CTF: Bringing back more than sexy!

Transcript

1. CTFs - Bringing back more than sexy ;-) Mark Hillick

   - @markofu KTF Creator of HackEire Thursday 9 June 2011

2. Usual stuff - disclaimer! Own views - not representative of

   Citrix Systems, IrissCert nor Phyllis and Ferb. I am speaking here entirely of my own opinion, which isn’t saying much but hey :) No dolphins were hurt in the making of this presentation! Thursday 9 June 2011

3. Who are ya? too many years working in IT now

   @ vendor, used to be @ bank so I’m Ex-@IrissCert handler, #IrissCon, @HackEire @OwaspIreland Previous Owasp Presentations Cert Handler; WAF Implementation; Scareware via Web App Exploit Thursday 9 June 2011

4. What’s this about? Nope Nor this guy CTFs - history,

   now & the future My experiences from building a CTF contest from scratch with no $$$$$ Thursday 9 June 2011

5. So sorry!!! I know I had ‘sexy’ in the title

   but Thursday 9 June 2011

6. What’s a CTF? (1) WAR-GAMES.......COMPETITION! ATTACK, ATTACK, ATTACK!!!! Thursday 9

   June 2011

7. What’s a CTF? (2) CTF contests.....serve as an educational exercise

   to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. source: http:/ /en.wikipedia.org/wiki/Capture_the_flag#Computer_security && I agree with this partly :) Thursday 9 June 2011

8. CTF? Nah, I’m not..... Thursday 9 June 2011

9. We can’t all be....... Or..... Thursday 9 June 2011

10. I’m not a hacker........ Source: http:/ /img.wikinut.com/img/hzbaiyv.qfkbuofg/jpeg/0/The-comfort-circle.jpeg Thursday 9 June

    2011

11. Thursday 9 June 2011

12. Thursday 9 June 2011

13. but maybe try a CTF? learn outside of the norm

    Thursday 9 June 2011

14. But I’d like to attend the conference!! You going to

    remember every talk? Didn’t think so...... Thursday 9 June 2011

15. 1337 Test your l33t skillz NSFW Copious amounts of caffeine

    Do cool stuff with old/new friends Thursday 9 June 2011

16. Get a job? Companies attempting to recruit off HackEire HackEire

    => winners got postgrad funding & several business cards :) SANS/US Govt Challenges => JOBS GALORE UK Cyberchallenge won by an ex-postman! Thursday 9 June 2011

17. CTF Feedback 2010 I learnt a shitload today. I learnt

    more about what I don’t know than what I do know. Thanks! Thanks very much! I had so much fun and would be happy to pay 100 yoyos (pps) to enter in future. Thursday 9 June 2011

18. Why allow your staff to compete in a CTF? Learn

    about defensive & offensive security in a safe environment! As opposed to........ You will learn & increase your awareness because you will be surprised..... $1000/day != good CTF competitor Thursday 9 June 2011

19. So why run a CTF? Make a name... Spot talent

    Help others & give back a little Thursday 9 June 2011

20. Why did I do it? & @edskoudis I wanted to

    learn & improve Thursday 9 June 2011

21. Would I start it all now? Probably not > 250

    hours last year Project & People Management Not everyone as passionate Thursday 9 June 2011

22. What have I gained? I used to ‘not like’ my

    job very much & was bored. I wanted to play with tools I wouldn’t normally get to...... Thursday 9 June 2011

23. What often happens in a CTF? In...... Out...... Thursday 9

    June 2011

24. Why? Is sadly all too infrequent..... Assign Roles/Functions Thursday 9

    June 2011

25. 2000 v 2011 NT4 Brick Phones $$$$$$$$ West Kazaa, Napster

    Books, Newspapers Man Utd :) Q&A Interviews W7, MacOS10, Linux iOS, Android Credit Crunch East Twitter, FB, Skype... eBooks, Blogs, Web2.0 Man Utd :) Interactive, Hands-On Thursday 9 June 2011

26. The future? #ebooks #Tablets/#Phones #CyberChallenges Galore :) #Virtualisation #OpenSource Thursday

    9 June 2011

27. Today? Competitions are increasingly recognised as an effective way of

    promoting innovation......prize industry has boomed, increasing more than 15-fold. The US Space and Security authorities have been supporting world leading competitions for many years. The Obama administration has re-authorised the America COMPETES act to support innovation and innovators. Is it time for Europe to catch up? Source: http:/ /www.europeansecuritychallenge.com/ Thursday 9 June 2011

28. UK Cyber Challenge Secure Network Design Informed Defence Investigate &

    Understand Thursday 9 June 2011

29. CTFs in the future? Part of Hands-On Interview Looking for

    skillz => USA/SANS, UK, EU Book Smart != Enough Thursday 9 June 2011

30. It’d be nice if..... Goal: Keep improving....... Evolve, understand &

    innovate Thursday 9 June 2011

31. 2011 for HackEire? Even better than last year & still

    free...... Huge improvements - more realistic New web portal Social Media PCAP Analysis More defensive controls Want to introduce images to defend but no time :( Thursday 9 June 2011

32. Learn more about CTFs? Check out the DefCon, Sans, EthicalHacker.net

    (& more) websites Thursday 9 June 2011

33. It’s all here....... Teamwork & Preparedness Constant Improvement Thursday 9

    June 2011

34. Q&A Thursday 9 June 2011

35. All done, no more! If you’re still awake..... Thursday 9

    June 2011