SlideShare a Scribd company logo

A journey through an INFOSEC labyrinth

Download as ODP, PDF
Avădănei Andrei
Avădănei Andrei

Andrei Avădănei presented on his journey in information security and entrepreneurship. Some key points included: 1. He founded the security conference DefCamp in 2011 and the Cyber Security Research Center in Romania (CCSIR) to promote the local security community and industry. 2. Through DefCamp, he aimed to connect smart security professionals in Romania and worldwide through informal talks, competitions, and networking events. 3. His lessons emphasized an offensive security mindset, iterating on ideas through failures, building honeypots and backups, and staying responsive to feedback to improve. 4. He believes the black hat/white hat distinction is oversimplified and professionals can create positive impact

Technology
1 of 30
A journey through an INFOSEC labyrinth Andrei Avădănei Founder & CEO DefCamp contact@defcamp.ro
After this presentation... ➲ You won't be a better hacker ➲ You won't learn how to break things (if you are a cop, please leave the room, it's nothing interesting here) ➲ You won't learn how to make a conference ➲ You won't learn how to become $$_$$ ➲ You will learn IDEAS
Summary ➲ About me ➲ Security through entrepreneurship ➲ DefCamp ➲ CCSIR ➲ Q&A all the time. :-)
About me ➲ Founder & CEO of DefCamp ➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :)). ➲ Founder CCSIR ➲ Community manager @worldit.info ➲ Vice President at GREPIT ➲ Volunteer at BitDefender Romania ➲ Great results at several thousands national and international competitions ➲ and others.
History ➲ 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. The community evolved and I along with it ➲ 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history. ➲ 2009 - founded worldit.info. 2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendees from Romania. ➲ March 2011 – DefCamp idea sparked my brain. ➲ September 2011 – DefCamp @Bran (~70 attendees) ➲ December 2011 – DefCamp @Iasi. (~150 attendees) ➲ November 2012 – Founded CCSIR. ➲ December 2012 – DefCamp @Bucharest. (~200 attendees) ➲ During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc). ➲ … and many others.
Lesson #1.337 Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed! Disclaimer : ➲ That was my short story … ➲ The whole story is for my future nephews. :-) ➲ In reality there are many IFs, you know those statements from computer science courses ^_^
Lesson #2 If you are a good sniffer it's hard to fail! Listen all complaints of your friends circle and scale their frustration into projects!
Lesson #3 Build a honeypot, log and parse all the traffic. You'll catch a 0day ! Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
Lesson #4 Share wisely! Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
Lesson #5 Create backups in the cloud! You should ALWAYS have an ace up your sleeve!
Lesson #6 Encrypt your data! Sometimes is better to shut your mouth up and weight your words!
Lesson #7 Tunnel your traffic! Monitor how and where your words/projects/ideas are spreading for a better privacy.
Lesson #8 Stay up to date and upgrade if needed! Iterate, iterate, iterate!
Lesson #9 Be prepared to get hacked! Be prepared to fail. I was hacked several times in my history and here I am.
Lesson #10 Be responsive Build, listen your feedback, change, listen your feedback and so on...
Summary Security through entrepreneurship ➲ 1. Offensive security is better than defensive security! ➲ 2. If you are a good sniffer it's hard to fail! ➲ 3. Build a honeypot, log and parse all the traffic. You'll catch a 0day! ➲ 4. Share wisely! ➲ 5. Create backups in the cloud! ➲ 6. Encrypt your data! ➲ 7. Tunnel your traffic! ➲ 8. Stay up to date and upgrade if needed! ➲ 9. Be prepared to get hacked! ➲ 10. Be responsive.
Ok, great, I'm not done...yet
DefCamp ➲ IT Security & Hacking Conference ➲ Informal talks ➲ Connect smart guys from Romania and World Wide ➲ Experience exchange, connect with people, innovate ➲ Building a platform for launching and promoting local industry enthusiasts to the world ➲ DCTF, Wall of Sheep ➲ Three editions 'till now (Bran, Iasi, Bucharest) ➲ More to come
Boring, right?
But, what about... Offline SQL Injection Offline check-in system Private parties
Or, why not ... Passion, competitions, experience exchange After parties results flirting with the shooter :> Hacker girls :X
Or even more... Sharing Mass-media Protection Great audience
Why DefCamp? ➲ Because we care about passion ➲ We are not business guys but are trying to make a business from passion ➲ We have great speakers world wide, a smart audience, cool parties, hot chicks and black hats! :-) ➲ You can find a job (for ex. KPMG this year con), you can find friends, experience, resources ➲ You find 0days, vulnerabilities, showoffs, POCs, practical and theoritical talks ➲ We have something for everybody but you should learn where to look. ➲ We are not give everything, but you can get all by yourself ➲ ….
CCSIR ➲ Cyber Security Research Center from Romania (Centrul de Cercetare in Securitate Informatica din Romania) ➲ Projects ➲ Security Communication platform ➲ Security research ➲ Tracking ➲ Experience exchange ➲ International partnerships ➲ Do we have something like this in Romania!?!? We don't. ➲ ccsir.ro will be our public interface
Last but not least – some ideas ➲ Why Romania? It's a good place to start scalable projects. ➲ Try to predict the unpredictable and have a backup plan for unknown. ➲ Quality is very important, the money will come.. ➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc) ➲ Merge these stuff in an unusual way to create new things ➲ You cannot build something revolutionary, but you could build something different based on others experience ➲ Be honest, be crazy, believe in you and in your instincts ➲ Build a network of inputs around you and learn how to output only the important bit ➲ Pay attention to the people who listen more and talk less, they might be the next star ➲ Create small things step by step and thing big, now it depends about your legs length :P ➲ ➲ ➲ ...and most important, be persistent!
Bonus : Black hat vs White Hat vs W/E Color Hat ➲ It's a bullshit (B U L L S H I T), only a buzz word ➲ We hate when hackers are considered thieves ➲ I believe that there isn't any pure black hat or white hat ➲ … but there is a mix of variables that can tag you on a specific time in a side or another ➲ You can create great things in the INFOSEC field in a professional way ➲ CCSIR might be a good approach for making proffesional research
Thank you!
Now, who wants to drink a beer in the neighborhood ?:-)

