2. @jkuemerle
Building CTFs To Teach Non-Security Folks
Everyone
Can
Play!
Joe Kuemerle / joe@kuemerle.com / @jkuemerle
https://upload.wikimedia.org/wikipedia/commons/5/5a/Muggle_Quidditch_Game_in_Vancouver_2.jpg
https://www.bsidesbos.org/
13. @jkuemerle
Likelihood
★ Who has access to the system?
○ Restricted Internal Only
○ Internal only
○ Partner users
○ Authenticated customers
○ Anonymous Internet users
★ How exposed is the knowledge of the
system?
○ Confidential
○ Internal
○ Partner
○ Public knowledge (public
documentation, open source,
etc.)
Impact
★ What types of information could be
disclosed?
○ Public data
○ User/partner data or metadata
○ Administrative data or metadata
○ Authentication secrets
○ Compliance Data
★ What is the use case of the system?
○ Internal use only
○ Internal and Partner use only
○ Deprecated customer use
○ Deprecated public use
○ Standard customer use
○ Standard public use
○ Strategic customer use
○ Strategic public use
16. @jkuemerle
Likelihood
★ Who has access to the system?
○ Restricted Internal Only
○ Internal only
○ Partner users
○ Authenticated customers
○ Anonymous Internet users
★ How exposed is the knowledge of the system?
○ Confidential
○ Internal
○ Partner
○ Public knowledge (public documentation, open source, etc.)