SlideShare a Scribd company logo

CTFs, Bugbounty and your security career

I
Ibrahim El-Sayed

Ibrahim M. El-Sayed discusses Capture the Flag (CTF) competitions and bug bounty programs. CTFs are ethical hacking competitions where participants solve computer security challenges to capture flags and earn points for their team. They have been held since the 1990s and involve categories like pwnable, web, forensics, and crypto challenges. Bug bounty programs allow security researchers to test products for bugs and get rewarded for valid vulnerability reports. Top companies like Facebook, Apple, and Google run prominent bug bounty programs. Both CTFs and bug bounties provide hands-on experience for security careers, but bug bounties more closely mirror real-world vulnerability discovery and have monetary rewards.

Technology
1 of 74
Download to read offline
Ibrahim M. El-Sayed CTFs, BugBounty and professional work
$whoami • Professional work • Pentester/RedTeam • Security engineer • Companies • EGCert/QCert • Secforce Deloitte • Facebook • CTFs • BugBounty
• Capture The Flag competitions (CTFs) • Bug bounty (BB) • CTFs and Bug bounty vs career • Questions Outline
Capture The Flag (CTF) History and Definition • Definition • Ethical hacking competitions where participants are expected solve computer security challenges • History • 1996 ~24 years (Defcon) • In 2010 started to be more popular • Chaos Computer Club (CCC) https://www.ccc.de/ https://defcon.org/
Capture The Flag (CTF) History and Definition • Duration • 24-48 hours (usually over weekend) • Team size • 4-8 for finals (on-site) • Online qualifications (∞)
What is the flag?
Capture The Flag (CTF) History and Definition • The Flag is usually a string of a specific format • e.g • TMCTF[abcdefg12346] • DC{abcdefgh123324324} • But it can be any text as well :) or a combination of strings you will build during the challenge
Capture The Flag (CTF) Types • Jeopardy • Attack and Defence
Capture The Flag (CTF) Types - Jeopardy • Categories • Pwn - Mobile - Web - Forensics - Reverse engineer - Network … • Each category contains tasks • Teams get points when the finish the task (get the flag) • Team with most points win the competition
Google CTF
https://twitter.com/internetwache/status/697172252211683328/photo/1
Capture The Flag (CTF) Jeopardy - Categories • (Pwn)able • A service running usually written in a native language • Flag: usually a file on the system • Methodology: • Usually binary is provided • Reverse the binary • Find a bug • Write an exploit
Capture The Flag (CTF) Jeopardy - Categories • Web • Web application and you are expected to attack t • Flag: file on the system, stored in the db, or in another user’s session • Methodology • Find a web bug (XSS, RCE, SQLi, etc) • Exploit the bug to read the flag
Capture The Flag (CTF) Jeopardy - Categories - Web
Capture The Flag (CTF) Jeopardy - Categories - Web
Capture The Flag (CTF) Jeopardy - Categories - Reverse Engineering • An application that has the flag but you need to understand how it works to return the key • e.g Enter password to return you the flag • Can be native or a high-level language
Capture The Flag (CTF) Jeopardy - Categories - Forensics • Memory dump, Disk image, Network capture, Some file format • Flag: usually hidden inside the target file • Methodology • Depends on the file type • Network: understand what is going and identify anomalies try to find the flag • Disk image: How data stored on the drive and how you can restore deleted data
Capture The Flag (CTF) Jeopardy - Categories - Crypto • Encrypted Blob • Flag: decrypt the blob you will find the flag • Methodology • Understand how the encryption algorithm
Capture The Flag (CTF) Categories - Attack-Defence • Machines running services • Attackers try to attack the service and defend it • Points are given for finding the bugs • Time defending the services • Each team own services • Defend services • Keep services running • Attack others • Standard Format
Capture The Flag (CTF) Categories - Attack-Defence Team A Team B Team C Machine A Machine B Machine C Defend attack Defend
Capture The Flag (CTF) Categories - Attack-Defence • King of the hill • One or more services • Teams attack and then defend the services
Capture The Flag (CTF) Categories - Attack-Defence Team A Team B Team CMachine A Team D
Capture The Flag (CTF) Categories - Attack-Defence • Example CTFs • Defcon finals • TrendMicro finals • Arab Cyber Security wargames • iCTF • RuCTFe
Capture The Flag (CTF) Arab Cyber Security wargames - mixed • Style: mixed jeopardy and AD • Team size: 3 - 5 • Duration: 2 days • Qualifications and Finals • Attack and defence style: teams attack machines, fix/defend them, keep service running and access you get points
Capture The Flag (CTF) TrendMicro - Mixed • Style: mixed jeopardy and AD • Team size: 5 • Duration: 2 days • Attack and defence style: teams attack machines, fix/defend them, keep service running and access you get points
CTF - Attack and Defence - TM 2017 Finals
Capture The Flag (CTF) Attack-Defence - TrendMicro source: https://www.twitter.com/TrendMicroCTF
Capture The Flag (CTF) What a good CTF look like? • No guessing • Diversity in categories • Fair scoring • Stable challenges • Enough time
Capture The Flag (CTF) Top Teams • Top Teams • https://ctftime.org/stats/ • PPP • DragonSector • LC↯BC • TrailOfBits • Top players • Geohot • Lokihardt • Hellman pwning.net https://dragonsector.pl/
Capture The Flag (CTF) QA • Do I need a team to play CTFs? • What are the best CTFs? • How to start playing CTFs? • Are they related to real life work/bugs?
Credits: Word Cloud by Epic Top 10
Bug bounty (BB) Definition • Companies allow researchers to test and find bugs in their products for which they can reward them back • Products: • Software: web application • Hardware: mobile devices
Bug bounty (BB) History • 1995: Netscape "Netscape Bugs Bounty", a program that rewards users who help Netscape find and report "bugs" in the beta versions of its recently announced Netscape Navigator 2.0 software

Bug bounty (BB)
Bug bounty (BB) History • 2002: iDefense • Cash rewards up to $400 • Middleman between researcher and software vendor • 2004: Mozzila • Cash from $500 • 2005: Zero Day Initiative • 2007: Pwn2Own • 2010: Google for web application • 2011: Facebook, BugCrowd • 2012: PayPal, HackerOne,
Bug bounty (BB) Facebook • Started in 2011 • Started with focus on web and mobile applications • Expanded to all products • Expanded further to third party applications and data leaks • Paid more than $6M in Bug bounty Facebook, Inc. / Public domain
Bug bounty (BB) Apple • Covers all their products • Focuses on hardwares e.g • iPhones • Apple Watch Original: Rob Janoff / Public domain
Bug bounty (BB) Zero Day Initiative • Covers any products on the Internet (as long as they have value) • They acts as a middleman between the researcher and vendor Trend Micro / Public domain
Bug bounty (BB) How it works? • Use the product • Find bugs Reward $$ • Reproduce the report • Deduplicate • Check originality • Fix Report to Facebook
Bug bounty (BB) How it looks?
Bug bounty (BB) How it looks?
Bug bounty (BB) How it looks?
Bug bounty (BB) What is a good BB program? • Time to triage? • Time to reward? • Time to fix? • Minimum bounty • scope
Bug bounty (BB) Researchers • Top researchers? • How do you know it is a top researcher? • What is a top researcher? • Number of submissions • Signal • Creativity
Bug bounty (BB) Researchers • Snipers • Research • Find bugs in technology • Find all BB programs that are affected Photo by Annie Spratt on Unsplash
Bug bounty (BB) Researchers • Top researchers • Michał Bentkowski (@SecurityMB) • Masato Kinugawa (@kinugawamasato) • Orange (@orange_8361) • File Descriptor (@filedescriptor) • Nicolas Grégoire (@Agarri_FR) • Frans Rosen (@fransrosen)
Bug bounty (BB) Researchers • Recon masters • Write tools to find the scope • Find the weakest link • Report issues Photo by Franck V. on Unsplash
Bug bounty (BB) Researchers • Top researchers • Mark Litchfield (@BugBountyHQ) • @NahamSec • @thedawgyg
Bug bounty (BB) QA • How to start bug bounty?
Career Image by Arek Socha from Pixabay 
Career Roles • Offensive • How to break? • Identifying vulnerabilities • Blackbox • How to weaponize? • Developing exploits • Full stack
Career Roles - Offensive • Vulnerability researcher • Redteam/Pentest • Exploit developer
Career Roles • Defensive • How to break? • Identifying vulnerabilities • Whitebox • Writing PoCs • How to securely build? • Fixing and prevent bugs • Design systems/application
Career Roles - Defensive • Application security engineer • Network security engineer • Malware analyst • Incident response engineer
Career Roles vs Skillset • Vulnerability researcher • Redteam/Pentest • Exploit developer • App security engineer • Network security engineer • Malware analyst • Incident response engineer • Asset discovery (recon) • OSINT • Reverse engineering • Exploitation • Forensics • Code review • Coding • System design - Code fixes • Fuzzing • application security (Web - Mobile)
Career Roles vs CTFs and BB Vulnerability researcher • Code review • Fuzzing • Application security • Reverse Engineering Reverse engineering Web Pwnable CTF BugBounty Web Application security
Career Pentest • Recon • Application security App securty (Web - Mobile)CTF BugBounty Recon Web/Mobile Roles vs CTFs and BB
Career Exploit developer • Exploitation • Native security • System Design Pwnabel Web Native Security CTF BugBounty Roles vs CTFs and BB
Career Malware Analyst • Reverse Engineering • Code Review • System Design • Forensics Reverse engineering Code Review Forensics System Design - Code fixes CTF BugBounty Roles vs CTFs and BB
Career Differences between CTFs and BugBounty • Real world challenges (superficial?) • CVE-2019-11043 - PHP • Andrew Danau from Wallarm (LC↯BC) • Realworld CTF • RCE • CVE-2019-6690 - python-gnupg • Alexander Kjäll and Stig Palmquist • Insomni’hack
Career Differences between CTFs and BugBounty • Real world challenges (superficial?) • CVE-2019-11043 - PHP • Andrew Danau from Wallarm (LC↯BC) • Realworld CTF • RCE • CVE-2019-6690 - python-gnupg • Alexander Kjäll and Stig Palmquist • Insomni’hack
Career Differences between CTFs and BugBounty • HITCON CTF 2016 • 3 Zerodays in SugarCRM • LCBC, PPP, Cykorkinesis • CVE-2012-1823 - PHP • Endbazen • Google CTF Finals 2019 - Suidbash • https://www.youtube.com/watch?v=-wGtxJ8opa8
Career Differences between CTFs and BugBounty • Bug bounty - Exploitation techniques • Finding novel ways to exploit bugs => Reward • Cross-site Leaks • documented over a decade ago • BB hunter exploited it • Google Search XSS • Owning The Clout Through Server Side Request Forgery
Career Differences between CTFs and BugBounty • Reward • Bugbounty $$$ Credits to Jericho (CC)
Career Differences between CTFs and BugBounty • Reward • CTF Credits to Jericho (CC) Public Domain(CC)
Sad loser / CC BY-SA Career Differences between CTFs and BugBounty • Experience - Holistic view • BugBounty
Career Differences between CTFs and BugBounty • Experience • CTF ArnoldReinhold / CC BY-SA Alan Turing
Summary Photo by Nathan Dumlao on Unsplash
One last slide Personal view Photo by Saketh Garuda on Unsplash
Questions?

Recommended

Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
EC-Council
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF Training
Heba Hamdy Farahat
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skill
Ollie Whitehouse
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!
Steven Carlson
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
Steven Carlson
 
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
StHack
 

Recommended

Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
EC-Council
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF Training
Heba Hamdy Farahat
 
Why defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skillWhy defensive research is sexy too.. … and a real sign of skill
Why defensive research is sexy too.. … and a real sign of skill
Ollie Whitehouse
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!
Steven Carlson
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
ShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdfShiftGearsWithInformationSecurity.pdf
ShiftGearsWithInformationSecurity.pdf
Steven Carlson
 
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
StHack
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
Joe McCray
 
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware OperationsRacketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Dimitry Snezhkov
 
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdfMortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
ssuserca55ee
 
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdfMortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
ssuserca55ee
 
Secure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldSecure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real world
Ollie Whitehouse
 
Root the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF AdministrationRoot the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF Administration
Christopher Grayson
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
I can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CKI can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CK
MITRE ATT&CK
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slidesWallarm
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
Satria Ady Pradana
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
CASCouncil
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON
 
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And Attribution
Michael Boman
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic Malware
Lauren Sheppard
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic Malware
Okta
 
Capture The Flag
Capture The FlagCapture The Flag
Capture The Flag
Omar Fathy
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe Klein
Digicomp Academy AG
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Agile Testing Alliance
 
DroidCon UK 2017 recap presentation
DroidCon UK 2017 recap presentationDroidCon UK 2017 recap presentation
DroidCon UK 2017 recap presentation
Matthew Groves
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

More Related Content

Similar to CTFs, Bugbounty and your security career

Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
Joe McCray
 
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware OperationsRacketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Dimitry Snezhkov
 
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdfMortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
ssuserca55ee
 
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdfMortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
ssuserca55ee
 
Secure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldSecure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real world
Ollie Whitehouse
 
Root the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF AdministrationRoot the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF Administration
Christopher Grayson
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
Claus Cramon Houmann
 
I can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CKI can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CK
MITRE ATT&CK
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slidesWallarm
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
Satria Ady Pradana
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
CASCouncil
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON
 
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And Attribution
Michael Boman
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic Malware
Lauren Sheppard
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic Malware
Okta
 
Capture The Flag
Capture The FlagCapture The Flag
Capture The Flag
Omar Fathy
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe Klein
Digicomp Academy AG
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Agile Testing Alliance
 
DroidCon UK 2017 recap presentation
DroidCon UK 2017 recap presentationDroidCon UK 2017 recap presentation
DroidCon UK 2017 recap presentation
Matthew Groves
 

Similar to CTFs, Bugbounty and your security career (20)

Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
 
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware OperationsRacketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
 
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdfMortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
 
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdfMortaza_Behesti_Al_Saeed_CyberSec.pdf
Mortaza_Behesti_Al_Saeed_CyberSec.pdf
 
Secure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real worldSecure App Aspirations: Why it is very difficult in the real world
Secure App Aspirations: Why it is very difficult in the real world
 
Root the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF AdministrationRoot the Box - An Open Source Platform for CTF Administration
Root the Box - An Open Source Platform for CTF Administration
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
I can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CKI can haz cake: Benefits of working with MITRE on ATT&CK
I can haz cake: Benefits of working with MITRE on ATT&CK
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?
 
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
ITCamp 2013 - Lorant Domokos - Chasing the one codebase, multiple platforms d...
 
DEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And AttributionDEEPSEC 2013: Malware Datamining And Attribution
DEEPSEC 2013: Malware Datamining And Attribution
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic Malware
 
Genetic Malware
Genetic MalwareGenetic Malware
Genetic Malware
 
Capture The Flag
Capture The FlagCapture The Flag
Capture The Flag
 
IPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe KleinIPv6 Security Talk mit Joe Klein
IPv6 Security Talk mit Joe Klein
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
DroidCon UK 2017 recap presentation
DroidCon UK 2017 recap presentationDroidCon UK 2017 recap presentation
DroidCon UK 2017 recap presentation
 

Recently uploaded

A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 

Recently uploaded (20)

A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 

CTFs, Bugbounty and your security career

  • 1. Ibrahim M. El-Sayed CTFs, BugBounty and professional work
  • 2. $whoami • Professional work • Pentester/RedTeam • Security engineer • Companies • EGCert/QCert • Secforce Deloitte • Facebook • CTFs • BugBounty
  • 3. • Capture The Flag competitions (CTFs) • Bug bounty (BB) • CTFs and Bug bounty vs career • Questions Outline
  • 4. Capture The Flag (CTF) History and Definition • Definition • Ethical hacking competitions where participants are expected solve computer security challenges • History • 1996 ~24 years (Defcon) • In 2010 started to be more popular • Chaos Computer Club (CCC) https://www.ccc.de/ https://defcon.org/
  • 5. Capture The Flag (CTF) History and Definition • Duration • 24-48 hours (usually over weekend) • Team size • 4-8 for finals (on-site) • Online qualifications (∞)
  • 6. What is the flag?
  • 7. Capture The Flag (CTF) History and Definition • The Flag is usually a string of a specific format • e.g • TMCTF[abcdefg12346] • DC{abcdefgh123324324} • But it can be any text as well :) or a combination of strings you will build during the challenge
  • 8. Capture The Flag (CTF) Types • Jeopardy • Attack and Defence
  • 9. Capture The Flag (CTF) Types - Jeopardy • Categories • Pwn - Mobile - Web - Forensics - Reverse engineer - Network … • Each category contains tasks • Teams get points when the finish the task (get the flag) • Team with most points win the competition
  • 12. Capture The Flag (CTF) Jeopardy - Categories • (Pwn)able • A service running usually written in a native language • Flag: usually a file on the system • Methodology: • Usually binary is provided • Reverse the binary • Find a bug • Write an exploit
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Capture The Flag (CTF) Jeopardy - Categories • Web • Web application and you are expected to attack t • Flag: file on the system, stored in the db, or in another user’s session • Methodology • Find a web bug (XSS, RCE, SQLi, etc) • Exploit the bug to read the flag
  • 18. Capture The Flag (CTF) Jeopardy - Categories - Web
  • 19. Capture The Flag (CTF) Jeopardy - Categories - Web
  • 20. Capture The Flag (CTF) Jeopardy - Categories - Reverse Engineering • An application that has the flag but you need to understand how it works to return the key • e.g Enter password to return you the flag • Can be native or a high-level language
