Successfully reported this slideshow.

Honeypots, Cybercompetitions, and Bug Bounties

1

Share

Sep. 30, 2016
1 like 450 views
Upcoming SlideShare
YearUp: Hacking for Jobs
YearUp: Hacking for Jobs
Loading in …3
×
1 of 70
1 of 70

Honeypots, Cybercompetitions, and Bug Bounties

Sep. 30, 2016
1 like 450 views

1

Share

Download to read offline

Education

Slides for a talk at Code Camp
Oct. 1, 2016
Sam Bowne
City College San Francisco
Twitter: @sambowne

Slides for a talk at Code Camp
Oct. 1, 2016
Sam Bowne
City College San Francisco
Twitter: @sambowne

Education

Recommended

More Related Content

More from Sam Bowne

Ch 12 Attacking Users - XSS
Sam Bowne
Ch 10: Attacking Back-End Components
Sam Bowne
L7 64-bit Assembler
Sam Bowne
4. Communication and Network Security
Sam Bowne
Ch 9 Attacking Data Stores (Part 2)
Sam Bowne
Ch 6: The Wild World of Windows
Sam Bowne
3. Security Engineering
Sam Bowne
Ch 7: Attacking Session Management
Sam Bowne
3. Security Engineering
Sam Bowne
Ch 6: Attacking Authentication
Sam Bowne
Ch 5: Introduction to heap overflows
Sam Bowne
Ch 5: Bypassing Client-Side Controls
Sam Bowne
3. Security Engineering
Sam Bowne
Ch 3a: Risk Management Concepts
Sam Bowne
CNIT 127 Ch 3: Shellcode
Sam Bowne
CNIT 160 3a Information Risk Management
Sam Bowne
Ch 3: Web Application Technologies
Sam Bowne
127 Ch 2: Stack overflows on Linux
Sam Bowne
1. Security and Risk Management
Sam Bowne
Introduction: CISSP Certification
Sam Bowne

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
Now What?: How to Move Forward When We're Divided (About Basically Everything) Sarah Stewart Holland
(3.5/5)
Free
Anxious for Nothing: Finding Calm in a Chaotic World Max Lucado
(4.5/5)
Free
How May I Serve Karen Mathews
(3.5/5)
Free
The Subtle Art of Not Giving a F*ck: A Counterintuitive Approach to Living a Good Life Mark Manson
(4.5/5)
Free
Decluttering at the Speed of Life: Winning Your Never-Ending Battle with Stuff Dana K. White
(4.5/5)
Free
The 7 Habits of Highly Effective People Stephen R. Covey
(4/5)
Free
Girl, Wash Your Face: Stop Believing the Lies About Who You Are so You Can Become Who You Were Meant to Be Rachel Hollis
(3.5/5)
Free
A Stolen Life: A Memoir Jaycee Dugard
(4.5/5)
Free
The Gifts of Imperfection: Let Go of Who You Think You're Supposed to Be and Embrace Who You Are Brené Brown
(4.5/5)
Free
Never Split the Difference: Negotiating As If Your Life Depended On It Chris Voss
(4.5/5)
Free
Boundaries Updated and Expanded Edition: When to Say Yes, How to Say No To Take Control of Your Life Henry Cloud
(4/5)
Free
Maybe You Should Talk to Someone: A Therapist, HER Therapist, and Our Lives Revealed Lori Gottlieb
(4.5/5)
Free
The 7 Habits of Highly Effective People: Powerful Lessons in Personal Change: 25th Anniversary Infographics Edition Stephen R. Covey
(4.5/5)
Free
Girl, Stop Apologizing: A Shame-Free Plan for Embracing and Achieving Your Goals Rachel Hollis
(3.5/5)
Free
The 7 Habits of Highly Effective People Personal Workbook Stephen R. Covey
(4/5)
Free
Dry: A Memoir Augusten Burroughs
(4.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
I Guess I Haven't Learned That Yet: Discovering New Ways of Living When the Old Ways Stop Working Shauna Niequist
(4.5/5)
Free
Endure: How to Work Hard, Outlast, and Keep Hammering Cameron Hanes
(5/5)
Free
Golden: The Power of Silence in a World of Noise Justin Zorn
(4.5/5)
Free
Life Lessons Harry Potter Taught Me: Discover the Magic of Friendship, Family, Courage, and Love in Your Life Jill Kolongowski
(3/5)
Free
Do You Know Who I Am?: Battling Imposter Syndrome in Hollywood Jeremy Fall
(4/5)
Free
Courage and Crucibles: Leadership in Challenging Times Pierre Quinn
(5/5)
Free
Speak: Find Your Voice, Trust Your Gut, and Get From Where You Are to Where You Want To Be Tunde Oyeneyin
(5/5)
Free
Plays Well with Others: The Surprising Science Behind Why Everything You Know About Relationships is (Mostly) Wrong Eric Barker
(5/5)
Free
The Mom Friend Guide to Everyday Safety and Security: Tips from the Practical One in Your Squad Cathy Pedrayes
(3/5)
Free
Master of Information: Skills for Lifelong Learning and Resisting Misinformation Meredith Butts
(4.5/5)
Free
How to Host a Viking Funeral: The Case for Burning Your Regrets, Chasing Your Crazy Ideas, and Becoming the Person You're Meant to Be Kyle Scheele
(5/5)
Free
Full Out: Lessons in Life and Leadership from America's Favorite Coach Monica Aldama
(4/5)
Free
Stress and Stressors: Avoiding and Managing Stress and Burnout at Work Brandy Payne
(3.5/5)
Free
One Degree of Connection: Networking Your Network Laura Mignott
(4/5)
Free
Mindset Shifts: Embracing a Life of Personal Growth Tara Omorogbe
(4.5/5)
Free
Self-Help for the Helpless: A Beginner's Guide to Personal Development, Understanding Self-care, and Becoming Your Authentic Self Shelley Wilson
(4.5/5)
Free

