"If you're sitting in the front row beware your eyebrows. Apparently they're not 'pyrotechnics' they're 'flame-fans'"
@Metlstorm

#Kiwicon

Interpretive dancing from @Metlstorm

#Kiwicon

Now its @mjg59 talking about what fun you can have with electric scooters!

#Kiwicon

"One of the things I leaned from @kiwicon is to not make videos of doing crimes"

#Kiwicon @mjg59

"Does anyone here work for Lime? You HAVE to tell me, it's the law."

#Kiwicon @mjg59

"IoT devices are just terrible. I can talk about other things, I just don't"

#Kiwicon @mjg59

How do you make a *good* escooter?

#Kiwicon @mjg59

But a good scooter needs to be able to be stood on.

#Kiwicon @mjg59

Escooters are big business!

How? Why?

I'm not a VC. I don't understand money.

#Kiwicon @mjg59

All the manufacturing is now complicated.

#Kiwicon @mjg59

Scooter fires are bad.

Very very not good.

#Kiwicon @mjg59

How do I APK to get your neato scooter app?

Something with class files and magic.

#Kiwicon @mjg59

Jadx is fucking black magic.

I'm a biologist. I don't know why they keep letting me on stage.

#Kiwicon @mjg59

So what's the point?

Do crimes.

(Don't do crimes)

@mjg59 would like to reinforce that he never does crimes. OH no. Definitely not.

#Kiwicon @mjg59

Definitely not crime-ing. But... What if we Man in the Middle it?

Hard way?

Easy way?

#Kiwicon @mjg59

What do you call a scooter app in Paris?

#Kiwicon @mjg59

By watching where scooters disappear & reappear we can see where people are moving around.

#Kiwicon @mjg59

Can we track Lime scooters via API?

Perhaps!

Oh no! They added rate limiting.

#Kiwicon @mjg59

Limes everywhere! About 250k of them deployed. You watch them in transit from the factory.

#Kiwicon @mjg59

What could possibly go wrong?

#Kiwicon @mjg59

You start tracking where people are working and going. There are lots of these in DC...

But... You came here for mad hacks

#Kiwicon @mjg59

What if we bought awful scooters online and made a terrible app?

Then you invented Spin and just sold for $200 mil

#Kiwicon @mjg59

If you send this code to any Spin scooter it will unlock, but not inform the server.

Don't do that. It's probably illegal.

#Kiwicon @mjg59

What is the moral?

Capitalism is bad.

Or maybe it's good.

#Kiwicon @mjg59

Now listening to Jon from FireEye talking about VMProtect Clones

#Kiwicon

What is VMProtect?

It does lots of things. Packer, mutator, many things.

#Kiwicon

Stack based virtual machine?

#Kiwicon

Oooh! Pretty lights & pictures!

#Kiwicon

Background?

I have no idea what any of this means.

#Kiwicon

Jon's favourite movie is back to the future.

#Kiwicon

Do the VMing and the coding.

#Kiwicon

Also disassemble things?

#Kiwicon

Remember to optimise your dissemblers, folks.

#Kiwicon

I spy a @gnat

#Kiwicon

Target the program. Yes. Good. Good.

#Kiwicon

Cloning is hard.

#Kiwicon

Key Takeaways:

#Kiwicon

Jeebus. That handle, Jon @2130706433

#Kiwicon

Break time!

#Kiwicon

These seem normal.
#Kiwicon

Why can't I haz @kiwicon?!
#Kiwicon

Its @attacus_au up next.

Fuck yeah!

#Kiwicon

WTF happened to this poor llama?!

I blame @bogan.

#Kiwicon

"Apathy and Arsenic: a Victoria Era lesson on fighting the surveillance state"

#Kiwicon @attacus_au

And @Metlstorm struts back onto the stage.

#Kiwicon

You might remember @attacus_au from that talk where she ranks about history. Or privacy. Or both.

#Kiwicon @attacus_au

We're talking about Arsenic. Very cheap waste product.

Super poisonous. But in makeup! Colour pigments! And rat poison.

#Kiwicon @attacus_au

And arsenic in wallpaper!

People would go to the seaside to feel better. And they did. Because no arsenic!

#Kiwicon @attacus_au

Arsenic was known as "inheritance powder" - tasteless! You could bake it into a cake or stir it into tea!

