Light Dark
July 31, 2016 By Aidan Knowles 2 min read
X-Force

Cyber defenders need to think on their feet and keep calm when managing serious incidents. A unique, interactive game at this year’s Black Hat USA event will put participants’ cool to the test.

The attraction utilizes 3-D printed models, cheap electronic motors, four Arduinos and repurposed components from the popular board games Hungry Hungry Hippos and Mind Flex. Jason Flood and John Clarke, two cybersecurity specialists from the IBM Ireland Lab, are behind the DIY project.

“As a child, the most frantic of all games was Hungry Hungry Hippos. As an adult, it’s cyberattack management,” Flood remarked.

One of the goals when creating the project was to make it affordable, accessible and reproducible.

“We used open source and low-tech solutions wherever possible. Almost everything is 3-D printed,” explained Clarke.

The pair have spent many hours constructing their project for the highly anticipated annual Black Hat security conference, and it will be on display as part of IBM’s exhibitor space during the two-day main event, happening Aug. 3 to 4.

Passersby to the IBM booth will be invited to don a headset equipped with brain wave sensors. These hackable headsets, repurposed from the Mind Flex board game, are powered by interconnected Arduino microcontrollers. The Arduino-improvised network will communicate via APIs to generate brain wave charts, displaying and comparing rival players’ data against each other in real time.

This brain activity will directly determine the responsiveness and speed of the corresponding player’s hippo. The lower their brain activity, the quicker the participants’ hippos will move. The player who can manage to stay the most focused will drive his or her hippos the fastest, thereby capturing the most balls and being crowned the winner.

https://www.youtube.com/watch?v=-uRwF20yve4

“This project represents the franticness of a cyber incident and the need to find your balance. The winning objective is to be calm. It’s a gamified way of controlling your reactions,” Flood revealed.

Think you have what it takes to stay calm in crisis and manage a major cyberattack? Test your mettle with a game of mind-controlled Hungry Hungry Hippos at Black Hat USA Booth No. 908.

 | 
Aidan Knowles
Ethical Hacking Engineer, IBM

More from X-Force
January 17, 2025

Being a good CLR host – Modernizing offensive .NET tradecraft

14 min read - The modern red team is defined by its ability to compromise endpoints and take actions to complete objectives. To achieve the former, many teams implement their own custom command-and-control (C2) or use an open-source option. For the latter, there is a constant stream of post-exploitation tooling being released that takes advantage of various features in Windows, Active Directory and third-party applications. The execution mechanism for this tooling has, for the last several years, relied heavily on executing .NET assemblies in…

January 6, 2025

Abusing MLOps platforms to compromise ML models and enterprise data lakes

15 min read - For full details on this research, see the X-Force Red whitepaper “Disrupting the Model: Abusing MLOps Platforms to Compromise ML Models and Enterprise Data Lakes”.Machine learning operations (MLOps) platforms are used by enterprises of all sizes to develop, train, deploy and monitor large language models (LLMs) and other foundation models (FMs), as well as the generative AI (gen AI) applications built on top of these models. The rush to leverage AI throughout enterprises has meant that security has been often…

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature