Ibrahim M. El-Sayed discusses Capture the Flag (CTF) competitions and bug bounty programs. CTFs are ethical hacking competitions where participants solve computer security challenges to capture flags and earn points for their team. They have been held since the 1990s and involve categories like pwnable, web, forensics, and crypto challenges. Bug bounty programs allow security researchers to test products for bugs and get rewarded for valid vulnerability reports. Top companies like Facebook, Apple, and Google run prominent bug bounty programs. Both CTFs and bug bounties provide hands-on experience for security careers, but bug bounties more closely mirror real-world vulnerability discovery and have monetary rewards.
That was a training for SCIT Symbiosis students at India before their CTF.
Training link: https://www.youtube.com/watch?v=OYYuagj9ZvA
Training Agenda:
Introduction to cybersecurity
Famous data breaches
How to start in cybersecurity
What is a CTF
CTF types
CTF resources
How to gain money out of hacking
CTF demo “Let’s Play CTF together”
This talk will demo one threat modeling methodology and how an engineering team is appending it to their Secure Software Development Life Cycle. The goal is to create a single platform for communicating architectural risk and planning mitigations within sprints. This will not only address security concerns sooner in a product's lifecycle but establish a trusting relationship between engineering and security teams. As an ever-evolving space, to reduce risk and deploy products to market, this is one additional step any software-focused team can quickly adapt to their practices.
This talk will be focused on discussing war stories from a product architect/engineer who lives within an information security department and is passionate about driving change. Attendees will get to experience a few different routes that have lead to success and others that might need to avoided. As an ever-evolving space, when reducing risk and deploy safe products to the market, we all have to find the correct gear to get us down the road.
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"StHack
The main idea behind this talk is to introduce the listeners of Sthack conference to the current landscape in the botnet threats. We'll begin talking about the main types of malware botnets: Trojan Bankers, Point of Sales and Credential Stealers, but we will focus on how some of these botnets operate in a technical level, specially, how the bots of Dyre, JackPoS and Pony are working nowadays in order to steal credit cards and banking credentials.
That was a training for SCIT Symbiosis students at India before their CTF.
Training link: https://www.youtube.com/watch?v=OYYuagj9ZvA
Training Agenda:
Introduction to cybersecurity
Famous data breaches
How to start in cybersecurity
What is a CTF
CTF types
CTF resources
How to gain money out of hacking
CTF demo “Let’s Play CTF together”
This talk will demo one threat modeling methodology and how an engineering team is appending it to their Secure Software Development Life Cycle. The goal is to create a single platform for communicating architectural risk and planning mitigations within sprints. This will not only address security concerns sooner in a product's lifecycle but establish a trusting relationship between engineering and security teams. As an ever-evolving space, to reduce risk and deploy products to market, this is one additional step any software-focused team can quickly adapt to their practices.
This talk will be focused on discussing war stories from a product architect/engineer who lives within an information security department and is passionate about driving change. Attendees will get to experience a few different routes that have lead to success and others that might need to avoided. As an ever-evolving space, when reducing risk and deploy safe products to the market, we all have to find the correct gear to get us down the road.
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"StHack
The main idea behind this talk is to introduce the listeners of Sthack conference to the current landscape in the botnet threats. We'll begin talking about the main types of malware botnets: Trojan Bankers, Point of Sales and Credential Stealers, but we will focus on how some of these botnets operate in a technical level, specially, how the bots of Dyre, JackPoS and Pony are working nowadays in order to steal credit cards and banking credentials.
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
This is an introduction to Capture The Flag (CTF) hacking competitions. Everything you need to know about CTFs, and how to prepare for them.