#Kiwicon @attacus_au

Privacy is a bit like arsenic - we all agree it's important to deal with the issue, but they're so ubiquitous that it's hard to care.

#Kiwicon @attacus_au

Privacy & arsenic also impact different people differently. So you might care less if you feel it does affect you. But others may have a different reaction.

#Kiwicon @attacus_au

Oooh! Sneaky hacker emails pretending to email you from your own address. Look at that internet content you've been looking at!

Sextortion emails with real passwords from old data dumps.

Trying to scam folks out of money.

They've gotten nearly $1mil NZD!

#Kiwicon @attacus_au

Wait, Office365 has been sending spelling/grammer check string back to HQ?
😠

#Kiwicon @attacus_au

"Peak Indifference" = when the most people give the least fucks

#Kiwicon @attacus_au

We've hit the peak indifference for privacy - we're talking more about it.

Greater sentiment of mistrust or distrust of how data is being used.

#Kiwicon @attacus_au

How do we keep up with the momentum of people caring about privacy?

We need more awareness to drive resistance to the problem.

#Kiwicon @attacus_au

How did they handle this with arsenic?

They developed a test for arsenic. Now producers had to clean up their act because people could find out they were putting arsenic in their products!

#Kiwicon @attacus_au

England, to this day, hasn't actually banned the use of arsenic in wallpaper.

But other countries did. And the public wanted non arsenic products. So they moved on.

#Kiwicon @attacus_au

The creation affordable of arsenic-free alternatives meant that market forces basically pushed arsenic out of the market. Soon you couldn't buy arsenic wallpaper or pigments even if you wanted.

#Kiwicon @attacus_au

We're pressuring companies in a thousand ways to enable privacy. What are we missing?

Time. We need to keep pushing and keep moving forward.

#Kiwicon @attacus_au

What we need to keep doing?

#Kiwicon @attacus_au

We need to keep enabling accessible alternatives.

Not everyone needs to be a leader.

#Kiwicon @attacus_au

Push back against the power structures in order to elicit change.

Keep the pressure on.

#Kiwicon @attacus_au

Don't be afraid to care.

Optimism isn't cool, but we need it so bad! We need that energy and drive to keep moving forward.

#Kiwicon @attacus_au

Thanks @attacus_au!

Awesome talk!

#Kiwicon

Now we're learning about hacking Ethereum smart contracts in the most lazy way possible.

#Kiwicon

WTF are smart contracts?

#Kiwicon

This couldn't be exploited right? RIGHT?

#Kiwicon

Is it theft? Or is it just using the features of the contract.

#Kiwicon

Something something. Now I have all your money.

#Kiwicon

All code is easy to fuck up.

When you put code in control of millions of dollars it REALLY matters when it fucks up.

#Kiwicon

How do we combat this?

#Kiwicon

How do I haxor the Ethereum?

Keep in mind, I'm very lazy.

#Kiwicon

Symbolic execution?

Blah blah blah blah blah. Wikipedia.

#Kiwicon

More symbolic execution

#Kiwicon

A definition of theft.

Amazingly it's the same definition for profit!

#Kiwicon

Practicalities. Finally! A use for math!

#Kiwicon

Z3: the one good thing to come out of Microsoft.

#Kiwicon

So he built Moriarty. A VM for breaking Smart Contracts.

#Kiwicon

Prizes! Prizes! Prizes!

#Kiwicon

Live demo time!

Looking at $2 billion in Smart Contracts. 😱

#Kiwicon

Exploit synthesis

Maximise prizes & automate.

#Kiwicon

Something changed on the screen. Then everyone clapped.

No idea why. I don't know maths.

#Kiwicon

This is going well.

#Kiwicon

Moriarty optimisation.

Moar fidelities.

#Kiwicon

And... Now the computer died.

#Kiwicon

Interesting talk. But these drunk stories are fuckin awful.

#Kiwicon

Now its @syngularity0!

He's bad at computer but good at accidentally meeting Bill Murray.

#Kiwicon

Now talking about why you should work with Red Teams with @syngularity0

#Kiwicon

A slide for the normal folks in the audience.

#Kiwicon

🎶 Its a circle of... Red Teaming! 🎶

#Kiwicon @syngularity0

Story time.

Its all fake. Probably.

#Kiwicon @syngularity0

You should all make LinkedIn profiles!

They make attackers' lives super easy!

#Kiwicon @syngularity0

Now what?

Train yourself to think like a red team so you can figure out how to counter them.

#Kiwicon @syngularity0

"You're probably thinking I'm a terrible person. And I am. But you're stuck here with me!"

#Kiwicon @syngularity0

Thanks @syngularity0!

#Kiwicon

Thanks @Metlstorm @kiwicon for acknowledging the issues.

Looking forward to a resolution.

#Kiwicon

Full @kiwicon 2038 Day 1 opening drama!

Enjoy #Kiwicon!

This beer is 👌

Good job @Northendbrewing!

#Kiwicon

#Kiwicon peeps!

This is what I look like! (although you probably already know)

Feel free to say hi if you see me around. I love Twitter peeps.

Now up, Boyd talking about lessons from game consoles and the coming security apocalypse.

#Kiwicon

How is our threat model different with game consoles than normal devices?

With normal devices we're defending the user from an attacker.

In game consoles the attackers usually ARE the users!

#Kiwicon

Why would you want to attack your own game console?

To make it do shit they didn't intend.

#Kiwicon

If you don't have physical security, you can't trust any local storage.

#Kiwicon

You can't trust remote drives.

#Kiwicon

Or... You can glitch the registers, caches, memory...

#Kiwicon

For XBox One they were a bit wiser about building it securely.

But... What about the drivers?

#Kiwicon

Which leads us to the coming security apocalypse.

#Kiwicon

So... We can't trust basically any hardware.

#Kiwicon

The way we currently build software isn't viable for the coming apocalypse.

#Kiwicon

How do we fix this?

Become really familiar with FPGAs. Need security co-processors that handle all secure data/computations.

Also PUFs - physical unvunerable functions

#Kiwicon

Wow, now talking about how manufacturing transistors has measurable quantum effects and you can use that an additional input to verify physical integrity.

#Kiwicon

How do we protect from the software side?

Micro-kernel designs

Isolate as much as possible

#Kiwicon

Boyd just moved to New Zealand!

They chose this place because he thinks NZ is the best place to build systems for a global market.

He wants to move from gaming consoles to solving problems for IT.

#Kiwicon

Thanks Boyd!

#Kiwicon

Now @mubix is talking about living w/o the land attacking AD with Linux

#Kiwicon

Awww!
#Kiwicon @mubix

What is living on the land?

Powershell!

#Kiwicon @mubix

But Powershell is all logged now! Bad for attackers.

#Kiwicon @mubix

What happens if you don't have a domain joined machine?

#Kiwicon @mubix

So @mubix was scripting ldap stuff and then...

@Metlstorm shows up. Implies @kiwicon lives!

Maybe he should submit a talk on his tooling!

#Kiwicon @mubix

But somebody already built a similar tool called ADRecon, but in Powershell.

#Kiwicon @mubix

Maybe it's not the end of the world...

#Kiwicon @mubix

*Begin angry hacking*

#Kiwicon @mubix

What is LDAP?

#Kiwicon @mubix

LDAP vs Active Directory
😂😂😂😂

#Kiwicon @mubix

What about Active Directory?

#Kiwicon @mubix

Simple LDAP for AD

#Kiwicon @mubix

This is all making @mubix old.

#Kiwicon @mubix

What kinda info can you pull?

Sweet jeebus! SOO much!

#Kiwicon @mubix

Basically no info on how to parse this data.

#Kiwicon @mubix

Time to give up?

#Kiwicon @mubix

What can you edit with LDAP?

#Kiwicon @mubix

What if we make every computer on the domain a domain controller.

And... It broke everything. Nobody can log in. 😑

#Kiwicon @mubix

What are we setting here?

Encrypted_Text_Password_Allowed

Saves encrypted passwords in AD. Where you can grab & decrypt them!

#Kiwicon @mubix

Here is how you set that attribute.

#Kiwicon @mubix

Other things to edit:

The social attacks are particularly good.

Phone to auto intercept SMS 2FA.

Managers - set yourself as a manager for that user to get automated reports about them integrated systems

#Kiwicon @mubix

LDAP-WAT - the windows attack toolkit that @mubix is building

#Kiwicon @mubix

Now entering... The Watican!

#Kiwicon @mubix

LDAP-WAT functions:

#Kiwicon @mubix

A gesticulating @mubix
#Kiwicon

Oh, we're haxoring now!

#Kiwicon @mubix

This is where things get interesting...

