Successfully reported this slideshow.
Your SlideShare is downloading. ×

BSides DFW 2014 - Security Scavenger Hunts

Nov. 16, 2014
1 like 693 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Stan Just (CD Projekt Red) - Creating Amazing Art in The Witcher 3: Wild Hunt
Stan Just (CD Projekt Red) - Creating Amazing Art in The Witcher 3: Wild Hunt
Loading in …3
×

Check these out next

A Brief History of Cryptographic Failures - Mork
Nothing Nowhere
A Brief History of Cryptographic Failures
Nothing Nowhere
The Art of defence: How vulnerabilites help shape security features and mitig...
Priyanka Aash
Splunking HL7 Healthcare Data for Business Value
Splunk
Splunking HL7 Healthcare Data for Business Value
Splunk
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Priyanka Aash
Customer Presentation
Splunk
SOC Duties and Training Needs
Amin Asia
1 of 30 Ad

BSides DFW 2014 - Security Scavenger Hunts

Nov. 16, 2014
1 like 693 views

Download to read offline
Advertisement

Recommended

Stan Just (CD Projekt Red) - Creating Amazing Art in The Witcher 3: Wild Hunt
DevGAMM Conference
1.4k views
64 slides
COM 583 Ethics and Editing
Jessica Partnow
334 views
42 slides
Brian Mork - DC214 October 2015 - ECB Sucks
Nothing Nowhere
479 views
15 slides
HEIST: HTTP encrypted information can be stolen through TCP windows
Priyanka Aash
403 views
53 slides
Introducing Co3's Security Incident Response Module
Resilient Systems
756 views
13 slides
ITIL Foundation card Game
Mohamed Zohair
4k views
42 slides
B3948
Bryan Borra
206 views
31 slides
20161012CRITIS_ptheron_ICCF ab
Dr. Paul THERON
84 views
12 slides
Advertisement

More Related Content

Viewers also liked (17)

A Brief History of Cryptographic Failures - Mork
Nothing Nowhere
157 views
A Brief History of Cryptographic Failures
Nothing Nowhere
1.6k views
The Art of defence: How vulnerabilites help shape security features and mitig...
Priyanka Aash
524 views
Splunking HL7 Healthcare Data for Business Value
Splunk
290 views
Splunking HL7 Healthcare Data for Business Value
Splunk
1.2k views
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Priyanka Aash
643 views
Customer Presentation
Splunk
460 views
SOC Duties and Training Needs
Amin Asia
217 views
1000 ways to die in mobile oauth
Priyanka Aash
1.3k views
Hacking Exposed LIVE: Attacking in the Shadows
Priyanka Aash
494 views
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
257 views
How to select A good itsm tool
Mohamed Zohair
1.6k views
Breaking Kernal address space layout rendomization: KASLAR with Intel TSX
Priyanka Aash
687 views
Behind the scenes with IOS security
Priyanka Aash
719 views
How to Calculate WACC
Mohamed Zohair
9.2k views
Intra process memory protection for applications on ARM and x86
Priyanka Aash
618 views
Best Practices For Sharing Data Across The Enteprrise
Splunk
463 views
A Brief History of Cryptographic Failures - Mork
Nothing Nowhere
157 views
41 slides
A Brief History of Cryptographic Failures
Nothing Nowhere
1.6k views
41 slides
The Art of defence: How vulnerabilites help shape security features and mitig...
Priyanka Aash
524 views
57 slides
Splunking HL7 Healthcare Data for Business Value
Splunk
290 views
43 slides
Splunking HL7 Healthcare Data for Business Value
Splunk
1.2k views
43 slides
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Priyanka Aash
643 views
58 slides

Similar to BSides DFW 2014 - Security Scavenger Hunts (18)

