Share with Your Network
Halloween is about so much more than too much candy corn and not enough peanut butter cups. Halloween is about cybersecurity geeks dressing up in costumes that only other cybersecurity geeks will get–and get excited about.
For ideas, Kenna Security sifted through some of the year’s higher profile vulnerabilities, trojans and even APT crews. We came up with five favorites and conjured up ways to bring them to life. And we’re confident there’s a costume on this list that’s perfect for your office Halloween contest. Imagine your smug satisfaction when you explain who you are among a crowd of co-workers dressed unimaginatively as Marvel characters, disgraced politicians, sexy historical figures, and whacked-out Joaquin Phoenixes. (Your fellow security folks will get it, but Marv in Accounting will be stumped. And there’s nothing sweeter than stumping Marv in Accounting.)
And our 2019 Cybersecurity Geek Costume list is….
BlueKeep
It made headlines as a Microsoft Windows vuln that opened the door for malicious remote code execution–which, let’s face it, is the stuff of nightmares. As a big, blue worm, your BlueKeep costume will give infosec-aware partygoers all the clues they need to guess what you are. Huge bonus points if you bring additional worm-suits to self replicate.
DejaBlue
Windows was the gift that just kept on giving in 2019. On the heels of BlueKeep, we had DejaBlue…another round of wormable Windows vulns just begging to be exploited. Your DejaBlue costume, should you choose to accept it: You’re in blue makeup and blue clothes. And you’re wearing a t-shirt that says, “We’ve been here before.” It’s DejaBlue! Simple, but we’re pretty sure someone will buy you a beer for this.
Emotet
This banking trojan has been around since 2014 but it sprang back to life in 2019 as a massive spam distribution campaign. As Emotet, you’ll dress as an emo character (dark or dyed hair, hollow eyes, sullen expression) who is half horse…trojan horse. That’s right: we’re talkin’ horse costume. (Go big or go home, we say!) Want to really drive it home? Mock up a computer screen with a pull-up frame showing a phishing email, so you can bust through and spew ugly executables at unsuspecting partygoers sipping on punch and wondering how you suddenly grew an extra pair of legs.
vBulletin
This high-severity vuln in the popular website forum application was massively exploited this year. Since coverage of it appeared as recently as last month, there’s a solid chance you’ll get knowing looks and plenty of nerd nods. The costume is relatively simple: A Guy Fawkes “V for Vendetta” mask and a T-shirt that says, “This just in…” That’s v + Bulletin = vBulletin. You can drive it home with a vBulletin logo on the mask, but we’d recommend that only if you work with a lot of supremely lazy people.
FruityArmor
This APT crew went hard at a couple zero days this year, namely CVE-2019-0808 and –0797. With their unforgettable name and signature framework written in PowerShell, any self-respecting infosec pro will giddily grok to the reference when you appear as a human-sized banana with a message that says you heart PowerShell, some strategically positioned armor and a shield to wield. Punctuate your point–and test your colleagues’ knowledge of security trivia–by printing “BuggiCorp 4ever” on your shield. For a costume, this is a big commit, we know. But gauging how active these crews are, there’s a good chance you can go as FruityArmor again next year, so think of it as doubling your ROI.
Halloween’s right around the corner, so get those costumes ready! And in case your non-security co-workers give you any guff for wearing a costume only infosec pros would understand, just have this comeback at the ready: “It’s Halloween, Marv. And there’s nothing more terrifying than a massive cybersecurity breach. Now who ate all the peanut butter cups?”
Want to prevent threats like these from haunting your business? Get a demo today