Recommended

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
Avădănei Andrei
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)
Kit O'Connell
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)
Kit O'Connell
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
ChristopherTalib
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)
ClubHack
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber Defense
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
IT-oLogy
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modules
jerryorr
 

Recommended

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
Avădănei Andrei
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)
Kit O'Connell
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)
Kit O'Connell
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
ChristopherTalib
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)
ClubHack
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber Defense
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
IT-oLogy
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modules
jerryorr
 
Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010
Christian Heilmann
 
Let's interface
Let's interfaceLet's interface
Let's interface
Christian Heilmann
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
Paul Woodhead
 
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Paul Culmsee
 
Information Security for startups
Information Security for startupsInformation Security for startups
Information Security for startups
Stijn Vande Casteele
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
Chandrapal Badshah
 
Where Bad Code Comes From
Where Bad Code Comes FromWhere Bad Code Comes From
Where Bad Code Comes From
Marcin Floryan
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Codemotion
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"
Christian Heilmann
 
Touchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesTouchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: Notes
Visnja Milidragovic
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC Oslo
Christian Heilmann
 
Audrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAudrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharing
Agile Lietuva
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21
Yulia Ovchinnikova
 
Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.
Lele Canfora
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays
 
10 Career Tips for Software Developers
10 Career Tips for Software Developers10 Career Tips for Software Developers
10 Career Tips for Software Developers
Cory Miller
 
Killing the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteKilling the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynote
Christian Heilmann
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 
Nordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapNordkapp dConstruct09 Recap
Nordkapp dConstruct09 Recap
Teppo Kotirinta
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
Avădănei Andrei
 
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Avădănei Andrei
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
Avădănei Andrei
 

More Related Content

Similar to A journey through an INFOSEC labyrinth

Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010
Christian Heilmann
 
Let's interface
Let's interfaceLet's interface
Let's interface
Christian Heilmann
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
Paul Woodhead
 
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Paul Culmsee
 
Information Security for startups
Information Security for startupsInformation Security for startups
Information Security for startups
Stijn Vande Casteele
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
Chandrapal Badshah
 
