Jenny Radcliffe - hacker halted 2020

Hacker Halted 2020 – Day 1

Hacker Halted day 1 is over and provided several very informative and entertaining speakers. The event itself by EC-Council had a few technical hiccups along the way but as this was probably put together at the last minute as an online conference instead of a face to face event and is free I think we need to be a little bit more lenient with the organisers and give them a bit of time to smooth everything out.

Jenny Radcliffe started us off with a presentation about how social engineers have been taking advantage of Covid19 by scamming people with fake tests, fake cures and trying to cheat the government relief schemes out of money before they have had a time to tighten up their security. Using peoples fear of the situation as leverage to make as much money as possible before the other bad actors get there. One key point is that while some of these scams may seem obvious to us, many are not and just because someone has fallen victim to a scam does not make them dumb. Labeling scam victims as the weakest link can end up being counter productive as it sets up a white hat vs user mentality when it should be a white hat + user vs black hat one.

Marcelle Lee followed up with a look into how she got into a career in cyber from unrelated jobs and what types of activities are undertaken on a day to day basis. A good talk for anyone not working in cyber currently to give an idea as to one of the potential roles. Marcelle works in the intelligence gathering/sharing side so the majority of the talk covered sources for finding out the latest cyber security related news and what the current threats are, including a discussion on the evolution of ransomware into name and shame ransomware where the files are exfiltrated out to be used for blackmail before the victims machines are encrypted.

Antonio Rucci was next with a talk about ransomware using real world examples instead of just theory, Highlighting ransomware which demands payment within 24 hours being a sign of an amateur attacker as more experienced criminals would know it takes far longer than that for a typical victim to setup a crypto currency wallet and transfer money into it. One point which stuck out was that from his experience 90-95% of ransom payments resulted in the data being unencrypted and sent back to the victim as promised. Which goes against what I had previously assumed that it was far more of a gamble and the bad guys were just as likely to drop contact.

After that came the very passionate Jake Williams who highlighted the need to communicate well with people from all walks of life, specifically the ones paying the bill for cyber security services. This topic does tend to come up at least once or twice in most conferences but the talk delivered by Jake came with far more practical examples than I’ve seen before. Such as suggested analogies to help explain security concepts to people who may not have come across concepts such as defense in depth or baselining before.

Overall a very fun first day, it is very obvious that each presenter is an expert in their field and put a large amount of effort into their talks. For us to be able to enjoy them for free is a bargain.

Game Event

If anyone msised any of the codes from these talks for the event game I’ve created a seperate page to list them all:

https://urbansecurityresearch.com/2020/10/19/hacker-halted-2020-event-game-codes/

Hacker halted 2020 event game

Hacker Halted 2020 event game codes

This years Hacker halted comes with a mini game in the form of codes which you can find by watching all the presentations and visiting sponsors. There seemed to be a lot of “technical” issues with these codes with lots of people not being able to see them even if they had watched the entire talk by a speaker.

To help those people out I’ll use this page to collect a list of each of the codes against their name in the event game page

DAY 1

The Witchball and the Tribe – WITCHBALLTRIBE
A day in the life – DAYINTHELIFE
When they hit your NAS – FORENSICATINGRANSOMWARE
Communicating Cybersecurity – JWILLI
Memory evidence collection – AUTOMATINGDISK

Day 2

Reality lost – DEEPFAKECHANGINGTHEFACE
Social engineering your metrics – USINGDATASCIENCE
Информационные контрмеры – MAINTAININGDEMOCRACY
Hacking Solitaire – WRESTLINGRANSOMWARE
Pentester blueprint- BECOMINGAPENTESTER

Day 3

Hacker Hippocampus – MEETYOURBRAIN
Hack The Vote! – HILLBILLYHITSQUAD
geopolitics – DECODETHECULTURE
sibling rivalry – MICROFOCUS
tactics of deception – WAYNEANDKEVIN

Day 4

Turbulence – HYPASEC
From infowar to IOT – WINNING
Anatomical warface – BADASS
American Coyataje – ACME

Day 5

Misconceptions of Open Source – OSINT
Threat Hunting – HANDS-ONEXPERIENCE
MITRE ATT&CK – ACTIONABLEATT&CK
Say My Name – RANSOMGAME

SPONSORS CODES:

These are easily found on the page of each sponsor within the socio app ***You do not need to visit any of the links provided to find the codes*** They should be present in the brief description of each sponsor in all caps.