Finishing off strong, today saw the last day of Hacker Halted 2020 talks
Zoey Selman shared her expertise on OSINT with tips and tricks based on years of experience on how to better search for targets from other countries. There are a lot of different cultural and technical differences between every country on the planet and if you try searching for a foreign user the same way as you would a local user it’s likely to be a lot more fruitful if you know which social networks and search engines are popular in which country.
Tyrone Wilson tackled the age old problem of “I cant get a job without experience and I can’t get experience without a job”. by Demonstrating how to build a practice environment using the Security Onion distro of linux and using pcap files from CTF events to give yourself real life data to practice blue teaming and analysis on. The majority of recruiters pay attention to how much self-study time people are putting into learning cyber security outside of their day job. So having documented proof of your lab activities gives you a boost.
Sean O’Connor has obviously spent a lot of time tracking and documenting the workings of all the active groups behind name and shame ransomware, and kindly shared a large chunk of that research with us. Each group behaves slightly differently and they are all somehow interlinked with members changing teams/names and sharing techniques. We also see how most of these firms tend to operate in ex-soviet union countries and as long as they target western countries and avoid friendly neighboring countries seem to enjoy some level of impunity from prosecution.
Briana Leddy finishes off the conference with a sales pitch / demonstration of her companies software. But as a technically minded person she gives some good insight and description into how AI can be setup to help spot and respond cyber threats quicker and cheaper than a human team.
Big thanks to EC-Council for setting this up and not letting Covid stop all the presenters delivering very useful and interesting presentations to the rest of us.
The penultimate day of Hacker Halted gave us some more serious discussions focusing on some of the darker activities bad actors can involve themselves with online and in real life.
Chris Kubecka gave us details of her dealing with Boeing and how an attempt to highlight security concerns with software in planes was met with legal force instead of any sort of willingness to learn and prevent deaths. Very reminiscent of the scene in fight club where they discuss the formula used by car manufactures to decide whether they will either pay the fines or issue a recall of a vehicle for safety purposes.
Winn Schwartau presents his take on why the issues facing organisations in the cyber space will not be solved by newer/better technology because behind all the fancy new features they are still run by humans who have three major bugs : Ignorance, Apathy and Arrogance. Winn was in the industry way before most of the readers here and made a point which I have not heard before, that back before around 1984 there were plenty of women in the tech industry. Something happened around that time which seems to have driven out female participation in tech and for whatever reason has only started to be reversed recently.
Katelyn Bowden gives us some much needed education on the current state of revenge porn and keeps on fighting to help dispel myths held by people who have only heard the term in passing or read a single article about it in the paper. The pandemic seems to have led to a rise in non-consensual porn being used to exploit people by criminals looking to make money online now that some other offline sources have become unavailable for them. What used to be a way for ex-partners to feel like they are getting their own back is a fully fledged industry where the person distributing the photos has no relationship with the victim.
To show that cyber crime effects every industry we heard from Mauro Eldritch who shares a story of how he was approached subtly by criminals to help automate and digitize their coyote operations to help them smuggle more people across international borders by providing a fake facade that the person was being persecuted by their government so that they could claim special refuge status to move to another country. the second half of the story shows a very real step by step use of OSINT to help investigate the higher ups in this gang.
The day was closed by Charles Henderson with a look at what has changed for security teams now that so many people are working from home compared to the start of the year. 52% of staff in one survey claim to be using their own private equipent to carry out corporate work. With this much new hardware with varying levels of security tools installed it’s very likely impossible to find a technological solution which would work for everyone.
The third day of Hacker Halted saw talks on slightly more technical topics than the previous days.
The opening speaker Chloe Messdaghi went through the benefits of gamefying training to help build a cyber security team in your organisation in order to create a team who can react quicker to new threats and actually prevent breaches instead of just running through compliance checklists. Ending the talk with some examples of how CTF style events have helped people land jobs was a nice touch to encourage people to take action after the slides had finished.
A more Americanized talk followed from Chris Roberts with a discussion of the dangers of electronic voting systems. While this might mostly affect the USA currently these are points that will likely affect many parts of the world at some point. The biggest danger being that the current voting booths get a F- for security and instead of respecting the cyber security community the vendors behind these booths prefer to divert their money towards lawyers and marketing. I can’t see this being an issue which is going to get resolved until the vendors see that the cyber sec community is on their side.
