Share this page!

Maybe Scrolly?
Jason Danner Profile picture
Twitter logo
4 Nov, 221 tweets, 224 min read
It's #chcon Day 1!

The @aerorocknz team is absolutely gutted we can't be there IRL but super excited to see everyone on the stream!

Also this is the first serious (virtual) live tweeting since the arm incident. 😬
@CHCon_nz #chcon
Its @kevinnz but we can't hear him!
@CHCon_nz #chcon

We can hear @_tonijames, tho!
Thanks @CHCon_nz sponsors!!
#chcon
Classic @kevinnz pose
@CHCon_nz #chcon
Wooo! @aerorocknz
@CHCon_nz #chcon
The livestream is pretty choppy, but we're getting the gist of the intro.

Thanks so much to the @CHCon_nz for all their hard work putting it together.
#chcon
I assume we're down to fix the stream.
@CHCon_nz #chcon
Sweet - new stream seems to be working much better. 😊
@CHCon_nz #chcon
Always important to go over the Code of Conduct.

Don't be a jerk.
@CHCon_nz #chcon
COVID! The last few days have been... fun for the crew...

@CHCon_nz #chcon
And the stream is back with @nzkarit talking about DOS
@CHCon_nz #chcon
What is a DOS?
Volumetric or Layer 7 Protocol
@CHCon_nz #chcon
Performance Test reports might tell an attacker weak points.

Crashes, infinite loops, zip bombs are also great things to poke at.
@CHCon_nz #chcon
What will attackers use?
@CHCon_nz #chcon
DoS vs DDoS?

Why do they do it? Its a *business*
@CHCon_nz #chcon
Ransomware vs DDoS Blackmail.
@CHCon_nz #chcon
How do we undertake a volumetric attack?
@CHCon_nz @nzkarit #chcon
Some dangers of open UDP ports
@CHCon_nz @nzkarit #chcon
You can find plenty of stuff on the internet that shouldn't be. Or you can just subscribe to DDoS as a Service!
@CHCon_nz @nzkarit #chcon
Layer 7 Methodology and Goals/Mindset
@CHCon_nz @nzkarit #chcon
If there is a CDN, just find the origin server!

Scan the internet!
@CHCon_nz @nzkarit #chcon
If you find an internal retail site...

Can you use internal systems to take down the internet connection?

Or remote access?!
@CHCon_nz @nzkarit #chcon
You can identify and take down systems via their remote access or certificate transparency.
@CHCon_nz @nzkarit #chcon
Can you spider sites to find slow pages that indicate they're being passed directly to the origin server?

Or trawl through email headers - contains actual IP addresses of origins.

Or historical DNS
@CHCon_nz @nzkarit #chcon
Regulatory requirements can increase impact

What kind of collateral damage is there?
@CHCon_nz @nzkarit #chcon
How do you defend?

You can't protect systems you don't know about - shadow IT is a problem. Attackers might have a better idea of your infrastructure than you do.
@CHCon_nz @nzkarit #chcon
Can people still find your origin servers?
@CHCon_nz @nzkarit #chcon
Ensure your public DNS is scalable.

Know where your DNS records and registrations are!
@CHCon_nz @nzkarit #chcon
"Rolling your own email infrastructure is pretty much over" - and has been for some time!
@CHCon_nz @nzkarit #chcon
Plan for these attacks when doing application design and architecture.
@CHCon_nz @nzkarit #chcon
To avoid Layer 7 vulnerabilities you need to know where your bottlenecks are. WAF won't solve this.

How do you know what is a 404?

@CHCon_nz @nzkarit #chcon
Monitor all the things! You need to know what "normal" looks like.

Monitor things internally but also externally (following the network path users would utilise).

Monitor disk space.

Don't forget to test!

@CHCon_nz @nzkarit #chcon
Wrap up: so what action should we take?!
@CHCon_nz @nzkarit #chcon
Now its Fiona talking about how to be a Jedi!

Or the psychology of social engineering
@CHCon_nz #chcon
Does Fiona use these psychological techniques to influence people IRL?

Well yes! But manipulation is a natural part of human social interaction
@CHCon_nz #chcon
The three stages
@CHCon_nz #chcon
Body language 101
@CHCon_nz #chcon
We read body language based on what we see and *not* on what the other person is actually feeling.
@CHCon_nz #chcon
Oh no! Stream froze right when I was learning how to manipulate people!
@CHCon_nz #CHCon
Ah, Twitch is up

There are a lot of ways to go wrong with a handshake!

