What is Hack South? Many have asked, what is Hack South, why Hack South and where is this all going? This blog will try to lay out the foundation, the activity and the vision for Hack South, Home of the ubiquitous South.
We will also highlight some things we are working on, highlight some roles, channels and activities.
Hack South was started for various reasons. @AngusRed who is fairly well involved in the wider hacker community in South Africa had seen the various offshoots, factions and segmented groups of people. Different people have different conversations in various places. Whatsapp Groups, Slack Workplaces etc etc. Everyone seemingly with their own purpose and agenda. After realizing the true value of Discord and having some dramas on a well know Slack Workspace for South Africans, @AngusRed decided to take a leap and attempt to bring all the people together in 1 place, dedicated to infosec, devoid of bias, misconception, corporate rivalry or rank on the proverbial pecking order of the community.
From this initiative, Hack South was born. A server, on Discord dedicated to the entire past, present and future generation of hackers, tinkerers and enthusiasts that South Africa has to offer. Early on we took a stance to keep it focussed and centric to South Africa, then evolving it to Southern Africa. We also decided that we would welcome internationals, but that the core values and direction of the community would be focussed on South Africa.
Initially, Hack South was established on Slack with the help of Hypn who runs 0xCoffee Cape Town due to the simple fact that most people will have access to Slack during their workday, and might not have access to Discord. With this thought process and understanding, we went forth into the fray.
The server grew steadily for a few weeks, but the limitations of Slack vs the benefits of using Discord (Categories, Roles, Voice Chat and UI/UX) became apparent fast. It was then decided we would set up a Discord. We would run both in situ, but after a few weeks decided to stay focussed on the discord and slowly shut down the Slack.
On a 12 March 2020, before COVID19 hit us, we got geared up and set up the server on Discord. The initial build was with AngusRed and Megladon. We tried to carbon copy the Slack and added a few bits. We wanted it to be a well-oiled machine. The Many Hats Club was a big inspiration and point of Guidance for the build. Categories were being created, channels spun up, roles flying left and right until it got into a shape that we felt confident with.
From here, an invite was issued, and the Hack South Originals joined, numbering just 13 in that first week. You will find them on the server by the GOLD Role, Hack South Original
The Early days
The Nazi raid
The early days were crazy. We got excited with each person joining, many of which we knew. The server was not pushed at all. On the 13th of March 2020, we had a Nazi Raid. Angus was on his way to the airport to pick someone up when he got a Whatsapp from a friend, Mooncake who told him there was a Raid spreading Nazi propaganda. We were clearly not ready. AngusRed then posted in Main saying “Who wants MOD??!!?” and immediately 4 People were assigned MOD and started fixing perms, banning raiders and resolving the chaos. Those four were
After the dust had settled, we decided to keep pushing, keep building and grow the server.
Uncle Cyril and the lockdown
With a small group of us, we started monitoring COVID19 and cases in South Africa. Back when each case was recorded with detail. Back in the days where a daily increase of 5 people was big. Soon numbers started creeping up and more people took notice. Then we heard that the President would make a big announcement on the evening of 23 March 2020. We set up a channel called Pandemic Chat to relay information and stats both locally and internationally. On the eve of 23 March 2020, the President announced a full and total lockdown of the country. All ports of entry, movement and business would shut on 27 March 2020. Fear spread around the country and people started stocking up on supplies to weather the storm. Smokes and booze would even be banned. We as a team quickly realised that people, some of which were friends and family would be stuck in our homes for an undetermined amount of time and that would affect peoples mental health. We then realised that Hack South could be more than a place to just hangout.
With the lockdown coming and varying levels of uncertainty we sought purpose. We started seeing constant fake news and media being shared and posted on Facebook, LinkedIn, Whatsapp and alike. We decided to be a voice of reason and create a channel dedicated to researching and either validating or debunking this information. The Media Verification channel was established and all sorts of trash were posted. Whether it be troops and supplies massing in Cape Town, a million graves being dug in Johannesburg or some crazy Voicenotes, we dumped them and debunked them. I feel this was our first initiative for good.
Throughout the initial and protracted lockdown we would hang out, work together and keep friends positive and informed.
Settling in and finding purpose
With the time going slowly and many of us wondering what to do with ourselves we started talking about the community in South Africa. The different players in the field, the challenges we faced and what was being done about it. Knowing infosec means knowing there is a skills shortage and a lack of qualified, competent and experienced security people in South Africa. It was from this that various ideas and initiatives were shared and discussed. We realised that in South Africa we have a big void for talent and we’re losing people to the USA, UK, Australia faster than we as a community could replace them. If we were in trouble now, we were going to be in even bigger trouble in the years to come. We then decided, for anyone that wanted to be involved and contribute to start paving a path to resolving this industrial hurdle. We decided to start forming both legally and ideologically what needed to be done. The Hack South Foundation (BETA) was born, another force for good.
