8 minute read

header Image

Black Hat Asia – 2024 Rite of Passage Recipient

About Me: Blessing Mufaro Kashava

TL; DR:

  • Final Year Info Sec Undergraduate
  • Associate Cybersecurity Consultant
  • Interested in Pentesting, CTFs
  • Hobbies: Gaming, Blogging

About “The Rite of Passage”

This initiative by BSides Cape Town was established as a program through which a student is sponsored to attend DEF CON or Black Hat. The individual is selected from a pool of volunteers that lend a hand at the BSides Cape Town conference each year. The essence of this initiative is to boost a student’s passion for cybersecurity through exposure to the global security community through attending the above-mentioned prestigious conferences.

Background

My journey into cybersecurity began with a passion for computer science. In high school, I focused on mathematics, physics, and computer science during my Advanced Level studies, with the latter always being my highest score. I initially aimed to be a video game developer and applied for Software Engineering as an undergraduate major but was placed in Information Security instead (as it was a second option I had randomly chosen from the university programs brochure). This unexpected turn led me to appreciate the field.

After getting my first internship as a Technology Risk Analyst Trainee, I became intrigued by ethical hacking through penetration testing engagements. The majority of Zimbabwe’s IT events I attended focused on development and programming, offering little immersion in cybersecurity. Volunteering for BSides Cape Town was my way to try and experience a full-fledged cybersecurity community.

BSides Cape Town lived up to my expectations. I forged new connections, learned about perspectives on the African cybersecurity landscape, and had a great time despite being far from home. I had no idea that my efforts at BSides Cape Town would lead to an opportunity to attend Black Hat Asia. It wasn’t because I did anything special, but my supportive presence and effort as a volunteer apparently made the organizers see something in me that I hadn’t considered special to begin with.

The Very Beginning

After experiencing the invigorating sensation of volunteering at BSides Cape Town in 2023 ( https://bsidescapetown.co.za/conference/Bsides-Cape-Town-Volt-Post/ ), I was set on participating at more cons. By trying to manage expectations, I was planning on consistently attending BSides Cape Town each year in December, but with the establishment of BSides Joburg 2024 – that meant I’d be looking at going to two cons in a year. One fateful Friday afternoon I was having a conversation with a friend, and he mentioned how Black Hat Asia offered student scholarships, and that’s how I applied (that day coincidentally being the application deadline date).

header Image Fig 1: Black Hat Asia Scholarship Award

After four days, I got confirmation that I had successfully received the scholarship. This scholarship, however, only covered the entrance ticket. Enthusiastic as I was, I was content with watching the streamed content online. I mentioned this achievement on LinkedIn explicitly mentioning my inability to attend to attend the con in person, but grateful for the opportunity regardless. It was after a few hours of posting this update that I got a short comment from Charles, the BSides Cape Town Director – the one comment that unravelled the rest of my journey to Singapore!

Charles LinkedIn
Fig 2: Charles’ comment on my LinkedIn Post

Apparently the BSides Organizing Team had taken notice of my scholarship opportunity, and they expressed interest in potentially sponsoring my travel and accommodation to Black Hat Asia. After two weeks of research and budget planning the BSides Team approved the funding and paid for my flights, hotel and gave me a hefty stipend for petty expenses. Fast-forward to the 16th of April, I was on my 16-hour flight to Singapore!!!

Days leading to the event

Considering that I was travelling alone, and I had absolutely no acquaintances in Singapore, I overprepared for the trip. Researching on every small aspect – transport system, must-have apps, the hotel I’ll be staying in, general Singaporean culture, and tourist places I should check out. Prior weeks leading to the event I had also reached out and gotten a few “Interested to Chat” requests from conference attendees, so my weird self at least had some partially acquainted colleagues to meet the moment I got to the event. Oddly enough, I wasn’t nervous about the trip itself or the idea of being a solo-traveller, and more about the conference and how I’d fit in as a novice in the field.

Black Hat Conference Day 1

Day One Fit Check
Fig 3: Day 1 Fit Check

I arrived at the venue around 0810am for registration. Apart from the never-ending ‘wows’ I threw at all the breathtaking scenes I saw; I was pretty cool about everything. I got my ticket scanned and received my entrance badge.

BH Asia Attendee
Fig 4: Black Hat Asia Attendee Tag

As I waited for the 0900am kick-off keynote, I met my first two acquaintances; Jason Kai and Chan Yanliang – both amazing security enthusiasts who instantly turned into friends. We chatted about our fields of interest as students, and the expected event experience since it wasn’t Jason’s first time at Black Hat.

