As we prepare to wind down for the year, it is appropriate that we take some time to reflect on our successes and failures over 2017.
Thoughts On Community
Over this past year, much has occurred. As the Platypus Initiative, we have had a second (and yet-again, trend-setting) conference. We have explored new avenues of collaboration with our friends from Electrofringe, and we have kicked off Australia’s first domestic hardware capture-the-flag. With each event that we do, more volunteers approach us, with content which they can help present to everyone. In this way, we are slowly but surely building a self-sustaining pool of content.
As a community, we have swelled to almost 200 members yet again – it warms my frozen heart that we usher in the new year with another Great Purge (our third? I lose count). This brings back memories of the IRC’s of old, where dozens of people would lurk in a channel – no-one would ask questions for fear of looking stupid, and there would be little discussion of actual technology. It is my intent that this does not become the case for the Platypus Initiative.
For all our progress – we must not forget our roots. I must think back to what we were doing a year and a bit ago – we were just a group of nerds who wanted to do cyber stuff, so we got together and did cyber stuff, and treated one another as equals. It is my hope we do this once more.
Thoughts On Technology
Over the past year, I have spent some time learning a few hardware security parlor tricks. While conceptually simple, this is a tremendous eye-opener – both that there is tremendous profit in wiring up some GPIO buttons and a USB HID gadget, and that most “hardware hacking” that gets talked about is mostly the same few simple concepts.
The practical change is noticeable – I can now understand attacks which were once the equivalent of sorcery (think Heart of Darkness / HID, USB descriptor glitching, that kind of jazz). The thing about advanced technology being indistinguishable from magic works in reverse too – with just a little bit of basic understanding, the pieces of the magic show come together, and the whole thing becomes understandable, and with practice, very repeatable.
In an effort to focus my time, I have taken to using Trello to build a rudimentary task list. For me, the motivating effect of this cannot be understated, as long as I:
- Keep the list up to date
- Write items up to a consistent standard.
It is a sobering reminder that there is much to learn and do, and looking to 2018, I intend to spend more time analyzing different targets: shifting away from CTF-style content to attacking more real hardware (but still attempting as many CTF’s as I can, and trying to score as high as I can).
The Long Road Ahead
In 2017, to me, our greatest success is in the amount of activity we were able to provoke – from people spending time with us at our hands-on workshops, to people having a great time learning at hw101 with our friends from Sectalks, to the number of people eagerly taking part in our hardware capture-the-flag. Truth be told, it doesn’t matter what someone learns in a closed-classroom / traditional content format: learning for themselves that it’s OK to take risks learning is worth more than every workshop under the sun.
It’s the old adage of teaching someone to fish, versus giving them a fish, except with more cyber.
Looking to 2018, it is my intent to provoke yet more activity. Prep work is already underway for events hopefully to kick off in late January. I hope to establish stronger working relationships with the rest of the Australian “infosec scene”, to the extent that it helps everyone in bringing more varied content to the communal table. A special thanks goes to Sectalks and Pedram here, for putting up with all my shit this year.
For those of you reading this on New Year’s Eve, I wish you all a most ethical holiday. May you take this day and the next to rest and recover, to take stock of your achievements over the past year, and of the year which lies ahead.
Happy New Year’s, see you in Insomnihack Teaser CTF 🙂