Synack Halloween Hacks
31 October 2019

Halloween Hacks: Not Your Average Fairy Tale

Mark Kuhr

By all estimates, black turtlenecks are taking the cake today for the most popular Halloween costume of 2019. For many in Silicon Valley still recovering from that bad blood, the iconic look is indeed spooky – a reminder of a tech fairytale gone wrong. But while others are celebrating the tricks of the industry, we at Synack prefer to celebrate the fairytales gone right with some Halloween treats. 

We still love ourselves a good success story, and they are still alive and well today!  However, they’re a little bit different than the folklore of those Arabian nights or the icy countryside of Arendelle. A few things have changed since we had princesses, who could only be awakened from their deepest of sleeps by the true love of Prince Charming, locked in towers far, far away:

  1. Our battles are being fought digitally, not on horseback. In the next five years, $5.2 trillion in global value will be at risk. That’s why global information security spend is increasing 9% year over year
  2. Distressed damsels are out, proactive pros are in – Courageous CISOs putting their customers’ security first top today’s list of heroes. They are taking a proactive approach to finding and fixing vulnerabilities before the adversary can exploit them. Dudes and damsels alike are substituting fairy tale distress for action.  
  3. Crowds are welcome (unless they’re bad guys) – In traditional fairy tales, it was usually a singular prince charming who saved the day. Today, there is strength in numbers! Crowdsourcing is now considered a best practice by the DoD, the White House, Senate, and by Gartner.

Synack Halloween Hacks

Victory has evolved, and so must our fairy tales! We took the liberty of re-writing a few of the classics and representing them in our costumes today:

Hackerz, Inc.

In a world behind our computer screens, malicious attackers reign supreme. The utility company Hackerz Inc. specializes in fueling their world with the fears of security CISOs. A team of hackers led by @SullyScares and @MenacingMike work tirelessly to ensure they fuel the fears. But things turn upside down when @SullyScares discovers a mysterious backdoor and a fearless little girl running amok – Boo. However, @SullyScares and @MenacingMike discover that Boo is not actually dangerous! Turns out, she is an ethical hacker who emanates trust. After many antics, @SullyScares and @MenacingMike discover that fear is a weak fuel for Hackerz Inc., and instead, Boo’s trust and ethics produce far more power. Thanks to Boo, @SullyScares and @MenacingMike, and the whole Hackerz Inc, gang, turn to crowdsourced ethical hacking to power their world, and they all live happily, and securely, ever after.

Patchahontas

Patchahontas

Patchahontas loves her digital land. She will do anything to protect it from foreign adversaries and vuln invaders. She realizes one of the invaders is not so bad — in fact, he’s ethical and here to help! She learns a lot from his perspective, looking at her world from the outside. She welcomes him into her land (with the control of a site-to-site VPN, of course – security first!), and together, they welcome the outside crowds!

Mu-”I’ll make a woman out of you”-lan

Mu-”I’ll make a woman out of you”-lan

When the enemy starts to invade her homeland, Mulan knows she has to answer the call. Her future is on the frontlines, not pouring tea. She flees from home to join the valiant Synack Red Team. This elite group of cyber warriors trains hard to keep their hacking skills sharp, and Mulan thrives in the face of challenge. After all, she is a #CourageousWomaninSecurity. When the going gets tough, she is motivated by the song her leader sings to them:

Let’s get down to business and get less risky.
If the adversary invades us, we send in the SRT.
You’re the most talented crowd I’ve ever met
And you can bet before we’re through
I’ll make cyber winners out of you!

Frozen (in Legacy IT)

Frozen (in Legacy IT)

Elsa is an incredibly talented security researcher (a Level 0x05 on Synack!). However, when she digs in and discovers a devastating vulnerability, she knows she has to report it privately through Synack’s controlled platform and protect it from falling into the wrong hands. Working with the asset owner, they decide to remediate it and then destroy the exploit privately to make sure no one shares the toolkit publicly. This act of true security helped set the industry free from fear!

Hack-laddin

Hack-laddin

A kind-hearted ethical hacker vies for the mentorship of the Level 0x05 SRT [email protected]!n3. When he finds a magic LAMP (stack) that grants wishes, he uses it to win hacking competitions for travel, glory, rare T-shirts, and high-multiple bounties.  Meet… Hackladdin!

Mother of All Hacks

Mother of all Hacks

Every fairytale has a wicked step-mother trying to foil the happy ending. Some bring poisoned apples while others bring demolishing vulnerabilities (MELTDOWNs! HEARTBLEEDs!).  The ROBOTs lined up but nothing can survive when the Synack Red Team gets there first. FREAK, BEAST and GHOSTs scramble. No SHELLSHOCK. Vulnerabilities in this fairytale are found and prioritized and all the control is given back to the security princes and princesses. Hugs abound. The castle owner feels secure.  No compromise here. Privacy is upheld. TRUST is restored.

The CISO King

The CISO King

Simba has grown up at Pride Rock, Inc. – he started his career there right out of college under the mentorship of his CISO-king, Mufasa. Mufasa recognized Simba’s hard-work and innovative approach to security, believing one day he’d be CISO of Pride Rock. But some of Simba’s colleagues preferred the status quo and so conspired to maintain Pride Rock’s tired standards. When Mufasa eventually passed away in a tragic accident (or was it?), the CISO throne was up for grabs. Simba, having gotten wind of his colleagues’ conspiracy, took some time off to consider his next steps. After getting wind of a damaging breach and plummeting stock price at the company, Simba felt compelled to return to Pride Rock and become the security leader he was born to be.

Lilo and SQLitch

Lilo and SQLitch

The adversary conducts an illegal experiment to create one of the most dangerous hackers in the world: SQLitch. However, the experiment goes amuck – SQLitch is born as a very powerful hacker – but an ethical one. The adversary gets in trouble with the law, and SQLitch looks for a new home. He finds a nice woman named Lilo, who works with him to develop his ethical hacking skills and connect him with the Synack Red Team. His skills and integrity help him immediately ascend to Level 0x05, and through the platform, he works with companies and government agencies in need of his skills to defend against malicious actors.

A very happy Halloween to all – may you live securely ever after!