Profile picture
Jason Danner @jpdanner
, 370 tweets, 229 min read Read on Twitter
Ready for #Kiwicon Day 2!

This will be an interesting angle... I blame @rafaelmagu

@kiwicon
I have JUST discovered that the #Kiwicon screens are rear projection.

@kiwicon
Now @Metlstorm is (finally) thanking the sponsors.

Starting with @InternetNZ!

#Kiwicon
Even on a Saturday @kiwicon attracts a full house of hacker to laugh at @Metlstorm's jokes.

#Kiwicon
Now its @kellyxvx talking about how to Appsec without being a Fascist

#Kiwicon
Who is @kellyxvx?

#Kiwicon
Turns out @slack is pretty popular.

Who knew?

#Kiwicon @kellyxvx
Slack today is getting BIG

#Kiwicon @kellyxvx
Slack - the engineering org:

#Kiwicon @kellyxvx
150 deployments today! What could go wrong?

Security weeps.

#Kiwicon @kellyxvx
Ideally the relationship between devs and security should be more like this

#Kiwicon @kellyxvx
Should we implement a security development lifecycle?

Process? Lifecycle? Frightens developers.

#Kiwicon @kellyxvx
Devs often think the security team are the fascists trying to keep them down.

Thanks Orwell

#Kiwicon @kellyxvx
We can fix this.

We're standing on. The shoulders of giants.

#Kiwicon @kellyxvx
We need to implement transparency.

Need visible scope from the outside. Internal conversations create the documentation going forward.

#Kiwicon @kellyxvx
Trust your developers.

Be the bungee cord you want to see in the world.

#Kiwicon @kellyxvx
Develop a culture of empathy.

#Kiwicon @kellyxvx
Develop a culture of trust & collaboration

#Kiwicon @kellyxvx
Implemented a self-service SDL tool

#Kiwicon @kellyxvx
What the SDL tool looks like

#Kiwicon @kellyxvx
Initial risk assessment: terrifying or zen?

#Kiwicon @kellyxvx
Next step is the component survey

#Kiwicon @kellyxvx
Checklists save lives!

They DRASTICALLY improve the likelihood things actually get done.

#Kiwicon @kellyxvx
All these disciplines use checklists.

Doctors using checklists literally saves lives.

#Kiwicon @kellyxvx
Security triage channels use checklists to triage.

Emoji are great to put into processes.

#Kiwicon @kellyxvx
This feeds into prodsec review

#Kiwicon @kellyxvx
Power of Feature Channels.

Can add feedback with full context.

#Kiwicon @kellyxvx
Practice ongoing feedback.

Talk to engineers!

#Kiwicon @kellyxvx
Unsolicited and solicited feedback.

#Kiwicon @kellyxvx
Solicited includes external bug bounties

#Kiwicon @kellyxvx
No, thank YOU @kellyxvx!

#Kiwicon
🔥🔥🔥

#Kiwicon @kellyxvx
Now, how to make cyber defence cool?
By Raimo
#Kiwicon
How do we do cyber exercises?

Everything that works is right.

Everything that doesn't work is wrong.

🤔

#Kiwicon
OOo! A video on a giant cyber attack exercise!

#Kiwicon
Locked Shields is an international live-fire cyber exercise.

#Kiwicon
Very dramatic

#Kiwicon
Created a fake nation to attack/defend.

#Kiwicon
Teams and interactions

#Kiwicon
(Almost) all the teams

#Kiwicon
Holy shit. This is just ONE network one Blue Team was given to defend.

#Kiwicon
The Locked Shields ops centre
#Kiwicon
We need to join our forces.

How can consolidate these systems and make it understandable?

#Kiwicon
Apparently this is "simplified" 🤨

#Kiwicon
Physical representation of visualised electric grid.

#Kiwicon
What are the attack vectors?

#Kiwicon
They implement an ACTUAL 4G mobile network to attack.

#Kiwicon
And a virtualised water purification system.

An oft forgotten critical system

#Kiwicon
Drones?

No, VIRTUAL drones!

