SlideShare ist ein Scribd-Unternehmen logo

The Art of CTF

‱
‱
S
Sylvain Martinez

The document discusses Capture the Flag (CTF) competitions, which provide a safe environment for practicing hacking skills and learning about cybersecurity threats. CTF competitions involve challenges at different skill levels related to hacking, cryptography, forensics, and other IT security topics. Participants can learn about vulnerabilities and misconfigurations, practice real attacks, and improve their skills through the game-like format of CTF events. Examples of challenges described in the document include extracting a hidden image from DNS traffic and analyzing an audio file spectrogram to reveal hidden text.

Technologie
1 von 22
Downloaden Sie, um offline zu lesen
{elysiumsecurity} THE ART OF CTF Version: 1.2a Date: 28/08/2018 Author: Sylvain Martinez Reference: ESC10-MUSCL Classification: Public cyber protection & response
{elysiumsecurity} cyber protection & response 2 EXAMPLESBENEFITSCONCEPTCONTEXT ‱ What is a CTF? ‱ Find the image! ‱ Look at this sound! CONTENTS Public ‱ Skills Challenges; ‱ Resources Challenges; ‱ Learning Challenges; ‱ Learn; ‱ Practice; ‱ Win;
{elysiumsecurity} cyber protection & response 3 EXAMPLESBENEFITSCONCEPTCONTEXT SKILLS CHALLENGES Public 62% HAVE NOT INCREASED SECURITY TRAINING BUDGET 1 OUT OF 3 SECURITY PROS NOT FAMILIAR WITH NEW THREATS Icons from the noun project unless specified otherwise, SOURCE: Business Wire 2014 83% OF ENTERPRISES LACK THE RIGHT SKILLS AND RESOURCES TO PROTECT THEIR IT ASSETS
{elysiumsecurity} cyber protection & response 4 EXAMPLESBENEFITSCONCEPTCONTEXT RESOURCES CHALLENGES Public 1 MILLION UNFILLED SECURITY JOBS WORDWIDE 92% OF HIRING MANAGER SEEKS PAST EXPERIENCE IN SECURITY SOURCE: Business Wire 2014 and CBR ONLINE 2017 <2.4% GRADUATING STUDENTS HAVE SECURITY DEGREES
{elysiumsecurity} cyber protection & response 5 EXAMPLESBENEFITSCONCEPTCONTEXT LEARNING CHALLENGES Public EXPERIMENTATION DANGER TRAINING CREATIVITY
{elysiumsecurity} cyber protection & response 6 WHAT IS A CTF? Public EXAMPLESBENEFITSCONCEPTCONTEXT A SAFE HACKING ENVIRONMENT A GUIDED JOURNEY OF HACKING CHALLENGES CAPTURE THE FLAG IS A LEARNING GAME
{elysiumsecurity} cyber protection & response 7 WHAT IS A CTF? Public EXAMPLESBENEFITSCONCEPTCONTEXT MOST CTF ARE FREE MANY ARE AVAILABLE ONLINE SOME REQUIRE PHYSICAL ACCESS
{elysiumsecurity} cyber protection & response 8 WHAT IS A CTF? Public EXAMPLESBENEFITSCONCEPTCONTEXT ACCESSIBLE TO ALL SKILL LEVELS USUALLY FIND AN MD5 HASH bac2e4a7dab0d89df5f672972910b8c4 MOST CTF OFFENSIVE SOME DEFENSIVE
{elysiumsecurity} cyber protection & response 9 LEARN Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU LEARN THE REAL IMPACT OF KNOWN VULNERABILITIES YOU LEARN THE REAL IMPACT OF MISCONFIGURATION AND PATCHING YOU LEARN WHILST PLAYING A GAME
{elysiumsecurity} cyber protection & response 10 PRACTICE Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU PRACTISE REAL ATTACKS YOU PRACTISE OUTSIDE THE BOX THINKING YOU PRACTISE OTHER IT SKILLS
{elysiumsecurity} cyber protection & response 11 WIN! Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU GET A FREE TRAINING GROUND YOU MAY EVEN GET MONEY/GIFT YOU GET PEERS RECOGNITION
{elysiumsecurity} cyber protection & response 12 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT SANS XMAS CHALLENGE 2015 PART 1, QUESTION 2 FIND THE IMAGE IN THE PCAP FILE DNS TRAFFIC ONLY