Annalisa Nash Fernandez spoke to the geography fans regarding how cyber criminals can hide behind geographical borders to hinder law enforcement and aid themselves in crime as a result of two things. One is that laws and agencies are often unable to easily investigate problems once the trail leaves their borders. and Secondly how the culture difference between large parts of the world often means 2 teams working together on a problem are stopped from making progress because they focus on different ways of doing things. A quick run down of what different cultures think of in regards to things such as data privacy highlights the issue that while you may be creating a system which users in one country love another country may see it as moot/trivial.
Last talk of the day allowed Wayne Burke and Kevin Cardwell to give us their wisdom and experience about what they see corporations doing wrong when they visit to take part in an engagement. The main point seems to be companies focusing far too heavily on buying fancy software instead of working on their processes and training staff which results in a large bill for largely ineffectively deployed software. The next part of the talk demonstrates the effectiveness of spending time on misdirecting villains once they have accessed your network. Stopping someone getting in takes a lot of time, but once they are in if they spend 100% of their time getting confused by a honeypot it keeps your data safe for long enough for you to spot the intrusion and kick the bad guys out.
Another great day of talks (Mixed in with some haphazard organisation and time keeping by EC-Council). I’m genuinely impressed with the level of professionalism and effort all the speakers have put into their presentations.
Starting off today was Alyssa Miller with a look at the current deep fake possibilities and a prediction that very soon it will be an issue handed over to cyber security professionals to protect organisations from being tricked by a deep fake of their company CEO. The brilliantly put together talk gives an overview of how generative adversarial networks create the deep fake to the current ways of spotting them, showing that researchers are in a very tricky situation whereby whenever they discover and publish a method for spotting deep fakes the creators instantly know which parts to improve.
Joe Gray gave us an overview of which metrics he thinks are important to focus on when running phishing simulations at an organisation and how to read the data in a way which allows you to create training plans for your users. Highlighting the need to make sure users feel comfortable telling you if they have messed up and how by using punishments for clicking on phishing e-mails you are hindering your own efforts at protecting the company.
Bryson Payne gave us a demonstration of how to reverse engineer software, starting from a beginners introduction to changing individual values in a game (Solitaire) through to a more technical example of how it’s possible to reverse engineer ransomware to extract the decryption keys. If you are new to software analysis or reverse engineering and not sure where to start this presentation will give you lots of resources including freeware tools to help you get started.
For beginners asking the first questions about how to get into pentesting the presentation by Phillip Wyle is for you. It starts off with some general descriptions and definitions of pen testing roles before getting into some very useful lists of resources such as books, websites, CTFS events and tools to help you start learning. Phillip’s career is focused on creating the next generation of pen testers so following his advice can’t be a bad idea.
As before, if you missed any of the event game codes they can be found on this page: https://urbansecurityresearch.com/2020/10/19/hacker-halted-2020-event-game-codes/
Hacker Halted day 1 is over and provided several very informative and entertaining speakers. The event itself by EC-Council had a few technical hiccups along the way but as this was probably put together at the last minute as an online conference instead of a face to face event and is free I think we need to be a little bit more lenient with the organisers and give them a bit of time to smooth everything out.
Jenny Radcliffe started us off with a presentation about how social engineers have been taking advantage of Covid19 by scamming people with fake tests, fake cures and trying to cheat the government relief schemes out of money before they have had a time to tighten up their security. Using peoples fear of the situation as leverage to make as much money as possible before the other bad actors get there. One key point is that while some of these scams may seem obvious to us, many are not and just because someone has fallen victim to a scam does not make them dumb. Labeling scam victims as the weakest link can end up being counter productive as it sets up a white hat vs user mentality when it should be a white hat + user vs black hat one.
Marcelle Lee followed up with a look into how she got into a career in cyber from unrelated jobs and what types of activities are undertaken on a day to day basis. A good talk for anyone not working in cyber currently to give an idea as to one of the potential roles. Marcelle works in the intelligence gathering/sharing side so the majority of the talk covered sources for finding out the latest cyber security related news and what the current threats are, including a discussion on the evolution of ransomware into name and shame ransomware where the files are exfiltrated out to be used for blackmail before the victims machines are encrypted.