Respecting people's personal space is key
@CHCon_nz #chcon
How to tell if you're too close?

Can you see their pores? TOO CLOSE!

Make sure everyone feels comfortable.
@CHCon_nz #chcon
Building rapport is all about building trust.

Utilise Active Listening - be engaged & use eye contact. *Actually* listen to them.
@CHCon_nz #chcon
Share anecdotes to build rapport. Come across as real and natural as possible.
@CHCon_nz #chcon #chcon21
We need them to copy us subconsciously - we need to get them to imitate our behavior

It all comes back to neurons.
@CHCon_nz #chcon #chcon21
We want to trigger mirror neurons. These are social neurons.

Involved with building rapport and showing empathy.

They fire when you complete an action or if you watch someone else complete an action. Includes intentions and feelings.
@CHCon_nz #chcon #chcon21
Matching the other person's body language increase the feeling of bonding between you and the other person.

Then shift your body language slightly and see if they copy it.
@CHCon_nz #chcon #chcon21
How do we know that we've established trust?

Their body language is mirroring yours.

@CHCon_nz #chcon @chcon21
Getting someone to do something for you comes in two parts. Get them to do something little first.

Doing you a favor actually helps build trust and they're more likely to do you a bigger favor later.
@CHCon_nz #chcon #chcon21
Case Study time!

How Fiona socially engineered entry into the fancy lounge
@CHCon_nz #chcon #chcon21
Some important takeaways: BE KIND TO OTHERS

Because you never know when they can get you into an airline lounge.
@CHCon_nz #chcon #chcon21
Now we've got Matt talking about Video over IP
@CHCon_nz #chcon #chcon21
Or... Authentication-ie things!

That makes more sense.

Hacking OpenID Connect.

Who is Matt?
@CHCon_nz #chcon #chcon21
We'll be looking into 4 different scenarios:
@CHCon_nz #chcon #chcon21
Some quick background into OpenID Connect and OAuth 2.0
@CHCon_nz #chcon #chcon21
There are quite a few actors involved...

How does an untrusted 3rd party get access to this?
@CHCon_nz #chcon #chcon21
There are a few other authentication flows
@CHCon_nz #chcon #chcon21
How do we exploit without credentials?

Child hackers! (not really)
@CHCon_nz #chcon #chcon21
How do we exploit without credentials as an attacker?
@CHCon_nz #chcon #chcon21
How do defenders protect against exploitation without credentials?
@CHCon_nz #chcon #chcon21
Can we exploit things with our own (attacker) account?
@CHCon_nz #chcon #chcon21
Can we take advantage of Open Client Registration?

Basically make an authentication that looks the same as a valid one and trick people into enabling it
@CHCon_nz #chcon #chcon21
JWT attacks - a lot you can do with them!

The spec says they can be unsigned... 😱

Or if JWTs are signed with a public key or a forged issuer.

@CHCon_nz #chcon #chcon21
What can we do as a defender?

Validate State Parameters.

Open Client Registration.

JTW Attacks. DO NOT WRITE YOUR OWN JWT PARSER.

@CHCon_nz #chcon #chcon21
Exploitation with a stolen user account.
@CHCon_nz #chcon #chcon21
As an attacker, how do we establish persistence?

Persistence with Refresh Tokens in connected apps.

Excessive JWT lifetime - its very hard to revoke a JWT.

@CHCon_nz #chcon #chcon21
As an attacker we can also look at dangerous scopes.

It should be managing permissions as a boundary, not just granting permissions.
@CHCon_nz #chcon #chcon21
As a defender, how to we protect against this?
@CHCon_nz #chcon #chcon21
How do we exploit with a stolen service account?

Device Code phishing
@CHCon_nz #chcon #chcon21
Insecure Client ID/Secret values
@CHCon_nz #chcon #chcon21
How do Defenders protect against this?
@CHCon_nz #chcon #chcon21
Great talk Matt!
@CHCon_nz #chcon #chcon21
Next up after the break is @parsley72 talking about IoT whatnot.
@CHCon_nz #chcon #chcon21
The @aerorocknz team is enjoying the elevator music on the @CHCon_nz stream.

Got a very "lo-fi beats to study to" vibe.
@CHCon_nz #chcon #chcon21
Good, good. Scaling is important.
@CHCon_nz #chcon #chcon21
10 minutes early and @parsley72's talk is getting prepped.

Very surprised to discover he is not a lawyer.
@CHCon_nz #chcon #chcon21
Don't forget to scan in people!

"There are codes everywhere" says @kevinnz on the livestream
@CHCon_nz #chcon #chcon21
Out next speaker can't be here today - I'm not sure if thats good for us or for them.

@parsley72 @CHCon_nz #chcon #chcon21
And its @parsley72 telling us about IANAL for IoT

There are a lot of IoT/embedded devices around now...

@CHCon_nz #chcon #chcon21
How are we working with security in IoT?

GDPR requires people to collect and store consumer data in particular ways.

@parsley72 @CHCon_nz #chcon #chcon21
How do we store data in ways that it can't get stolen or leaked?

Only have end-to-end encryption sent to the cloud. Can't be decrypted in cloud, only on end devices

@parsley72 @CHCon_nz #chcon #chcon21
California Bill SB-327 - requires all IoT devices to use "reasonable security".

But what security is "reasonable"? Will probably have to be tested in court.

Requirements for CA products will be rolled out much wider.

@parsley72 @CHCon_nz #chcon #chcon21
Have we seen SB-327 in action?
@parsley72 @CHCon_nz #chcon #chcon21
Requirements for specific networks like FirstNet (mobile network for First Responders).
@parsley72 @CHCon_nz #chcon #chcon21
FirstNet certification could impact other consumer electronics. Even if they don't connect to the network itself.

What security requirements are present for FirstNet devices?

@parsley72 @CHCon_nz #chcon #chcon21
We can match these to the @owaspnz Top 10
@parsley72 @CHCon_nz #chcon #chcon21
Lack of Secure Update Mechanism

Use of Insecure or Outdated Components

Insecure Data Transfer and Storage

Lack of Device Management
@parsley72 @CHCon_nz #chcon #chcon21
Lack of physical hardening
@parsley72 @CHCon_nz #chcon #chcon21
These are ongoing responsibilities and require continuing support.
@parsley72 @CHCon_nz #chcon #chcon21
With FirstNet, you can't have vendors that just say that products are obsolete.

They might block them from the network or, at least, wouldn't let you sell them with FirstNet access anymore.

@parsley72 @CHCon_nz #chcon #chcon21
There are just a few other standards... 😬
@parsley72 @CHCon_nz #chcon #chcon21
European ETSI Standard & Aussie Standard
@parsley72 @CHCon_nz #chcon #chcon21
And... thats the end of the talk...

Enjoy the rest of the conference!
@parsley72 @CHCon_nz #chcon #chcon21
Now its @jlaundry talking about smartifying your dumb home
@CHCon_nz #chcon #chcon21
This journey started when Jed's house got broken into and they stole some stuff.

The monetary loss was covered, but having someone in your space sucks.

So... Jed spent way more money on a security system... that sucks...
@jlaundry @CHCon_nz #chcon #chcon21
There are a lot of parallels with an enterprise security solution. You spend a lot of money and your users hate you.
@jlaundry @CHCon_nz #chcon #chcon21
Oh. My. God.

Remote Access nightmare and they rolled their own crypto.
@jlaundry @CHCon_nz #chcon #chcon21
So whose risk is it anyway?
@jlaundry @CHCon_nz #chcon #chcon21
How do we mitigate these?
@jlaundry @CHCon_nz #chcon #chcon21
Using HomeKit to interface and mitigate risks.
@jlaundry @CHCon_nz #chcon #chcon21
Can now control the garage door via Apple's HomeKit integrations
@jlaundry @CHCon_nz #chcon #chcon21
Lessons learnt:
@jlaundry @CHCon_nz #chcon #chcon21
There are a whole bunch of cheap smart devices out there... Can we modify them for our own uses?

Vulnerability has been closed for newer devices.

@jlaundry @CHCon_nz #chcon #chcon21
Do your research!
@jlaundry @CHCon_nz #chcon #chcon21
If you don't get your springs tightened, your garage door might... die.