#Kiwicon
Business IT is very easy to virtualise.

Special systems are MUCH harder to virtualise and even harder to scale.

#Kiwicon
How do you scale a Tesla?

Just buy physical cars?

How do you scale a jet fighter?!

#Kiwicon
Special systems takeaways

#Kiwicon
A few numbers from Linked Shields 2018

Wow

#Kiwicon
#Kiwicon
Much examination of the fire boxes

#Kiwicon
A rare sighting of a thought @bogan

#Kiwicon
Hasn't the sheep suffered enough?

Protect it from @Viss!

#kiwicon
I hate to admit it, but @Metlstorm's mixtape isn't terrible.

#Kiwicon
All glory to the all-seeing flat-faced @kiwicon alpaca.
#Kiwicon
Now its @xntrik & Dylan getting shells from JavaScript

#Kiwicon
And @kiwicon has helpfully provided them with a self-driving car.
#Kiwicon @xntrik
They're a great fusion of Australian/America ingenuity
#Kiwicon @xntrik
SOOOOO many features being released in browsers.

Toooo many?

#Kiwicon @xntrik
Appsec & Red Teams need to combine forces

#Kiwicon @xntrik
Back in the past, single client were pretty easy to ignore.

There were easier ways to attack.

#Kiwicon
Malware framework changed the game - chain a bunch of minor vulns to achieve the same goal

#Kiwicon @xntrik
Sony breach is good example of a massive breach due to malware framework
#Kiwicon @xntrik
Most organisations stuffer from lobster security fallacy: tough security outside, soft delicious inside.

#Kiwicon @xntrik
Get a foothold and then move laterally in the soft, delicious inside.

#Kiwicon @xntrik
Are client attacks lame? This makes @xntrik very 🔥😡🔥

#Kiwicon @xntrik
Users are more likely to click a link than open an attachment.

How bad could it be?

Bad.

#Kiwicon @xntrik
WebRTC

#Kiwicon @xntrik
Beef's Ping Sweep.

Keeping them ping all nice and tidy.

#Kiwicon @xntrik
BeEF gives you pretty views & port scanning.

#Kiwicon @xntrik
Does same origin policy save us?

Ehhh. No.

#Kiwicon @xntrik
Cross-site Request Forgery has been around for 50 years or so. 🤔

#Kiwicon @xntrik
CSRF attacks against users are broke
CSRF attacks against infrastructure are woke

#Kiwicon @xntrik
What can you do with XSS?

#Kiwicon @xntrik
New frameworks are making XSS go away right? RIGHT?

Nope.

#Kiwicon @xntrik
Reflected XSS can be bad internally.

Really bad.

#Kiwicon @xntrik
Will Same Origin Policy save us?

#Kiwicon @xntrik
BeEF has limitations. What if they close the tab?

#Kiwicon @xntrik
But what if you do recon ahead of time prior to targeting the browser?

#Kiwicon @xntrik
Let's try this using these principles against Netflix!

#Kiwicon @xntrik
Let's look at subdomains of netflix.com

#Kiwicon @xntrik
Some delicious internal domains.

#Kiwicon @xntrik
If you find the open source things in their infrastructure, we can inspect the source to find exploitable bugs!

#Kiwicon @xntrik
Tools running in production are probably also being run locally.

Juicy!

#Kiwicon @xntrik
We can spray looking for Jenkins

#Kiwicon @xntrik
Ping while spraying.

If you find something, after 60 you can target everything that you find up and rebind the DNS

#Kiwicon @xntrik
Almost everything without SSL becomes "external"

#Kiwicon @xntrik
Rebinding scariness

#Kiwicon @xntrik
Can rebind to CNAMEs we find with recon.

#Kiwicon @xntrik
Examples unrelated to Netflix

#Kiwicon @xntrik
A company using review board

#Kiwicon @xntrik
Lots of XSS vulns!

Steal all the source code!

#Kiwicon @xntrik
Let's do this again

#Kiwicon @xntrik
Oooo! No auth by default!

Web bugs allow us to build things internally.