Rmd mithdd 20130305
Sheepy D.
312 views
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Positive Hack Days
18.1k views
Phd final
Positive Hack Days
1k views
Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...
Escoles Universitàries Gimbernat i Tomàs Cerdà
874 views
Beat Your Mom At Solitaire—Reverse Engineering of Computer Games
Christoph Matthies
1.3k views
A Google Event You Won't Forget
Beau Bullock
1.2k views
James Forshaw, elevator action
PacSecJP
2.2k views
PHP games
harwoodr
2.8k views
Give Me Your Data!
Positive Hack Days
1.7k views
make something that makes something (that isn't a game)
Gillian Smith
692 views
Josh Cohen Visual Resume
Joshua Cohen
1.2k views
A survival guide for UX in complex environments
Paula de Matos
2.4k views
Adversarial Post-Ex: Lessons From The Pros
Justin Warner
2.8k views
Adversarial Post Ex - Lessons from the Pros
sixdub
1.3k views
Understanding and implementing website security
Drew Gorton
274 views
Hunt for the red DA
Neil Lines
1.5k views
Security Operations as a Video Game (Bsides Vancouver 2019)
Rob Fry
81 views
Sacramento Community College Game Club Presentation
Joseph Burchett
336 views
Rmd mithdd 20130305
Sheepy D.
312 views
29 slides
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Positive Hack Days
18.1k views
50 slides
Phd final
Positive Hack Days
1k views
50 slides
Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...
Escoles Universitàries Gimbernat i Tomàs Cerdà
874 views
108 slides
Beat Your Mom At Solitaire—Reverse Engineering of Computer Games
Christoph Matthies
1.3k views
25 slides
A Google Event You Won't Forget
Beau Bullock
1.2k views
57 slides
Advertisement

BSides DFW 2014 - Security Scavenger Hunts

  1. 1. Cryptolingus Scavenger Hunt (CLSH) Security Scavenger Hunts Brian Mork (@hermit_hacker) Security BSides DFW 2014
  2. 2. First Things First… Let’s Play A Game http://sh.cryptolingus.net http://sh.cryptolingus.net/scoreboard.php
  3. 3. Who Am I? ❖ Former DOD, Coder, RF Simulation, etc. ❖ Co-Founder, Team Cryptolingus ❖ Information Security Operations Manager ❖ Father, Husband, Hacker, Gamer (FHHG) ❖ Certification Kung-Fu: ❖ GIAC Certified Forensic Expert ❖ Red Hat Certified SysAdmin / Engineer ❖ Application Security Specialist? :)
  4. 4. Where Has Security Training Gone Wrong?
  5. 5. Why Does It All Suck?
  6. 6. You Forgot To Make It Fun
  7. 7. So Let’s Fix That
  8. 8. But How? ❖ 1. Physical Challenges ❖ 2. Online Challenges ❖ 3. Make Users Interact With Each Other ❖ … oh, and prizes. :)
  9. 9. What We Done Did
  10. 10. We Built It, They Came ❖ Get your minds out of the gutter. ❖ We couldn’t find a decent scoreboard that didn’t require massive amounts of Microsoft redistributable packages or obscene dependencies, so we built it and open sourced it… only PHP 5 required.
  11. 11. Behold: The CLSH! ❖ Register ❖ Login ❖ Play ❖ Simple and extensible ❖ Automatic scoreboard ❖ Logging for dispute resolution*
  12. 12. Security Awareness Week
  13. 13. Day -1 ❖ Dropped physical item (wipe) with no other information…
  14. 14. Day 1 ❖ Official notice sent out with link to the primary page ❖ Instructions on how to register and play ❖ Lunch and learn: physical safety
  15. 15. Day 2 ❖ Lunch and learn: safe browsing ❖ Notification of a hidden game…
  16. 16. Day 3 ❖ Lunch and learn: social engineering demo ❖ Physical scavenger hunt begins
  17. 17. Day 4 ❖ Security Jeopardy (Round 1) ❖ This actually was mostly out there, so just modified and re-released ❖ https://github.com/hermit-hacker/SecJep ❖ Physical scavenger hunt begins ❖ Folks who were paying attention noticed comments about one time pads…
  18. 18. Day 5 ❖ Security Jeopardy Finals ❖ Physical scavenger hunt begins ❖ The final components of the hidden game are exposed ❖ Prizes!
  19. 19. BSides Memphis Throwback… H/T @lotusr00t
  20. 20. Stalling Technique: Security Jeopardy Anyone?
  21. 21. Questions? @hermit_hacker https://github.com/hermit-hacker/CLSH
  22. 22. Hat Tips ❖ Madhat (@unspecific) for the custom artwork ❖ Liz Hazen for running the information security awareness programs

×