This could be inconvenient if you're using features of the old opener in your automation that isn't the same in the new opener.

What is the best bad way to solve this?
@jlaundry @CHCon_nz #chcon #chcon21
Lessons learnt when components needed to be swapped out
@jlaundry @CHCon_nz #chcon #chcon21
Oh no, old heat pump died!

Will the new one provide interesting opportunities to integrate?

Why yes! 😇

@jlaundry @CHCon_nz #chcon #chcon21
This is one of the Top 10 stupidest things Jed has ever done.

There was a lot of risk in breaking an expensive and important piece of equipment in a time where it would be difficult to replace.
@jlaundry @CHCon_nz #chcon #chcon21
If you're doing any of this... Please be safe & read the instructions before getting started.
@jlaundry @CHCon_nz #chcon #chcon21
Keep in mind that any wifi enabled devices can find out exactly where you are in the world (by comparing all of the wifi networks it can see).

And... they use a lot of unencrypted HTTP
@jlaundry @CHCon_nz #chcon #chcon21
Make sure you're mitigating these risks. Mitigate at the network level?
@jlaundry @CHCon_nz #chcon #chcon21
Lessons Learnt
@jlaundry @CHCon_nz #chcon #chcon21
Jed's current home network diagram.

Devices are quickly outnumbering devices!
@jlaundry @CHCon_nz #chcon #chcon21
IoT can be insecure, but just be aware of that and mitigate the risks. The benefits can still outweigh the risks.
@jlaundry @CHCon_nz #chcon #chcon21
Thanks Jed!
@jlaundry @CHCon_nz #chcon #chcon21
Shout out to @pepperraccoon in da house!
@CHCon_nz #chcon #chcon21
Peter's talk isn't about brewing beer and I'm furious.
@CHCon_nz #chcon #chcon21
But I can buy things! Why should I build them?
@CHCon_nz #chcon #chcon21
Arduino vs Raspberry Pi
@CHCon_nz #chcon #chcon21
Rubber Ducky

Basically acts like a keyboard when its connected to a devices. Can be automated to run certain commands.
@CHCon_nz #chcon #chcon21
So lets build our own!
@CHCon_nz #chcon #chcon21
What can we do with it?
@CHCon_nz #chcon #chcon21
Pros & Cons
@CHCon_nz #chcon #chcon21
Wifi Pineapples are awesome. Or... use a Raspberry Pi, external wifi card, and Fruity Wifi
@CHCon_nz #chcon #chcon21
Pretty easy to setup but not a lot cheaper
@CHCon_nz #chcon #chcon21
Port Mirror - basically packet duplication.
@CHCon_nz #chcon #chcon21
Can do it with a cheap little switch
@CHCon_nz #chcon #chcon21
Horray! Thanks to the @CHCon_nz crew!
@CHCon_nz #chcon #chcon21
Oh man, I didn't realise that was just @FKeatingGeek telling a joke at first... 👀
@CHCon_nz #chcon #chcon21
The one thing @CHCon_nz is missing so far is @kevinnz pelting the people with candy to distract from technical difficulties.
#chcon #chcon21
A little taste of my remote @CHCon_nz experience.

#chcon #chcon21
Now its time for @jsstott talking about Security as a SecondThought

Loving the hairstyle!
@CHCon_nz #chcon #chcon21
"Remember to build a secure company, not just a secure product"

PREACH
@jsstott @CHCon_nz #chcon #chcon21
Take a look at the big, dirty, pile of SaaS products your company is using.

"The more you have, the bigger your problem is"

The average company has 50-100 SaaS services. Quote Jeremy on that.
@jsstott @CHCon_nz #chcon #chcon21
What are the first SaaS steps?

Take inventory
Classify Data
Record Risks
Consider Controls
Communicate
Automate!

Empower everyone to make great security decisions!
@jsstott @CHCon_nz #chcon #chcon21
Of course, to solve this problem Jeremy is introducing a new SaaS Product! 😛

@jsstott @CHCon_nz #chcon #chcon21
So lets take inventory:
@jsstott @CHCon_nz #chcon #chcon21
So lets use this neo4j to connect services to owners.

Now we can see, graphically, if there are orphaned services.

Which services are owned by which teams?