Hanging Out
Fig 5: Hanging out with Jason and Chan

After our seemly short, but engaging conversation we headed to the keynote speech. Jeff Moss, the founder of Black Hat, kicked things off with an engaging conversation on the cybersecurity landscape within Asia and the rest of the world and basically set the tone of the entire con – trying as best as he could to dodge ‘AI’ in his talk (as it is now perceived that a tech talk these days is literally impossible to put together without mentioning AI ). When the keynote was done, I headed to the Business Hall for product insights from sponsoring vendors (and to of course, start looting swag). I met some cool people from companies like KnowBe4, Bitdefender, ManageEngine, Cyber Ranges, Hack the Box, Hp, HackerOne and Appsealing. In the very midst of my swag looting spree, I met the Director of Cybersecurity for BDO Singapore (Cecil Su) who I had previously had a conversation with online. His team was showcasing a new tool at the Arsenal Showcasing booth and it was an amazing opportunity to show supportive presence to fellow member firm mates.

BDO Fig 6: BDO Singapore Team after arsenal showcase

The day ended with me roaming around company booths, sitting in on interesting briefings and sharing meals with complete strangers while striking conversations that began with how long of a flight they had to sit through to get to the con.

“Note to future self: always choose talks you’d like to listen to well in advance – to avoid feeling overwhelmed.”

Black Hat Conference Day 2

Day 2
Fig 7: Day 2 Fit Check

Day 2 experience was a lot like Day 1, only that this time I was more familiar with the floor layout, so I didn’t act all confused while traversing across rooms. I spent the better part of the morning attending briefings, watching arsenal showcasing and looking at trivial challenges like lockpicking and CTFs. Again, made more amazing friends – shoutout to Naqib Fitri, Nik Amir Hakim, Wong Zhi Zhen, Sarah Imanina, Lee O’Brien-Riley, Stephanie Muscelli.

New Friends
Fig 8: Hanging out with new pals from Malaysia

Around midday I took a worthwhile detour and visited BDO Singapore LLB offices, where I had gotten a tour invite from the Director who I met on the first day. The entire experience was great, the team was welcoming, and they showed me around their workspace.

BDO Office
Fig 9: BDO Singapore Office Tour with Cecil Su

I returned to the con after lunch and carried on with briefings until end of day. After the last keynote – I headed straight back to my hotel room to freshen up and do some last-minute sightseeing as my flight back was very early the next morning.

General Experience

Simply put, this was AN EXPERIENCE OF A LIFETIME. What made this trip an even more exciting experience was the fact that I never planned for it, I received the scholarship three weeks before the event commenced, and three weeks later I was flying out to Asia – something I hadn’t in the slightest idea planned for. A fascinating point to note about the global cybersecurity space especially at conferences is that regardless of diversity and variation of backgrounds, people always float around on that exact same nerdy vibe – it hardly feels like you’re away from home. Overall, the conference was eye-opening and encouraging. You may attend a talk and not understand like 50% of the content, but each lived experience to me was a learning curve and insight into the broader field of cybersecurity that I, as a novice in the field, will confidently step into in the near future. Singapore in general was an absolute bliss, the people were kind and welcoming – and above all the sights were exquisite.

Future Plans

museum

The experiences at BSides and Black Hat have inspired me to give back to my local community. I aim to engage in cybersecurity conferences within Zimbabwe and run an initiative to establish cybersecurity clubs on college campuses. These clubs will prepare students by providing resources and mentorship from partnering companies. I will continue volunteering and submitting talks to future cons both locally and internationally, and ultimately aspiring to lead an inaugural BSides Harare for professionals in my local community - Watch This Space!

Acknowledgements I’d like to express my profound gratitude to everyone that made this trip a reality for me:

  • All 2023 BSides Sponsoring Companies
  • Individuals that contributed to the “Rite of Passage” on ticket purchases.
  • BSides Cape Town Organizing Team:
    • Charles Wroth
    • Roberto Arico
    • Christo Goosen
    • Isak Van Der Walt
    • Mayan Stegmann
    • Geoffrey Chisnall
    • Nuno Almeida
    • Michele Wroth
    • Jared Naude

Talks I listened in on:

  1. Keynote – Securing Our Cyberspace Together (David Koh, Jeff Moss)
  2. The key to Remote Vehicle: Autonomous Driving Domain Controller (Baidu)
  3. LLM4Shell: Discovering and Exploiting RCE Vulnerabilities in Real-World LLM-Integrated Frameworks and Apps (Institute of Information Engineering, Chinese Academy of Sciences)
  4. The Hack@DAC Story: Learning from Organizing the World’s Largest Hardware Hacking Competition (Intel Corp)
  5. Bad Randomness: Protecting Against Cryptography’s Perfect Crime
  6. Fireside Chat (Jeff Moss, Ruimin He)
  7. China’s Military Cyber Operations: Has the Strategy Support Force Come of Age (Pukhraj Singh)
  8. Unveiling the Cracks in Virtualization, Mastering the Host System – VMWare Workstation Escape (Victor V)
  9. Voice Phishing Syndicates Unmasked: An In-Depth Investigation and Exposure (S2W Inc.)
  10. How to Get the Most Out of the Python Decompilers Uncompyle6 and Decomplye3 – How to Write and Read a Bytecode Decompiler (Rocky Bernstein)
  11. Locknote (Jeff Moss, Anant Shrivastava, Vitaly Kamluk, Lidia Giuliano)