That said, this is one of the cleanest designs I’ve seen from a village badge, and if you had the DC28 badge, you could connect it to expand the badge. Next up is the aerospace badge, which I haven’t even started to solve. The functionality continues when you plug in the badge to your computer, as it acts as a programmable human interface device (HID). Additional to the badge challenge, you can boot the badge into a classic game of Simon (I’ve only been able to get to a high score of 12). All in all, I connected to 64 different badges while sharing the signal only 29 times. The DefCon theme this year was “Can’t Stop the Signal,” which involved everyone attempting to share the badge signal to reach the next step. I always feel bad when having to modify the badges (I am possibly the worst at soldering) but thankfully, there wasn’t too much of a need. A few things tripped me up regarding encryption, but everything else seemed to be straightforward. On top of my conference badge, I snagged the Aerospace Village and DefCon TOR 29 badges.įirst up is the DefCon badge, and because I’ve completed the puzzle, there are spoilers in the photos below: DefCon29 Badge Interactive Badges (Spoiler Alert!)įor the first time, I walked out of DefCon with more than two badges.
I’ve been using the GitHub release ( ) and hope to find a way of bringing this as an optional test case to our clients.
#DEFCON 2021 CODE#
In the past when asked this question, my answer was almost always, “If we get code execution, we could probably execute ransomware.” But with Racketeer, there is no hypothetical. As we know, 2021 has been a lucrative year for ransomware threat actors, and clients want to know if they are at risk for this type of attack. Racketeer is a ‘defanged’ ransomware command and control platform. However, it differed in the nature of the tool being presented and its acute relevance. Typical for DefCon, this talk covered the release of an open-source tool. Prototyping Controlled Ransomware Operations by Dimitry ‘Op_Nomad’ Snezhkov ( ). My second Best in Show talk was Racketeer Toolkit. Overall, this talk opened my eyes to ways that I could help the security of reporters trying to deliver their stories. When sending a reporter into the thick of it, communication cadences and threat reports are critical factors. This section reminded me of the military handled threats during my time there.
However, his points about the responsibilities of the editor with regards to maintaining the safety of the reporter hit home for me. Strong passwords, 2FA, VPNs, updating, and secure messaging all made the list. Overall, the cyber best practices he recommended were typical. I initially assumed this was more of a consideration overseas, but when he hit the audience with a survey showing that 90% of respondents experienced some sort of safety issue / threat within the US, his point felt closer to home. He talked in depth about the range of threats, from reputation attacks, harassment, and hacking to homicide. This unique talk discussed threats and problems facing reporters as well as reducing risk through best practices. The first was A Look Inside Security At The New York Times Or A Media Security Primer For Hackers by Jesse ‘Agent X’ Krembs ( ). While all the talks I attended were engaging, there are two that I consider Best in Show. This year featured interesting topics ranging from breaking into an ATM without a pin or key, to organizing nation states to discuss cyber ‘norms’ and malicious activity at the UN level. The conference badge still offered an enjoyable puzzle plus, you had all sorts of friendly people throwing out pointers on where to look next. This was probably the perfect DefCon for first-time attendees.Įven with these differences, much still felt the same. It was great! I even grabbed a few hardware badges, which in the past were almost always sold out. This time, I breezed through everything in five minutes. The previous time I stood in line to get my conference badge, I waited for close to three hours. The typical nickname of ‘linecon’ didn’t apply this year. How was it different? The normal sea of people totaling around 20,000 looked to be more like 3,000. This month we returned to Vegas after a year hiatus to a very different DefCon 29. A celebration where hackers and thought leaders come together to discuss new findings and topics, compete against each other in capture-the-flag competitions, and party with new and old colleagues and friends. For those who don’t know, DefCon is a celebration disguised as a cybersecurity conference.
0 kommentar(er)