#Kiwicon @mubix

If you add a computer to the domain using LDAP you can specify a bunch of attributes. Including... That its a domain controller!

You can do this with any domain user account.

😱

#Kiwicon @mubix

This is going well.

#Kiwicon @mubix

Now... @mubix has to kill us all.

Well. This is awkward.

#Kiwicon

Thanks @mubix!

You're awesome!

#Kiwicon

Now @libNex & @claudiocontin are talking about Ghosts in the Browser: Backdooring the Service Workers

#Kiwicon

What is a service worker?

#Kiwicon @libNex @claudiocontin

Let's register a malicious service worker in browser

#Kiwicon @libNex @claudiocontin

What does this service worker get us?

#Kiwicon @libNex @claudiocontin

This is also the way I dress when hacking.

#Kiwicon @libNex @claudiocontin

Exploiting XSS with service worker

#Kiwicon @libNex @claudiocontin

We can also use Fetch events

#Kiwicon @libNex @claudiocontin

How to mitigate:

#Kiwicon @libNex @claudiocontin

Service Workers outlive XSS

#Kiwicon @libNex @claudiocontin

They made a browser extension to block malicious service workers!

#Kiwicon @libNex @claudiocontin

Thanks folks!

#Kiwicon @libNex @claudiocontin

So apparently this next talk will have some upsetting content around non-consensual sex. I'll be trying to exercise discretion but it can be tough while quickly tweeting.

I'll add the tag #TW to my tweets on this talk so folks can mute that hashtag

#Kiwicon @Zemmiph0bia

Who is @Zemmiph0bia?

#Kiwicon @Zemmiph0bia #TW

We all love or hate technology. But we all want to make it better.

#Kiwicon @Zemmiph0bia #TW

First attempt to regulate porn on the intenet.

Got overturned

#Kiwicon @Zemmiph0bia #TW

And...

#Kiwicon @Zemmiph0bia #TW

Until this. The Fight Online Sex Trafficking Act. Because they're using it to also prosecute & shut down tools used by consenting sex workers.

#Kiwicon @Zemmiph0bia #TW

Since its implementation, homicides of sex workers is up over 17%

#Kiwicon @Zemmiph0bia #TW

Love it.

#Kiwicon @Zemmiph0bia #TW

So they're building Switter - a safe place for consenting sex workers

#Kiwicon @Zemmiph0bia #TW

So @Cloudflare shut down their account.

WTF CloudFlare?

#Kiwicon @Zemmiph0bia #TW

I want to believe that we can be better.

We have to be better.

We built this shit. We have to fix it.

#Kiwicon @Zemmiph0bia #TW

Fucking excellent @Zemmiph0bia.

Thank you.

#Kiwicon

Next up: DHCP is hard with Felix

#Kiwicon

YAS Pyro!
@kiwicon #Kiwicon

🔥🔥🔥🔥🔥
#Kiwicon @kiwicon

Also. Here's the @kiwicon schedule remote peeps
#Kiwicon

So @Metlstorm is just touched we enjoy his mixed tape

#Kiwicon

Now Felix from Google is going to tell us why DHCP is hard

#Kiwicon

This will be a story of 5 bugs

#Kiwicon

What is DHCP?

A really old protocol for assigning IP addresses.

#Kiwicon

Why is DHCP an interesting target?

#Kiwicon

DHCP is all about options.

#Kiwicon

So. Many. Options.

#Kiwicon

Let's look at some code and bugs!

Looks in the DHCP packet, removes the option length, then does some other stuff that leads to memory corruption.

#Kiwicon

What can we find with more widely used implementations?

Lets look at ISC DHCP

#Kiwicon

Parsing the option buffer.

How does this affect the rev count?

What about the option length?

#Kiwicon

How do we attack this?

We've got a few options:

#Kiwicon

Let's take a look at the architecture.

#Kiwicon

We have a "pretty print option" that makes things human readable

Maybe the XXX comment means some developer already thought this was a bad idea

#Kiwicon

And... Here is the real architecture

#Kiwicon

Someone tried to solve this problem. Uhhh. Not well.

#Kiwicon

I'm enjoying the gesticulating.

#Kiwicon

Uuuuuuuuhhhhhh. 😬

#Kiwicon

You can use this to own every Red Hat system for the last 5 years.

Awesome.

