That’s enough from me for today. I’ve got a busy week ahead.
This man clearly doesn’t understand how television works. twitter.com/daev/status/83…
@ScooterDMC No worries. As I said to someone earlier, the drill is about rehearsing procedures, not stress-testing networks.
I have probably eaten enough for today. Or possibly the week.
This is why we can’t have nice things. twitter.com/SteveMolk/stat…
I’d heard that. twitter.com/jxeeno/status/…
@vysecurity Heh.
It’s not even 1800 ICT here in Ho Chi Minh City, but my body is sorta still on AEDT and I’m knackered.
And so ends the @FIRSTdotOrg Technical Colloquium. More #apricot2017 action tomorrow.
“To be losing a truthfulness contest to Donald Trump? It’s like losing a rap battle to Mitt Romney.” thehill.com/media/321157-m…
The Australian Taxation Office (ATO) works to a similar timetable without any external actor even attacking them. #apricot2017
I hasn’t realised that after the Jul 2016 defacements etc of VN airport systems, they ran manually for around three weeks. #apricot2017
jeremyrsaunders Oscars Predictions:
1) Sunday
2) In 6 months you won’t remember who won
3) In 6 years you won’t remember the films
4) We will all die alone
It me! twitter.com/Ausflatfish/st…
@dobes I think I will be seeking out a lizard very, very soon.
@SnarkyPlatypus I would be seeking advice from experts.
@techoglot @Asher_Wolf I think the whole thing is a hoax to get people swearing at celebrities.
See? Unlike quokkas, geckos are not rubbish animals. twitter.com/dobes/status/8…
@SnarkyPlatypus Maybe I should put together a playlist for educational purposes.
@SnarkyPlatypus There are too many unnecessarily redundant words in that tweet which are not required.
@staticsan More than 50% of mobile devices in China are domestically-made Android devices. Google defaults? Uhuh.
This has also been flagged as a no-recording session, so I’ll be quiet for a while now. #apricot2017
Last up for today: Thanh Nguyen and Kha Nguyen from VNSecurity, “High-profile Targeted Attacks in Vietnam Case Studies” #apricot2017
NewtonMark “Everything is fine.” #notmydebt @Centrelink twitter.com/CentrelinkDown…
This is a disturbing visual image. twitter.com/thegrugq_ebook…
snurb_dot_info CNN, with nothing left to lose after being banned by Trump’s liesperson, now accepts the science of climate change: twitter.com/CNN/status/835…
@MatthewBevan @semibogan Exactly.
ANVA has an app store blacklist, and is working towards a whitelisting process. #apricot2017

ANVA’s work, and a government crackdown on bad app stores, has cut down mobile malware. #apricot2017 pic.twitter.com/aHJJVLtLSC
The Anti Network-Virus Association of China (ANVA) has 43 members exchanging malware info. anva.org.cn #apricot2017
@NewtonMark @davispg And now you’ll never know, because the previous owner has bolted.
@twcau Quokkas are bullshit animals.
TheMediaTweets Farage: “Can you take a photo of us all please. Ok, everybody smile. Everybody? Everybody? We’re doing a photo…….twitter.com/i/web/status/8…uf
The quokka menace must be stopped. twitter.com/semibogan/stat…
Interesting question. I suspect many would remain, for “free” clones of paid apps. #apricot2017 twitter.com/staticsan/stat…
There’s 300+ Android app stores in China. “Not every store is safe,” unsurprisingly. There’s also many malicious ad channels. #apricot2017
@kln_nurv 10Gbps, not 10Gbps, and to repeat, this is not about stress-testing networks but about rehearsing response procedures.

