Bronwen Aker* //
For those of you not fortunate enough to attend, this year’s Wild West Hackin’ Fest (WWHF) was phenomenal, featuring speakers from diverse aspects of information security, workshops, labs, and a killer CTF, all taking place at the Deadwood Mountain Grand, a Holiday Inn Resort Hotel, Casino, Spa and Event Center.
In spite of its name, this year’s WWHF addressed more than just “hacking.” Given that Black Hills Information Security (BHIS) is best known for its penetration testing services, it’s no surprise that a lot of the talks dealt with pen testing tips, tricks, and traps. But there were other talks, including one on the importance of taking a break from all our electronic devices, and another by a woman who used to be a stay-at-home-mom and who is now an infosec pro.
The fun and games started Wednesday evening, with a Retro Gaming Room, Old Timey Photos, hardware hacking labs, the Escape Room, and several talks. The party that evening was pretty fun, too. 😉
The official start of the conference was Thursday morning, with the Escape Room opening up, as well as the first of a couple Offensive WMI (Windows Management Instrumentation) workshops, and the keynote by Ed Skoudis, who is the Founder of Counter Hack Challenges, a SANS Fellow, and infosec wizard extraordinaire.
Ed Skoudis giving his keynote
Ed’s keynote, titled “The Top Ten Reasons It’s GREAT To Be a Pen Tester… And How You Can Help Fix that PROBLEM,” set a persistent tone for the conference. He talked about the fun side of hacking, and about how stunt hacking is useless as a business model. Ultimately, penetration testing needs to help support business, and to empower organizations to improve their security. This theme was carried later in the day by BB King in his talk, “Hack for Show, Report for Dough.”
Other talks addressed a wide range of topics, including undocumented “features” of Windows (and how to exploit them), tips on learning Python, how to extract data from Slack, Android app testing, and much, much more! But the talks weren’t the only cool thing at WWHF, not by a long shot!
In addition to the hardware hacking labs and the Escape Room, there were lots of fun things for folks who enjoy “lock sport.” There was a “Hall of Doors” set up with all kinds of doors for people to hack, including doors with simple pin locks, less simple pin locks, and electronic locks of various kinds. There was even a “Lock Picking Gun Fight Tournament” run by Jonathan Ham and Deviant Ollam in which contestants had to pick locks in order get more ammo for their Nerf guns so they could shoot their opponent. It was great fun!
And there were CTFs. (Really, is it possible to have a hackers conference without at least one CTF???) The MetaCTF Team and WWHF put together the official conference CTF. The CTF questions covered a wide range of infosec topics including encryption, IoT, web app vulnerabilities… I can’t remember them all. And at the closing ceremony they rattled off some impressive statistics for the CTF, covering everything from how many unique domains were in the emails used to register for the CTF to how many attempts were made to answer questions.
MetaCTF 1st Place Winners
Another CTF was set up by GRIMM, Cyber R&D. Their “Howdy Neighbor CTF” was all about hacking IoT devices. The “dollhouse” they has set up was fully wired, furnished with 3D-printed furniture, and even had a working mini-TV in the living room!
And let us not forget the DNS Scavenger Hunt by Active Countermeasures. Their scavenger hunt required knowledge of DNS, hexadecimal, a bit about some local (to Deadwood) landmarks, and a lot of creative thinking!
I could go on and on about the conference. From start to finish, it was an amazing, wonderful, empowering event with hackers from all kinds of backgrounds and at all different levels, all coming together to have a great time and share what they know.
Yeah, you can bet I’ll be at WWHF 2019. Wild horses couldn’t stop me!
Met Deviant Ollam on the way to Wild West Hackin’ Fest
*This guest post was written by the lovely Bronwen Aker. Follow her on twitter here: @BronwenAker
Links and references:
Official Website: https://www.wildwesthackinfest.com/
WWHF 2018 Schedule: https://wwhf18.sched.com/
Twitter Feed: https://twitter.com/WWHackinFest