Changing of the Vanguard
Understanding the dilemma
For various reasons, we struggle to find and employ good talent in South Africa. I will not get into the politics of things but one of the biggest factors to the lack of good talent in South Africa is due to the geopolitical situation here. 51% unemployment, challenges of race and beaurocratic red tape. A country facing recession after recession, failing SEO’s, constant risk of Black Outs/Load Shedding with no support for businesses struggling, a weakening currency, rampant crime and overt corruption at varying levels of state and provincial.
Another factor is the “lay of the professional land”. With limited investment from overseas, or the corruptions and stifling of international investment, opportunities are reduced. With there not being as many tech companies in SA, and the underperforming evolution of government to grow with the demand and enforcement of cyber security education and policy, we are a behind the required curve of evolution. Due to this lack of demand, consulting companies can only hire as many consultants as there is need. This also means that a security consult could earn half the money for twice the work, compared to a place like America, whilst facing all the local geopolitical hurdles bearing in front of them. It is partly due to this, that many, once gaining industry recognition and offers of greener pastures tend to leave the country and build a new life elsewhere. We as a collective do not hold this against them and we support peoples desires to better their lives and the lives of their families, wherever that is and in whatever form that occurs.
With the mindset that we do not and cannot stand in the way of industry leaders leaving the country in search better opportunities, we established that the way we resolve this or attempt to resolve this vacuum is to fill up the pipeline leading to careers in IT and information security. We can use Hack South as a vessel, the foundation as backing and the community to identify, educate, support and nurture budding new careers for daring ethical hackers into the industry.
Understanding the path
To establish an understanding of how to take “Candidate X” from a spectrum of “What on earth is a hacker and how does a computer machine work” through to “I do some IT bits and can code a few lines” to “I do a bit of Hack The Box on the weekend and have an interest in this field” we need to understand how/where we find these people and how we get them from “Greenhorn” to qualified and competent in “Y” amount of time.
Our priorities are as follows
- We feel it is important to first establish the path
What certs matter? What skills matter? What do you do first, follow with and do last?
- We then focus on how/where do we find the right candidates to put into the path
Where do we find these young talents. What candidates do we select, where, to make the most impact. Our thought process here is to find young teens and U/21 people in areas of the country where upskilling can lead to meaningful changes in their life circumstances. A Win for them, their family, their community and our industry.
- Figure out metrics to assess candidates abilities and potential to know where in the path they start
To optimize this journey, we need to know where people are in their understanding of IT/Security. To do this we must establish metrics to assess and measure.
- Establish varying tracks of learning and achievement for varying paths into IT, Infosec, Development or Support
Much like a university degree we hope to make things as broad as possible at the start, and as candidates progress through the journey, their path becomes more defined. It is paramount for us also to make impactful change, irrespective of where a candidate perhaps falls out of the cycle. If they fall out after the first “Course” of training, they can walk away with a new skill set, however basic and apply this to an alternative career that was perhaps not available to them before starting.
- Establish a performance-based progression system
We are not here to give handouts. We are here to identify, train and nurture potential candidates. We will put the effort in, if they do. To progress from “Module 1” to “Module 2” they have to achieve things with the metrics we established. This becomes more and more important as these candidates progress down the steps.
- Nothing is for free, how do we do this?
We would have to do this with a multi-pronged approach. We would look to partner with local consulting companies, universities, training providers, certification companies (CompTIA, ISC2, SANS, OffSEC, EC Council, etc), donors, investors and like-minded NGO/NPO’s (The Diana Innititive, DEF CON, WWHF, B Sides Cape Town, DerbyCon Communities, etc) and selling SWAG/MERCH. We will only be able to do as much as we can afford. If we have R5000 in the kitty, we probably focus on the low-level skills. If we have R50k we can focus on bigger things, fund certifications etc etc.
