A journey through an INFOSEC labyrinth


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

A journey through an INFOSEC labyrinth

  1. 1. A journey through an INFOSEC labyrinth Andrei Avădănei Founder & CEO DefCamp contact@defcamp.ro
  2. 2. After this presentation...➲ You wont be a better hacker➲ You wont learn how to break things (if you are a cop, please leave the room, its nothing interesting here)➲ You wont learn how to make a conference➲ You wont learn how to become $$_$$➲ You will learn IDEAS
  3. 3. Summary➲ About me➲ Security through entrepreneurship➲ DefCamp➲ CCSIR➲ Q&A all the time. :-)
  4. 4. About me➲ Founder & CEO of DefCamp➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :)).➲ Founder CCSIR➲ Community manager @worldit.info➲ Vice President at GREPIT➲ Volunteer at BitDefender Romania➲ Great results at several thousands national and international competitions➲ and others.
  5. 5. History➲ 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. The community evolved and I along with it➲ 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history.➲ 2009 - founded worldit.info. 2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendees from Romania.➲ March 2011 – DefCamp idea sparked my brain.➲ September 2011 – DefCamp @Bran (~70 attendees)➲ December 2011 – DefCamp @Iasi. (~150 attendees)➲ November 2012 – Founded CCSIR.➲ December 2012 – DefCamp @Bucharest. (~200 attendees)➲ During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc).➲ … and many others.
  6. 6. Lesson #1.337Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed! Disclaimer :➲ That was my short story …➲ The whole story is for my future nephews. :-)➲ In reality there are many IFs, you know those statements from computer science courses ^_^
  7. 7. Lesson #2 If you are a good sniffer its hard to fail!Listen all complaints of your friends circle and scale their frustration into projects!
  8. 8. Lesson #3Build a honeypot, log and parse all the traffic. Youll catch a 0day ! Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
  9. 9. Lesson #4 Share wisely!Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
  10. 10. Lesson #5 Create backups in the cloud!You should ALWAYS have an ace up your sleeve!
  11. 11. Lesson #6 Encrypt your data!Sometimes is better to shut your mouth up and weight your words!
  12. 12. Lesson #7 Tunnel your traffic!Monitor how and where your words/projects/ideas are spreading for a better privacy.
  13. 13. Lesson #8Stay up to date and upgrade if needed! Iterate, iterate, iterate!
  14. 14. Lesson #9 Be prepared to get hacked!Be prepared to fail. I was hacked several times in my history and here I am.
  15. 15. Lesson #10 Be responsiveBuild, listen your feedback, change, listen your feedback and so on...
  16. 16. Summary Security through entrepreneurship➲ 1. Offensive security is better than defensive security!➲ 2. If you are a good sniffer its hard to fail!➲ 3. Build a honeypot, log and parse all the traffic. Youll catch a 0day!➲ 4. Share wisely!➲ 5. Create backups in the cloud!➲ 6. Encrypt your data!➲ 7. Tunnel your traffic!➲ 8. Stay up to date and upgrade if needed!➲ 9. Be prepared to get hacked!➲ 10. Be responsive.
  17. 17. Ok, great, Im not done...yet
  18. 18. DefCamp➲ IT Security & Hacking Conference➲ Informal talks➲ Connect smart guys from Romania and World Wide➲ Experience exchange, connect with people, innovate➲ Building a platform for launching and promoting local industry enthusiasts to the world➲ DCTF, Wall of Sheep➲ Three editions till now (Bran, Iasi, Bucharest)➲ More to come
  19. 19. Boring, right?
  20. 20. But, what about...Offline SQL Injection Offline check-in system Private parties
  21. 21. Or, why not ... Passion, competitions, experience exchangeAfter parties results flirting with the shooter :> Hacker girls :X
  22. 22. Or even more... Sharing Mass-mediaProtection Great audience
  23. 23. Why DefCamp?➲ Because we care about passion➲ We are not business guys but are trying to make a business from passion➲ We have great speakers world wide, a smart audience, cool parties, hot chicks and black hats! :-)➲ You can find a job (for ex. KPMG this year con), you can find friends, experience, resources➲ You find 0days, vulnerabilities, showoffs, POCs, practical and theoritical talks➲ We have something for everybody but you should learn where to look.➲ We are not give everything, but you can get all by yourself➲ ….
  24. 24. CCSIR➲ Cyber Security Research Center from Romania (Centrul de Cercetare in Securitate Informatica din Romania)➲ Projects➲ Security Communication platform➲ Security research➲ Tracking➲ Experience exchange➲ International partnerships➲ Do we have something like this in Romania!?!? We dont.➲ ccsir.ro will be our public interface
  25. 25. Last but not least – some ideas➲ Why Romania? Its a good place to start scalable projects.➲ Try to predict the unpredictable and have a backup plan for unknown.➲ Quality is very important, the money will come..➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc)➲ Merge these stuff in an unusual way to create new things➲ You cannot build something revolutionary, but you could build something different based on others experience➲ Be honest, be crazy, believe in you and in your instincts➲ Build a network of inputs around you and learn how to output only the important bit➲ Pay attention to the people who listen more and talk less, they might be the next star➲ Create small things step by step and thing big, now it depends about your legs length :P➲➲➲ ...and most important, be persistent!
  26. 26. Bonus : Black hat vs White Hat vs W/E Color Hat➲ Its a bullshit (B U L L S H I T), only a buzz word➲ We hate when hackers are considered thieves➲ I believe that there isnt any pure black hat or white hat➲ … but there is a mix of variables that can tag you on a specific time in a side or another➲ You can create great things in the INFOSEC field in a professional way➲ CCSIR might be a good approach for making proffesional research
  27. 27. Thank you!
  28. 28. Now, who wants to drink a beer in the neighborhood ?:-)