#Kiwicon @xntrik
Malicious code that, if clicked, puts ducks in your environment.

But, from my experience, @duckalini's are very GOOD for infrastructure. So likely an improvement.

#Kiwicon @xntrik
Can't SOP protect us?

Nope.

#Kiwicon @xntrik
Service Workers also exciting!

Can run up to 30 min (!) after tab closure!

#Kiwicon @xntrik
In closing: SECURE YOUR INTERNAL APPS

#Kiwicon @xntrik
Thanks @xntrik and Dylan!

#Kiwicon
Now Wayne talking about his Overwatch Cyber Espionage Tool
#Kiwicon
Wayne is expressing his passion.
#Kiwicon
#Kiwicon
The difference between script kiddies and professionals is merely using tools or building them

#Kiwicon
So many awesome tools. Building one is Wayne's digital Everest.

#Kiwicon
Why does he want to build a Command & Control?

#Kiwicon
C & C wish list:

#Kiwicon
Implant Wish List

#Kiwicon
One day, Wayne decided to do it.

#Kiwicon
So he wrote down the infrastructure sitting at a conference (and not paying attention?)

#Kiwicon
Looking at building the implant Wayne started to wonder if it'd be easier to steal one from the CIA

#Kiwicon
Developing the Command & Control server
Developing the beacon
Developing tasking
#Kiwicon
Communication: what if I use a Java web token? 😂

#Kiwicon
Uh... This is getting a bit complicated.

#Kiwicon
AND system survey

#Kiwicon
First policy document Wayne found interesting.

SOOOO long. Many many do's and don't's

#Kiwicon
WTF was Wayne thinking?

Resulted in pain. Suffering. Agony. More pain.

#Kiwicon
But everytime Wayne tried to compile VS gave him a red line. Fail.

FOR MONTHS

#Kiwicon
Then somebody said: "Have you tried compiling it statically?"

Statically?! WTF! That wasn't in Vault 7!!

#Kiwicon
Now it compiles! Wayne feels like Ironman ignoring Jarvis's warnings on testing new equipment.

Still lots of work to do.

#Kiwicon
Infrastructure deployment.

#Kiwicon
Now... It's Demo Time!

#Kiwicon
Let's hope Wayne made the appropriate sacrifice to the Demo gods.

#Kiwicon
Seems to be going well!

Neat tool!

#Kiwicon
It works!

Woohoo!

#Kiwicon
"If you want to achieve something, just go do it. Don't let anyone hold you back."

#Kiwicon
Pray for my beard #Kiwicon.

May it remain unsinged.
Let there be light.

#Kiwicon
And you may ask yourself: how did I get here?
#Kiwicon
Next up: Tracing the Watchers - Practical Tooling with Paul

#Kiwicon
Here is Paul. Just a person human. No affiliation. 😬
#
#Kiwicon
Oooh! Let's look at listening into some gov radio networks!

#Kiwicon
Mobile unit specs

#Kiwicon
Paul has built a capture network that is distributed around his city.

#Kiwicon
You want an antenna that is good for use without a ground plane

#Kiwicon
The filters you need

#Kiwicon
The brains:
#Kiwicon
How does it all go together?

#Kiwicon
Use only one global navigation as a time!

#Kiwicon
GPS disciplined oscillators

#Kiwicon
The precision we're seeing on the GPS triggers

#Kiwicon
Alternative approaches

#Kiwicon
Difficulties in capturing samples.

#Kiwicon
How to avoid dropped packets

Some USB3 chipsets just don't work

#Kiwicon
Radio config

#Kiwicon
File conversion
#Kiwicon
We've captured some samples, what do we do with them?

#Kiwicon
Signal detection
#Kiwicon
GNU radio doesn't support loops

#Kiwicon
Once we have our samples, use frequency detection

#Kiwicon
Frequency detection

#Kiwicon
Centre and demodulate signal
#Kiwicon
Moar demodulation
#Kiwicon
Now we line up the samples we've got
#Kiwicon
Other exciting techniques
#Kiwicon
What the data looks like:
#Kiwicon
Signals captures from multiple radios

#Kiwicon
Putting it all together:

#Kiwicon
#Kiwicon
What it looks like when it doesn't go well

#Kiwicon
In the future, Paul wants:

#Kiwicon
Awesome! Thanks @PaulM!