This video covers:
Generic CTF prep
Strategic Security CTF prep
Incident Response
System Hardening
System Logging
Intrusion Detection System
Attacking Systems
Maintaining Access
Offensive testing in organizations has shown a tremendous value for simulating controlled attacks. While cyber extortion may be one of the main high ROI end goals for the attacker, surprisingly few tools exist to simulate ransomware operations. Racketeer is one such tool. It is an offensive agent coupled with a C2 base, built to help teams to prototype and exercise a tightly controlled ransomware campaign. We walk through the design considerations and implementation of a ransomware implant which emulates logical steps taken to manage connectivity and asset encryption and decryption capabilities. We showcase flexible and actionable ways to prototype components of fully remote ransomware operation including key and data management, as well as data communication that is used in ransomware campaigns. Racketeer is equipped with practical safeguards for lights out operations, and can address the goals of keeping strict control of data and key management in its deployment, including target containment policy, safe credential management, and implementing operational security in simulated operations. Racketeer can help gain better optics into IoCs, and is helpful in providing detailed logs that can be used to study the behavior and execution artifacts of a ransomware agent.
Root the Box - An Open Source Platform for CTF AdministrationChristopher Grayson
These are the slides presented at Outerz0ne conference in 2014. The contents detail CTF competitions, the Root the Box software platform and competition, and resources for sharpening your CTF and penetration testing skills!
I can haz cake: Benefits of working with MITRE on ATT&CKMITRE ATT&CK
From ATT&CKcon 4.0
By Tim Wadhwa-Brown, Cisco
The purpose of this session will be to look at how the linux-malware repo came to take shape and how we've used it to inform our view on adversarial behaviour over the last couple of years. Since the original reason for staring this project was to look at Linux coverage in ATT&CK, we'll play back some of the interesting points and reflect on how they've affected ATT&CK itself.
Slide yang kupresentasikan di PyCon 2019 (Surabaya, 23/11/2019)
Red-Teaming is a simulation of real world hacking against organization. It has little to no limit of time, location, and method to attack. Only results matter. This talk gives insight about how “hacker” works and how python can be used for sophisticated series of attack.
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
DEEPSEC 2013: Malware Datamining And AttributionMichael Boman
Greg Hoglund explained at BlackHat 2010 that the development environments that malware authors use leaves traces in the code which can be used to attribute malware to a individual or a group of individuals. Not with the precision of name, date of birth and address but with evidence that a arrested suspects computer can be analysed and compared with the "tool marks" on the collected malware sample.
Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.
We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.
Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.
We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.
IPv6-Experte Joe Klein gab uns einen Überblick über den aktuellen Status der IPv6-Sicherheit, typische IPv6-Angriffspunkte, Auswirkungen von Technologien wie Cloud und Blockchain sowie Herausforderungen für effektive IoT-Sicherheitsmassnahmen (Internet of Things). Vor allem im Internet der Dinge, wenn es um Gesundheitsversorgung, selbstfahrende Autos, Flugzeugcockpits, Dämme, Kernkraftwerke und ähnliche kritische Infrastrukturen geht, ist es von entscheidender Bedeutung, dass Sicherheit gewährleistet werden kann.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
More Related Content
Similar to CTFs, Bugbounty and your security career
Getting ready for a Capture The Flag Hacking CompetitionJoe McCray
This is an introduction to Capture The Flag (CTF) hacking competitions. Everything you need to know about CTFs, and how to prepare for them.
This video covers:
Generic CTF prep
Strategic Security CTF prep
Incident Response
System Hardening
System Logging
Intrusion Detection System
Attacking Systems
Maintaining Access
Offensive testing in organizations has shown a tremendous value for simulating controlled attacks. While cyber extortion may be one of the main high ROI end goals for the attacker, surprisingly few tools exist to simulate ransomware operations. Racketeer is one such tool. It is an offensive agent coupled with a C2 base, built to help teams to prototype and exercise a tightly controlled ransomware campaign. We walk through the design considerations and implementation of a ransomware implant which emulates logical steps taken to manage connectivity and asset encryption and decryption capabilities. We showcase flexible and actionable ways to prototype components of fully remote ransomware operation including key and data management, as well as data communication that is used in ransomware campaigns. Racketeer is equipped with practical safeguards for lights out operations, and can address the goals of keeping strict control of data and key management in its deployment, including target containment policy, safe credential management, and implementing operational security in simulated operations. Racketeer can help gain better optics into IoCs, and is helpful in providing detailed logs that can be used to study the behavior and execution artifacts of a ransomware agent.
