Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BSides DFW 2014 - Security Scavenger Hunts

530 views

Published on

  • Be the first to comment

  • Be the first to like this

BSides DFW 2014 - Security Scavenger Hunts

  1. 1. Cryptolingus Scavenger Hunt (CLSH) Security Scavenger Hunts Brian Mork (@hermit_hacker) Security BSides DFW 2014
  2. 2. First Things First… Let’s Play A Game http://sh.cryptolingus.net http://sh.cryptolingus.net/scoreboard.php
  3. 3. Who Am I? ❖ Former DOD, Coder, RF Simulation, etc. ❖ Co-Founder, Team Cryptolingus ❖ Information Security Operations Manager ❖ Father, Husband, Hacker, Gamer (FHHG) ❖ Certification Kung-Fu: ❖ GIAC Certified Forensic Expert ❖ Red Hat Certified SysAdmin / Engineer ❖ Application Security Specialist? :)
  4. 4. Where Has Security Training Gone Wrong?
  5. 5. Why Does It All Suck?
  6. 6. You Forgot To Make It Fun
  7. 7. So Let’s Fix That
  8. 8. But How? ❖ 1. Physical Challenges ❖ 2. Online Challenges ❖ 3. Make Users Interact With Each Other ❖ … oh, and prizes. :)
  9. 9. What We Done Did
  10. 10. We Built It, They Came ❖ Get your minds out of the gutter. ❖ We couldn’t find a decent scoreboard that didn’t require massive amounts of Microsoft redistributable packages or obscene dependencies, so we built it and open sourced it… only PHP 5 required.
  11. 11. Behold: The CLSH! ❖ Register ❖ Login ❖ Play ❖ Simple and extensible ❖ Automatic scoreboard ❖ Logging for dispute resolution*
  12. 12. Security Awareness Week
  13. 13. Day -1 ❖ Dropped physical item (wipe) with no other information…
  14. 14. Day 1 ❖ Official notice sent out with link to the primary page ❖ Instructions on how to register and play ❖ Lunch and learn: physical safety
  15. 15. Day 2 ❖ Lunch and learn: safe browsing ❖ Notification of a hidden game…
  16. 16. Day 3 ❖ Lunch and learn: social engineering demo ❖ Physical scavenger hunt begins
  17. 17. Day 4 ❖ Security Jeopardy (Round 1) ❖ This actually was mostly out there, so just modified and re-released ❖ https://github.com/hermit-hacker/SecJep ❖ Physical scavenger hunt begins ❖ Folks who were paying attention noticed comments about one time pads…
  18. 18. Day 5 ❖ Security Jeopardy Finals ❖ Physical scavenger hunt begins ❖ The final components of the hidden game are exposed ❖ Prizes!
  19. 19. BSides Memphis Throwback… H/T @lotusr00t
  20. 20. Stalling Technique: Security Jeopardy Anyone?
  21. 21. Questions? @hermit_hacker https://github.com/hermit-hacker/CLSH
  22. 22. Hat Tips ❖ Madhat (@unspecific) for the custom artwork ❖ Liz Hazen for running the information security awareness programs

×