com/Asia-22/Thursday-Materials/AS-22-LeonSilvia-NextGenPlugXShadowPad.pdf)
- 演講完整錄影: [link](https://topicplay.com/v/477689)

## 關於黑帽大會（Black Hat）
黑帽大會（Black Hat）每年聚集全球資訊安全專家、優秀研究人員於一堂，透過資安研究、開發與最新趨勢交流，鼓勵學術界、世界級研究人員與各領域決策及領導者間的合作、成長。黑帽簡報會（Black Hat Briefing）與培訓（Training）每年也都在美國、歐洲與亞洲舉行，匯集全球資安頂尖人員參與盛會。


【Black Hat Asia 2022】後門程式模組化與 APT 攻擊趨勢剖析  TeamT5 於 Black Hat Asia 發布最新研究

Events

>TeamT5 is a leading APT intelligence provider in the Asia & Pacific region. TeamT5 shared our research in the Black Hat Asia 2022. In this seminar, TeamT5 pointed out China-nexus APT groups who launched massive attacks against the online entertainment business in the APAC region. 

Charles Li (Chief Analyst) and Che Chang (Cyber Threat Analyst) from TeamT5 pointed out these attacks are not only money-driven, they also collect data from victim companies. The motives are closely aligned with the national interests of the Chinese government.

The Chinese government has put significant pressure on the online entertainment industry. It freezes gaming licenses from Sept 2021 to Apr 2022. It crackdown on Macau gambling
industry and forced gamblers to move online. During the time of pandemic, online gambling skyrocketed. 

China-nexus APT groups' attacks on online entertainment business might be one of the crackdown moves by the Chinese government. Previously, many cases were believed to be financially-motivated attacks because of the usage of ransomware. However, based on TeamT5’s observation in the past few years, APT attacks against online entertainment companies are also driven by espionage purposes.

These threat groups use various tactics, techniques, and procedures (TTPs). For example, they collect info in recruiting websites or forums. Then, they conduct spear phishing which targets customer supporting teams. The content of the phishing email is complaining about system issues and asking team staff to open attachments. Another way is phishing via social network platforms by crafting profiles and approaching sales, ITs, RDs in the targeting companies. 

These threat groups also exploit vulnerabilities of exchange server, VPN server, browser, web, or NAS to compromise the targeting companies. Supply chain attack is another way they use. By compromising the ERP system or official website, they’re able to fulfill their goals.

In the process, some threat groups modify specific weapons to attack online entertainment industry (e.g. SLIME 29). For Amoeba (a.k.a APT41), they use the same weapons that have been used to attack other industries but they developed proprietary tools  for maintaining. Others didn’t develop tailored weapons to attack the online entertainment industry (e.g. TianWu、Greedy Taotie、SLIME34).

Dissecting the current TTPs is merely the first step. TeamT5 urges organizations to start the threat intelligence cycle and have tailored & accurate threat intelligence.

- Presentation slides: [link](https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf)
- Speech video: [link](https://topicplay.com/v/490271)

## About Black Hat Asia
Black Hat is the world’s leading information security event, and remains the best and biggest event of its kind. It provides attendees with cutting-edge security research, development and trends, and has the ability to define tomorrow’s information security landscape. Black Hat Asia is an Black Hat extended event which is held in Singapore annually.


【Black Hat Asia 2022】Chinese APTs are Looting the Online Entertainment Industry, TeamT5 Researchers Publish Analysis at Black Hat Asia

>TeamT5 杜浦數位安全專精亞太地區駭客團體分析，最新研究於亞太最大資安研討會 Black Hat Asia 發布，指出與中國關聯之多個駭客團體，針對亞太地區的線上博弈產業發起大規模攻擊。這波攻擊據除了獲取金錢利益，對產業的資料展現高度興趣，推測可能暗含中國政府蒐集資訊的動機，異於過去攻擊行動。

中國政府近年來限縮線上遊戲產業發展空間，如停發遊戲版號，及取締賭博產業，使賭博產業多轉為線上營運。而蓬勃發展、跨境經營的線上博弈產業遭受多個駭客團體攻擊，入侵手法精密，TeamT5 首席分析師李庭閣(Charles Li)與分析師張哲誠(Che Chang)指出這波駭客攻擊與中國政府的官方利益一致，使駭客可掌握參與玩家、業主等資料，背後策略與動機實屬不尋常。

駭客團體使用多種手法(TTPs)進攻，如於該產業招募員工的網站論壇收集資料，進一步採取魚叉式網路釣魚(spear phishing)，鎖定客服人員，以抱怨系統為主旨釣魚信件，誘騙客服人員點擊附件；駭客團體也透過社群網站建立假帳戶，藉以接近目標公司的業務、工程師等。

駭客團體並利用各項漏洞，進行攻擊，如瀏覽器、VPN、NAS的漏洞；或採取供應鏈攻擊，從公司官網、ERP系統入侵至公司內部。

針對亞太地區的線上娛樂產業的網路攻擊事件中，攻擊者通常使用非市售的工具，或自行修改、研發工具，以達成攻擊目的。TeamT5 觀察的駭客團體中，SLIME29 的攻擊武器相較於其他團體，乃是為攻擊博奕產業特別製造；Amoeba (又稱 APT41)的攻擊武器也曾用於攻擊其他產業，同時也為博奕產業量身打造可協助他們長期控制目標之工具；此波攻擊中的其他駭客團體如 TianWu、Greedy Taotie、SLIME34 則無特別未博奕產業打造攻擊武器。

TeamT5 表示拆解中國駭客團體攻擊線上博弈產業的手法與背後動機，僅是協助企業了解最新趨勢的開端，後續動向值得關注。

- 演講完整演講簡報檔: [連結](https://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Li-To-Loot-Or-Not-To-Loot-That-Is-Not-a-Question.pdf)
- 演講完整錄影: [link](https://topicplay.com/v/490271)

## 關於黑帽大會（Black Hat）
黑帽大會（Black Hat）每年聚集全球資訊安全專家、優秀研究人員於一堂，透過資安研究、開發與最新趨勢交流，鼓勵學術界、世界級研究人員與各領域決策及領導者間的合作、成長。黑帽簡報會（Black Hat Briefing）與培訓（Training）每年也都在美國、歐洲與亞洲舉行，匯集全球資安頂尖人員參與盛會。


【Black Hat Asia】TeamT5 Will Give Talks on Notable APTs

Related Post

Black Hat’s Talk: D39 Shares Their Research on Breaking Samsung Secure Boot at Black Hat USA 2020

【Black Hat Asia 2022】New Trend of Modular Backdoor and APT Attacks, TeamT5 Researchers Publish Analysis at Black Hat Asia

【Black Hat Asia 2022】Chinese APTs are Looting the Online Entertainment Industry, TeamT5 Researchers Publish Analysis at Black Hat Asia