Root the Box - An Open Source Platform for CTF AdministrationChristopher Grayson
These are the slides presented at Outerz0ne conference in 2014. The contents detail CTF competitions, the Root the Box software platform and competition, and resources for sharpening your CTF and penetration testing skills!
I can haz cake: Benefits of working with MITRE on ATT&CKMITRE ATT&CK
From ATT&CKcon 4.0
By Tim Wadhwa-Brown, Cisco
The purpose of this session will be to look at how the linux-malware repo came to take shape and how we've used it to inform our view on adversarial behaviour over the last couple of years. Since the original reason for staring this project was to look at Linux coverage in ATT&CK, we'll play back some of the interesting points and reflect on how they've affected ATT&CK itself.
Slide yang kupresentasikan di PyCon 2019 (Surabaya, 23/11/2019)
Red-Teaming is a simulation of real world hacking against organization. It has little to no limit of time, location, and method to attack. Only results matter. This talk gives insight about how “hacker” works and how python can be used for sophisticated series of attack.
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
DEEPSEC 2013: Malware Datamining And AttributionMichael Boman
Greg Hoglund explained at BlackHat 2010 that the development environments that malware authors use leaves traces in the code which can be used to attribute malware to a individual or a group of individuals. Not with the precision of name, date of birth and address but with evidence that a arrested suspects computer can be analysed and compared with the "tool marks" on the collected malware sample.
Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.
We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.
Our hope is that defenders and reverse engineers can make use of the project updates to validate their preparedness and techniques against highly targeted malware. As discussed in our presentation, detection of malicious code in runtime interpreted languages is error prone and difficult. Shortly after our initial presentation at INFILTRATE, Kaspersky created an AV signature that flagged as malicious many of the most popular GO language applications such as Docker, a Bitcoin wallet and the actual Golang installer in an attempt to flag EBOWLA binaries – oops.
We’ve updated the project to include a new loader for PowerShell. This ubiquitous Windows scripting language is widely used in offensive testing and by defenders for incident response. Now the incident responder will need to be proficient in PowerShell debugging to begin the task of decrypting targeted malware that could also end up being more PowerShell! Post-Ekoparty, the team is working on a traditional loader using C++ compiled code, so stay tuned and visit our EBOWLA GitHub page for future updates.
IPv6-Experte Joe Klein gab uns einen Überblick über den aktuellen Status der IPv6-Sicherheit, typische IPv6-Angriffspunkte, Auswirkungen von Technologien wie Cloud und Blockchain sowie Herausforderungen für effektive IoT-Sicherheitsmassnahmen (Internet of Things). Vor allem im Internet der Dinge, wenn es um Gesundheitsversorgung, selbstfahrende Autos, Flugzeugcockpits, Dämme, Kernkraftwerke und ähnliche kritische Infrastrukturen geht, ist es von entscheidender Bedeutung, dass Sicherheit gewährleistet werden kann.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
3. • Capture The Flag competitions (CTFs)
• Bug bounty (BB)
• CTFs and Bug bounty vs career
• Questions
Outline
4. Capture The Flag (CTF)
History and Definition
• Definition
• Ethical hacking competitions where participants are expected
solve computer security challenges
• History
• 1996 ~24 years (Defcon)
• In 2010 started to be more popular
• Chaos Computer Club (CCC)
https://www.ccc.de/
https://defcon.org/
5. Capture The Flag (CTF)
History and Definition
• Duration
• 24-48 hours (usually over weekend)
• Team size
• 4-8 for finals (on-site)
• Online qualifications (∞)
7. Capture The Flag (CTF)
History and Definition
• The Flag is usually a string of a specific format
• e.g
• TMCTF[abcdefg12346]
• DC{abcdefgh123324324}
• But it can be any text as well :) or a combination of strings you will
build during the challenge
9. Capture The Flag (CTF)
Types - Jeopardy
• Categories
• Pwn - Mobile - Web - Forensics - Reverse engineer - Network …
• Each category contains tasks
• Teams get points when the finish the task (get the flag)
• Team with most points win the competition
12. Capture The Flag (CTF)
Jeopardy - Categories
• (Pwn)able
• A service running usually written in a native language
• Flag: usually a file on the system
• Methodology:
• Usually binary is provided
• Reverse the binary
• Find a bug
• Write an exploit
13.