Antonio Rucci was next with a talk about ransomware using real world examples instead of just theory, Highlighting ransomware which demands payment within 24 hours being a sign of an amateur attacker as more experienced criminals would know it takes far longer than that for a typical victim to setup a crypto currency wallet and transfer money into it. One point which stuck out was that from his experience 90-95% of ransom payments resulted in the data being unencrypted and sent back to the victim as promised. Which goes against what I had previously assumed that it was far more of a gamble and the bad guys were just as likely to drop contact.
After that came the very passionate Jake Williams who highlighted the need to communicate well with people from all walks of life, specifically the ones paying the bill for cyber security services. This topic does tend to come up at least once or twice in most conferences but the talk delivered by Jake came with far more practical examples than I’ve seen before. Such as suggested analogies to help explain security concepts to people who may not have come across concepts such as defense in depth or baselining before.
Overall a very fun first day, it is very obvious that each presenter is an expert in their field and put a large amount of effort into their talks. For us to be able to enjoy them for free is a bargain.
If anyone msised any of the codes from these talks for the event game I’ve created a seperate page to list them all:
This years Hacker halted comes with a mini game in the form of codes which you can find by watching all the presentations and visiting sponsors. There seemed to be a lot of “technical” issues with these codes with lots of people not being able to see them even if they had watched the entire talk by a speaker.
To help those people out I’ll use this page to collect a list of each of the codes against their name in the event game page
The Witchball and the Tribe – WITCHBALLTRIBE
A day in the life – DAYINTHELIFE
When they hit your NAS – FORENSICATINGRANSOMWARE
Communicating Cybersecurity – JWILLI
Memory evidence collection – AUTOMATINGDISK
Reality lost – DEEPFAKECHANGINGTHEFACE
Social engineering your metrics – USINGDATASCIENCE
Информационные контрмеры – MAINTAININGDEMOCRACY
Hacking Solitaire – WRESTLINGRANSOMWARE
Pentester blueprint- BECOMINGAPENTESTER
Hacker Hippocampus – MEETYOURBRAIN
Hack The Vote! – HILLBILLYHITSQUAD
geopolitics – DECODETHECULTURE
sibling rivalry – MICROFOCUS
tactics of deception – WAYNEANDKEVIN
Turbulence – HYPASEC
From infowar to IOT – WINNING
Anatomical warface – BADASS
American Coyataje – ACME
Misconceptions of Open Source – OSINT
Threat Hunting – HANDS-ONEXPERIENCE
MITRE ATT&CK – ACTIONABLEATT&CK
Say My Name – RANSOMGAME
These are easily found on the page of each sponsor within the socio app ***You do not need to visit any of the links provided to find the codes*** They should be present in the brief description of each sponsor in all caps.
Due to Covid-19 the EC-Council have decided to make this years Hacker Halted conference an online affair and lowered the cost of basic entry to 0. The event is in it’s 14th year and looking through past events it looks to be a classic collection of guest speakers covering a wide array of cyber security topics. From the technical sides of offensive and defensive cyber security to the “softer” topics of hacking people and getting more people interested in careers in cyber.
EC-Council make their money by selling training certs so this event is likely going to be heavily aimed at getting people interested enough in Cyber to buy one of their courses but as long as the talks deliver some interesting knowledge before trying to sell anything I don’t see a problem with it.
If anyone wants to register you still have a few days to visit their site :https://www.hackerhalted.com/registration/
Once registered you should receive an e-mail with instructions on how to download the Hacker Halted app which currently has details of confirmed speakers and various games which will start once the event goes live (Although currently the games seem to simply involve watching and reading all the content from the conference) Including an interesting version of Jeopardy which appears to award points for getting drunk while playing.
The Agenda looks fairly busy with enough talks to keep most people busy if they are also working full time jobs and trying to view this in between meetings or after work. A lot of the scheduled slots are replays of previous talks so if you needed to stream something live you may be able fit it into your life. Or if you want to watch everything as it is released you should be very comfortably able to get through everything with the length of breaks in between each event.