#Kiwicon
Now @_sarahyo is talking about arbitrary code execution
#Kiwicon
She's travels a lot and has a Jesus author alter ego
#Kiwicon @_sarahyo
Now talking about a chip vulnerability in the Nintendo switch

#Kiwicon @_sarahyo
How does this exploit work?

#Kiwicon @_sarahyo
Disclaimer:

#Kiwicon @_sarahyo
I just nearly shat myself.

Those flames! 😲😲😲

#Kiwicon
What can you do with this vuln?

GOOGLE IT.

#Kiwicon @_sarahyo
Now we're going back in time.

Lockout chip on the NES

#Kiwicon @_sarahyo
Atari decide to wreak some of Nintendo's shit.

They get a hold of Nintendo patents!

#Kiwicon @_sarahyo
This is why we need to be sure to secure our soft systems.

#Kiwicon @_sarahyo
Then much suing ensued

#Kiwicon @_sarahyo
Takeaways:

We need to tell the non-technical people stories so they understand the issues.

#Kiwicon @_sarahyo
Good thoughts

#Kiwicon @_sarahyo
"Please take a picture of this"

Done. 😊

#Kiwicon @_sarahyo
🔥🔥🔥🔥

#Kiwicon @_sarahyo
Now its Chris - a stealth Maori!

Talking about translating tech terms into Te Reo

#Kiwicon
To hack:

#Kiwicon
Security:

#Kiwicon
Opponents:
#Kiwicon
Its a malicious entity whose primary purpose is to gain control or prevent a user from obtaining their goals
#Kiwicon
XSS
#Kiwicon
Man in the Middle attack

#Kiwicon
Buffer overflow attack
#Kiwicon
DoS
#Kiwicon
Social engineering
#Kiwicon
Phishing!

#Kiwicon
Penetration Tester
#Kiwicon
Risk Register
#Kiwicon
Virus scanner
#Kiwicon
Patch management
#Kiwicon
0 day attack
#Kiwicon
Awesome!

Thanks @ranginui & @kiwitoa
#Kiwicon
Awesome work @ranginui!

#Kiwicon
Now its Brendan talking about Mimicking Threat Actors for Realistic Responses

#Kiwicon
Brendan is doing neat security stuff at Google

#Kiwicon
Google gets LOTS of cyber attacks

#Kiwicon
What is a Red Cell?

#Kiwicon
Different from a Red Team.
Threat Actors have TTPs

#Kiwicon
Differences between Red Cells & Red Teams
#Kiwicon
Red Cell will pick an actor to mimic

#Kiwicon
Detection & Response Xero-Knowledge

#Kiwicon
Each exercise has referees

#Kiwicon
Test detection & response capabilities
#Kiwicon
Reactions to Red Cell exercise.

Lots of learning under pressure

#Kiwicon
"Purple Teaming"

#Kiwicon
Imitating time zones are tough

#Kiwicon
Exercises make hand off smoother

#Kiwicon
Attribution can be difficult.

Hard to fully pretend to be the particular adversary

#Kiwicon
One person almost got kicked out of Google before the referee got involved!

#Kiwicon
Post mortems
#Kiwicon
What can you do?

#Kiwicon
Thanks Brendan!

#Kiwicon
Now its @pruby

Oh no. We're talking about math. 😱
#Kiwicon
For all D in my dumplings, D means pork & chives. Leads to om nom nom

#Kiwicon @pruby
"Thats not a company, that's a social club" - people from overseas
#Kiwicon @pruby
The obvious solution for security is to fire all your staff. Oddly, this is not a popular option.

#Kiwicon @pruby
This isn't a talk about phishing. It's a talk about set theory.

#Kiwicon @pruby
OOo! Pretty pictures!

This doesn't look like math!

#Kiwicon @pruby
Yes. That follows.