  • 21. Capture The Flag (CTF) Jeopardy - Categories - Forensics • Memory dump, Disk image, Network capture, Some file format • Flag: usually hidden inside the target file • Methodology • Depends on the file type • Network: understand what is going and identify anomalies try to find the flag • Disk image: How data stored on the drive and how you can restore deleted data
  • 22. Capture The Flag (CTF) Jeopardy - Categories - Crypto • Encrypted Blob • Flag: decrypt the blob you will find the flag • Methodology • Understand how the encryption algorithm
  • 23. Capture The Flag (CTF) Categories - Attack-Defence • Machines running services • Attackers try to attack the service and defend it • Points are given for finding the bugs • Time defending the services • Each team own services • Defend services • Keep services running • Attack others • Standard Format
  • 24. Capture The Flag (CTF) Categories - Attack-Defence Team A Team B Team C Machine A Machine B Machine C Defend attack Defend
  • 25. Capture The Flag (CTF) Categories - Attack-Defence • King of the hill • One or more services • Teams attack and then defend the services
  • 26. Capture The Flag (CTF) Categories - Attack-Defence Team A Team B Team CMachine A Team D
  • 27. Capture The Flag (CTF) Categories - Attack-Defence • Example CTFs • Defcon finals • TrendMicro finals • Arab Cyber Security wargames • iCTF • RuCTFe
  • 28. Capture The Flag (CTF) Arab Cyber Security wargames - mixed • Style: mixed jeopardy and AD • Team size: 3 - 5 • Duration: 2 days • Qualifications and Finals • Attack and defence style: teams attack machines, fix/defend them, keep service running and access you get points
  • 29. Capture The Flag (CTF) TrendMicro - Mixed • Style: mixed jeopardy and AD • Team size: 5 • Duration: 2 days • Attack and defence style: teams attack machines, fix/defend them, keep service running and access you get points
  • 30. CTF - Attack and Defence - TM 2017 Finals
  • 31. Capture The Flag (CTF) Attack-Defence - TrendMicro source: https://www.twitter.com/TrendMicroCTF
  • 32. Capture The Flag (CTF) What a good CTF look like? • No guessing • Diversity in categories • Fair scoring • Stable challenges • Enough time
  • 33. Capture The Flag (CTF) Top Teams • Top Teams • https://ctftime.org/stats/ • PPP • DragonSector • LC↯BC • TrailOfBits • Top players • Geohot • Lokihardt • Hellman pwning.net https://dragonsector.pl/
  • 34. Capture The Flag (CTF) QA • Do I need a team to play CTFs? • What are the best CTFs? • How to start playing CTFs? • Are they related to real life work/bugs?
  • 35. Credits: Word Cloud by Epic Top 10
  • 36. Bug bounty (BB) Definition • Companies allow researchers to test and find bugs in their products for which they can reward them back • Products: • Software: web application • Hardware: mobile devices
  • 37. Bug bounty (BB) History • 1995: Netscape "Netscape Bugs Bounty", a program that rewards users who help Netscape find and report "bugs" in the beta versions of its recently announced Netscape Navigator 2.0 software

