ctf: bringing back more than sexy!
DESCRIPTION
Presentation on the importance and value of running "Capture The Flag" ethical hacking events as well as "how I did it" and "what I learnt". Enjoy :)TRANSCRIPT
CTFs - Bringing back more than sexy ;-)
Mark Hillick - @markofu
KTF
Creator of HackEire
Thursday 9 June 2011
Usual stuff - disclaimer!
Own views - not representative of Citrix Systems, IrissCert nor Phyllis and Ferb. I am speaking here entirely of my own opinion, which isn’t saying much but hey :)
No dolphins were hurt in the making of this presentation!
Thursday 9 June 2011
Who are ya?
too many years working in IT
now @ vendor, used to be @ bank so I’m
Ex-@IrissCert handler, #IrissCon, @HackEire @OwaspIreland
Previous Owasp Presentations
Cert Handler;
WAF Implementation;
Scareware via Web App ExploitThursday 9 June 2011
What’s this about?
Nope
Nor this guy
CTFs - history, now & the future
My experiences from building a CTF contest from scratch with no $$$$$
Thursday 9 June 2011
So sorry!!!
I know I had ‘sexy’ in the title but
Thursday 9 June 2011
What’s a CTF? (1)WAR-GAMES.......COMPETITION!
ATTACK, ATTACK, ATTACK!!!!Thursday 9 June 2011
What’s a CTF? (2)
CTF contests.....serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world.
source: http://en.wikipedia.org/wiki/Capture_the_flag#Computer_security && I agree with this partly :)
Thursday 9 June 2011
CTF? Nah, I’m not.....
Thursday 9 June 2011
We can’t all be.......
Or.....
Thursday 9 June 2011
I’m not a hacker........
Source: http://img.wikinut.com/img/hzbaiyv.qfkbuofg/jpeg/0/The-comfort-circle.jpeg Thursday 9 June 2011
Thursday 9 June 2011
Thursday 9 June 2011
but maybe try a CTF?
learn outside of the norm
Thursday 9 June 2011
But I’d like to attend the conference!!
You going to remember every talk?
Didn’t think so......Thursday 9 June 2011
1337Test your l33t skillz
NSFW
Copious amounts of caffeine
Do cool stuff with old/new friends
Thursday 9 June 2011
Get a job?Companies attempting to recruit off HackEire
HackEire => winners got postgrad funding & several business cards :)
SANS/US Govt Challenges => JOBS GALORE
UK Cyberchallenge won by an ex-postman!
Thursday 9 June 2011
CTF Feedback 2010
I learnt a shitload today. I learnt more about what I don’t know than what I do know. Thanks!
Thanks very much! I had so much fun and would be happy to pay 100 yoyos (pps) to enter in future.
Thursday 9 June 2011
Why allow your staff to compete in a CTF?
Learn about defensive & offensive security in a safe environment! As opposed to........
You will learn & increase your awareness because you will be surprised.....
$1000/day != good CTF competitor
Thursday 9 June 2011
So why run a CTF?
Make a name...
Spot talent
Help others & give back a little
Thursday 9 June 2011
Why did I do it?
& @edskoudis
I wanted to learn & improve
Thursday 9 June 2011
Would I start it all now?
Probably not
> 250 hours last year
Project & People Management
Not everyone as passionate
Thursday 9 June 2011
What have I gained?I used to ‘not like’ my job very much & was bored. I wanted to play with tools I wouldn’t normally get to......
Thursday 9 June 2011
What often happens in a CTF?
In......
Out......
Thursday 9 June 2011
Why?
Is sadly all too infrequent.....
Assign Roles/FunctionsThursday 9 June 2011
2000 v 2011NT4
Brick Phones
$$$$$$$$
West
Kazaa, Napster
Books, Newspapers
Man Utd :)
Q&A Interviews
W7, MacOS10, Linux
iOS, Android
Credit Crunch
East
Twitter, FB, Skype...
eBooks, Blogs, Web2.0
Man Utd :)
Interactive, Hands-On
Thursday 9 June 2011
The future?#ebooks
#Tablets/#Phones
#CyberChallenges Galore :)
#Virtualisation
#OpenSource
Thursday 9 June 2011
Today?
Competitions are increasingly recognised as an effective way of promoting innovation......prize industry has boomed, increasing more than 15-fold. The US Space and Security authorities have been supporting world leading competitions for many years. The Obama administration has re-authorised the America COMPETES act to support innovation and innovators. Is it time for Europe to catch up?
Source: http://www.europeansecuritychallenge.com/
Thursday 9 June 2011
UK Cyber Challenge
Secure Network Design
Informed Defence
Investigate & Understand
Thursday 9 June 2011
CTFs in the future?
Part of Hands-On Interview
Looking for skillz => USA/SANS, UK, EU
Book Smart != Enough
Thursday 9 June 2011
It’d be nice if.....
Goal: Keep improving.......
Evolve, understand & innovate
Thursday 9 June 2011
2011 for HackEire?Even better than last year & still free......
Huge improvements - more realistic
New web portal
Social Media
PCAP Analysis
More defensive controls
Want to introduce images to defend but no time :(
Thursday 9 June 2011
Learn more about CTFs?
Check out the DefCon, Sans, EthicalHacker.net (& more) websites
Thursday 9 June 2011
It’s all here.......
Teamwork & Preparedness
Constant Improvement
Thursday 9 June 2011
Q&A
Thursday 9 June 2011
All done, no more!
If you’re still awake.....
Thursday 9 June 2011