Or we can view in lists - lots of ways to visualise the data.
@jsstott @CHCon_nz #chcon #chcon21
We could also use this to dig a little deeper
@jsstott @CHCon_nz #chcon #chcon21
Wait, was that not a demo before?!
@jsstott @CHCon_nz #chcon #chcon21
Jeremy, as ever, is the king of the live demo.
@jsstott @CHCon_nz #chcon #chcon21
Now you can use this visualization to start to identify possible misconfigurations
@jsstott @CHCon_nz #chcon #chcon21
Now we can go through all the things we've created and start to classify things.
@jsstott @CHCon_nz #chcon #chcon21
ANOTHER LIVE DEMO
@jsstott @CHCon_nz #chcon #chcon21
What services are storing what kind of data?
@jsstott @CHCon_nz #chcon #chcon21
Now we need to think about impact.
@jsstott @CHCon_nz #chcon #chcon21
Now for each services we can determine and record risk
@jsstott @CHCon_nz #chcon #chcon21
Now a live demo showing the risk impacts
@jsstott @CHCon_nz #chcon #chcon21
I'm also really curious about this "Professional Audio" is that Jeremy can setup in "Audio Settings"
@jsstott @CHCon_nz #chcon #chcon21
Lets look at impacts. Fines?

These things need to be continually updated. Typically someone documents this in a wiki and then nobody ever touches it again.

@jsstott @CHCon_nz #chcon #chcon21
We need to consider the controls.

If we don't have this data to refer back to, it can be difficult to convince people why controls are important.
@jsstott @CHCon_nz #chcon #chcon21
Having this information fosters much easier to communication.
@jsstott @CHCon_nz #chcon #chcon21
How do we automate things so we get notified when impacts changes.

Then you can shift it from being security driven to being driven by everyone within the business.
@jsstott @CHCon_nz #chcon #chcon21
We can build a policy solver language, but lets make a more generic use of it.
@jsstott @CHCon_nz #chcon #chcon21
ANOTHER ANOTHER live demo!
@jsstott @CHCon_nz #chcon #chcon21
How do we apply this against our neo4j graph database?
@jsstott @CHCon_nz #chcon #chcon21
We need to be moving towards Security as a FirstThought
@jsstott @CHCon_nz #chcon #chcon21
The End!

Awesome chat Jeremy! Looking forward to the seeing the repo.
@jsstott @CHCon_nz #chcon #chcon21
Kevin wants to remind you that its Gumboot Friday!
@CHCon_nz #chcon #chcon21
Now its @binarymist talking about Dev Team Security
@CHCon_nz #chcon #chcon21
Before we start - thanks to the @CHCon_nz crew on organising all the contingencies. Fucking great work team!
#chcon #chcon21
Looking at Past, Present, and Future of standards

There are two types of people involved.

There are lots of docs to read and lots of standards to adhere to if you're trying to develop secure applications.
@binarymist @CHCon_nz #chcon #chcon21
There is a lot of tooling, but its mostly manual
@binarymist @CHCon_nz #chcon #chcon21
In the present...

Significant improvements in the information and tooling available recently.

New commer - NIST RMS standard
@binarymist @CHCon_nz #chcon #chcon21
Page 4 is the best page
@binarymist @CHCon_nz #chcon #chcon21
What kind of tooling is there?

Lets put it in a spreadsheet! Best of breed tools.

@binarymist @CHCon_nz #chcon #chcon21
The future we deserve:

The tooling can teach the Type 1 people.

@binarymist @CHCon_nz #chcon #chcon21
We can relax. Your applications can now start to defend themselves.
@binarymist @CHCon_nz #chcon #chcon21
Thanks to Max
@binarymist @CHCon_nz #chcon #chcon21
Kim is trying to solve this all with PurpleTeamLabs!

If you solve his riddles, he might give you a shirt!

@binarymist @CHCon_nz #chcon #chcon21
.@kevinnz love a good policy talk.
@CHCon_nz #chcon #chcon21
Now its Chloe talking about PCI!
@CHCon_nz #chcon #chcon21
Goals for today:

TradeMe has been on a bit of a payments journey...

@CHCon_nz #chcon #chcon21
Chloe is an ex-auditor.

Also has a psych degree! So many psych people around!

@CHCon_nz #chcon #chcon21
What is PCI?
@CHCon_nz #chcon #chcon21
PCI puts together the security standard to keep all of that card/transaction data safe.
@CHCon_nz #chcon #chcon21
Compliance does not equal security.

Security vs Compliance:

@CHCon_nz #chcon #chcon21
Chloe doesn't advocate using the "compliance hammer" to smash anyone into making better security decisions but... the threat can occasionally help.
@CHCon_nz #chcon #chcon21
Lets look at a "theoretical" company journey.

We can really quickly end up with card data flying everywhere...

@CHCon_nz #chcon #chcon21
The PCI Challenge: the compliance burden is high
@CHCon_nz #chcon #chcon21
Ahhh! So what do?

Build a security team with experience in PCI is extremely helpful.

If they want to move into an IaaS cloud environment they need to find better ways to do this - migrating existing systems can be labour intensive.

@CHCon_nz #chcon #chcon21
We went from having 10 systems that all individually captured or processed card data to having them utilise core payment systems.

This drastically reduced the scope of future PCI audits
@CHCon_nz #chcon #chcon21
What worked:
@CHCon_nz #chcon #chcon21
Awesome! Thanks Chloe!

We really love policy!
@CHCon_nz #chcon #chcon21
The one great thing about enjoying @CHCon_nz from home is that I can crack into some adult beverages for the evening sessions! 🍻
#chcon #chcon21
Now we're firing up the evening session with Jamie talking about Southbridge of Spies

Lets look at this neat, cheap laptop. But why doesn't the fingerprint reader work on Linux?!
@CHCon_nz #chcon #chcon21
Lets talk about fingerprint sensors.
@CHCon_nz #chcon #chcon21
Why can't we use these fingerprint sensors on Linux?

There is some magic happening behind here in the secure authentication implementation...

@CHCon_nz #chcon #chcon21
We don't want to be sending the fingerprint data directly to be sending the data to the provider's servers...

If it gets breached - how do we reset it? Sandpaper?

How can we secure this so we don't have to rotate this credential?
@CHCon_nz #chcon #chcon21
Basically Apple and Microsoft use a secure chip (secure enclave of TPM) in order to securely store this information.

Needs to be a secure tunnel between the secure enclave & fingerprint sensor where the fingerprint data isn't accessible by anything else
@CHCon_nz #chcon #chcon21
Can we make this work on Linux?

Lets do some hacking!

@CHCon_nz #chcon #chcon21
Its much easier to learn how to reverse engineer binaries in when you're not competing in a CTF...

@CHCon_nz #chcon #chcon21
Lets chuck this in wireshark and dissect it.
@CHCon_nz #chcon #chcon21
Hello, what have we here?

Now there is TLS between the CPU, and the fingerprint sensor!

A bit different from web TLS - pre-shared key implementation.
@CHCon_nz #chcon #chcon21
The only other encrypted message (aside from the handshake) is the image from the fingerprint sensor.

But we've got a lot of commands that are unencrypted.

The symmetric model of TLS-psk we can try and attack it.
@CHCon_nz #chcon #chcon21
Jamie decided to attack the firmware itself

What is this UPFW - update firmware? Hmmm...
@CHCon_nz #chcon #chcon21
So lets just add a backdoor to the firmware and update it.

@CHCon_nz #chcon #chcon21
The PSK from Jamie's laptop.

Now we can use that to decrypt the TLS data
@CHCon_nz #chcon #chcon21
So lets take a look at that fingerprint image!

Wait, what
@CHCon_nz #chcon #chcon21
Ah, you've got to put your *actual* finger on it!
@CHCon_nz #chcon #chcon21
Then some magic happens to get a much clearer image
@CHCon_nz #chcon #chcon21
So... now what?

The security model is actually good. Do we *really* want to break it?

Do we want to have fingerprints stored on your laptop?

@CHCon_nz #chcon #chcon21
Does this give us an opportunity for evil maid attacks?

Boot to linux on a laptop and then use the update firmware attack. Could use this to capture/replay trusted fingerprints to log into Microsoft/AzureAD using fingerprint.
@CHCon_nz #chcon #chcon21
Next up, a fireside chat with Daniel & Hugh talking about mental health in IT
@CHCon_nz #chcon #chcon21
We want interaction and questions! Both online and IRL at the con.
@CHCon_nz #chcon #chcon21
Take a breath - chill out.
@CHCon_nz #chcon #chcon21
They are not mental health professionals. They are just professionals with mental health issues.
@CHCon_nz #chcon #chcon21
I won't be tweeting any sensitive stuff about this talk.