14.
15.
16.
17. Capture The Flag (CTF)
Jeopardy - Categories
• Web
• Web application and you are expected to attack t
• Flag: file on the system, stored in the db, or in another user’s session
• Methodology
• Find a web bug (XSS, RCE, SQLi, etc)
• Exploit the bug to read the flag
20. Capture The Flag (CTF)
Jeopardy - Categories - Reverse Engineering
• An application that has the flag but you need to understand how it
works to return the key
• e.g Enter password to return you the flag
• Can be native or a high-level language
21. Capture The Flag (CTF)
Jeopardy - Categories - Forensics
• Memory dump, Disk image, Network capture, Some file format
• Flag: usually hidden inside the target file
• Methodology
• Depends on the file type
• Network: understand what is going and identify anomalies try to
find the flag
• Disk image: How data stored on the drive and how you can
restore deleted data
22. Capture The Flag (CTF)
Jeopardy - Categories - Crypto
• Encrypted Blob
• Flag: decrypt the blob you will find the flag
• Methodology
• Understand how the encryption algorithm
23. Capture The Flag (CTF)
Categories - Attack-Defence
• Machines running services
• Attackers try to attack the service and defend it
• Points are given for finding the bugs
• Time defending the services
• Each team own services
• Defend services
• Keep services running
• Attack others
• Standard Format
24. Capture The Flag (CTF)
Categories - Attack-Defence
Team A Team B Team C
Machine A Machine B Machine C
Defend attack Defend
25. Capture The Flag (CTF)
Categories - Attack-Defence
• King of the hill
• One or more services
• Teams attack and then defend the services
26. Capture The Flag (CTF)
Categories - Attack-Defence
Team A
Team B
Team CMachine A
Team D
27. Capture The Flag (CTF)
Categories - Attack-Defence
• Example CTFs
• Defcon finals
• TrendMicro finals
• Arab Cyber Security wargames
• iCTF
• RuCTFe
28. Capture The Flag (CTF)
Arab Cyber Security wargames - mixed
• Style: mixed jeopardy and AD
• Team size: 3 - 5
• Duration: 2 days
• Qualifications and Finals
• Attack and defence style: teams attack machines, fix/defend them,
keep service running and access you get points
29. Capture The Flag (CTF)
TrendMicro - Mixed
• Style: mixed jeopardy and AD
• Team size: 5
• Duration: 2 days
• Attack and defence style: teams attack machines, fix/defend them,
keep service running and access you get points
31. Capture The Flag (CTF)
Attack-Defence - TrendMicro
source: https://www.twitter.com/TrendMicroCTF
32. Capture The Flag (CTF)
What a good CTF look like?
• No guessing
• Diversity in categories
• Fair scoring
• Stable challenges
• Enough time
33. Capture The Flag (CTF)
Top Teams
• Top Teams
• https://ctftime.org/stats/
• PPP
• DragonSector
• LC↯BC
• TrailOfBits
• Top players
• Geohot
• Lokihardt
• Hellman
pwning.net
https://dragonsector.pl/
34. Capture The Flag (CTF)
QA
• Do I need a team to play CTFs?
• What are the best CTFs?
• How to start playing CTFs?
• Are they related to real life work/bugs?