- Water down the system
Do we want an OSEE certified Black Hat trainer to teach a noob about the basics of a PC and its components? Do we want a Staff Level Software Engineer to teach a candidate how MS Word works? No. Due to the challenges, we may have with gaining access to this potential candidates, and the need to be efficient and impactful with our training we will support a system where knowledge travels downhill and progress upwards. Did you smash Module 1, and your friend down the street just got started? That Level 1 candidate helps mentor the noob. We would support a system of mentorship in bite-sized form. We would encourage every candidate to be a “mini-mentor”. Always seeking knowledge from someone just ahead of you, always passing down the knowledge you have gained. Training days with industry experts will still happen, but in the in-between time we, as we do in this community will learn from each other.
- Where is the limit? What is the ceiling?
Within reason, there is none. Imagine it. We take an at-risk youth, 16 years of age, maybe they live a life where the influence of gangsterism is prevalent. They come join us for an open day. We could get some RasberryPI’s, do some cool hacking wizardry that is aesthetically simple to grasp and looks interesting. That kid that shows interest, we assess them and realise they know nothing outside of a smartphone. We train them in the fundamentals of a computer, and they progress from that to understanding Windows, MS Office and using the internet. From there they progress and start learning more about what is under the bonnet, how do these components talk to each other. They grow and grow, learn more each day. They get involved with an affiliated computer lab, and maybe pop their first shell. We invite them to take part in a CTF and they do well. We get sponsored a Net+ and Sec+ from CompTIA and due to this candidates performance, we decide to allocate these vouchers to them and support them in their learning.
Candidate X smashes it and starts doing really well on HTB and they progress to something more salty like OSCP. They pass it just before their 18th birthday! They matriculate and now what? Due to the inroads we have built with companies in SA we manage to get them on a summer internship which they excel at. From all their hard work and effort we have a chain of evidence and manage to get them a scholarship to Stellenbosch, or Rhodes University.
We fast forward 6 years and now Candidate X has become a top-performing Security Engineer. They create an idea, get support from Hack South and start a company which employees 10 people. With this, Candidate X can hire people from the Hack South Foundation Program of learnership.
There is almost no limit to what we can achieve. It will not be easy. It will take time, capital and resources but education is the biggest key we have to saving our country and unlocking its vast talent.
There have been some crazy and great ideas throughout discussions this year. One thing we looked at is how feasible it would be to host a website that does not cost anyone data. We realised that many of the kids we would perhaps work with will not have a PC, but might have access to a smartphone. The idea comes from how some Telcos in SA allow free browsing of websites like FB and Twitter, in low res, limited graphic versions. If can host social media sites, what is to stop us hosting a website that has a similar partnership with the telcos? This would mean irrespective of whether a candidate has access to a PC or not, they can learn.
There have also been ideas around minimum resource-intensive computers (Like Linux based RasberryPi’s) that could be set up for kids to learn.
Where are we now?
At the time of writing this, Hack South is about 425 Members, of which 379 have the Human role (Have verified CoC and introduced themselves). We have hosted a conference, namely 0xCon 2020. We have taken part in numerous CTF’s from Jeopardy Style, to attack/defend and also OSINT. We have helped each other learn. We have a shared understanding and training resources. We have been there for each other through a really tough year. We have done some small acts of goodness, from verifying fake media, to giving people unaware of this industry a place to learn. Through OSINT we have helped contribute to open cases of missing adults and children. We have done so much, and yet there is so much to be done.
The foundation is at the ideas stage. We have great ideas and thoughts and hope to start formalizing things in 2021. We will start small and grow it, and see where it goes. The foundation will also fund/support the upkeep of the website and server bots. If it does not go down the path mentioned above, that is fine. If we can uplift 1 kid, and get them on an achievable career path into infosec, and by doing so improve their lives and solve a skills shortage at the same time, that is a big result that previously was not there.
The future is hard to call. We will continue spreading the word about the Hack South Server. We will continue to do CTF’s and learn something along the way. We are considering things that are centric to the community (Both local and security related) where we can make a difference and uplift a population or cluster of people. We want to start hosting small workshops every month, delivered by our local industry leaders. We may even start a little podcast, dedicated to Hack South and what we are doing. We will continue to build lasting friendships. Why be lonely, when 379 something or other of your friends are waiting here to welcome you, learn from you or teach you something.
We go henceforth, down the path of our continued pursuit of excellence, whether that be in a technical field, or meme’ory
Roles and Channels
I briefly wanted to highlight some roles and channels for you to keep an eye on and check out.