{elysiumsecurity} cyber protection & response 13 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT ANYTHING STRANGE WITH THESE DNS QUERIES?
{elysiumsecurity} cyber protection & response 14 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT “1337” IS HACKING REFERENCE! FOLLOW THE UDP STREAM
{elysiumsecurity} cyber protection & response 15 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT SAVE TEXT INTO A FILE AND EXTRACT THE ”EXTRA DNS INFORMATION”
{elysiumsecurity} cyber protection & response 16 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU GET THE IMAGE WHICH WAS TRANSMITTED OVER DNS QUERIES SANS XMAS CHALLENGE 2015 WRITE https://www.elysiumsecurity.com/blog/Challenges/post6.html#two
{elysiumsecurity} cyber protection & response 17 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU LEARNT HOW TO USE WIRESHARK AND INVESTIGATE TRAFFIC FLOW YOU LEARNT HOW TO EXTRACT DATA FROM A PACKET CAPTURE YOU LEARNT OF A HACKING TECHNICS TO EXFILTRATE INFORMATION FROM A LOCKED DOWN ENVIRONMENT YOU LEARNT THAT GNOMES ARE EVIL!
{elysiumsecurity} cyber protection & response 18 LOOK AT THIS SOUND! Public EXAMPLESBENEFITSCONCEPTCONTEXT SANS BROCHURE CHALLENGE 2014 CHALLENGE 3, LEVEL 2 “LOOK AT AN AUDIO FILE” REFERENCE TO AN SVN COPYING REPO PRODUCES FILES BUT NO AUDIO FILE LOOKING AT COMMAND OUTPUT DONOTOPEN.MP3 GETS DELETED EDIT THE REPO.SVN AND REMOVE DELETE INSTRUCTION YOU HAVE A WAVE FILE!
{elysiumsecurity} cyber protection & response 19 LOOK AT THIS SOUND! Public WHAT TO DO WITH THAT FILE? EXAMPLESBENEFITSCONCEPTCONTEXT “Which of the following would you most prefer? A) a puppy B) a pretty flower from your sweetie or C) a large properly formed data file? You have failed this reverse Turing test, now suffer the consequences.. “
{elysiumsecurity} cyber protection & response 20 LOOK AT THIS SOUND! Public EXAMPLESBENEFITSCONCEPTCONTEXT SANS BROCHURE CHALLENGE 2015 WRITE UP: https://www.elysiumsecurity.com/blog/Challenges/post2.html SPECTROGRAM!
{elysiumsecurity} cyber protection & response 21 LOOK AT THIS SOUND! Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU LEARNT TO PAY ATTENTION ABOUT WHAT IS BEING ASKED YOU LEARNT HOW TO USE A REPOSITORY ENVIRONMENT YOU LEARNT TO THINK OUTSIDE THE BOX AND
 PERSEVERE! YOU LEARNT A STEGANOGRAPHY TECHNIC
{elysiumsecurity} cyber protection & response © 2018 ELYSIUMSECURITY LTD. All Rights Reserved www.elysiumsecurity.com ELYSIUMSECURITY provides practical expertise to identify vulnerabilities, assess their risks and impact, remediate those risks, prepare and respond to incidents as well as raise security awareness through an organization. ELYSIUMSECURITY provides high level expertise gathered through years of best practices experience in large international companies allowing us to provide advice best suited to your business operational model and priorities. ABOUT ELYSIUMSECURITY LTD. ELYSIUMSECURITY provides a portfolio of Strategic and Tactical Services to help companies protect and respond against Cyber Security Threats. We differentiate ourselves by offering discreet, tailored and specialized engagements. ELYSIUMSECURITY operates in Mauritius and in Europe, a boutique style approach means we can easily adapt to your business operational model and requirements to provide a personalized service that fits your working environment.