Top 10 mobile apps in China. If they’re outlined they accept payments. #apricot2017 pic.twitter.com/JnELFAvqeK

Have some CN mobile device statistics. #apricot2017 pic.twitter.com/XpxcjyXXGp
Next up: Dr H E Nengqiang, CNCERT/CC, “The Challenge and Practice of Anti-Virus in Mobile Internet” #apricot2017
Min Sung Jung is star of the day so far. He’ll be a hard act to follow. #apricot2017
@noreasonspec Exactly that.
@techoglot @mpesce Too late. twitter.com/stilgherrian/s…
All those Korean cyber drills are organised by a team of three people, plus some contracting to write the malware. Impressive. #apricot2017
The 10Gbps drill is in a test/drill environment, not production. The aim is to test procedures, not stress-test net..twitter.com/i/web/status/8…jL
@ScooterDMC In answer your question, the 15Gbps is in a simulated environment, not against production sites. Pentesting against prod tho.
Afternoon break. #apricot2017
My view is that there’s some clever stuff happening in this drill. Well done, Korea. #apricot2017
The 2017 drill will be more closely related to DPRK threat and the IoT botnet threat, and election-time botnet threats. #apricot2017
Min Sung Jung is giving us some detail about how they create the “fog of war” between participants. Some clever stuff. #apricot2017

This guy says he extended the drill in 2016 to a full scenario, including cross-organisation attacks. #apricot2017 pic.twitter.com/NRcrKvHOE6
KISA runs a DDoS Shelter Service for SMEs. #apricot2017
@ScooterDMC I know. Anyway, I will ask him about that in the Q&A.
@ScooterDMC Still, it’s a drill with live sites, and this is mostly about testing procedures and so on.
@ScooterDMC I therefore imagine our presenter will ramp that up for 2017.
The pentesting listed under Jun 2016 was by known Korean whitehats against the actual live sites. #apricot2017

This is the stuff Korea covers in its cyber drill. Note that they practice against DDoS up to 10 Gbps. #apricot2017 pic.twitter.com/0VeaTUYqMH
That’s right, mate. That’s why I keep noticing that Korean infosec guys know their stuff. #apricot2017
“As you know, we face North Korea, right? The bad one.” #apricot2017

Oops, another org chart slide. #apricot2017 pic.twitter.com/NSCCB7CPH1

This is how it fits together. #apricot2017 pic.twitter.com/QWJ9Zu9tYO
KISA is the Korea Internet & Security Agency, with ~700 staff. #apricot2017
Next up: Min Sung Jung, KrCERT/CC Researcher, “National cybersecurity drill in Republic of Korea in 2016” #apricot2017
Does anyone know how President Trumble has been going lately?
@evcricket United, ‘cos I flew it last week.
This really is hanging out for a caption competition, isn’t it. twitter.com/KJRISYDNEY/sta…
“There I was, minding my own business, when…” twitter.com/KJRISYDNEY/sta…
Taking a quick break to deal with a massive fatigue wave. #apricot2017
Next up: Shoko Nakai, JPCERT/CC, “Website Checking System for Incident Response” #apricot2017
“Hemp for Victory” (1942) youtube.com/watch?v=W0xHCk…

kymaher SA farmers and manufacturers will soon be able to grow and process industrial hemp pic.twitter.com/IXErC3qQTk
Why 11 October will cause grief if your sysadmins are careless. #dnssec #apricot2017
brianweeden Man, Russian generals sure do seem to shoot themselves or get killed in car accidents twitter.com/MikaelSkillt/s…

Mind you, the guy presenting right now would appear to have a clue. #apricot2017 pic.twitter.com/S9QrtjEZMC
Correct. twitter.com/staticsan/stat…
I wouldn’t say that DNSSEC makes your brain go funny, but, you know, it does. #apricot2017
Next up: 30 mins on the Root Zone DNSSEC Key Signing Key Rollover. I won’t tweet this. You can thank me later…twitter.com/i/web/status/8…tP
RajneshSingh Vast majority of #Internet users in #Vietnam use a #smartphone as their means of access - Binh Vu, Vietnam Internet Association #APRICOT2017
JohnWDean Well, CNN did nothing to Nixon. They did not exist while Nixon was in office. Hope that wasn’t a senior moment, Ben..twitter.com/i/web/status/8…7e
@davidgwynnjones I see what you did there.
@NuclearAnthro No idea.

mrnickharvey Please make this happen. pic.twitter.com/djq9DBW2ht
This is a no-post session, so that’s all from me about this. #apricot2017

Next up: Jacomo Piccolini from Team Cymru, who seems to be taking us down a rabbit-hole. #apricot2017 pic.twitter.com/iTsV9S7yMJ
For those following at home, the afternoon session at the @FIRSTdotOrg Technical Colloquium begins now. 2017.apricot.net/program/schedu… #apricot2017
@ChrissieM @SnarkyPlatypus At some point I’ll be heading up to that observation deck, just below the helipad.
@AusRob It’s pretty impressive.