#Kiwicon

But now we've replaced network manager with networkd

#Kiwicon

So now we're bug free right? RIGHT? 👀

#Kiwicon

But nobody uses DHCPv6 right? RIGHT? 👀

#Kiwicon

DHCP looks easy but is actually super hard. Nobody looks at it so there are lots of bugs left.

Nobody uses DHCPv6 but everyone supports it. 🙄

#Kiwicon

Thanks Felix!

#Kiwicon

Now @LittleJoeTables @IAmMandatory are getting buzzed with buzzwords in the cloud.

#Kiwicon

They both have high school diplomas. Well done?

#Kiwicon @IAmMandatory @LittleJoeTables

Let's get some VC funding!

Firs buy some escooters... Wait soz. Wrong talk. @mjg59

#Kiwicon @IAmMandatory @LittleJoeTables

I guess we could use Burp Intruder

#Kiwicon @IAmMandatory @LittleJoeTables

But... It's not web scale...

#Kiwicon @IAmMandatory @LittleJoeTables

Let's scale this beast up with lambdas!

#Kiwicon @IAmMandatory @LittleJoeTables

Oh dear.

#Kiwicon @IAmMandatory @LittleJoeTables

This is going well.

#Kiwicon @IAmMandatory @LittleJoeTables

Slightly stressful. Hitting limits?

#Kiwicon @IAmMandatory @LittleJoeTables

Infinitely scalable with money, yay capitalism!

Github report available

#Kiwicon @IAmMandatory @LittleJoeTables

Now, rainbow tables

Basically a table of pre reversed password hashes

#Kiwicon @IAmMandatory @LittleJoeTables

Where can we store a big rainbow table?

Just a few hundred million rows.

SQL?

MongoDB - snapchat for databases?

Nah, well use Big Query. Its... "Web Scale"

#Kiwicon @IAmMandatory @LittleJoeTables

Sweet baby cheeses!

Amazingly cheap and FAST.

#Kiwicon @IAmMandatory @LittleJoeTables

They've optimised this and plugged it all together with the lambdas into: "Big Rainbow" 🌈

#Kiwicon @IAmMandatory @LittleJoeTables

You can grab it all here for... Uh... "Research"

#Kiwicon @IAmMandatory @LittleJoeTables

But... What if we need a lot of auto scaling GPU power?

#Kiwicon @IAmMandatory @LittleJoeTables

We don't want traditional GPU clusters

#Kiwicon @IAmMandatory @LittleJoeTables

😂

#Kiwicon @IAmMandatory @LittleJoeTables

What services will we use?

#Kiwicon @IAmMandatory @LittleJoeTables

This. This is what you want to config the spot instances.

#Kiwicon @IAmMandatory @LittleJoeTables

Using Hash Cat as the GPU cracker.

#Kiwicon @IAmMandatory @LittleJoeTables

Architecture of the GPU cluster.

#Kiwicon @IAmMandatory @LittleJoeTables

Code isn't public yet, but is coming soon!

#Kiwicon @IAmMandatory @LittleJoeTables

And... Untwister. Another tool!

#Kiwicon @IAmMandatory @LittleJoeTables

We can also distribute this across an autoscale group again. Incredibly fast.

#Kiwicon @IAmMandatory @LittleJoeTables

Code will be available here:

#Kiwicon @IAmMandatory @LittleJoeTables

Yay, @xkcdComic!

#Kiwicon @IAmMandatory @LittleJoeTables

Thanks @0xkitty for the slide design!

#Kiwicon @IAmMandatory @LittleJoeTables

Now its "The Bruce"

#Kiwicon

Its @Metlstorm introducing Bruce Schneier
#Kiwicon

We're not just working with internet security these days. Everything has a computer. We need to worry about everything.

#Kiwicon

You can't limit the functionality of computerised systems. They're infinitely extensible.

When you install malware on a system you're just adding features

#Kiwicon

There are new vulnerabilities in interconnects.

As we connect things here things become vulnerable there.

#Kiwicon

Hackers stole a Vegas Casio's high roller database got hacked.

They got in via the internet connected fish tank. 😱

#Kiwicon

We're improving security every year, but complexity is increasing faster.

Its outrunning us.

#Kiwicon

Attacks are getting easier better faster.

Attackers adapt and get smarter.

This is where we get arms races.

Expertise flows down hill. Today's NSA exploits are tomorrow's normal attacks.