Empfohlen

Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Sylvain Martinez
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDSSylvain Martinez
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security AssessmentSylvain Martinez
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESSylvain Martinez
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWSylvain Martinez
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 

Empfohlen

Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2Sylvain Martinez
 
OFFENSIVE IDS
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDSSylvain Martinez
 
Mobile Security Assessment
Mobile Security AssessmentMobile Security Assessment
Mobile Security AssessmentSylvain Martinez
 
VIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLESSylvain Martinez
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWSylvain Martinez
 
INCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
 
DATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITYSylvain Martinez
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident PreparationCimation
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalDejan Jeremic
 
Ivan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeIvan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeDejan Jeremic
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSylvain Martinez
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
 
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor VargaIct 2015 saga - cisco cybersecurity reĆĄenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor VargaDejan Jeremic
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
 
Exploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeExploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeCylance
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Debunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDebunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDragos, Inc.
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps AdoptionMark Rendell
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident PreparationCimation
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalDejan Jeremic
 
Ivan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeIvan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeDejan Jeremic
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSylvain Martinez
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
 
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor VargaIct 2015 saga - cisco cybersecurity reĆĄenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor VargaDejan Jeremic
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Cisco Canada
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksBGA Cyber Security
 
Exploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeExploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeCylance
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky
 
Debunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDebunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDragos, Inc.
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 

Was ist angesagt? (20)

OFFICE 365 SECURITY
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
 
Ict conf td-evs_pcidss-final
Ict conf td-evs_pcidss-finalIct conf td-evs_pcidss-final
Ict conf td-evs_pcidss-final
 
Ivan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrimeIvan dragas get ahead of cybercrime
Ivan dragas get ahead of cybercrime
 
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinHands on Security, Disrupting the Kill Chain, SplunkLive! Austin
Hands on Security, Disrupting the Kill Chain, SplunkLive! Austin
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
 
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor VargaIct 2015 saga - cisco cybersecurity reĆĄenja- Viktor Varga
Ict 2015 saga - cisco cybersecurity reĆĄenja- Viktor Varga
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist Attacks
 
Exploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeExploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of Cybercrime
 
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
 
Debunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread BlackoutsDebunking the Hacker Hype: The Reality of Widespread Blackouts
Debunking the Hacker Hype: The Reality of Widespread Blackouts
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 

Ähnlich wie The Art of CTF

INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSSylvain Martinez
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps AdoptionMark Rendell
 
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...DevOpsDays Tel Aviv
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
 
Cyber Security integration
Cyber Security integrationCyber Security integration
Cyber Security integrationCarlo Dapino
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNSC42 Ltd
 
Enterprise Cloud Risk And Security
Enterprise Cloud Risk And SecurityEnterprise Cloud Risk And Security
Enterprise Cloud Risk And SecurityMark Masterson
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imhoW Fred Seigneur
 
"Evolving cybersecurity strategies" - Seizing the Opportunity
"Evolving cybersecurity strategies" - Seizing the Opportunity"Evolving cybersecurity strategies" - Seizing the Opportunity
"Evolving cybersecurity strategies" - Seizing the OpportunityDean Iacovelli
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerAdrian Sanabria
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Jonathan Cran
 
What is exactly anti fragile in dev ops - v3
What is exactly anti fragile in dev ops - v3What is exactly anti fragile in dev ops - v3
What is exactly anti fragile in dev ops - v3Asher Sterkin
 
Learning Security Strategies through Game Play and Optimal Stopping
Learning Security Strategies through Game Play and Optimal StoppingLearning Security Strategies through Game Play and Optimal Stopping
Learning Security Strategies through Game Play and Optimal StoppingKim Hammar
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Canada
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
 

Ähnlich wie The Art of CTF (20)

INTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps Adoption
 
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
DevOps Days Tel Aviv 2013: What exactly is anti-fragile in DevOps? - Asher St...
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
Behind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced ThreatsBehind the Curtain: Exposing Advanced Threats
Behind the Curtain: Exposing Advanced Threats
 
Cyber Security integration
Cyber Security integrationCyber Security integration
Cyber Security integration
 
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC ConferenceNsc42 - is the cloud secure - is easy if you do it smart ECC Conference
Nsc42 - is the cloud secure - is easy if you do it smart ECC Conference
 
Butler
ButlerButler
Butler
 
Enterprise Cloud Risk And Security
Enterprise Cloud Risk And SecurityEnterprise Cloud Risk And Security
Enterprise Cloud Risk And Security
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imho
 
"Evolving cybersecurity strategies" - Seizing the Opportunity
"Evolving cybersecurity strategies" - Seizing the Opportunity"Evolving cybersecurity strategies" - Seizing the Opportunity
"Evolving cybersecurity strategies" - Seizing the Opportunity
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
 
Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction Effective Prioritization Through Exploit Prediction
Effective Prioritization Through Exploit Prediction
 
What is exactly anti fragile in dev ops - v3
What is exactly anti fragile in dev ops - v3What is exactly anti fragile in dev ops - v3
What is exactly anti fragile in dev ops - v3
 
Learning Security Strategies through Game Play and Optimal Stopping
Learning Security Strategies through Game Play and Optimal StoppingLearning Security Strategies through Game Play and Optimal Stopping
Learning Security Strategies through Game Play and Optimal Stopping
 
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a HackerCisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
Cisco Connect Toronto 2017 - Security Through The Eyes of a Hacker
 
AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
 

Mehr von Sylvain Martinez

INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYSylvain Martinez
 
ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?Sylvain Martinez
 
GDPR SECURITY ISSUES
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUESSylvain Martinez
 
Risk on Crypto Currencies
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto CurrenciesSylvain Martinez
 
Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Sylvain Martinez
 
INCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSSylvain Martinez
 
Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Sylvain Martinez
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bSylvain Martinez
 
Talk1 muscl club_v1_2
Talk1 muscl club_v1_2Talk1 muscl club_v1_2
Talk1 muscl club_v1_2Sylvain Martinez
 

Mehr von Sylvain Martinez (12)

INTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY
 
PHISHING PROTECTION
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?
 
GDPR SECURITY ISSUES
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUES
 
Risk on Crypto Currencies
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto Currencies
 
Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
INCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONS
 
Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2Talk2 esc4 muscl-ids_v1_2
Talk2 esc4 muscl-ids_v1_2
 
Talk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2b
 
Talk1 muscl club_v1_2
Talk1 muscl club_v1_2Talk1 muscl club_v1_2
Talk1 muscl club_v1_2
 

KĂŒrzlich hochgeladen

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 

KĂŒrzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

The Art of CTF

  • 1. {elysiumsecurity} THE ART OF CTF Version: 1.2a Date: 28/08/2018 Author: Sylvain Martinez Reference: ESC10-MUSCL Classification: Public cyber protection & response
  • 2. {elysiumsecurity} cyber protection & response 2 EXAMPLESBENEFITSCONCEPTCONTEXT ‱ What is a CTF? ‱ Find the image! ‱ Look at this sound! CONTENTS Public ‱ Skills Challenges; ‱ Resources Challenges; ‱ Learning Challenges; ‱ Learn; ‱ Practice; ‱ Win;
  • 3. {elysiumsecurity} cyber protection & response 3 EXAMPLESBENEFITSCONCEPTCONTEXT SKILLS CHALLENGES Public 62% HAVE NOT INCREASED SECURITY TRAINING BUDGET 1 OUT OF 3 SECURITY PROS NOT FAMILIAR WITH NEW THREATS Icons from the noun project unless specified otherwise, SOURCE: Business Wire 2014 83% OF ENTERPRISES LACK THE RIGHT SKILLS AND RESOURCES TO PROTECT THEIR IT ASSETS
  • 4. {elysiumsecurity} cyber protection & response 4 EXAMPLESBENEFITSCONCEPTCONTEXT RESOURCES CHALLENGES Public 1 MILLION UNFILLED SECURITY JOBS WORDWIDE 92% OF HIRING MANAGER SEEKS PAST EXPERIENCE IN SECURITY SOURCE: Business Wire 2014 and CBR ONLINE 2017 <2.4% GRADUATING STUDENTS HAVE SECURITY DEGREES
  • 5. {elysiumsecurity} cyber protection & response 5 EXAMPLESBENEFITSCONCEPTCONTEXT LEARNING CHALLENGES Public EXPERIMENTATION DANGER TRAINING CREATIVITY
  • 6. {elysiumsecurity} cyber protection & response 6 WHAT IS A CTF? Public EXAMPLESBENEFITSCONCEPTCONTEXT A SAFE HACKING ENVIRONMENT A GUIDED JOURNEY OF HACKING CHALLENGES CAPTURE THE FLAG IS A LEARNING GAME
  • 7. {elysiumsecurity} cyber protection & response 7 WHAT IS A CTF? Public EXAMPLESBENEFITSCONCEPTCONTEXT MOST CTF ARE FREE MANY ARE AVAILABLE ONLINE SOME REQUIRE PHYSICAL ACCESS
  • 8. {elysiumsecurity} cyber protection & response 8 WHAT IS A CTF? Public EXAMPLESBENEFITSCONCEPTCONTEXT ACCESSIBLE TO ALL SKILL LEVELS USUALLY FIND AN MD5 HASH bac2e4a7dab0d89df5f672972910b8c4 MOST CTF OFFENSIVE SOME DEFENSIVE
  • 9. {elysiumsecurity} cyber protection & response 9 LEARN Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU LEARN THE REAL IMPACT OF KNOWN VULNERABILITIES YOU LEARN THE REAL IMPACT OF MISCONFIGURATION AND PATCHING YOU LEARN WHILST PLAYING A GAME