Where Bad Code Comes From
Where Bad Code Comes FromWhere Bad Code Comes From
Where Bad Code Comes From
Marcin Floryan
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Codemotion
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"
Christian Heilmann
 
Touchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesTouchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: Notes
Visnja Milidragovic
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC Oslo
Christian Heilmann
 
Audrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAudrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharing
Agile Lietuva
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21
Yulia Ovchinnikova
 
Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.
Lele Canfora
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays
 
10 Career Tips for Software Developers
10 Career Tips for Software Developers10 Career Tips for Software Developers
10 Career Tips for Software Developers
Cory Miller
 
Killing the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteKilling the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynote
Christian Heilmann
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 
Nordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapNordkapp dConstruct09 Recap
Nordkapp dConstruct09 Recap
Teppo Kotirinta
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
Avădănei Andrei
 

Similar to A journey through an INFOSEC labyrinth (20)

Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010
 
Let's interface
Let's interfaceLet's interface
Let's interface
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
 
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
 
Information Security for startups
Information Security for startupsInformation Security for startups
Information Security for startups
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
 
Where Bad Code Comes From
Where Bad Code Comes FromWhere Bad Code Comes From
Where Bad Code Comes From
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"
 
Touchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesTouchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: Notes
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC Oslo
 
Audrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAudrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharing
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21
 
Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
 
10 Career Tips for Software Developers
10 Career Tips for Software Developers10 Career Tips for Software Developers
10 Career Tips for Software Developers
 
Killing the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteKilling the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynote
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
 
Nordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapNordkapp dConstruct09 Recap
Nordkapp dConstruct09 Recap
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
 

More from Avădănei Andrei

Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Avădănei Andrei
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
Avădănei Andrei
 
Polish the Wheel
Polish the WheelPolish the Wheel
Polish the Wheel
Avădănei Andrei
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
Avădănei Andrei
 
SmartFender
SmartFenderSmartFender
SmartFender
Avădănei Andrei
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
Avădănei Andrei
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
Avădănei Andrei
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentare
Avădănei Andrei
 
Spaghetti Code vs MVC
Spaghetti Code vs MVCSpaghetti Code vs MVC
Spaghetti Code vs MVC
Avădănei Andrei
 

More from Avădănei Andrei (9)

Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
 
Polish the Wheel
Polish the WheelPolish the Wheel
Polish the Wheel
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
 
SmartFender
SmartFenderSmartFender
SmartFender
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentare
 
Spaghetti Code vs MVC
Spaghetti Code vs MVCSpaghetti Code vs MVC
Spaghetti Code vs MVC
 

