CTFs - Bringing back more than sexy ;-) Mark Hillick - @markofu KTF Creator of HackEire Thursday 9 June 2011

Usual stuff - disclaimer! Own views - not representative of Citrix Systems, IrissCert nor Phyllis and Ferb. I am speaking here entirely of my own opinion, which isn’t saying much but hey :) No dolphins were hurt in the making of this presentation! Thursday 9 June 2011

Who are ya? too many years working in IT now @ vendor, used to be @ bank so I’m Ex-@IrissCert handler, #IrissCon, @HackEire @OwaspIreland Previous Owasp Presentations Cert Handler; WAF Implementation; Scareware via Web App Exploit Thursday 9 June 2011

What’s this about? Nope Nor this guy CTFs - history, now & the future My experiences from building a CTF contest from scratch with no $$$$$ Thursday 9 June 2011

So sorry!!! I know I had ‘sexy’ in the title but Thursday 9 June 2011

What’s a CTF? (1) WAR-GAMES.......COMPETITION! ATTACK, ATTACK, ATTACK!!!! Thursday 9 June 2011

What’s a CTF? (2) CTF contests.....serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. source: http:/ /en.wikipedia.org/wiki/Capture_the_flag#Computer_security && I agree with this partly :) Thursday 9 June 2011

CTF? Nah, I’m not..... Thursday 9 June 2011

We can’t all be....... Or..... Thursday 9 June 2011

I’m not a hacker........ Source: http:/ /img.wikinut.com/img/hzbaiyv.qfkbuofg/jpeg/0/The-comfort-circle.jpeg Thursday 9 June 2011

Thursday 9 June 2011

Thursday 9 June 2011

but maybe try a CTF? learn outside of the norm Thursday 9 June 2011

But I’d like to attend the conference!! You going to remember every talk? Didn’t think so...... Thursday 9 June 2011

1337 Test your l33t skillz NSFW Copious amounts of caffeine Do cool stuff with old/new friends Thursday 9 June 2011

Get a job? Companies attempting to recruit off HackEire HackEire => winners got postgrad funding & several business cards :) SANS/US Govt Challenges => JOBS GALORE UK Cyberchallenge won by an ex-postman! Thursday 9 June 2011

CTF Feedback 2010 I learnt a shitload today. I learnt more about what I don’t know than what I do know. Thanks! Thanks very much! I had so much fun and would be happy to pay 100 yoyos (pps) to enter in future. Thursday 9 June 2011

Why allow your staff to compete in a CTF? Learn about defensive & offensive security in a safe environment! As opposed to........ You will learn & increase your awareness because you will be surprised..... $1000/day != good CTF competitor Thursday 9 June 2011

So why run a CTF? Make a name... Spot talent Help others & give back a little Thursday 9 June 2011

Why did I do it? & @edskoudis I wanted to learn & improve Thursday 9 June 2011

Would I start it all now? Probably not > 250 hours last year Project & People Management Not everyone as passionate Thursday 9 June 2011

What have I gained? I used to ‘not like’ my job very much & was bored. I wanted to play with tools I wouldn’t normally get to...... Thursday 9 June 2011

What often happens in a CTF? In...... Out...... Thursday 9 June 2011

Why? Is sadly all too infrequent..... Assign Roles/Functions Thursday 9 June 2011

2000 v 2011 NT4 Brick Phones $$$$$$$$ West Kazaa, Napster Books, Newspapers Man Utd :) Q&A Interviews W7, MacOS10, Linux iOS, Android Credit Crunch East Twitter, FB, Skype... eBooks, Blogs, Web2.0 Man Utd :) Interactive, Hands-On Thursday 9 June 2011

The future? #ebooks #Tablets/#Phones #CyberChallenges Galore :) #Virtualisation #OpenSource Thursday 9 June 2011

Today? Competitions are increasingly recognised as an effective way of promoting innovation......prize industry has boomed, increasing more than 15-fold. The US Space and Security authorities have been supporting world leading competitions for many years. The Obama administration has re-authorised the America COMPETES act to support innovation and innovators. Is it time for Europe to catch up? Source: http:/ /www.europeansecuritychallenge.com/ Thursday 9 June 2011

UK Cyber Challenge Secure Network Design Informed Defence Investigate & Understand Thursday 9 June 2011

CTFs in the future? Part of Hands-On Interview Looking for skillz => USA/SANS, UK, EU Book Smart != Enough Thursday 9 June 2011

It’d be nice if..... Goal: Keep improving....... Evolve, understand & innovate Thursday 9 June 2011

2011 for HackEire? Even better than last year & still free...... Huge improvements - more realistic New web portal Social Media PCAP Analysis More defensive controls Want to introduce images to defend but no time :( Thursday 9 June 2011

Learn more about CTFs? Check out the DefCon, Sans, EthicalHacker.net (& more) websites Thursday 9 June 2011

It’s all here....... Teamwork & Preparedness Constant Improvement Thursday 9 June 2011

Q&A Thursday 9 June 2011

All done, no more! If you’re still awake..... Thursday 9 June 2011