Your SlideShare is downloading. ×
A journey through an INFOSEC labyrinth
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

A journey through an INFOSEC labyrinth


Published on

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. A journey through an INFOSEC labyrinth Andrei Avădănei Founder & CEO DefCamp
  • 2. After this presentation...➲ You wont be a better hacker➲ You wont learn how to break things (if you are a cop, please leave the room, its nothing interesting here)➲ You wont learn how to make a conference➲ You wont learn how to become $$_$$➲ You will learn IDEAS
  • 3. Summary➲ About me➲ Security through entrepreneurship➲ DefCamp➲ CCSIR➲ Q&A all the time. :-)
  • 4. About me➲ Founder & CEO of DefCamp➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :)).➲ Founder CCSIR➲ Community manager➲ Vice President at GREPIT➲ Volunteer at BitDefender Romania➲ Great results at several thousands national and international competitions➲ and others.
  • 5. History➲ 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. The community evolved and I along with it➲ 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history.➲ 2009 - founded 2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendees from Romania.➲ March 2011 – DefCamp idea sparked my brain.➲ September 2011 – DefCamp @Bran (~70 attendees)➲ December 2011 – DefCamp @Iasi. (~150 attendees)➲ November 2012 – Founded CCSIR.➲ December 2012 – DefCamp @Bucharest. (~200 attendees)➲ During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc).➲ … and many others.
  • 6. Lesson #1.337Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed! Disclaimer :➲ That was my short story …➲ The whole story is for my future nephews. :-)➲ In reality there are many IFs, you know those statements from computer science courses ^_^
  • 7. Lesson #2 If you are a good sniffer its hard to fail!Listen all complaints of your friends circle and scale their frustration into projects!
  • 8. Lesson #3Build a honeypot, log and parse all the traffic. Youll catch a 0day ! Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
  • 9. Lesson #4 Share wisely!Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
  • 10. Lesson #5 Create backups in the cloud!You should ALWAYS have an ace up your sleeve!
  • 11. Lesson #6 Encrypt your data!Sometimes is better to shut your mouth up and weight your words!
  • 12. Lesson #7 Tunnel your traffic!Monitor how and where your words/projects/ideas are spreading for a better privacy.
  • 13. Lesson #8Stay up to date and upgrade if needed! Iterate, iterate, iterate!
  • 14. Lesson #9 Be prepared to get hacked!Be prepared to fail. I was hacked several times in my history and here I am.
  • 15. Lesson #10 Be responsiveBuild, listen your feedback, change, listen your feedback and so on...
  • 16. Summary Security through entrepreneurship➲ 1. Offensive security is better than defensive security!➲ 2. If you are a good sniffer its hard to fail!➲ 3. Build a honeypot, log and parse all the traffic. Youll catch a 0day!➲ 4. Share wisely!➲ 5. Create backups in the cloud!➲ 6. Encrypt your data!➲ 7. Tunnel your traffic!➲ 8. Stay up to date and upgrade if needed!➲ 9. Be prepared to get hacked!➲ 10. Be responsive.
  • 17. Ok, great, Im not done...yet
  • 18. DefCamp➲ IT Security & Hacking Conference➲ Informal talks➲ Connect smart guys from Romania and World Wide➲ Experience exchange, connect with people, innovate➲ Building a platform for launching and promoting local industry enthusiasts to the world➲ DCTF, Wall of Sheep➲ Three editions till now (Bran, Iasi, Bucharest)➲ More to come
  • 19. Boring, right?
  • 20. But, what about...Offline SQL Injection Offline check-in system Private parties
  • 21. Or, why not ... Passion, competitions, experience exchangeAfter parties results flirting with the shooter :> Hacker girls :X
  • 22. Or even more... Sharing Mass-mediaProtection Great audience
  • 23. Why DefCamp?➲ Because we care about passion➲ We are not business guys but are trying to make a business from passion➲ We have great speakers world wide, a smart audience, cool parties, hot chicks and black hats! :-)➲ You can find a job (for ex. KPMG this year con), you can find friends, experience, resources➲ You find 0days, vulnerabilities, showoffs, POCs, practical and theoritical talks➲ We have something for everybody but you should learn where to look.➲ We are not give everything, but you can get all by yourself➲ ….
  • 24. CCSIR➲ Cyber Security Research Center from Romania (Centrul de Cercetare in Securitate Informatica din Romania)➲ Projects➲ Security Communication platform➲ Security research➲ Tracking➲ Experience exchange➲ International partnerships➲ Do we have something like this in Romania!?!? We dont.➲ will be our public interface
  • 25. Last but not least – some ideas➲ Why Romania? Its a good place to start scalable projects.➲ Try to predict the unpredictable and have a backup plan for unknown.➲ Quality is very important, the money will come..➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc)➲ Merge these stuff in an unusual way to create new things➲ You cannot build something revolutionary, but you could build something different based on others experience➲ Be honest, be crazy, believe in you and in your instincts➲ Build a network of inputs around you and learn how to output only the important bit➲ Pay attention to the people who listen more and talk less, they might be the next star➲ Create small things step by step and thing big, now it depends about your legs length :P➲➲➲ ...and most important, be persistent!
  • 26. Bonus : Black hat vs White Hat vs W/E Color Hat➲ Its a bullshit (B U L L S H I T), only a buzz word➲ We hate when hackers are considered thieves➲ I believe that there isnt any pure black hat or white hat➲ … but there is a mix of variables that can tag you on a specific time in a side or another➲ You can create great things in the INFOSEC field in a professional way➲ CCSIR might be a good approach for making proffesional research
  • 27. Thank you!
  • 28. Now, who wants to drink a beer in the neighborhood ?:-)