  • 39. Bug bounty (BB) History • 2002: iDefense • Cash rewards up to $400 • Middleman between researcher and software vendor • 2004: Mozzila • Cash from $500 • 2005: Zero Day Initiative • 2007: Pwn2Own • 2010: Google for web application • 2011: Facebook, BugCrowd • 2012: PayPal, HackerOne,
  • 40. Bug bounty (BB) Facebook • Started in 2011 • Started with focus on web and mobile applications • Expanded to all products • Expanded further to third party applications and data leaks • Paid more than $6M in Bug bounty Facebook, Inc. / Public domain
  • 41. Bug bounty (BB) Apple • Covers all their products • Focuses on hardwares e.g • iPhones • Apple Watch Original: Rob Janoff / Public domain
  • 42. Bug bounty (BB) Zero Day Initiative • Covers any products on the Internet (as long as they have value) • They acts as a middleman between the researcher and vendor Trend Micro / Public domain
  • 43. Bug bounty (BB) How it works? • Use the product • Find bugs Reward $$ • Reproduce the report • Deduplicate • Check originality • Fix Report to Facebook
  • 44. Bug bounty (BB) How it looks?
  • 45. Bug bounty (BB) How it looks?
  • 46. Bug bounty (BB) How it looks?
  • 47. Bug bounty (BB) What is a good BB program? • Time to triage? • Time to reward? • Time to fix? • Minimum bounty • scope
  • 48. Bug bounty (BB) Researchers • Top researchers? • How do you know it is a top researcher? • What is a top researcher? • Number of submissions • Signal • Creativity
  • 49. Bug bounty (BB) Researchers • Snipers • Research • Find bugs in technology • Find all BB programs that are affected Photo by Annie Spratt on Unsplash
  • 50. Bug bounty (BB) Researchers • Top researchers • Michał Bentkowski (@SecurityMB) • Masato Kinugawa (@kinugawamasato) • Orange (@orange_8361) • File Descriptor (@filedescriptor) • Nicolas Grégoire (@Agarri_FR) • Frans Rosen (@fransrosen)
  • 51. Bug bounty (BB) Researchers • Recon masters • Write tools to find the scope • Find the weakest link • Report issues Photo by Franck V. on Unsplash
  • 52. Bug bounty (BB) Researchers • Top researchers • Mark Litchfield (@BugBountyHQ) • @NahamSec • @thedawgyg
  • 53. Bug bounty (BB) QA • How to start bug bounty?
  • 54. Career Image by Arek Socha from Pixabay 
  • 55. Career Roles • Offensive • How to break? • Identifying vulnerabilities • Blackbox • How to weaponize? • Developing exploits • Full stack
  • 56. Career Roles - Offensive • Vulnerability researcher • Redteam/Pentest • Exploit developer
  • 57. Career Roles • Defensive • How to break? • Identifying vulnerabilities • Whitebox • Writing PoCs • How to securely build? • Fixing and prevent bugs • Design systems/application