But perhaps some of the general themes that are discussed.
@CHCon_nz #chcon #chcon21
Who are Hugh and Daniel?
@CHCon_nz #chcon #chcon21
"CEO's don't actually know what they're doing at all times and most of them are desperately insecure about it"

Can confirm.
@CHCon_nz #chcon #chcon21
What is mental health?
@CHCon_nz #chcon #chcon21
There is a lot of misinformation about mental health.
@CHCon_nz #chcon #chcon21
Speaking of Work Boundaries.
@CHCon_nz #chcon #chcon21
Uh, the reason @aerorock sponsors @CHCon_nz is definitely just because we think its cool.

But that's just us.
#chcon #chcon21
Management is there to be a tool. They are there to help enable folks to do their jobs as effectively as possible.

Management is there to make sure you can do your job.
@CHCon_nz #chcon #chcon21
How do you help your friends?

Even if they're sad, keep including them.
@CHCon_nz #chcon #chcon21
Where to get help:
@CHCon_nz #chcon #chcon21
Thanks David & Hugh!
@CHCon_nz #chcon #chcon21
And its @CHCon_nz Day 1 wrap up!

Yay @aerorocknz!

@CHCon_nz #chcon #chcon21
Please donate to Gumboot Friday!
@CHCon_nz #chcon #chcon21
Schedule for tomorrow:
@CHCon_nz #chcon #chcon21
Go out and have a good time, but not too good of a time!

See ya tomorrow @CHCon_nz #chcon #chcon21

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jason Danner

Jason Danner Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jpdanner

Jason Danner Profile picture
1 Nov 20
I know #CHCon2020 is over and we're all recovering from an amazing con, but I've got a few gems left that didn't make the live tweets.

I present to you: @jsstott's speaker dance moves.
@CHCon_nz
First up: the breast stroke
#JeremysSpeakerMoves #CHCon2020 @CHCon_nz @jsstott
Next: imaginary maracas
#JeremysSpeakerMoves #CHCon2020 @CHCon_nz @jsstott
Read 7 tweets
Jason Danner Profile picture
31 Oct 20
Ah, C1.
#ChristchurchLife Image
Adventure time!
@eilish_sinclair #ChristchurchLife Image
Hello Akaroa!
#ChristchurchLife Image
Read 10 tweets
Jason Danner Profile picture
30 Oct 20
Its @CHCon_nz day 2 kicking off with @mrdanwallis
#CHCon2020 Image
Leaning into the #Press 🕵️ thing!

#Press 🕵️ #CHCon2020 @CHCon_nz Image
Today's happenings!
#Press 🕵️ #CHCon2020 @CHCon_nz Image
Read 254 tweets
Jason Danner Profile picture
19 May 20
I got a bit inspired by @andrewtychen's great thread on the new NZ COVID-19 tracing app.


I heard that MBIE would be releasing the ability for businesses to generate QR codes, so I decided to try and figure out how that process works.
First - how is MBIE going to be managing the generation of these QR codes?

I heard a rumour that it was going to be through a new tool they'd recently rolled out called "Business Connect".

I own a business and work with many businesses, but I've never heard of it.
So what is Business Connect?

"Business Connect is a new digital service platform that will allow businesses to apply for things like licences and permits from different government agencies in one place."

I guess if you want to tie these codes to NZBNs, this is the spot.
Read 23 tweets
Jason Danner Profile picture
20 Apr 20
Here we go.
@jacindaardern
#COVID19nz #lockdownnz
Basically we're doing amazing by nearly every statistic.
@jacindaardern
#COVID19nz #lockdownnz
We're confident that there is no widespread community transmission in New Zealand.
@jacindaardern
#COVID19nz #lockdownnz
Read 22 tweets
Jason Danner Profile picture
16 Oct 19
Good morning @kawaiiconNZ!
#Kawaiicon
This seems fine. @kiwicon
#Kawaiicon @kawaiiconNZ
Current status:
#Kawaiicon @kawaiiconNZ @kiwicon
Read 323 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @jpdanner has new unrolls!

Check out other threads from @jpdanner!

Read all threads by @jpdanner

:(