Honeypots, Cybercompetitions, and Bug Bounties

  1. 1. Honeypots, Cybercompetitions, and Bug Bounties Oct 1, 2016 Sam Bowne City College San Francisco All materials available at samsclass.info
  2. 2. Violent Python • Step-by-step project • Challenges • No instructions • Increasing difficulty • ty @mqaissaunee
  3. 3. April 2014: Heartbleed
  4. 4. Vulnerable Android Devices
  5. 5. A Job from One Tweet
  6. 6. Exploit Development Class
  7. 7. CNIT 127: Exploit Development
  8. 8. Buffer Overflow Vulnerability • Input more than 1024 bytes will overflow the buffer
  9. 9. DoS Exploit
  10. 10. Nonrepeating Pattern
  11. 11. Gnu Debugger
  12. 12. Generate Shellcode with msfvenom
  13. 13. Construct Exploit
  14. 14. The Stack Frame • The last word is the return value • Must jump into the NOP sled
  15. 15. Listening Shell
  16. 16. Pwnage Remote Code Execution
  17. 17. PHP Shell
  18. 18. Tripwire
  19. 19. Complete Report
  20. 20. Simple Violations Log
  21. 21. Vulnerability Disclosure
  22. 22. • ty @bugcrowd
  23. 23. Hacked by Anonsec
  24. 24. XSS
  25. 25. Rooted My Server
  26. 26. Rooted Twice the Same Way • My first attempt to patch the vulnerability failed • With the help of a student, I got my kernel updated after this
  27. 27. Stealing My Password • Shoulder surfing • http://tinyurl.com/ samspw
  28. 28. CTFs
  29. 29. How to Start 1. PicoCTF 2. EasyCTF 3. CTFTime
  30. 30. • Many levels, from very easy to very hard • Complete walkthroughs
  31. 31. Graphical Gameboard
  32. 32. • 1 week long • Many easy problems, but also hard ones • Sign up to hear about other easy CTFs
  33. 33. Write-Ups
  34. 34. Find CTFs
  35. 35. Walk-Throughs!
  36. 36. Hacking Club
  37. 37. Remote Speakers • Projector, webcam, Skype, speakers • Two talks from professional penetration testers
  38. 38. Student Contributions • Cleaning up the lab to make an inviting hangout space • Bridging to the CCSF_Coders club • Technical expertise from Google vuln labs • Hacker contacts from Defcon, etc.
  39. 39. Hacking Lab Free Fire Zone
  40. 40. Signs on Wall
  41. 41. Keylogger • One student wrote a Python keylogger and installed it on the lab machines
  42. 42. Internships
  43. 43. Employers • OpenDNS • NASA Ames • Lawrence Berkeley Lab • San Francisco Housing Authority • UCSF Medical Center
  44. 44. Job Fair • Students bring resumes at first (and only) class meeting • Employers describe jobs and grab applicants on the spot • Everyone welcome, including ex-students, students from the Computer Science department, students not enrolled in the internship class
  45. 45. Administrative Resistance • CCSF administrators cancelled the entire program in Spring 2015 • I only saved it by appealing directly to the Chancellor and threatening to resign • However, the person who cancelled it is now the Chancellor
  46. 46. Administrative Resistance • The new curriculum review process doesn't allow any class without lectures, textbook, final exam, etc. • This blocks seminar classes and Internship classes • The solution is to just break the rules--this is what tenure is for
  47. 47. Guest Speakers • At least one per class per semester • "Careers" class consisting of visiting industry speakers

×