*nods head vigorously*

#Kiwicon @pruby
Yo Squirrel! Can we have an air strike, please?

@Metlstorm #Kiwicon @pruby
🔥🔥🔥

#Kiwicon @pruby
Hacking and the law with @FelixGeiringer
#Kiwicon
Let's look at hackers.

At the time there were no computer crime statues at all!

#Kiwicon @FelixGeiringer
Oh no! Legalese!

🔥My eyes!🔥

#Kiwicon @FelixGeiringer
#Kiwicon @FelixGeiringer
Section 249 is where almost everyone gets charged for computer crimes

#Kiwicon @FelixGeiringer
DAYUM these definitions are broad

#Kiwicon @FelixGeiringer
Is AKILL NZ's ZeroCool?

#Kiwicon @FelixGeiringer
These laws require that our judges understand computer crime?

As far as Felix knows none of them do.

#Kiwicon @FelixGeiringer
Oooh! Conspiring to access Labour Party's computer systems.

Somehow, it wasn't prosecuted as there was no "hacking" - WTF.

#Kiwicon @FelixGeiringer
The basis of NZ legal theory is that information/knowledge/data isn't property.

This confuses people who think that intellectual property is property, its not.

#Kiwicon @FelixGeiringer
Here is where everything is bizarre.

To get rid of @KimDotcom they tried to turn copyright infringement into a criminal offence instead of a civil breach.

BUT they turned it into a COMPUTER crime issue.

Its completely nonsensical

#Kiwicon @FelixGeiringer
Now Martin is talking about digital identity while wearing a wifi enabled tiara

#Kiwicon @martinkrafft
#Kiwicon @martinkrafft
What is identity?

#Kiwicon @martinkrafft
Models of identities: accounts

#Kiwicon @martinkrafft
Identity & relationships

#Kiwicon @martinkrafft
Using key exchange to communicate identity

#Kiwicon @martinkrafft
You accumulate badges in your wallet.

You hold the data and can control it.

#Kiwicon @martinkrafft
Bad news: blockchain is not a trust root.

#Kiwicon @martinkrafft
Blockchain for digital identity is not good

#Kiwicon @martinkrafft
Blockchain MIGHT be good for some things?

#Kiwicon @martinkrafft
What we need

#Kiwicon @martinkrafft
So Martin is building a platform

#Kiwicon @martinkrafft
Drag and drop trust.

#Kiwicon @martinkrafft
You can use this for reputation as well

#Kiwicon @martinkrafft
Thanks @martinkrafft
#Kiwicon
Now @Thoughtfulnz is talking about the day the carnival came to town

The response when fascists are coming to town.

#Kiwicon
Sooo... He downloaded Twitter (for a specific time frame) and did some analysis

#kiwicon @Thoughtfulnz
Who supported the decision of Auckland to keep them out of council spaces

#kiwicon @Thoughtfulnz
Amazing spectrum of folks responding from all over.

#kiwicon @Thoughtfulnz
Analysis of tweets.

Going right means more pro fascist.

Going left means more anti-fascist.

Down means folks don't care.

Interesting to see differences per country.

#kiwicon @Thoughtfulnz
We started seeing a lot of Twitter activity from people we don't normally see activity from.

Very suspicious.

New Zealand has strong Twitter communities.

#kiwicon @Thoughtfulnz
There were significant discrepancies between times activities were active. There are also differences in the language used.

#kiwicon @Thoughtfulnz
Kiwis use "we" and "are" while Americans use "I" and "me"

Many languages differences

#kiwicon @Thoughtfulnz
We need to be think about how we'll deal with things in the future.

How can we build resilience into the networks to support folks & keep them from being run off the internet.

#kiwicon @Thoughtfulnz
Accounts on the far right are far more likely to be anonymous than on the left.

#kiwicon @Thoughtfulnz
Suggested solutions:

All along the watchtower - aggregating block lists

Pick on someone your own size - align with someone bigger (EU?)

Burn it all down - fuck it all. Make a network NZ local

#kiwicon @Thoughtfulnz
What values do we want embedded in the networks we affirm?