Two more views from level 23 of the Saigon Sheraton. pic.twitter.com/n0aQOd9hct
SopanDeb I challenge anyone to find a better passage written in any journalistic publication this week:..twitter.com/i/web/status/8…37

RCdeWinter Time for a D&C in DC. pic.twitter.com/Bv9twMPGBq
Tactical error: All that seafood was just the starter. We now have MOAR FOOD arriving. #apricot2017

Another view of the Bitexco Financial Tower, and in other directions. pic.twitter.com/l7fXn38u83
Lunchtime. #APRICOT2017

NZITF scanned the entire .nz namespace in two days last week. 17% of HTTPS was Let’s Encrypt. #APRICOT2017 pic.twitter.com/MiNj3yNbsG
RadioFreeTom And post-9/11, there’s been a lot of these kinds of dissertations. twitter.com/bungdan/status…
@itamer Ah yep. Another example did just that. Used “legit” email to tell staff to use their “holiday” email. Cute trick.
I’m taking a moment to absorb the full magnificence of that concept.
I just popped to bathroom, and the music playing was a V-pop country & western cover of “Moonlight Shadow”.
Brailey says emailed intel sharing is too slow these days. Projects should focus on automated intelligence data sharing. #APRICOT2017
Currently: Barry Brailey from NZITF, “NZITF Ops & Initiatives”, an explainer on what they’re doing. #APRICOT2017
She sussed it, mainly because it was the first email after New Year, and he didn’t say “Happy New Year” as usual. 2/2

Within 12 hours of a NZ CEO tweeting a holiday pic from France, his COO received this email. 1/2 pic.twitter.com/rO1MA7DoBo
Vietnam is also keen to share information outwards to help fight cybercrime operations in the country. #APRICOT2017
All that said, Phuong says that the lack of a focused organisation in the key cybersecurity challenge in Vietnam. #APRICOT2017
But if these organisations, and international orgs, do step in to help, do we have cybercolonialism? Cyberneocolonialism? 3/3 #APRICOT2017
Westerners, with resources and organisation and relatively informed populations, must seem like we’re from another planet. 2/3 #APRICOT2017
Phuong has already included subtle requests for information and intelligence sharing from us visitors to Vietnam. 1/3 #APRICOT2017

Not mentioned in this slide: Almost no endpoint protection, so everybody gets pwned. #APRICOT2017 pic.twitter.com/XzF8czb27L

APT targets in Vietnam. No surprises here. #APRICOT2017 pic.twitter.com/jIWXrjpaYn
In 2016, 16% of all email in Vietnam was a ransomware attack, 20x the figure for 2015. #APRICOT2017
On a completely unrelated note —completely — Vietnam tops the list for probability of your computer getting infected locally#APRICOT201717

“In Vietnam, all things are free.” #APRICOT2017 pic.twitter.com/1k5Hp56Gj2
@bastardsheep @girlgerms @SwiftOnSecurity But I can see what they’re typing.
Next up: Nam Tran Phuong from VNCERT, “APT attack in Vietnam” #APRICOT2017
MichaelPascoe01 Just one small detail of our political and military incompetence in Howard’s war smh.com.au/interactive/20… - has any..twitter.com/i/web/status/8…2i
NuclearAnthro NO SNACK CAR! 😡 twitter.com/muckrock/statu…
@juhasaarinen Your life must be full and exciting.

