Hidden 6 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online



Click.
Click.
Click.

...I'm in.


Cyber Attacks. Advanced Persistent Threats. Hacktivist Organizations. All of these have become a standard artifact of daily life in our digitally interconnected world. And as more systems become digitized, a certain subset of the population grows more powerful: Hackers. Threats have skyrocketed to lethally dangerous levels, to the point where a simple script kiddie has the potential to take down physical systems connected to the net. Crash trains. Pollute water treatment. Burn fuel. But fortunately, another group has risen to counter this insurgence of malicious actors. Information Security professionals, many of them ex-hackers themselves, are perpetually at work to restore order to the cyber world and stay ahead of this game of cat-and-mouse, lest those with no stake in the game obtain the power to destroy it.

Which of us haven't wondered at some point in their lives how it's really done? How hackers actually manage to break into systems? Wonder no longer. H@ck3rz is an RP that takes place in our world and engages in scenarios that are akin to what real attackers encounter and how they interact with systems across the globe. No information security or computer science experience required. Every player will generate two characters: A hacker (including hacktivists, foreign government agents, malware developers, lone wolves doing it for the lulz, etc.) and an information security professional (including penetration testers, defense specialists, compromise analysts, local government agents, etc.). The attackers cause some degree of mayhem that corresponds to their particular goals, whereas the security professionals aim to nullify efforts of malicious actors and to protect the world from their antics.

I am an information security professional IRL, and I'm more than willing to answer any questions you might have (now and throughout the RP), and I'll gladly work with you to ensure that you have a good understanding of the direction you want to take the attack/hunt and will give you any resources you'd like to carry out whatever situation you have in mind. H@ck3rz is about the players, not the GM, and in a world where cyber criminals can hit just about any system, virtually no attack is too outlandish to carry out in one way or another, be it through social engineering, exploit development, or even physically breaking into secure facilities. I have access to real attack tools and can provide anything from screenshots to software in order to ensure that your vision of your incident is fulfilled.

If you have any questions or interest, please let me know. Below I've included samples of potential scenarios and engagement locations. Thank you.



Hidden 6 yrs ago Post by Finris
Raw
Avatar of Finris

Finris

Member Seen 5 yrs ago

That's awesome!

I would love to do it! I just need to work a while on the idea. And maybe the possibilities...
Hidden 6 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online

That's awesome!

I would love to do it! I just need to work a while on the idea. And maybe the possibilities...


Sure, definitely; thanks for taking the time to check it out! If there's anything I can help with in the meantime, feel free to let me know.
Hidden 6 yrs ago Post by Finris
Raw
Avatar of Finris

Finris

Member Seen 5 yrs ago

Alright, I tried making up my mind and laying out knowledge but I guess I get one problem or another with creating a pair that will interact.

I would love to get someone who is, from either sides but most likely the hackers, aiming at embedded devices. May it be cameras, lock systems or more dangerous things as personal medical devices, cars and such. Mostly centered around those things because they just ignore or can't handle the strain from implementing the required protocols. (Small computational power and memory space, that direction). As those things are physical I guess a good bit of social engineering is also needed. What I imagine it isn't even so much about getting money from it or anything, the aim is rather to get people to understand how insecure their life is n this part.

The counterpart is given me a little bit of an headache. I suggest that it would most likely be someone teaching people about social engineering and such - partially because it is an effective protection which does not require a ton of research, partially because it goes quite well in the pairing.

Another question would be how this should unfold, right now I can probably imagine some interaction between the two but I am still a little bit at loss concerning plot, who I would interact with or ... well anything.
Hidden 6 yrs ago 6 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online

@Finris

I think that's a great avenue. Embedded device security is absolutely horrible, and we have incidents such as the Mirai Botnet (which took out the East Coast internet of the United States) to demonstrate that fact. How I was envisioning interaction is that our group of hackers end up creating an online group where they interact with each other, and they each end up creating various cyber crime incidents for the security professionals (who also know each other) to try to resolve. For example:

Hackers get together and as a team, figure out that a new Pacemaker is vulnerable. They decide that it would be funny if they wrote malware to infect all of them, which sends data back to the hospital saying that their heart has stopped while not actually interfering with the function of the device (since they're not monsters). They just want to get the public's eye to convince them to fix their medical device security. The team of security professionals begins looking into this incident, reverse engineering the malware, etc. They check it out, but it's not top priority until one of the hackers, unbeknownst to the others, begins actually stopping peoples' hearts.