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 

A journey through an INFOSEC labyrinth

  • 1. A journey through an INFOSEC labyrinth Andrei Avădănei Founder & CEO DefCamp contact@defcamp.ro
  • 2. After this presentation... ➲ You won't be a better hacker ➲ You won't learn how to break things (if you are a cop, please leave the room, it's nothing interesting here) ➲ You won't learn how to make a conference ➲ You won't learn how to become $$_$$ ➲ You will learn IDEAS
  • 3. Summary ➲ About me ➲ Security through entrepreneurship ➲ DefCamp ➲ CCSIR ➲ Q&A all the time. :-)
  • 4. About me ➲ Founder & CEO of DefCamp ➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :)). ➲ Founder CCSIR ➲ Community manager @worldit.info ➲ Vice President at GREPIT ➲ Volunteer at BitDefender Romania ➲ Great results at several thousands national and international competitions ➲ and others.
  • 5. History ➲ 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. The community evolved and I along with it ➲ 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history. ➲ 2009 - founded worldit.info. 2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendees from Romania. ➲ March 2011 – DefCamp idea sparked my brain. ➲ September 2011 – DefCamp @Bran (~70 attendees) ➲ December 2011 – DefCamp @Iasi. (~150 attendees) ➲ November 2012 – Founded CCSIR. ➲ December 2012 – DefCamp @Bucharest. (~200 attendees) ➲ During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc). ➲ … and many others.
  • 6. Lesson #1.337 Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed! Disclaimer : ➲ That was my short story … ➲ The whole story is for my future nephews. :-) ➲ In reality there are many IFs, you know those statements from computer science courses ^_^
  • 7. Lesson #2 If you are a good sniffer it's hard to fail! Listen all complaints of your friends circle and scale their frustration into projects!
  • 8. Lesson #3 Build a honeypot, log and parse all the traffic. You'll catch a 0day ! Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
  • 9. Lesson #4 Share wisely! Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
  • 10. Lesson #5 Create backups in the cloud! You should ALWAYS have an ace up your sleeve!
  • 11. Lesson #6 Encrypt your data! Sometimes is better to shut your mouth up and weight your words!
  • 12. Lesson #7 Tunnel your traffic! Monitor how and where your words/projects/ideas are spreading for a better privacy.
  • 13. Lesson #8 Stay up to date and upgrade if needed! Iterate, iterate, iterate!
  • 14. Lesson #9 Be prepared to get hacked! Be prepared to fail. I was hacked several times in my history and here I am.
  • 15. Lesson #10 Be responsive Build, listen your feedback, change, listen your feedback and so on...
  • 16. Summary Security through entrepreneurship ➲ 1. Offensive security is better than defensive security! ➲ 2. If you are a good sniffer it's hard to fail! ➲ 3. Build a honeypot, log and parse all the traffic. You'll catch a 0day! ➲ 4. Share wisely! ➲ 5. Create backups in the cloud! ➲ 6. Encrypt your data! ➲ 7. Tunnel your traffic! ➲ 8. Stay up to date and upgrade if needed! ➲ 9. Be prepared to get hacked! ➲ 10. Be responsive.
  • 17. Ok, great, I'm not done...yet
  • 18. DefCamp ➲ IT Security & Hacking Conference ➲ Informal talks ➲ Connect smart guys from Romania and World Wide ➲ Experience exchange, connect with people, innovate ➲ Building a platform for launching and promoting local industry enthusiasts to the world ➲ DCTF, Wall of Sheep ➲ Three editions 'till now (Bran, Iasi, Bucharest) ➲ More to come
  • 20. But, what about... Offline SQL Injection Offline check-in system Private parties
  • 21. Or, why not ... Passion, competitions, experience exchange After parties results flirting with the shooter :> Hacker girls :X
  • 22. Or even more... Sharing Mass-media Protection Great audience
  • 23. Why DefCamp? ➲ Because we care about passion ➲ We are not business guys but are trying to make a business from passion ➲ We have great speakers world wide, a smart audience, cool parties, hot chicks and black hats! :-) ➲ You can find a job (for ex. KPMG this year con), you can find friends, experience, resources ➲ You find 0days, vulnerabilities, showoffs, POCs, practical and theoritical talks ➲ We have something for everybody but you should learn where to look. ➲ We are not give everything, but you can get all by yourself ➲ ….
  • 24.
  • 25. CCSIR ➲ Cyber Security Research Center from Romania (Centrul de Cercetare in Securitate Informatica din Romania) ➲ Projects ➲ Security Communication platform ➲ Security research ➲ Tracking ➲ Experience exchange ➲ International partnerships ➲ Do we have something like this in Romania!?!? We don't. ➲ ccsir.ro will be our public interface
  • 26.
  • 27. Last but not least – some ideas ➲ Why Romania? It's a good place to start scalable projects. ➲ Try to predict the unpredictable and have a backup plan for unknown. ➲ Quality is very important, the money will come.. ➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc) ➲ Merge these stuff in an unusual way to create new things ➲ You cannot build something revolutionary, but you could build something different based on others experience ➲ Be honest, be crazy, believe in you and in your instincts ➲ Build a network of inputs around you and learn how to output only the important bit ➲ Pay attention to the people who listen more and talk less, they might be the next star ➲ Create small things step by step and thing big, now it depends about your legs length :P ➲ ➲ ➲ ...and most important, be persistent!
  • 28. Bonus : Black hat vs White Hat vs W/E Color Hat ➲ It's a bullshit (B U L L S H I T), only a buzz word ➲ We hate when hackers are considered thieves ➲ I believe that there isn't any pure black hat or white hat ➲ … but there is a mix of variables that can tag you on a specific time in a side or another ➲ You can create great things in the INFOSEC field in a professional way ➲ CCSIR might be a good approach for making proffesional research
  • 30. Now, who wants to drink a beer in the neighborhood ?:-)