Jason Danner Profile picture
30 Oct, 254 tweets, 277 min read
Its @CHCon_nz day 2 kicking off with @mrdanwallis
#CHCon2020 Image
Leaning into the #Press 🕵️ thing!

#Press 🕵️ #CHCon2020 @CHCon_nz Image
Today's happenings!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Facilities and logistics!
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Don't forget the code of conduct
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Emergency info!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Now exploring New Zealand's internet IP space with @ss2342 and @haquaman
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Don't do crimes
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
Who are they?
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
What inspired them to do this?

Using a botnet to scan the whole internet. Illegal botnets for good?

@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Also apparently @Metlstorm inspires people. Who knew? 🤷‍♂️
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
So... Why not build our own?
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
Demo!

Screens of pages available from NZ IP addresses.

Lots of draytek modems...
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Ah, some fun city council pages!
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
Why build it?

Its cool as heck!
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
Why build it?
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
What's the architecture?
"I'm still not sure Mongo wasn't a mistake" 😂

@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
As every corporation knows, the solutions to a problem is to add more technology
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz
Plugins they've made

Nmap, screenshotter, SMB shares scanner (disabled due to *crimes*), vuln scanning

@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
Problems:
Nmap crashing "all the damn time"
Weird 2Degrees firewalls... 🤔
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
The data is so unstructured that you don't have a good way to store it and query it
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz
The state of New Zealand... 😬

Lots of vulnerable routers, HP iLO, printers, tank gauges?
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
Truck stop tank data?

Why is this on the internet? ImageImage
Supermarket stuff on the internet. Lots of fridges and controls.

They're all awful, ask me how I know... 😬
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
Ooh, a POS system on the internet!
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
Sooo many webcams on the internet.

But maybe best to leave those alone. Don't do crimes.

@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz
Lots of unpatched citrix vulns in the NZ IP space. Not gonna tweet the photos for... Reasons.

Somehow seeing this IN NEW ZEALAND is more impactful

@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz
Some good stats on where common vulnerabilities are in NZ
@ss2342 @haquaman #Press 🕵️ #CHCon2020 @CHCon_nz Image
Now its @tsdubz talking about blaming the virus
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Its the Dr Ashley fan club!
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
How was New Zealand's response compared to others?
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
How did we respond so successfully?

We did it blamelessly!
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Who is Sera
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
What is blamelessness?

Its a cultural change. It's balancing safety and accountability. It's about not punishing people who make mistakes.

Its about not pointing fingers at anyone, but recognising its the system.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Blamelessness means people can feel safe to come forward with problems so that they can actually get fixed.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz
With a blameless culture it changes the narrative.

It stops being "why did that person make the mistake" and becomes "how did the system allow them to make s mistake"?

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz
Second stories are the stories behind the incident.

Incidents aren't human accidents, they're process problems.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Using NZ as a case study for blameless incident response.
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
New Zealand did a great job of communicating clearly
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
We had a clear alert level system.
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
We had daily updates with transparency in a clear and calm way.

We put our experts and leaders out in front.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Blamelessness is about treating people with empathy.

If you don't treat people with empathy, you end up with silos and it becomes us vs them.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Be Kind to each other.

When everyone starts to care and look after each other we all become much more effective.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Don't focus on root cause.

In distributed systems you can't blame one thing. The point is to fix the issue.
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
We focused on containment. Stopping the virus rather than blaming the people who caught it.
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
We moved fast.
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
We removed the stigma. Mistakes happen. People have to feel comfortable coming forward.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Blamelessness doesn't mean there is no accountability. It's about looking at the actions taken, not the people

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
We have to adapt to new information
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
We didn't start with mask wearing, but we took new information and started to push to normalise it.
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
We started to utilise contact tracing tools
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
We also increased our testing and our leaders led the charge.

We removed the stigma from having COVID which made it more likely that people would be tested
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
We had compassionate exemptions
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Think about when we went into lockdown.

It was really hard for many of us.

Think about how hard it must be for people in managed isolation. Be empathetic.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz
How do we do this?

Take that empathy muscle and practice.

Sera practices blamelessness at home now!
@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Be Kind.

We're all on the same team.

@tsdubz #Press 🕵️ #CHCon2020 @CHCon_nz Image
#Press 🕵️ selfie!
#CHCon2020 @CHCon_nz Image
This seems fine.
#Press 🕵️ #CHCon2020 @CHCon_nz
Next up, Ben on Anti-Rekognition techniques!
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
What is Rekognition?

