SlideShare a Scribd company logo
Cryptolingus Scavenger Hunt (CLSH)
Security Scavenger Hunts Brian Mork (@hermit_hacker)
Security BSides DFW 2014
First Things First…
Let’s Play A Game
http://sh.cryptolingus.net
http://sh.cryptolingus.net/scoreboard.php
Who Am I?
❖ Former DOD, Coder, RF Simulation, etc.
❖ Co-Founder, Team Cryptolingus
❖ Information Security Operations Manager
❖ Father, Husband, Hacker, Gamer (FHHG)
❖ Certification Kung-Fu:
❖ GIAC Certified Forensic Expert
❖ Red Hat Certified SysAdmin / Engineer
❖ Application Security Specialist? :)
Where Has Security Training Gone Wrong?
Why Does It All Suck?
You Forgot To Make It Fun
So Let’s Fix That
But How?
❖ 1. Physical Challenges
❖ 2. Online Challenges
❖ 3. Make Users Interact With Each Other
❖ … oh, and prizes. :)
What We Done Did
We Built It, They Came
❖ Get your minds out of the gutter.
❖ We couldn’t find a decent scoreboard that didn’t require massive amounts of
Microsoft redistributable packages or obscene dependencies, so we built it
and open sourced it… only PHP 5 required.
Behold: The CLSH!
❖ Register
❖ Login
❖ Play
❖ Simple and extensible
❖ Automatic scoreboard
❖ Logging for dispute
resolution*
Security Awareness Week
Day -1
❖ Dropped physical item (wipe) with no
other information…
Day 1
❖ Official notice sent out with link to the primary page
❖ Instructions on how to register and play
❖ Lunch and learn: physical safety
Day 2
❖ Lunch and learn: safe browsing
❖ Notification of a hidden game…
Day 3
❖ Lunch and learn: social engineering demo
❖ Physical scavenger hunt begins
Day 4
❖ Security Jeopardy (Round 1)
❖ This actually was mostly out there, so just modified and re-released
❖ https://github.com/hermit-hacker/SecJep
❖ Physical scavenger hunt begins
❖ Folks who were paying attention noticed comments about one time pads…
Day 5
❖ Security Jeopardy Finals
❖ Physical scavenger hunt begins
❖ The final components of the hidden game are exposed
❖ Prizes!
BSides Memphis Throwback…
H/T @lotusr00t
Stalling Technique:
Security Jeopardy Anyone?
Questions?
@hermit_hacker
https://github.com/hermit-hacker/CLSH
Hat Tips
❖ Madhat (@unspecific) for the custom artwork
❖ Liz Hazen for running the information security awareness programs

More Related Content

Viewers also liked

A Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - MorkA Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - Mork
Nothing Nowhere
 
A Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic Failures
Nothing Nowhere
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
Priyanka Aash
 
Splunking HL7 Healthcare Data for Business Value
Splunking HL7 Healthcare Data for Business Value Splunking HL7 Healthcare Data for Business Value
Splunking HL7 Healthcare Data for Business Value
Splunk
 
Splunking HL7 Healthcare Data for Business Value
Splunking HL7 Healthcare Data for Business Value Splunking HL7 Healthcare Data for Business Value
Splunking HL7 Healthcare Data for Business Value
Splunk
 
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Bad for Enterprise: Attacking BYOD enterprise mobility security solutionsBad for Enterprise: Attacking BYOD enterprise mobility security solutions
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Priyanka Aash
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
Splunk
 
SOC Duties and Training Needs
SOC Duties and Training NeedsSOC Duties and Training Needs
SOC Duties and Training Needs
Amin Asia
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauth
Priyanka Aash
 
Hacking Exposed LIVE: Attacking in the Shadows
Hacking Exposed LIVE: Attacking in the ShadowsHacking Exposed LIVE: Attacking in the Shadows
Hacking Exposed LIVE: Attacking in the Shadows
Priyanka Aash
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Innovation Network Technologies: InNet
 
How to select A good itsm tool
How to select A good itsm toolHow to select A good itsm tool
How to select A good itsm tool
Mohamed Zohair
 
Breaking Kernal address space layout rendomization: KASLAR with Intel TSX
Breaking Kernal address space layout rendomization: KASLAR with Intel TSXBreaking Kernal address space layout rendomization: KASLAR with Intel TSX
Breaking Kernal address space layout rendomization: KASLAR with Intel TSX
Priyanka Aash
 
Behind the scenes with IOS security
Behind the scenes with IOS securityBehind the scenes with IOS security
Behind the scenes with IOS security
Priyanka Aash
 
How to Calculate WACC
How to Calculate WACCHow to Calculate WACC
How to Calculate WACC
Mohamed Zohair
 
Intra process memory protection for applications on ARM and x86
Intra process memory protection for applications on ARM and x86Intra process memory protection for applications on ARM and x86
Intra process memory protection for applications on ARM and x86
Priyanka Aash
 
Best Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The EnteprriseBest Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The Enteprrise
Splunk
 

Viewers also liked (17)

A Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - MorkA Brief History of Cryptographic Failures - Mork
A Brief History of Cryptographic Failures - Mork
 
A Brief History of Cryptographic Failures
A Brief History of Cryptographic FailuresA Brief History of Cryptographic Failures
A Brief History of Cryptographic Failures
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
 
Splunking HL7 Healthcare Data for Business Value
Splunking HL7 Healthcare Data for Business Value Splunking HL7 Healthcare Data for Business Value
Splunking HL7 Healthcare Data for Business Value
 
Splunking HL7 Healthcare Data for Business Value
Splunking HL7 Healthcare Data for Business Value Splunking HL7 Healthcare Data for Business Value
Splunking HL7 Healthcare Data for Business Value
 
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Bad for Enterprise: Attacking BYOD enterprise mobility security solutionsBad for Enterprise: Attacking BYOD enterprise mobility security solutions
Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
 
Customer Presentation
Customer PresentationCustomer Presentation
Customer Presentation
 
SOC Duties and Training Needs
SOC Duties and Training NeedsSOC Duties and Training Needs
SOC Duties and Training Needs
 
1000 ways to die in mobile oauth
1000 ways to die in mobile oauth1000 ways to die in mobile oauth
1000 ways to die in mobile oauth
 
Hacking Exposed LIVE: Attacking in the Shadows
Hacking Exposed LIVE: Attacking in the ShadowsHacking Exposed LIVE: Attacking in the Shadows
Hacking Exposed LIVE: Attacking in the Shadows
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
 
How to select A good itsm tool
How to select A good itsm toolHow to select A good itsm tool
How to select A good itsm tool
 
Breaking Kernal address space layout rendomization: KASLAR with Intel TSX
Breaking Kernal address space layout rendomization: KASLAR with Intel TSXBreaking Kernal address space layout rendomization: KASLAR with Intel TSX
Breaking Kernal address space layout rendomization: KASLAR with Intel TSX
 
Behind the scenes with IOS security
Behind the scenes with IOS securityBehind the scenes with IOS security
Behind the scenes with IOS security
 
How to Calculate WACC
How to Calculate WACCHow to Calculate WACC
How to Calculate WACC
 
Intra process memory protection for applications on ARM and x86
Intra process memory protection for applications on ARM and x86Intra process memory protection for applications on ARM and x86
Intra process memory protection for applications on ARM and x86
 
Best Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The EnteprriseBest Practices For Sharing Data Across The Enteprrise
Best Practices For Sharing Data Across The Enteprrise
 

Similar to BSides DFW 2014 - Security Scavenger Hunts

Rmd mithdd 20130305
Rmd mithdd 20130305Rmd mithdd 20130305
Rmd mithdd 20130305
Sheepy D.
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Positive Hack Days
 
Phd final
Phd finalPhd final
Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...
Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...
Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...
Escoles Universitàries Gimbernat i Tomàs Cerdà
 
Beat Your Mom At Solitaire—Reverse Engineering of Computer Games
Beat Your Mom At Solitaire—Reverse Engineering of Computer GamesBeat Your Mom At Solitaire—Reverse Engineering of Computer Games
Beat Your Mom At Solitaire—Reverse Engineering of Computer Games
Christoph Matthies
 
A Google Event You Won't Forget
A Google Event You Won't ForgetA Google Event You Won't Forget
A Google Event You Won't Forget
Beau Bullock
 
James Forshaw, elevator action
James Forshaw, elevator actionJames Forshaw, elevator action
James Forshaw, elevator action
PacSecJP
 