36. Bug bounty (BB)
Definition
• Companies allow researchers to test and find bugs in their products
for which they can reward them back
• Products:
• Software: web application
• Hardware: mobile devices
37. Bug bounty (BB)
History
• 1995: Netscape
"Netscape Bugs Bounty", a program that rewards users who help
Netscape find and report "bugs" in the beta versions of its recently
announced Netscape Navigator 2.0 software
39. Bug bounty (BB)
History
• 2002: iDefense
• Cash rewards up to $400
• Middleman between researcher and software vendor
• 2004: Mozzila
• Cash from $500
• 2005: Zero Day Initiative
• 2007: Pwn2Own
• 2010: Google for web application
• 2011: Facebook, BugCrowd
• 2012: PayPal, HackerOne,
40. Bug bounty (BB)
Facebook
• Started in 2011
• Started with focus on web and mobile applications
• Expanded to all products
• Expanded further to third party applications and data leaks
• Paid more than $6M in Bug bounty
Facebook, Inc. / Public domain
41. Bug bounty (BB)
Apple
• Covers all their products
• Focuses on hardwares e.g
• iPhones
• Apple Watch
Original: Rob Janoff / Public domain
42. Bug bounty (BB)
Zero Day Initiative
• Covers any products on the Internet (as long as they have value)
• They acts as a middleman between the researcher and vendor
Trend Micro / Public domain
43. Bug bounty (BB)
How it works?
• Use the product
• Find bugs
Reward $$
• Reproduce the report
• Deduplicate
• Check originality
• Fix
Report to Facebook
47. Bug bounty (BB)
What is a good BB program?
• Time to triage?
• Time to reward?
• Time to fix?
• Minimum bounty
• scope
48. Bug bounty (BB)
Researchers
• Top researchers?
• How do you know it is a top researcher?
• What is a top researcher?
• Number of submissions
• Signal
• Creativity
49. Bug bounty (BB)
Researchers
• Snipers
• Research
• Find bugs in technology
• Find all BB programs that are affected
Photo by Annie Spratt on Unsplash
50. Bug bounty (BB)
Researchers
• Top researchers
• Michał Bentkowski (@SecurityMB)
• Masato Kinugawa (@kinugawamasato)
• Orange (@orange_8361)
• File Descriptor (@filedescriptor)
• Nicolas Grégoire (@Agarri_FR)
• Frans Rosen (@fransrosen)
51. Bug bounty (BB)
Researchers
• Recon masters
• Write tools to find the scope
• Find the weakest link
• Report issues
Photo by Franck V. on Unsplash
57. Career
Roles
• Defensive
• How to break?
• Identifying vulnerabilities
• Whitebox
• Writing PoCs
• How to securely build?
• Fixing and prevent bugs
• Design systems/application
63. Career
Malware
Analyst
• Reverse Engineering
• Code Review
• System Design
• Forensics
Reverse engineering
Code Review
Forensics
System Design - Code fixes
CTF
BugBounty
Roles vs CTFs and BB
64. Career
Differences between CTFs and BugBounty
• Real world challenges (superficial?)
• CVE-2019-11043 - PHP
• Andrew Danau from Wallarm (LC↯BC)
• Realworld CTF
• RCE
• CVE-2019-6690 - python-gnupg
• Alexander Kjäll and Stig Palmquist
• Insomni’hack
65. Career
Differences between CTFs and BugBounty
• Real world challenges (superficial?)
• CVE-2019-11043 - PHP
• Andrew Danau from Wallarm (LC↯BC)
• Realworld CTF
• RCE
• CVE-2019-6690 - python-gnupg
• Alexander Kjäll and Stig Palmquist
• Insomni’hack
66. Career
Differences between CTFs and BugBounty
• HITCON CTF 2016
• 3 Zerodays in SugarCRM
• LCBC, PPP, Cykorkinesis
• CVE-2012-1823 - PHP
• Endbazen
• Google CTF Finals 2019 - Suidbash
• https://www.youtube.com/watch?v=-wGtxJ8opa8
67. Career
Differences between CTFs and BugBounty
• Bug bounty - Exploitation techniques
• Finding novel ways to exploit bugs => Reward
• Cross-site Leaks
• documented over a decade ago
• BB hunter exploited it
• Google Search XSS
• Owning The Clout Through Server Side Request Forgery