Amazon's image recognition tool.

Can detect if you're using a face mask properly!

Famously sold to law enforcement at a discount... 😬

@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
What is our hypothetical threat model?

@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
What could you do to keep yourself from being recognised?

@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz
Some assumptions:

- that analysis is using Rekognition
- that you're photographed from multiple angles

@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
This is counter surveillance on hard mode

@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Some warnings:

Make sure you know local mask laws.

Also, face paint can be problematic for several reasons.

@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
The control, and Ben's face a lot.

@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
What our evasion scores mean
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Let's look at partial face coverings
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Scarf aren't good
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Handkerchiefs and home made masks aren't bad!
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Smaller masks are bad
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Chin diaper is useless in many ways

@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
N95 with ear loops.

Actually OK? Due to ear movement?
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Joe Biden look works very well!
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Add a hat and it's game over!
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Privacy film and face shield also works - as long as you get enough glare
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Full shimah is good!
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Gas masks work super well, but you'll stand out.
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Shutter shades don't work
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Robber mask doesn't work
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
The unibomber look is okish
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Groucho glasses aren't too bad!
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
What about this beast?

Only works front on
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Bandages everywhere?

Bad
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Scotch tape works great!
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Other tape?
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Dazzle camo doesn't work
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Facepaint patterns
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Juggalo face paint works great!
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Conclusions:
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Anyone can do this themselves by creating an AWS account and playing with the facial recognition
@waptor75 #Press 🕵️ #CHCon2020 @CHCon_nz Image
Lovely intro!
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Looking at 5 password recipes
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
Plaintext password storage.

It means anyone who gets in the kitchen can see all users passwords. 😬

@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Who would do that?!
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
2 - Symmetric Encryption

We lock the fridge
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
What does this mean?
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
What does this look like?
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
Who would do this?!
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
3 - hashed passwords
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
What do we need from hashing?
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
How does hashing work?

Good... But the same password will make the same hash.
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
Nobody would use that, right?
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
4 - salted hash
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
But cracking is too quick.
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Who would do this?
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
4.5 - salted hash with a good blender
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
What are good blenders?
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
Can be tough to change.

But make sure to get rid of those old hashes.
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
5 - salted hash WITH pepper
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
With or without pepper, use good hashing algorithms.
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
But good storage is really only buying users time if the hashes get out.
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
But there are a lot of other factors
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
"Wake up and read this slide" 😂
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
Good resources
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
Thanks Nick!
@nickmalcolm #Press 🕵️ #CHCon2020 @CHCon_nz Image
Now its Kay talking about RFID implants!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Content warning
#Press 🕵️ #CHCon2020 @CHCon_nz Image
What this talk is about and what it is not
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
What is RFID/NFC?
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
What is it used for?

Human implantation... 👀
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
Often used for access control
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
Or passports
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
Or payment cards!

Visa and Mastercard don't like to play with others, tho.
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
Or... Fashion!
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
Some tools
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
Human implants
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
Kae's implants
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
How to procure one
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
The process of installing one
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
What are these implantable chips useful for?
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
To close:
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
Awesome job Kae!

Wonderful first talk!
@kaezone #Press 🕵️ #CHCon2020 @CHCon_nz Image
Badge challenge - try to collect them all!

Find all 9 stickers and show the crew. First 10 (I think) will win a prize!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Topics for the panel discussion tonight.

Will not be broadcast or tweeted so be in the room!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
"Housekeeping: @FKeatingGeek is amazing!" 🎉
#Press 🕵️ #CHCon2020 @CHCon_nz
A #press selfie while we're waiting to kick off the afternoon session
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Now we're watching Kade tell us about APT29
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Some biases in the prezzo
#Press 🕵️ #CHCon2020 @CHCon_nz Image
What is APT?
#Press 🕵️ #CHCon2020 @CHCon_nz Image
These are generally nationstate actors - quite big organisations.

They're more than just hackers.

This is potentially a well practiced organisation.

#Press 🕵️ #CHCon2020 @CHCon_nz
The great thing about tech conferences is that there are never any issues. 😉
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Dance, @kevinnz! Dance!
#Press 🕵️ #CHCon2020 @CHCon_nz
Oh dear! 🍬
#Press 🕵️ #CHCon2020 @CHCon_nz
In which @kevinnz works on his stand up comedy set.
#Press 🕵️ #CHCon2020 @CHCon_nz
And we're back!

