Hacker Halted day 1 is over and provided several very informative and entertaining speakers. The event itself by EC-Council had a few technical hiccups along the way but as this was probably put together at the last minute as an online conference instead of a face to face event and is free I think we need to be a little bit more lenient with the organisers and give them a bit of time to smooth everything out.
Jenny Radcliffe started us off with a presentation about how social engineers have been taking advantage of Covid19 by scamming people with fake tests, fake cures and trying to cheat the government relief schemes out of money before they have had a time to tighten up their security. Using peoples fear of the situation as leverage to make as much money as possible before the other bad actors get there. One key point is that while some of these scams may seem obvious to us, many are not and just because someone has fallen victim to a scam does not make them dumb. Labeling scam victims as the weakest link can end up being counter productive as it sets up a white hat vs user mentality when it should be a white hat + user vs black hat one.
Marcelle Lee followed up with a look into how she got into a career in cyber from unrelated jobs and what types of activities are undertaken on a day to day basis. A good talk for anyone not working in cyber currently to give an idea as to one of the potential roles. Marcelle works in the intelligence gathering/sharing side so the majority of the talk covered sources for finding out the latest cyber security related news and what the current threats are, including a discussion on the evolution of ransomware into name and shame ransomware where the files are exfiltrated out to be used for blackmail before the victims machines are encrypted.
Antonio Rucci was next with a talk about ransomware using real world examples instead of just theory, Highlighting ransomware which demands payment within 24 hours being a sign of an amateur attacker as more experienced criminals would know it takes far longer than that for a typical victim to setup a crypto currency wallet and transfer money into it. One point which stuck out was that from his experience 90-95% of ransom payments resulted in the data being unencrypted and sent back to the victim as promised. Which goes against what I had previously assumed that it was far more of a gamble and the bad guys were just as likely to drop contact.
After that came the very passionate Jake Williams who highlighted the need to communicate well with people from all walks of life, specifically the ones paying the bill for cyber security services. This topic does tend to come up at least once or twice in most conferences but the talk delivered by Jake came with far more practical examples than I’ve seen before. Such as suggested analogies to help explain security concepts to people who may not have come across concepts such as defense in depth or baselining before.
Overall a very fun first day, it is very obvious that each presenter is an expert in their field and put a large amount of effort into their talks. For us to be able to enjoy them for free is a bargain.
If anyone msised any of the codes from these talks for the event game I’ve created a seperate page to list them all:
This years Hacker halted comes with a mini game in the form of codes which you can find by watching all the presentations and visiting sponsors. There seemed to be a lot of “technical” issues with these codes with lots of people not being able to see them even if they had watched the entire talk by a speaker.
To help those people out I’ll use this page to collect a list of each of the codes against their name in the event game page
The Witchball and the Tribe – WITCHBALLTRIBE
A day in the life – DAYINTHELIFE
When they hit your NAS – FORENSICATINGRANSOMWARE
Communicating Cybersecurity – JWILLI
Memory evidence collection – AUTOMATINGDISK
Reality lost – DEEPFAKECHANGINGTHEFACE
Social engineering your metrics – USINGDATASCIENCE
Информационные контрмеры – MAINTAININGDEMOCRACY
Hacking Solitaire – WRESTLINGRANSOMWARE
Pentester blueprint- BECOMINGAPENTESTER
Hacker Hippocampus – MEETYOURBRAIN
Hack The Vote! – HILLBILLYHITSQUAD
geopolitics – DECODETHECULTURE
sibling rivalry – MICROFOCUS
tactics of deception – WAYNEANDKEVIN
Turbulence – HYPASEC
From infowar to IOT – WINNING
Anatomical warface – BADASS
American Coyataje – ACME
Misconceptions of Open Source – OSINT
Threat Hunting – HANDS-ONEXPERIENCE
MITRE ATT&CK – ACTIONABLEATT&CK
Say My Name – RANSOMGAME
These are easily found on the page of each sponsor within the socio app ***You do not need to visit any of the links provided to find the codes*** They should be present in the brief description of each sponsor in all caps.
Due to Covid-19 the EC-Council have decided to make this years Hacker Halted conference an online affair and lowered the cost of basic entry to 0. The event is in it’s 14th year and looking through past events it looks to be a classic collection of guest speakers covering a wide array of cyber security topics. From the technical sides of offensive and defensive cyber security to the “softer” topics of hacking people and getting more people interested in careers in cyber.
EC-Council make their money by selling training certs so this event is likely going to be heavily aimed at getting people interested enough in Cyber to buy one of their courses but as long as the talks deliver some interesting knowledge before trying to sell anything I don’t see a problem with it.
If anyone wants to register you still have a few days to visit their site :https://www.hackerhalted.com/registration/
Once registered you should receive an e-mail with instructions on how to download the Hacker Halted app which currently has details of confirmed speakers and various games which will start once the event goes live (Although currently the games seem to simply involve watching and reading all the content from the conference) Including an interesting version of Jeopardy which appears to award points for getting drunk while playing.
The Agenda looks fairly busy with enough talks to keep most people busy if they are also working full time jobs and trying to view this in between meetings or after work. A lot of the scheduled slots are replays of previous talks so if you needed to stream something live you may be able fit it into your life. Or if you want to watch everything as it is released you should be very comfortably able to get through everything with the length of breaks in between each event.