2024: Domino Containers - The Next Step. News from the Domino Container commu...
CTF: Bringing back more than sexy!
1. CTFs - Bringing back
more than sexy ;-)
Mark Hillick - @markofu
KTF
Creator of HackEire
Thursday 9 June 2011
2. Usual stuff - disclaimer!
Own views - not representative of Citrix
Systems, IrissCert nor Phyllis and Ferb. I am
speaking here entirely of my own opinion,
which isn’t saying much but hey :)
No dolphins were hurt in the making of this
presentation!
Thursday 9 June 2011
3. Who are ya?
too many years working in IT
now @ vendor, used to be @ bank so I’m
Ex-@IrissCert handler, #IrissCon, @HackEire
@OwaspIreland
Previous Owasp Presentations
Cert Handler;
WAF Implementation;
Scareware via Web App Exploit
Thursday 9 June 2011
4. What’s this about?
Nope
Nor this guy
CTFs - history, now & the future
My experiences from building a CTF contest
from scratch with no $$$$$
Thursday 9 June 2011
5. So sorry!!!
I know I had ‘sexy’ in the title but
Thursday 9 June 2011
6. What’s a CTF? (1)
WAR-GAMES.......COMPETITION!
ATTACK, ATTACK, ATTACK!!!!
Thursday 9 June 2011
7. What’s a CTF? (2)
CTF contests.....serve as an educational
exercise to give participants experience in
securing a machine, as well as conducting
and reacting to the sort of attacks found in
the real world.
source: http://en.wikipedia.org/wiki/Capture_the_flag#Computer_security && I agree with this partly :)
Thursday 9 June 2011
13. but maybe try a CTF?
learn outside of the norm
Thursday 9 June 2011
14. But I’d like to attend
the conference!!
You going to remember every talk?
Didn’t think so......
Thursday 9 June 2011
15. 1337
Test your l33t skillz
NSFW
Copious amounts of caffeine
Do cool stuff with old/new friends
Thursday 9 June 2011
16. Get a job?
Companies attempting to recruit off HackEire
HackEire => winners got postgrad funding &
several business cards :)
SANS/US Govt Challenges => JOBS GALORE
UK Cyberchallenge won by an ex-postman!
Thursday 9 June 2011
17. CTF Feedback 2010
I learnt a shitload today. I learnt more
about what I don’t know than what I do
know. Thanks!
Thanks very much! I had so much fun and
would be happy to pay 100 yoyos (pps) to
enter in future.
Thursday 9 June 2011
18. Why allow your staff to
compete in a CTF?
Learn about defensive & offensive security in
a safe environment! As opposed to........
You will learn & increase your awareness
because you will be surprised.....
$1000/day != good CTF competitor
Thursday 9 June 2011
19. So why run a CTF?
Make a name...
Spot talent
Help others & give back a little
Thursday 9 June 2011
20. Why did I do it?
& @edskoudis
I wanted to learn & improve
Thursday 9 June 2011
21. Would I start it all now?
Probably not
> 250 hours last year
Project & People Management
Not everyone as passionate
Thursday 9 June 2011
22. What have I gained?
I used to ‘not like’ my job very much & was bored. I
wanted to play with tools I wouldn’t normally get to......
Thursday 9 June 2011
24. Why?
Is sadly all too infrequent.....
Assign Roles/Functions
Thursday 9 June 2011
25. 2000 v 2011
NT4 W7, MacOS10, Linux
Brick Phones iOS, Android
$$$$$$$$ Credit Crunch
West East
Kazaa, Napster Twitter, FB, Skype...
Books, Newspapers eBooks, Blogs, Web2.0
Man Utd :) Man Utd :)
Q&A Interviews Interactive, Hands-On
Thursday 9 June 2011
26. The future?
#ebooks #Virtualisation
#Tablets/#Phones #OpenSource
#CyberChallenges
Galore :)
Thursday 9 June 2011
27. Today?
Competitions are increasingly recognised as an effective way
of promoting innovation......prize industry has boomed,
increasing more than 15-fold. The US Space and Security
authorities have been supporting world leading competitions
for many years. The Obama administration has re-authorised
the America COMPETES act to support innovation and
innovators. Is it time for Europe to catch up?
Source: http://www.europeansecuritychallenge.com/
Thursday 9 June 2011
28. UK Cyber Challenge
Secure Network Design
Informed Defence
Investigate & Understand
Thursday 9 June 2011
29. CTFs in the future?
Part of Hands-On Interview
Looking for skillz => USA/SANS, UK, EU
Book Smart != Enough
Thursday 9 June 2011
30. It’d be nice if.....
Goal: Keep improving.......
Evolve, understand & innovate
Thursday 9 June 2011
31. 2011 for HackEire?
Even better than last year & still free......
Huge improvements - more realistic
New web portal
Social Media
PCAP Analysis
More defensive controls
Want to introduce images to defend but
no time :(
Thursday 9 June 2011
32. Learn more about CTFs?
Check out the DefCon, Sans, EthicalHacker.net (& more)
websites
Thursday 9 June 2011
33. It’s all here.......
Teamwork & Preparedness
Constant Improvement
Thursday 9 June 2011