We can put a wrench in that with threat intelligence, right?
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Tactical & strategic
#Press 🕵️ #CHCon2020 @CHCon_nz Image
The reality vs the ideal
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Looking at Named But Hardly Shamed:

Generally disclosures didn't really stop APT operations.

#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
And then there is APT29... Cozy Bear/TheDukes
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Many vendors don't want to coordinate
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Let's try and collate some of this same intelligence via open source

Timeline:
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
More spear phishing.

Despite getting burned repeatedly they just keep going.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
So burning tools doesn't work.

They just switch to different tools that they've developed in parallel.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
If releasing papers doesn't work, what do we do?

Make yourself a harder target.

#Press 🕵️ #CHCon2020 @CHCon_nz Image
Generate actionable intelligence.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Mapping to ATT&CK isn't black magic.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Shortcomings of the research:

Relying on attribution from others.

Reports reflect Kade's biases.

#Press 🕵️ #CHCon2020 @CHCon_nz Image
Strengths of the research:

You can start to see connections over time.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Turn the intelligence into a control list.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Looking at initial access:
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Phishing mitigations
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Execution and mitigations
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Persistence via event triggered execution.

Basically to mitigate you have to monitor.

#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Privilege escalation and defend evasion
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Credential access over the years.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
More attack surfaces and their mitigations.
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Not lateral movement?

Or are we just not seeing it?

#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Remote services and collection.
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Lots of references to command and control
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Oddly much less exfiltration being reported
#Press 🕵️ #CHCon2020 @CHCon_nz Image
No impact, because they're just stealing info. Not wreaking shit.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
The reported activity.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
The reporting over the years.
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Vendors, please report on all of the things the APT is doing, not just what you can sell tools to mitigate.
#Press 🕵️ #CHCon2020 @CHCon_nz
What can organisations do to mitigate these threats?
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImageImage
In summary:
#Press 🕵️ #CHCon2020 @CHCon_nz Image
References and if you want the slides or reports
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Now its @jsstott talking about monitoring and debugging in minecraft!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Jeremy is telling us about minecraft
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Jeremy's minecraft stats
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Jeremy converted his bike ride kms to diamonds
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Hacking and minecraft go well together!

Like Pokemon in minecraft.

Or minecraft in minecraft?

Pack.png

@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Building computers in minecraft?!
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
World's smallest minecraft server
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
And then... Jeremy had an idea...
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
A little about the minecraft protocol.
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Packet format:
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Now with hex
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Variable integer format can compress big numbers into a small amount of bytes.
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
There are... Lots of blocks
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Demo time! 😬
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz
It works! The tiny computer works!
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz
Can we use minecraft to manage containers? 😬😬😬
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Deeper...
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Just wait everyone! I haven't implemented auth beyond a bucket and a house!
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz
Jeremy used the minecraft to power webcraft.lol 😂
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Hacking and minecraft go great!
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
There is hacking, then there's "hacking".
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Thanks Jeremy!
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Now its @vashta_nerdrada talking about context: the answer is to life, the universe, and everything.
@jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
How context makes all the difference
@vashta_nerdrada @jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Context is what allows us to make informed decisions and think critically
@vashta_nerdrada @jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Black Swan events and context

In the plague times our ability to operate depends on our location - in NZ vs US, etc
@vashta_nerdrada @jsstott #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Context for security professionals
@vashta_nerdrada @jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
There may be many layers of mitigations in place making it difficult to exploit vulnerabilities
@vashta_nerdrada @jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Peer review can be super important because you're getting people with different contexts to look at it from a different perspective.
@vashta_nerdrada @jsstott #Press 🕵️ #CHCon2020 @CHCon_nz Image
Design choices are important. You need to consider the context where the solution will be used.
@vashta_nerdrada #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Is your product going to fail in some unexpected way?
@vashta_nerdrada #Press 🕵️ #CHCon2020 @CHCon_nz Image
Taking the time and making the threat models can save your bacon later.

Bacon being lots and lots of effort.
@vashta_nerdrada #Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Everyone needs to challenge their assumptions.

Engineers love resiliency, so pitch threat modeling as a way to increase it and add context.
@vashta_nerdrada #Press 🕵️ #CHCon2020 @CHCon_nz Image
Should we be automating the triaging of sensitive information? Will it provide enough context to make decisions?
@vashta_nerdrada #Press 🕵️ #CHCon2020 @CHCon_nz Image
Alright! This is where the tweeting ends for a while!

Redacted talk up next - you need to be here! 😁

#Press 🕵️ #CHCon2020 @CHCon_nz
Thanks @tokalanz! Great talk!
#Press 🕵️ #CHCon2020 @CHCon_nz
Its been amazing to have an actual, in person con this year!

Thanks so much to @CHCon_nz and everyone who makes it happen!
#Press 🕵️ #CHCon2020 Image
All the stickers!
#Press 🕵️ #CHCon2020 @CHCon_nz
WE DID IT!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Thanks to the:
Volunteers!
Speakers and trainers!
Sponsors!
Attendees!

And especially, the amazing @CHCon_nz crew!
#Press 🕵️ #CHCon2020 Image
Thanks Daniel for sorting out discord!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Prize giving!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Its a very very happy @ChrisObiOne who one the amazing @pepperraccoon original! 😍
#Press 🕵️ #CHCon2020 @CHCon_nz Image
And @tsdubz wins the @AshBloomfield appreciation award for such an amazing Dr Ashley focused talk!
#Press 🕵️ #CHCon2020 @CHCon_nz
Some great participation in the CTF!
@phage_nz #Press 🕵️ #CHCon2020 @CHCon_nz Image
Second and third:
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
First place @ss2342 (& team) and French Roomba!
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Notable mentions:
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Now @InfoSnekNZ is telling us how the locksport challenge!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Congrats to the winners!
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImageImage
Best costume!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Will there be a @CHCon_nz next year?
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Some appreciation for @FKeatingGeek!

Apparently the con is on as long as Frank keeps getting whisky!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Frank has put a phenomenal amount of working into making this happen.

Sooo much love for @FKeatingGeek!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
What can we do until the next time?
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Friends of @CHCon_nz!
#Press 🕵️ #CHCon2020 Image
Thanks to the sponsors!
@insomniasec!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
And thanks to Quantum!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Thanks to ZX and Aura!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
And all the other amazing sponsors!
#Press 🕵️ #CHCon2020 @CHCon_nz ImageImage
Lots of amazing prizes given out!

Special shout out to @pepperraccoon!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
This is the end...
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Now off to the Kaiser Brew Garden!
#Press 🕵️ #CHCon2020 @CHCon_nz Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jason Danner

Jason Danner Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jpdanner

1 Nov
I know #CHCon2020 is over and we're all recovering from an amazing con, but I've got a few gems left that didn't make the live tweets.

I present to you: @jsstott's speaker dance moves.
@CHCon_nz
First up: the breast stroke
#JeremysSpeakerMoves #CHCon2020 @CHCon_nz @jsstott
Read 7 tweets
19 May
I got a bit inspired by @andrewtychen's great thread on the new NZ COVID-19 tracing app.


I heard that MBIE would be releasing the ability for businesses to generate QR codes, so I decided to try and figure out how that process works.
First - how is MBIE going to be managing the generation of these QR codes?

I heard a rumour that it was going to be through a new tool they'd recently rolled out called "Business Connect".

I own a business and work with many businesses, but I've never heard of it.
So what is Business Connect?

"Business Connect is a new digital service platform that will allow businesses to apply for things like licences and permits from different government agencies in one place."

I guess if you want to tie these codes to NZBNs, this is the spot.
Read 23 tweets
20 Apr
Basically we're doing amazing by nearly every statistic.
@jacindaardern
#COVID19nz #lockdownnz
We're confident that there is no widespread community transmission in New Zealand.
@jacindaardern
#COVID19nz #lockdownnz
Read 22 tweets
16 Oct 19
Good morning @kawaiiconNZ!
#Kawaiicon
This seems fine. @kiwicon
#Kawaiicon @kawaiiconNZ
Current status:
#Kawaiicon @kawaiiconNZ @kiwicon
Read 323 tweets
18 Jul 19
Another day, another early start!

Catching an Uber at 1:30am to pick up a car and (hopefully) get to Yosemite around sunrise.

#TravelDanners
Our trusty mountain chariot!
#TravelDanners
Its Yosemite time!
#TravelDanners
Read 68 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!