Somehow many people struggle with this, and it is rather simple. When you click to connect or join the server you will have 1 role, which is FNG. This gives you access to 2 channels. Code Of Conduct and New To Hack South. In your DM’s and in New To Hack South you will have a message welcoming you and telling you to accept the Code Of Conduct. Go on the CoC Channel, read it and if you accept, click the emoji at the bottom, which will give you **COC Accepted as a role and this will open up WHOAMI-Introductions, in this channel simply intro yourself. No need for any personal info just your handle, where you from, what you do, and where you heard about Hack South. Once you have done that a MOD will delete your FNG Role and assign you HUMAN which gives you access to 90% of the server. From here go on down to MAIN to say hi or head to Role Assignment to get more roles (Using the corresponding emojis) and then read up on the latest announcements!
We want to and welcome anyone to take part in a CTF. In Role Assignment we have roles for Hack The Box, Try Hack Me and the server-wide CTF Crew. Get on it, and come join us. We have a group of channels dedicated to this, like CTF General. We have Opt-in channels dedicated to specific CTF’s as well.
We have a myriad of channels and roles dedicated to the wider Hacker community of South Africa. We have space for DC2711, DC2744, 0xCoffee CPT, LDN and JHB. This can all be found under the SOCIALS Segment/category.
Once a month we host the HTB South Africa Meetup and also host 0xCoffeeCPT!
With the lockdown, there are a lot of people looking for jobs or advice and also many companies looking for suitable candidates. Head over to Role Assignment to get the correct corresponding Employment roles to gain access as this is Opt-in.
We as an industry have many struggles related to diversity. On Hack South, our numbers are vastly slumped to 1 demographic, but we see that as nothing more than circumstance, but we do see the numbers. We want to encourage more Woman to come join in the fun. Stay at home mom that was always a geek? Come join us! Dev that is perhaps curious? Come join us! We have a decent mix of colours which is great and we look forward to welcoming more people and varying colours, beliefs and backgrounds, except if you are not good people.
We have slowly but surely built up a decent hacker Education Zone, kitted out with channels catering for Certifications, Resources packed with discounts and deals, an area dedicated to Uni Students and the general channel. Find your peers! Get your universities involved!
We have a dedicated area for people looking to hire, people looking to advertise they are looking for a gig and business leaders to share insight and advice. It is OPT-IN, get the roles in Role Assignment or ask a mod.
Activity and gaining more members is the key to unlocking partnered with Discord. We have a steady stream but we have about 20% of the server that is active, and the remainder pop in from time to time (Which we are cool with) and then a big majority that are lurking. We feel all are welcome and we want to hear from you. Don’t be shy. Speak your opinion, tell us what you think.
Seeing that the levelling on the Server has become a thing that interest people we have created 5 roles with the good colours for those active people.
The Dabbler Level 5 Orange
The Talker Level 10 Orange
The Noble Friend Level 15 Orange
The Beast Level 20 Red
The Lifer Level 30 Gold
Go check your ranking in #Level-to-the-metal or check your user, you might have a new role!
We have a HUGE amount of roles. Some are dedicated to OS, some to certs, some are for achievements in the community and the rest are either banter or things to remember a legendary night on VC.
The rule of thumb is as follows.
Yellow/Gold These are our LEET level roles. These are for our legends, our Honorable Members (Comes with some perks)
Red Typically these are for big community things. BSides, Black Hat, DEF CON
Light Green Certifications
Neon Green CTF’s
If you are not super familiar with Discord, you will see that peoples’ handles are different colour from each others. This is pretty much to represent the colour of their highest role.
Diffie The Tailess
What can I do?
Simple. Invite your friends and colleagues that work in security, tech or IT. Invite those that have an interest. We want all the people. Get active and become part of the conversation. Take on a CTF! Even if you don’t get a single point!
Have alternate skills we could use like web design, graphic design etc, get in touch! We need logos, branding and leet merch!
Got the monies? Think about contributing to boosting the server or make a donation when we are fully set up with the foundation.
Most importantly, Have fun, learn something and Hack the Planet, on the South side!
I would personally like to thank all our Humans, Honorable Members, CTF Crew, Mods and Staff members. Without you, I would just be talking to myself, and that would be weird. I also want to give a special thanks to our resident El’Presidente. Studying full time and still always being there to fix my mistakes (Like the one in this sentence ~El’Presidente). We have all got through a tough year, and the wounds of it will continue into 2021, but we can hope for the best and that things get better. Here is to making many friends of no faces. Have a fantastic festive season, be careful on the roads, wear your mask and don’t be a stranger.
I, AngusRed, would also like to give a special thanks to my Missus (Sheller) and my daughter for being cool with me spending many hours at my desk, plodding away. Without them, nothing would be possible for me.
I am really proud of what we have done this year and what we have achieved. Our solar system is the limit, unless DNS fails us.