  • 58. Career Roles - Defensive • Application security engineer • Network security engineer • Malware analyst • Incident response engineer
  • 59. Career Roles vs Skillset • Vulnerability researcher • Redteam/Pentest • Exploit developer • App security engineer • Network security engineer • Malware analyst • Incident response engineer • Asset discovery (recon) • OSINT • Reverse engineering • Exploitation • Forensics • Code review • Coding • System design - Code fixes • Fuzzing • application security (Web - Mobile)
  • 60. Career Roles vs CTFs and BB Vulnerability researcher • Code review • Fuzzing • Application security • Reverse Engineering Reverse engineering Web Pwnable CTF BugBounty Web Application security
  • 61. Career Pentest • Recon • Application security App securty (Web - Mobile)CTF BugBounty Recon Web/Mobile Roles vs CTFs and BB
  • 62. Career Exploit developer • Exploitation • Native security • System Design Pwnabel Web Native Security CTF BugBounty Roles vs CTFs and BB
  • 63. Career Malware Analyst • Reverse Engineering • Code Review • System Design • Forensics Reverse engineering Code Review Forensics System Design - Code fixes CTF BugBounty Roles vs CTFs and BB
  • 64. Career Differences between CTFs and BugBounty • Real world challenges (superficial?) • CVE-2019-11043 - PHP • Andrew Danau from Wallarm (LC↯BC) • Realworld CTF • RCE • CVE-2019-6690 - python-gnupg • Alexander Kjäll and Stig Palmquist • Insomni’hack
  • 65. Career Differences between CTFs and BugBounty • Real world challenges (superficial?) • CVE-2019-11043 - PHP • Andrew Danau from Wallarm (LC↯BC) • Realworld CTF • RCE • CVE-2019-6690 - python-gnupg • Alexander Kjäll and Stig Palmquist • Insomni’hack
  • 66. Career Differences between CTFs and BugBounty • HITCON CTF 2016 • 3 Zerodays in SugarCRM • LCBC, PPP, Cykorkinesis • CVE-2012-1823 - PHP • Endbazen • Google CTF Finals 2019 - Suidbash • https://www.youtube.com/watch?v=-wGtxJ8opa8
  • 67. Career Differences between CTFs and BugBounty • Bug bounty - Exploitation techniques • Finding novel ways to exploit bugs => Reward • Cross-site Leaks • documented over a decade ago • BB hunter exploited it • Google Search XSS • Owning The Clout Through Server Side Request Forgery
  • 68. Career Differences between CTFs and BugBounty • Reward • Bugbounty $$$ Credits to Jericho (CC)
  • 69. Career Differences between CTFs and BugBounty • Reward • CTF Credits to Jericho (CC) Public Domain(CC)
  • 70. Sad loser / CC BY-SA Career Differences between CTFs and BugBounty • Experience - Holistic view • BugBounty
  • 71. Career Differences between CTFs and BugBounty • Experience • CTF ArnoldReinhold / CC BY-SA Alan Turing
  • 73. One last slide Personal view Photo by Saketh Garuda on Unsplash