_youhadonejob1 Would you call an electrician or plumber? pic.twitter.com/oekkF79Gm9
mrchrisaddison World asked to put plans for wars/terrorism on hold till then. twitter.com/politico/statu…
@juhasaarinen No.
@geofurb Goddammit how dare you ruin my world with “facts”. ;)
Coffee break. #APRICOT2017
Chemtrails again! twitter.com/geofurb/status…
Here’s @krebsonsec’s write-up of the Canadian guy behind Orcus. krebsonsecurity.com/2016/07/canadi… #APRICOT2017
If only we had code to detect if us humans were mere simulations running inside a virtual machine. #APRICOT2017
Orcus can also tell when it’s running under a Hypervisor or another VM, and it’ll not run. #APRICOT2017 [VM detection is cool, IMHO.]
Wow. Orcus allows you to write code live and have it executed on the victim machines. Ray calls Orcus a RAT plugin-builder. #APRICOT2017
Here’s Ray’s blog post about the Orcus RAT, i.e. what he’s talking about right now. researchcenter.paloaltonetworks.com/2016/08/unit42… #APRICOT2017
Ray tracks the evolution of a Windows RAT called Orcus that’s sold openly, and even comes with an Android botnet control app. #APRICOT2017
@R_Chirgwin I’ll see if I can get the screenshot from the presenter.
Ray is reminding us that hotels and travel agents are big targets, given they have so much personal data. #APRICOT2017
@indrora I think it’s down, but the price has been down for ages. I’ll check with the presenter.

This blueprint was being offered for sale on the black market. Anyone know what it is? #APRICOT2017 pic.twitter.com/rHxXZGhjpB
Current prices for credit card details on the black market start at $1. [Shows how good card anti-fraud processes are getting.] #APRICOT2017

Would you like three Australian passport images, same number, different photo? #APRICOT2017 pic.twitter.com/MmLPJZ0aSw

The Bad Guys share tips. #APRICOT2017 pic.twitter.com/1UPjUefdVn
This may come as a shock, but apparently some of the Bitcoin exchanges on the darknet are not legit, and just steal your coin. #APRICOT2017
Here’s Unit 42’s blog where they publish their research. researchcenter.paloaltonetworks.com/unit42/ #APRICOT2017
Next speaker is Vicky Ray, threat intel researcher from Unit 42, “Predators Lurking in the deep web” 2017.apricot.net/program/speake… #APRICOT2017
APWG.EU should have some initial work on that project out by the end of July. #APRICOT2027
Nice upcoming APWG.EU project: “Am I a bot?” Tools for consumers to see if they’re part of a botnet. #APRICOT2017
APWG.EU is doing a global survey of financial institutions using biometrics for strong authentication. Results in 2018. #APRICOT2017
… but I really liked the first, uncropped version of THIS photo revealing the REALLY SECURE wi-fi password. ;)twitter.com/i/web/status/8…4duk
This is what I’m at right now..#APRICOT20171twitter.com/a_Klee/status/…Yd
Second speaker from @AntiPhishing is Jorge Aguilà from APWG.EU. #APRICOT2017
Oh that 200ms figure was for pushing data up to @AntiPhishing’s database. Retrieving data takes 400ms. So snail. Very tortoise. #APRICOT2017
There’s around 150 users accessing the @AntiPhishing API. #APRICOT2017
URLs are just a small part of @AntiPhishing’s data. Yep, malicious URLs are shared between members in under 200 milliseconds. #APRICOT2017
@Steve_Lockstep As do you, Steve. As do you.
Learning how much phishing-related (meta)data is shared by @AntiPhishing’s API globally in 180 milliseconds. #APRICOT2017
The latest @AntiPhishing Phishing Attack Trends Reports has just been released. antiphishing.org/resources/apwg… #APRICOT2017
Also, @AntiPhishing runs the
Symposium on eCrime Research. apwg.org/apwg-events/ec… #APRICOT2017 [Wanna send me to Arizona in April?]
APWG is @AntiPhishing antiphishing.org and their materials at stopthinkconnect.org are free to use. #APRICOT2017
@ApostrophePong You’re not helping.
@SnarkyPlatypus @OaaSvc Thiis is a disturbing thought.
InternetHippo fox news: the president is actually a giant donut
trump (12 min later): when will the media report on my delicious cream filling
First up (see what I did there?): Foy Shiver, “Sharing Threat Data & Promoting Cyber Safety with APWG” antiphishing.org #APRICOT2017
Sun plan: 0900-1700 ICT @FIRSTdotOrg Technical Colloquium 2017.apricot.net/program/schedu…; evening TBA. Mute #apricot2017 to avoid.

