CTF: Bringing back more than sexy!

803 views

Published on

Presentation on the importance and value of running "Capture The Flag" ethical hacking events as well as "how I did it" and "what I learnt". Enjoy :)

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
803
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
25
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

CTF: Bringing back more than sexy!

  1. 1. CTFs - Bringing back more than sexy ;-) Mark Hillick - @markofu KTF Creator of HackEireThursday 9 June 2011
  2. 2. Usual stuff - disclaimer! Own views - not representative of Citrix Systems, IrissCert nor Phyllis and Ferb. I am speaking here entirely of my own opinion, which isn’t saying much but hey :) No dolphins were hurt in the making of this presentation!Thursday 9 June 2011
  3. 3. Who are ya? too many years working in IT now @ vendor, used to be @ bank so I’m Ex-@IrissCert handler, #IrissCon, @HackEire @OwaspIreland Previous Owasp Presentations Cert Handler; WAF Implementation; Scareware via Web App ExploitThursday 9 June 2011
  4. 4. What’s this about? Nope Nor this guy CTFs - history, now & the future My experiences from building a CTF contest from scratch with no $$$$$Thursday 9 June 2011
  5. 5. So sorry!!! I know I had ‘sexy’ in the title butThursday 9 June 2011
  6. 6. What’s a CTF? (1) WAR-GAMES.......COMPETITION! ATTACK, ATTACK, ATTACK!!!!Thursday 9 June 2011
  7. 7. What’s a CTF? (2) CTF contests.....serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. source: http://en.wikipedia.org/wiki/Capture_the_flag#Computer_security && I agree with this partly :)Thursday 9 June 2011
  8. 8. CTF? Nah, I’m not.....Thursday 9 June 2011
  9. 9. We can’t all be....... Or.....Thursday 9 June 2011
  10. 10. I’m not a hacker........ Source: http://img.wikinut.com/img/hzbaiyv.qfkbuofg/jpeg/0/The-comfort-circle.jpegThursday 9 June 2011
  11. 11. Thursday 9 June 2011
  12. 12. Thursday 9 June 2011
  13. 13. but maybe try a CTF? learn outside of the normThursday 9 June 2011
  14. 14. But I’d like to attend the conference!! You going to remember every talk? Didn’t think so......Thursday 9 June 2011
  15. 15. 1337 Test your l33t skillz NSFW Copious amounts of caffeine Do cool stuff with old/new friendsThursday 9 June 2011
  16. 16. Get a job? Companies attempting to recruit off HackEire HackEire => winners got postgrad funding & several business cards :) SANS/US Govt Challenges => JOBS GALORE UK Cyberchallenge won by an ex-postman!Thursday 9 June 2011
  17. 17. CTF Feedback 2010 I learnt a shitload today. I learnt more about what I don’t know than what I do know. Thanks! Thanks very much! I had so much fun and would be happy to pay 100 yoyos (pps) to enter in future.Thursday 9 June 2011
  18. 18. Why allow your staff to compete in a CTF? Learn about defensive & offensive security in a safe environment! As opposed to........ You will learn & increase your awareness because you will be surprised..... $1000/day != good CTF competitorThursday 9 June 2011
  19. 19. So why run a CTF? Make a name... Spot talent Help others & give back a littleThursday 9 June 2011
  20. 20. Why did I do it? & @edskoudis I wanted to learn & improveThursday 9 June 2011
  21. 21. Would I start it all now? Probably not > 250 hours last year Project & People Management Not everyone as passionateThursday 9 June 2011
  22. 22. What have I gained? I used to ‘not like’ my job very much & was bored. I wanted to play with tools I wouldn’t normally get to......Thursday 9 June 2011
  23. 23. What often happens in a CTF? In...... Out......Thursday 9 June 2011
  24. 24. Why? Is sadly all too infrequent..... Assign Roles/FunctionsThursday 9 June 2011
  25. 25. 2000 v 2011 NT4 W7, MacOS10, Linux Brick Phones iOS, Android $$$$$$$$ Credit Crunch West East Kazaa, Napster Twitter, FB, Skype... Books, Newspapers eBooks, Blogs, Web2.0 Man Utd :) Man Utd :) Q&A Interviews Interactive, Hands-OnThursday 9 June 2011
  26. 26. The future? #ebooks #Virtualisation #Tablets/#Phones #OpenSource #CyberChallenges Galore :)Thursday 9 June 2011
  27. 27. Today? Competitions are increasingly recognised as an effective way of promoting innovation......prize industry has boomed, increasing more than 15-fold. The US Space and Security authorities have been supporting world leading competitions for many years. The Obama administration has re-authorised the America COMPETES act to support innovation and innovators. Is it time for Europe to catch up? Source: http://www.europeansecuritychallenge.com/Thursday 9 June 2011
  28. 28. UK Cyber Challenge Secure Network Design Informed Defence Investigate & UnderstandThursday 9 June 2011
  29. 29. CTFs in the future? Part of Hands-On Interview Looking for skillz => USA/SANS, UK, EU Book Smart != EnoughThursday 9 June 2011
  30. 30. It’d be nice if..... Goal: Keep improving....... Evolve, understand & innovateThursday 9 June 2011
  31. 31. 2011 for HackEire? Even better than last year & still free...... Huge improvements - more realistic New web portal Social Media PCAP Analysis More defensive controls Want to introduce images to defend but no time :(Thursday 9 June 2011
  32. 32. Learn more about CTFs? Check out the DefCon, Sans, EthicalHacker.net (& more) websitesThursday 9 June 2011
  33. 33. It’s all here....... Teamwork & Preparedness Constant ImprovementThursday 9 June 2011
  34. 34. Q&AThursday 9 June 2011
  35. 35. All done, no more! If you’re still awake.....Thursday 9 June 2011

×