  • 10. {elysiumsecurity} cyber protection & response 10 PRACTICE Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU PRACTISE REAL ATTACKS YOU PRACTISE OUTSIDE THE BOX THINKING YOU PRACTISE OTHER IT SKILLS
  • 11. {elysiumsecurity} cyber protection & response 11 WIN! Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU GET A FREE TRAINING GROUND YOU MAY EVEN GET MONEY/GIFT YOU GET PEERS RECOGNITION
  • 12. {elysiumsecurity} cyber protection & response 12 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT SANS XMAS CHALLENGE 2015 PART 1, QUESTION 2 FIND THE IMAGE IN THE PCAP FILE DNS TRAFFIC ONLY
  • 13. {elysiumsecurity} cyber protection & response 13 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT ANYTHING STRANGE WITH THESE DNS QUERIES?
  • 14. {elysiumsecurity} cyber protection & response 14 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT “1337” IS HACKING REFERENCE! FOLLOW THE UDP STREAM
  • 15. {elysiumsecurity} cyber protection & response 15 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT SAVE TEXT INTO A FILE AND EXTRACT THE ”EXTRA DNS INFORMATION”
  • 16. {elysiumsecurity} cyber protection & response 16 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU GET THE IMAGE WHICH WAS TRANSMITTED OVER DNS QUERIES SANS XMAS CHALLENGE 2015 WRITE https://www.elysiumsecurity.com/blog/Challenges/post6.html#two
  • 17. {elysiumsecurity} cyber protection & response 17 FIND THE IMAGE! Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU LEARNT HOW TO USE WIRESHARK AND INVESTIGATE TRAFFIC FLOW YOU LEARNT HOW TO EXTRACT DATA FROM A PACKET CAPTURE YOU LEARNT OF A HACKING TECHNICS TO EXFILTRATE INFORMATION FROM A LOCKED DOWN ENVIRONMENT YOU LEARNT THAT GNOMES ARE EVIL!
  • 18. {elysiumsecurity} cyber protection & response 18 LOOK AT THIS SOUND! Public EXAMPLESBENEFITSCONCEPTCONTEXT SANS BROCHURE CHALLENGE 2014 CHALLENGE 3, LEVEL 2 “LOOK AT AN AUDIO FILE” REFERENCE TO AN SVN COPYING REPO PRODUCES FILES BUT NO AUDIO FILE LOOKING AT COMMAND OUTPUT DONOTOPEN.MP3 GETS DELETED EDIT THE REPO.SVN AND REMOVE DELETE INSTRUCTION YOU HAVE A WAVE FILE!
  • 19. {elysiumsecurity} cyber protection & response 19 LOOK AT THIS SOUND! Public WHAT TO DO WITH THAT FILE? EXAMPLESBENEFITSCONCEPTCONTEXT “Which of the following would you most prefer? A) a puppy B) a pretty flower from your sweetie or C) a large properly formed data file? You have failed this reverse Turing test, now suffer the consequences.. “
  • 20. {elysiumsecurity} cyber protection & response 20 LOOK AT THIS SOUND! Public EXAMPLESBENEFITSCONCEPTCONTEXT SANS BROCHURE CHALLENGE 2015 WRITE UP: https://www.elysiumsecurity.com/blog/Challenges/post2.html SPECTROGRAM!
  • 21. {elysiumsecurity} cyber protection & response 21 LOOK AT THIS SOUND! Public EXAMPLESBENEFITSCONCEPTCONTEXT YOU LEARNT TO PAY ATTENTION ABOUT WHAT IS BEING ASKED YOU LEARNT HOW TO USE A REPOSITORY ENVIRONMENT YOU LEARNT TO THINK OUTSIDE THE BOX AND
 PERSEVERE! YOU LEARNT A STEGANOGRAPHY TECHNIC
  • 22. {elysiumsecurity} cyber protection & response © 2018 ELYSIUMSECURITY LTD. All Rights Reserved www.elysiumsecurity.com ELYSIUMSECURITY provides practical expertise to identify vulnerabilities, assess their risks and impact, remediate those risks, prepare and respond to incidents as well as raise security awareness through an organization. ELYSIUMSECURITY provides high level expertise gathered through years of best practices experience in large international companies allowing us to provide advice best suited to your business operational model and priorities. ABOUT ELYSIUMSECURITY LTD. ELYSIUMSECURITY provides a portfolio of Strategic and Tactical Services to help companies protect and respond against Cyber Security Threats. We differentiate ourselves by offering discreet, tailored and specialized engagements. ELYSIUMSECURITY operates in Mauritius and in Europe, a boutique style approach means we can easily adapt to your business operational model and requirements to provide a personalized service that fits your working environment.