Here, @OaaSvc, allow me to assist. pic.twitter.com/r1CwpLceEC
@zzap @SheratonSaigon That’s certainly my impression so far, and already I see ten thousand things I want to explore outside post-cybers.
@OaaSvc I think that’s the only kind now.
Fresh dragon fruit FTW.
Oh dear God, the music playing right now is a soft piano and female lounge vocal cover of “Ring My Bell” and it’s very confusing.
@jplonie Are you calling the government of the Socialist Government of Vietnam a banking cartel?
@SnarkyPlatypus People keep saying that, but it can’t be worse than Bangkok.
@spgassist Hey you know I was being ironic, right? :) I arrived last night and so far everything is delightful.
@SnarkyPlatypus I’m doing that Fri to Mon, staying three nights somewhere on my own dime.
If you’re quick, you would’ve seen that I have no idea what city I’m in.
There is #dumplingdumplinghippo and #sushisushihippo and #cheesecheesehippo and… [Dissolves in own body fat.]
They’ve put me up at some rubbish so-called “hotel” named Saigon Sheraton. Six days of this #buffetbuffethippo will kill me.
@kestert Perhaps, but not the easiest margin to leverage.
@bigbadave I’m no expert, but I’m pretty sure that’s not how it works.
Cute.
So at SGN my visa cost USD 25, so I handed them USD 40. They gave me 300,000 VND in change. Who’s winning here, do..twitter.com/i/web/status/8…mo
BTW, #APRICOT2017 is the Asia Pacific Regional Internet Conference on Operational Technologies and is obviously not at all geeky.
@garystark @ResignInShame @tim_rutter Damn. I was hoping to borrow your helipad.
Alternatively, check the schedule at 2017.apricot.net/program/schedu… and, from tomorrow, the live streams at 2017.apricot.net/program/webcas… #APRICOT2017
Sun plan, supplemental: I’ll be tweeting geekery and cyberstuff from Ho Chi Minh City through to Friday. Mute #APRICOT2017 to avoid.
Sun plan, draft: 0900-1700 ICT @FIRSTdotOrg Technical Colloquium 2017.apricot.net/program/schedu…; evening TBA.
Can I just say, @ResignInShame @tim_rutter, that I have no idea who Tony Stark, and with to remain in this state of being.
@michaelneale That’s the People’s *Socialist* Helipad I’ll have you know.
@oldozgeek It certainly looks like that from this angle. Yes, it’s a little smoggy atm, but maybe that’ll clear later, I’m inside today tho.
@gths Hah! That is amusing for the obvious reason.

Here’s the Wikipedia picture of that helipad. en.wikipedia.org/wiki/Bitexco_F… pic.twitter.com/LXYMXpkAaR
That building in the first image is the Bitexco Financial Tower. bitexcofinancialtower.com en.wikipedia.org/wiki/Bitexco_F… bitexcofinancialtower.com
@ResignInShame I love the helipad sticking out the side of it.

My first view of Ho Chi Minh City in daylight. pic.twitter.com/U8mnZEC2a8
Sunday. If you are only the second one this time, who was the first? Sunday.
I’ve just taken a proper look at my program for Sunday. It’s going to be an interesting one. And a long one. So it’s goodnight from HCMC.

DrSamWillis What an amazing job this man has. #BeerMarshall pic.twitter.com/uTGwNR0Mt6
@iain_chalmers I did do that, yes. But it’s OK, I’ve made it into the country OK.
@awakening_heart Thanks, thought it’s a work trip and I’m not sure how my schedule will go.

So there we have it. pic.twitter.com/eNZZBosEnt