If we're trying to push against fascism, should we be promoting Green & Maori voices?

#kiwicon @Thoughtfulnz
Thanks @Thoughtfulnz!

Excellent thoughts. ♥️

#Kiwicon
#Kiwicon
Its fine. Everything is fine. 🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥

#Kiwicon
🔥🔥🔥🔥
#Kiwicon
🔥🔥🔥🔥
#Kiwicon
✨ ✨
#Kiwicon
You WISH you could be as cool as this alpaca.
#Kiwicon
Awesome
#Kiwicon
#kiwicon
Now its @0x446f49's @kiwicon intro!
#Kiwicon
Who is @0x446f49?

#Kiwicon
History of Ducati in less than 2 min!
#Kiwicon @0x446f49
What about Ducati security?

Lol.

#Kiwicon @0x446f49
Also, hello!

#Kiwicon
Now a live demo on hacking your Ducati.

#Kiwicon @0x446f49
Normally you need a key to get access to the cambus.

Or... You can use an allen key to remove the seat!

#Kiwicon @0x446f49
Plug into the cambus and...

#Kiwicon @0x446f49
OH YEAH!

#Kiwicon @0x446f49
How does it work?

We start shouting louder than the immobiliser over the cambus until it starts

#Kiwicon @0x446f49
#Kiwicon @0x446f49
Read the firmware?

Options are slimy or not slimy

#Kiwicon @0x446f49
Or... The diagnostics port

#Kiwicon @0x446f49
Buy the Ducati kit for thousands of American rubles?
#Kiwicon @0x446f49
Or... A $4 cable from Aliexpress? 😂😂😂

#Kiwicon @0x446f49
Looks like we can read from this!

#Kiwicon @0x446f49
Score!

#Kiwicon @0x446f49
Shall we write to firmware?

What shall we modify?

#Kiwicon @0x446f49
Fuel map! Let's get MOAR POWER!

#Kiwicon @0x446f49
Its open sourced!

#Kiwicon @0x446f49
If you want to ensure that your kids never have enough money for drugs, introduce them to motorsports. 🏍
#Kiwicon @0x446f49
Every vehicle is at least 10% shitter than it needs to be.

You can always get 10% more fun.

#Kiwicon @0x446f49
The plan:

#Kiwicon @0x446f49
What did we get?

More then 10% improvement!

#Kiwicon @0x446f49
Oh yeah!
#Kiwicon @0x446f49
Where is this all going?

#Kiwicon @0x446f49
SOO much is getting plugged into the cambus. This... Is not good.

#Kiwicon @0x446f49
Or we can limit what devices can pass to each other over the cambus

Reduce the attack surface

#Kiwicon @0x446f49
There are two kinds of people - those that buy a Toyota or...

#Kiwicon @0x446f49
Now its Logan telling us about physical security stories!

#Kiwicon @0x446f49
Physical security depends on physical controls and people.

#Kiwicon
Security awareness needs to extend beyond the perimeter.

Just because they're through the barrier does mean they should be there!

#Kiwicon
Target number 1:

#Kiwicon
HID prox makes Logan very happy.

Its the equivalent of locking your bike with a ziptie

#Kiwicon
Used lumpy to skim some cards.

One worked!

#Kiwicon
Go time!

They went in but couldn't find the lights...

But got into the server room!

#Kiwicon
But... Then the lights turned on!

Someone else was in the office who was SUPPOSED to be there.

#Kiwicon
Used bash bunny to grab some creds.

#Kiwicon
They tried to log into the email provider on this. Sent a 2FA call to the user at 2am!

User changed their password but didn't report it. 😔

#Kiwicon
They went pivoted through the system and pwned the network.

Shows physical access can lead to remote network compromise.

#Kiwicon
Leads to... Server room selfies from dodgy fuckers.

#Kiwicon
Next client:

Looks like strong security controls

#Kiwicon
Recon time!

#Kiwicon
Needless to say, there were more server room selfies.

#Kiwicon
Onto the 3rd client.
#Kiwicon
Oooh! LAN cable plugged into the reception touch screen
#Kiwicon
Time to hide in the bathrooms again!

Only for a couple hours this time.

#Kiwicon
Got network access, but could only access it from the toilet.

#Kiwicon
Tailgate time!

Talking on the phone with an upside down visitor sticker means nobody bothers you.

#Kiwicon
Hung around the kitchen drinking tea and looking busy

#Kiwicon
Asked an employee if they could help them get a visitor pass as they were doing work there for a couple days

#Kiwicon
Visitor card had 24 hour access.

So they went in at night, found the default code for employee lockers, opened the IT admins locker, and...

#Kiwicon
Awesome! Thanks @InfoSnekNZ.

Great talk as always!

#Kiwicon
Its the prize giving time!
@kiwicon #Kiwicon
In which @Metlstorm teaches @Sputina the badger dance!

@kiwicon #Kiwicon
Thanks @kiwicon Crue!

#Kiwicon
The money stats
@kiwicon #Kiwicon
Wow! It was another @kiwicon!
#Kiwicon
@kiwicon #Kiwicon
Achievement unlocked: @purpleconNZ!

Awesome job team!

@kiwicon #Kiwicon
We can't inflict our old man memes on people.

What the hell were those limes about?!

@Metlstorm
@purpleconNZ
@kiwicon #Kiwicon
Who! Kuricon!

Great success

@kiwicon #Kiwicon
Thanks everyone for getting into the aesthetic!

@kiwicon #Kiwicon
The Te Reo achievement!

@kiwicon #Kiwicon
This is fine.

Only a few things caught 🔥🔥🔥

@kiwicon #Kiwicon
Fan art!

@kiwicon #Kiwicon
Thanks for all the speaker mentors!

@kiwicon #Kiwicon
Badge challenge!

@_devalias crew wins!

@kiwicon #Kiwicon
Te Kuiti Warrior lock picking challenge has the youngster every high scorer.

Way to go Emily!

@kiwicon #Kiwicon
Go Emily!

@kiwicon #Kiwicon
Go Emily!

@kiwicon #Kiwicon
Go Emily!

@kiwicon #Kiwicon
Emily wins!! 👑

The crowd goes wild!

@kiwicon #Kiwicon
CFP 3rd place!

@kiwicon #Kiwicon
CFP 2nd place!

@kiwicon #Kiwicon
1st place CFP!

@kiwicon #Kiwicon
Repnop wins per-head point total!

@kiwicon #Kiwicon
Excellent work on the CTF folks!

@kiwicon #Kiwicon
Best dressed:

Everyone who wore tiaras!

@kiwicon #Kiwicon
And @mjg59 wins the "Above and Beyond the Call of Duty" award for taking the first slot at the last minute.

Awesome prize!

@kiwicon #Kiwicon
And Pepe wins best prop!

And @Metlstorm chugs beer.

@kiwicon #Kiwicon
Most disturbing talk

@libNex @claudiocontin!

@kiwicon #Kiwicon
Most egotistical stage setup!

@0x446f49!

@kiwicon #Kiwicon
Best presenter: @attacus_au!

Fuck yeah!

And a book of actual skin diseases?

@kiwicon #Kiwicon
Thanks everyone!

@kiwicon #Kiwicon
Thank you volunteers!

@kiwicon #Kiwicon
A very @Metlstorm thanks!

@kiwicon #Kiwicon
A @mikeforbes volunteer thanks.

@kiwicon #Kiwicon
Thanks sponsors!

@InternetNZ @SparkNZ Quantum @Bugcrowd @Google Catalyst @axenic Endace & others!

@kiwicon #Kiwicon
After party Leroy's!

@kiwicon #Kiwicon
Is there another @kiwicon?

#Kiwicon
"Putting on a con is like having kids. After a while you blank out all the horrible bits and then it seems like a good idea again."

@Metlstorm #Kiwicon
Whoooo!

Thanks Squirrel!

