![]() ![]() com/ d s n e z h k o v / r a c k eteer) and hope to find a way of bringing this as an optional test case to our clients. I’ve been using the GitHub release ( github. In the past when asked this question, my answer was almost always, “If we get code execution, we could probably execute ransomware.” But with Racketeer, there is no hypothetical. As we know, 2021 has been a lucrative year for ransomware threat actors, and clients want to know if they are at risk for this type of attack. ![]() Racketeer is a ‘defanged’ ransomware command and control platform. However, it differed in the nature of the tool being presented and its acute relevance. Typical for DefCon, this talk covered the release of an open-source tool. Prototyping Controlled Ransomware Operations by Dimitry ‘Op_ Nomad’ Snezhkov ( w a t c h ? v = V J 8 a q R eB118). My second Best in Show talk was Racketeer Toolkit. Overall, this talk opened my eyes to ways that I could help the security of reporters trying to deliver their stories. When sending a reporter into the thick of it, communication cadences and threat reports are critical factors. This section reminded me of the military handled threats during my time there. However, his points about the responsibilities of the editor with regards to maintaining the safety of the reporter hit home for me. Strong passwords, 2FA, VPNs, updating, and secure messaging all made the list. Overall, the cyber best practices he recommended were typical. I initially assumed this was more of a consideration overseas, but when he hit the audience with a survey showing that 90% of respondents experienced some sort of safety issue / threat within the US, his point felt closer to home. He talked in depth about the range of threats, from reputation attacks, harassment, and hacking to homicide. This unique talk discussed threats and problems facing reporters as well as reducing risk through best practices. The first was A Look Inside Security At The New York Times Or A Media Security Primer For Hackers by Jesse ‘Agent X’ Krembs ( w a t c h ? v = U 2 - 8 M N x8nsg). While all the talks I attended were engaging, there are two that I consider Best in Show. This year featured interesting topics ranging from breaking into an ATM without a pin or key, to organizing nation states to discuss cyber ‘norms’ and malicious activity at the UN level. The talks were engaging and interesting. The conference badge still offered an enjoyable puzzle plus, you had all sorts of friendly people throwing out pointers on where to look next. This was probably the perfect DefCon for first-time attendees.Įven with these differences, much still felt the same. It was great! I even grabbed a few hardware badges, which in the past were almost always sold out. This time, I breezed through everything in five minutes. The previous time I stood in line to get my conference badge, I waited for close to three hours. The typical nickname of ‘linecon’ didn’t apply this year. ![]() How was it different? The normal sea of people totaling around 20,000 looked to be more like 3,000. This month we returned to Vegas after a year hiatus to a very different DefCon 29. A celebration where hackers and thought leaders come together to discuss new findings and topics, compete against each other in capture-the-flag competitions, and party with new and old colleagues and friends. For those who don’t know, DefCon is a celebration disguised as a cybersecurity conference. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |