The highlight of HKBoot 2022 was a 6-hour overnight competition called The Ghost Village.
Scenario: A regional logistics firm was breached. The attackers left behind fragmented memory dumps, one corrupted VMDK, and three PCAP files. No logs. No alerts.
Teams had to:
Only two teams completed all three objectives. The winning solution involved using Volatility 3 with a custom plugin written during the competition—a level of improvisation that defines elite IR talent.
sudo cp "$PROJECT_DIR/payload/iso/"*.iso /mnt/vtoy_data/ sudo mkdir -p /mnt/vtoy_data/winpe sudo cp "$PROJECT_DIR/payload/winpe/boot.wim" /mnt/vtoy_data/winpe/ sudo mkdir -p /mnt/vtoy_data/ventoy sudo cp "$PROJECT_DIR/config/ventoy/ventoy.json" /mnt/vtoy_data/ventoy/
The tech landscape in 2022 was a transition period. Windows 11 had just launched, but many enterprises and individuals in Asia still relied heavily on Windows 7 and XP for legacy applications. Furthermore, the rise of ransomware and complex partition schemes (GUID Partition Table – GPT) demanded a versatile recovery toolkit.
HKBoot 2022 addressed three critical needs:
In the fast-paced world of cybersecurity, traditional conferences often fall into a predictable rhythm: slide decks, coffee breaks, and polite Q&A sessions. But every so often, an event disrupts the status quo. HKBoot 2022 was that disruption.
Held in the heart of Hong Kong, HKBoot isn't just another infosec gathering. It is an intensive, hands-on, "bootcamp-style" training event designed to push blue teams, red teams, and threat hunters to their absolute limits. While the event has run for several years, the 2022 edition stood out for its renewed focus on supply chain attacks, cloud forensics, and the unique geopolitical security challenges facing the Asia-Pacific region.
If you missed it, here is your deep dive into the drills, the tools, and the takeaways from HKBoot 2022.
A controversial panel discussion addressed a growing reality for HK-based analysts: what happens when a nation-state attacker targets cross-border financial data? The legal track (unique to HKBoot) covered the delicate balance between incident disclosure, privacy ordinances (PDPO), and regulatory reporting.