#Kiwicon
Thanks @kiwicon for finally giving @rafaelmagu a way to remove those peaky fingerprints.
#Kiwicon
"Stick your hand in the fire"

With @Metlstorm it's dodgy but we trust Sharrow.
@kiwicon #Kiwicon
And... It's over.

No more @kiwicon until...?

See you all at the after party!

#Kiwicon
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Jason Danner
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Kiwicon

More from @jpdanner see all

Profile picture
"If you're sitting in the front row beware your eyebrows. Apparently they're not 'pyrotechnics' they're 'flame-fans'"
@Metlstorm

#Kiwicon
Interpretive dancing from @Metlstorm

#Kiwicon
Now its @mjg59 talking about what fun you can have with electric scooters!

#Kiwicon
Read 263 tweets
Profile picture
Its nearly #purplecon time with @kanocarra!
Front row with some of the #purplecon krew.

Almost showtime!

@pikelet @hipsterjazzbo
Some ace haikus.

And a @mangopdf
#purplecon
Read 128 tweets
Profile picture
Around the public sphere there is growing hostility towards voices of dissent.

We need a more participatory environment that listens to & empowers all views - Marianne

#Nethui
How do we co-design the future in a scalable way?

How do we co-design better processes that allow everyone to participate in government & public service? - Pia

#Nethui
What do we do about the ubiquity of big corporate presence in the education system & the lack of other products?

It is incumbent on the schools that students get a variety of choice.

We need to focus on the skill, not the product.

#Nethui
Read 77 tweets

Related threads

Profile picture
#Finally we have less than one hundred hours to the end of #2018
And before the year ends, I have a few things to say

To My #Creator I say #ThankYou

To my #TrueFriends;I #appreciate you all

To those who showed me love;I am #grateful

To those who hurt me;I #ForgetAndForgive
To Those whom I May have inadvertently hurt( I can never do so by purpose); I'm so sorry, please #Forgive me

To those who challenged me; lets do it again

To those I showed #love to; I still love you and #IAlwaysWill
To those Who feel I helped them; #GodBlessYou and a request to remember to help someone in need
To those who helped me; I am so #Grateful & will reciprocate in due course

#ThankyouForMaking2018GoodForMe
Read 3 tweets
Profile picture
Interesting video/pics coming from NYC

#whoa
#interesting
#NewYork
Read 16 tweets
Profile picture
Interesting tidbit from liberal threaders, seems the NYT got a picture of AAG Whitaker meeting with @GenFlynn on 2/10/17 just days before he resigned because a FISA against him was being used to spy on the White House. That's 7 months before he rejoined the DOJ as Sessions CoS.
@GenFlynn What did he do in the interim? A 4 month gig with CNN as a contributor, some of it piling on the Mueller investigation. Whitaker was central to convincing CNN's audience that Mueller was gunning for Trump & should investigate his finances, because Whitaker argued against him!
@GenFlynn Who was Whitaker working for when he met with Flynn at the White House? Well he was the one man wrecking crew for the Foundation for Accountability & Civic Trust. Filing documents to seek investigations on ethics complaints & allegations of corruption against dozens of Democrats.
Read 15 tweets
Profile picture
Interesting group flying out of Texas
Brought to you by planefags

#QANON
#MAGA
#INTERESTING
18-1=17

#QANON
#MAGA
#INTERESTING
Now we have a POSSE41...
Read 19 tweets
Profile picture
Day 7. On the Dreadmill at Harrahs in AC. #phillymarathon #njea
D8. No attempt made. In AC for NJEA #SLC
D9. Travel home, Daddy duty. Zero miles. Veisalgia. #FunkyMonkey #IrishPub
Read 48 tweets

Trending hashtags

#LilRobespierre #FakeNews #beertraining #davidandgoliath #GreatMarchOfReturn #BurnDownBabylon #TransExproperess #RightOfReturn #iamdoomed #Pain #Queens #Bridport #whoa #projectreality #REMARKABLE #Hamas #PeakTV #GO #RightToReturn #CannibalsAllTheWayDown #nct #PaulMcCartney #Diptera #TheBeatles #ByePhoenicia

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!