PHP games
PHP gamesPHP games
PHP games
harwoodr
 
Give Me Your Data!
Give Me Your Data!Give Me Your Data!
Give Me Your Data!
Positive Hack Days
 
make something that makes something (that isn't a game)
make something that makes something (that isn't a game)make something that makes something (that isn't a game)
make something that makes something (that isn't a game)
Gillian Smith
 
Josh Cohen Visual Resume
Josh Cohen Visual ResumeJosh Cohen Visual Resume
Josh Cohen Visual Resume
Joshua Cohen
 
A survival guide for UX in complex environments
A survival guide for UX in complex environmentsA survival guide for UX in complex environments
A survival guide for UX in complex environments
Paula de Matos
 
Adversarial Post-Ex: Lessons From The Pros
Adversarial Post-Ex: Lessons From The ProsAdversarial Post-Ex: Lessons From The Pros
Adversarial Post-Ex: Lessons From The Pros
Justin Warner
 
Adversarial Post Ex - Lessons from the Pros
Adversarial Post Ex - Lessons from the ProsAdversarial Post Ex - Lessons from the Pros
Adversarial Post Ex - Lessons from the Pros
sixdub
 
Understanding and implementing website security
Understanding and implementing website securityUnderstanding and implementing website security
Understanding and implementing website security
Drew Gorton
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
Neil Lines
 
Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)
Rob Fry
 
Do bad things happen on Windows
Do bad things happen on WindowsDo bad things happen on Windows
Do bad things happen on Windows
Jesse Moore
 
Sacramento Community College Game Club Presentation
	Sacramento Community College Game Club Presentation	Sacramento Community College Game Club Presentation
Sacramento Community College Game Club Presentation
Joseph Burchett
 

Similar to BSides DFW 2014 - Security Scavenger Hunts (19)

Rmd mithdd 20130305
Rmd mithdd 20130305Rmd mithdd 20130305
Rmd mithdd 20130305
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
 
Phd final
Phd finalPhd final
Phd final
 
Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...
Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...
Sesión técnica sobre Game Design, Gameplay y metologías agile para proyectos ...
 
Beat Your Mom At Solitaire—Reverse Engineering of Computer Games
Beat Your Mom At Solitaire—Reverse Engineering of Computer GamesBeat Your Mom At Solitaire—Reverse Engineering of Computer Games
Beat Your Mom At Solitaire—Reverse Engineering of Computer Games
 
A Google Event You Won't Forget
A Google Event You Won't ForgetA Google Event You Won't Forget
A Google Event You Won't Forget
 
James Forshaw, elevator action
James Forshaw, elevator actionJames Forshaw, elevator action
James Forshaw, elevator action
 
PHP games
PHP gamesPHP games
PHP games
 
Give Me Your Data!
Give Me Your Data!Give Me Your Data!
Give Me Your Data!
 
make something that makes something (that isn't a game)
make something that makes something (that isn't a game)make something that makes something (that isn't a game)
make something that makes something (that isn't a game)
 
Josh Cohen Visual Resume
Josh Cohen Visual ResumeJosh Cohen Visual Resume
Josh Cohen Visual Resume
 
A survival guide for UX in complex environments
A survival guide for UX in complex environmentsA survival guide for UX in complex environments
A survival guide for UX in complex environments
 
Adversarial Post-Ex: Lessons From The Pros
Adversarial Post-Ex: Lessons From The ProsAdversarial Post-Ex: Lessons From The Pros
Adversarial Post-Ex: Lessons From The Pros
 
Adversarial Post Ex - Lessons from the Pros
Adversarial Post Ex - Lessons from the ProsAdversarial Post Ex - Lessons from the Pros
Adversarial Post Ex - Lessons from the Pros
 
Understanding and implementing website security
Understanding and implementing website securityUnderstanding and implementing website security
Understanding and implementing website security
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)Security Operations as a Video Game (Bsides Vancouver 2019)
Security Operations as a Video Game (Bsides Vancouver 2019)
 
Do bad things happen on Windows
Do bad things happen on WindowsDo bad things happen on Windows
Do bad things happen on Windows
 
Sacramento Community College Game Club Presentation
	Sacramento Community College Game Club Presentation	Sacramento Community College Game Club Presentation
Sacramento Community College Game Club Presentation
 

BSides DFW 2014 - Security Scavenger Hunts