Does that help, or can I do more clarifying?
Hidden 6 yrs ago Post by Finris
Raw
Avatar of Finris

Finris

Member Seen 5 yrs ago

That sounds awesome! And worryingly realistic.

But I guess I can now imagine how things would work :)

I would be very very keen to see that.
Hidden 6 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online

@Finris

Great! And just as worryingly, it almost happened in the real world a while back.

I'll leave this check up for a few more days to see who else might be interested before creating the thread.
Hidden 6 yrs ago Post by Finris
Raw
Avatar of Finris

Finris

Member Seen 5 yrs ago

Oh regarding embedded systems there are many worrying things. One of my favorites was someone who took security cameras and not only got into I think all of them, but was able to even pull a classical loop effectively sending wrong images.

In guess I know why I wanted that direction...
Hidden 6 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online

That first image in Engagement Samples is a real site—I have some queries that can get anyone unrestricted access to real life security camera footage (which I won't post here out of respect for privacy, even though it isn't illegal). IoT is terrifying since so many of those devices come as insecure by default.
Hidden 6 yrs ago Post by Finris
Raw
Avatar of Finris

Finris

Member Seen 5 yrs ago

Not even insecure, insecure would mean they implement any kind of security and it is not working. Unsecured is the better term...

Well let's hope to attrat some more people interested in this mess.
Hidden 6 yrs ago Post by sassy1085
Raw
Avatar of sassy1085

sassy1085 The Queen of Sassy

Member Seen 2 mos ago

interest
Hidden 6 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online

interest


Wonderful! Let me know if you have any questions.
Hidden 6 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online

@Finris@sassy1085

I went ahead and created a thread for the RP. I'll wait a couple of days before starting. roleplayerguild.com/topics/177991-h-c…
Hidden 5 yrs ago Post by Mitzi421
Raw
Avatar of Mitzi421

Mitzi421

Member Seen 5 yrs ago

This is so cool, I'm interested if you're still open to players? New on this site, but I have around 8 years of RP experience and I'm a recent information systems graduate looking to learn more about the security field.

If you're full, I'll totally be reading along!
Hidden 5 yrs ago Post by sassy1085
Raw
Avatar of sassy1085

sassy1085 The Queen of Sassy

Member Seen 2 mos ago

@Mitzi421
You didn't mention the OP but yeah, it still open if you still want to join
Hidden 5 yrs ago Post by Mitzi421
Raw
Avatar of Mitzi421

Mitzi421

Member Seen 5 yrs ago

@LegendBegins

Oh! Still learning rpguild etiquette lol, thanks!

But yeah, I'm really interested but soon becoming possibly overextended. What would the pacing be/ how often would I be expected to post? Would it be more of a daily, around every other day, or weekly thing?
Hidden 5 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online

@LegendBegins

Oh! Still learning rpguild etiquette lol, thanks!

But yeah, I'm really interested but soon becoming possibly overextended. What would the pacing be/ how often would I be expected to post? Would it be more of a daily, around every other day, or weekly thing?


Hey! Sorry for the late response; I wasn't monitoring this thread. We're definitely still open and you're more than welcome to join (and I'd be more than glad to discuss the IRL security field if you're interested. The pacing is about 1/week, but there are ARG-style puzzles in the Discord groups in between posts to drive the story. Hope to see you there!
Hidden 5 yrs ago Post by Sylvan
Raw
Avatar of Sylvan

Sylvan Local Cryptid

Member Seen 7 hrs ago

@LegendBegins If you're still open for new people, this looks really interesting
Hidden 5 yrs ago Post by LegendBegins
Raw
OP
Avatar of LegendBegins

LegendBegins

Moderator Online

@LegendBegins If you're still open for new people, this looks really interesting


Definitely still open. Here's a link to the OOC: roleplayerguild.com/topics/177991-h-c…
↑ Top
© 2007-2024
BBCode Cheatsheet