#Kiwicon

Bruce is not impressed with the promiscuity of cell networks.

#Kiwicon

Bruce isn't as worried about the hacks that impact privacy (although it's important). But technology is so critical now. What about attacks that actually threaten life and property.

#Kiwicon

Some of our long-standing security paradigm are failing

- Patching - we have teams of people who are agile about fixing issues we know will exist.

This does exist for embedded systems. A lot of these devices have no means of patching, or anyone issuing patches.

#Kiwicon

So we patch embedded systems by replacing it.

How often do you replace your car?
Your refrigerator?
Your thermostat?

We have no idea how to secure 30 year old software.

#Kiwicon

You might have a DVR ay home that's part of a botnet.

You don't know, and you probably don't care.

#Kiwicon

Second thing failing is authentication.

Passwords are terrible. And almost all backup authentication is much worse than the primary authentication.

We'll see the rise of thing to thing authentication. They will authenticate to each other without people involved.

#Kiwicon

If I have 100 IoT devices in my orbit that's 10,000 authentications.

You're not going to manually set up 10k authentication.

It works now for 10-25 things.

Doesn't work at scale.

#Kiwicon

Supply chain is a disaster.

Its always been a disaster but it's becoming impossible to ignore.

#kiwicon

Should we trust the technology made by other countries?

Kaspersky and Huawei are just the tip of the iceberg.

Who is making the chips? Who is writing the firmware?

#Kiwicon

We have to trust the distribution methods.

We have to trust the update mechanism.

We have to trust the shipping mechanism.

How do we validate this stuff?

#Kiwicon

Jeebus. This is going to a dark dark place.

#Kiwicon

Bruce thinks China putting a backdoors chip on server boards is probably fake. BUT IT'S IMPOSSIBLE TO KNOW.

You can't trust anybody, but we have to trust everybody.

#Kiwicon

We've been ok with an unregulated tech space because it didn't matter. Now it does.

Bruce thinks this is a policy problem. We need to use law to subvert tech.

#Kiwicon

Bruce has been reading a book called: "Click Here to Kill Everybody"

Goes over well in airports.

#Kiwicon

Defence has to matter.

We all use the same stuff.

Either everyone gets security or nobody gets security.

Wr can't have security, but deny it to our adversaries. We're all too interrelated now.

#Kiwicon

As we are building systems that are more critical. It's IMPERATIVE that we make them secure.

#Kiwicon

We need to build for resilience. Defence in depth, compartmentalisation, etc.

Can we have a things monitoring other things.

#Kiwicon

Computers are already moving into areas that are highly regulated

We NEED sensible policy. The risks are too great and the stakes are too high

Your choice is no longer between gov intervention or no intervention. It's between smart gov intervention or dumb intervention
#Kiwicon

Economics doesn't favour security. It fails insecurity.

Equifax learned: skip security, hope nothing bad happens, if it does then weather the storm & continue on.

We need regulation to add real cost if you don't take security seriously. Otherwise why would it change?

#Kiwicon

States are leading the way for regulating security & tech in the USA. The federal gov is doing nothing.

The EU is looking this way.

#Kiwicon

If you buy a car in Mexico it'll be tuned differently than the US.

Software isn't that way. Tends to be write once, sell everywhere.

So if one jurisdiction forces security, it'll be rolled to everyone

#Kiwicon

There is no economic incentive for security now. So we need to force it.

#Kiwicon

We need to get involved in policy. Currently technologists and policy makers are talking past each other. Policy makers don't have any idea how technology works.

We NEED to get involved. We have knowledge & expertise that NEEDS to be reflected in policy.

#Kiwicon

Our knowledge has broad applications on the problems we'll face in the future.

Global warming, the future of work, automation, these all have massive tech components

#Kiwicon

How much of our lives should be governed by technology and under what rules? We NEED to be leading those decisions.

#Kiwicon

Fucking hell. Intense talk by Bruce.

Tried to capture as much as I could. Hope the themes came through!

#Kiwicon

Now @Metlstorm is apologising for the exorbitant price of the @kiwicon beer.

#Kiwicon

Ending @kiwicon day 1 with MOAR FIRE

#Kiwicon

🔥🔥🔥🔥🔥
#Kiwicon

Here's @kiwicon Day 1 closing!

So much love for the speakers & crue.

See ya tomorrow!



#Kiwicon