Upload File

bsides dfw 2014 - security scavenger hunts

30

Upload: brian-mork

Post on 06-Jul-2015

195 views

Category:

Documents


7 download

Report

Tags:

TRANSCRIPT

Page 1: BSides DFW 2014 - Security Scavenger Hunts

Cryptolingus Scavenger Hunt (CLSH)

Security Scavenger Hunts Brian Mork (@hermit_hacker)Security BSides DFW 2014

Page 2: BSides DFW 2014 - Security Scavenger Hunts

First Things First… Let’s Play A Game

http://sh.cryptolingus.net

http://sh.cryptolingus.net/scoreboard.php

http://sh.cryptolingus.net
http://sh.cryptolingus.net/scoreboard.php
Page 3: BSides DFW 2014 - Security Scavenger Hunts

Who Am I?

❖ Former DOD, Coder, RF Simulation, etc.

❖ Co-Founder, Team Cryptolingus

❖ Information Security Operations Manager

❖ Father, Husband, Hacker, Gamer (FHHG)

❖ Certification Kung-Fu:

❖ GIAC Certified Forensic Expert

❖ Red Hat Certified SysAdmin / Engineer

❖ Application Security Specialist? :)

Page 4: BSides DFW 2014 - Security Scavenger Hunts

Where Has Security Training Gone Wrong?

Page 5: BSides DFW 2014 - Security Scavenger Hunts
Page 6: BSides DFW 2014 - Security Scavenger Hunts
Page 7: BSides DFW 2014 - Security Scavenger Hunts
Page 8: BSides DFW 2014 - Security Scavenger Hunts
Page 9: BSides DFW 2014 - Security Scavenger Hunts

Why Does It All Suck?

Page 10: BSides DFW 2014 - Security Scavenger Hunts

You Forgot To Make It Fun

Page 11: BSides DFW 2014 - Security Scavenger Hunts
Page 12: BSides DFW 2014 - Security Scavenger Hunts

So Let’s Fix That

Page 13: BSides DFW 2014 - Security Scavenger Hunts

But How?

❖ 1. Physical Challenges

❖ 2. Online Challenges

❖ 3. Make Users Interact With Each Other

❖ … oh, and prizes. :)

Page 14: BSides DFW 2014 - Security Scavenger Hunts
Page 15: BSides DFW 2014 - Security Scavenger Hunts
Page 16: BSides DFW 2014 - Security Scavenger Hunts

What We Done Did

Page 17: BSides DFW 2014 - Security Scavenger Hunts

We Built It, They Came

❖ Get your minds out of the gutter.

❖ We couldn’t find a decent scoreboard that didn’t require massive amounts of Microsoft redistributable packages or obscene dependencies, so we built it and open sourced it… only PHP 5 required.

Page 18: BSides DFW 2014 - Security Scavenger Hunts

Behold: The CLSH!

❖ Register

❖ Login

❖ Play

❖ Simple and extensible

❖ Automatic scoreboard

❖ Logging for dispute resolution*

Page 19: BSides DFW 2014 - Security Scavenger Hunts

Security Awareness Week

Page 20: BSides DFW 2014 - Security Scavenger Hunts

Day -1

❖ Dropped physical item (wipe) with no other information…

Page 21: BSides DFW 2014 - Security Scavenger Hunts

Day 1

❖ Official notice sent out with link to the primary page

❖ Instructions on how to register and play

❖ Lunch and learn: physical safety

Page 22: BSides DFW 2014 - Security Scavenger Hunts

Day 2

❖ Lunch and learn: safe browsing

❖ Notification of a hidden game…

Page 23: BSides DFW 2014 - Security Scavenger Hunts

Day 3

❖ Lunch and learn: social engineering demo

❖ Physical scavenger hunt begins

Page 24: BSides DFW 2014 - Security Scavenger Hunts

Day 4

❖ Security Jeopardy (Round 1)

❖ This actually was mostly out there, so just modified and re-released

❖ https://github.com/hermit-hacker/SecJep

❖ Physical scavenger hunt begins

❖ Folks who were paying attention noticed comments about one time pads…

https://github.com/hermit-hacker/SecJep
Page 25: BSides DFW 2014 - Security Scavenger Hunts
Page 26: BSides DFW 2014 - Security Scavenger Hunts

Day 5

❖ Security Jeopardy Finals

❖ Physical scavenger hunt begins

❖ The final components of the hidden game are exposed

❖ Prizes!

Page 27: BSides DFW 2014 - Security Scavenger Hunts

BSides Memphis Throwback…

H/T @lotusr00t

Page 28: BSides DFW 2014 - Security Scavenger Hunts

Stalling Technique: Security Jeopardy Anyone?

Page 29: BSides DFW 2014 - Security Scavenger Hunts

Questions?@hermit_hacker

https://github.com/hermit-hacker/CLSH

https://github.com/hermit-hacker/CLSH
Page 30: BSides DFW 2014 - Security Scavenger Hunts

Hat Tips

❖ Madhat (@unspecific) for the custom artwork

❖ Liz Hazen for running the information security awareness programs


Bsides Sanders/Allen

Bsides London Jedi Mind Tricks Combined

BSides algiers - Malware History - Sofiane Talmat

BSides Algiers - Stuxnet - Sofiane Talmat

Minding the Metacognitive Gap - BSides NOLA

BSides Algiers - Certification Electronique - Lilia Ounini

BSides Algiers - Metasploit framework - Oussama Elhamer

8430 Hunts Point Lane, Hunts Point WA

Bsides Dc Wctf

BSides SF Security Mendoza Line

BSides DFW2016-Hack Mode Enabled

BSIDES MAGAZINE_ APRIL 2007

BSides Philly Finding a Company's BreakPoint

Digital Forensics - BSides Lisbon 2013

Bsides detroit 2013 honeypots

Bsides Set

BSides LA/PDX

Bsides chicago 2013 honeypots

BSides Vienna 2015

Honey Potz - BSides SLC 2015

Hidden Transmitter Hunts Also known as Fox Hunts Bunny Hunts T Hunts

Overview of Python - Bsides Detroit 2012

Honeywords - BSides London 2014

MANUALE ISTRUZIONI DFW DFW-K

Austin Bsides March 2016 Cyber Presentation

BSides Manchester

3236 Hunts Point Rd, Hunts Point, WA

Maltego Magic Workshop - BSides London 2015

BSidesOttawa 2016 Sponsorship Kit V1 - Security BSides€¦ · BSides Ottawa 2016 Page | 3 BSides Ottawa Welcome Thank you for your interest in sponsoring #BSidesOttawa. Following

Active Defense - Ohio InfoSec - Active... · 2020. 3. 10. · Cyber Security Symposium, BSides Indianapolis 2018, BSides Columbus 5.0, BSides Cincinnati 2018, the 11th Annual Central

Faraday Bsides Latam 2016

Mobilize DFW to Reach DFW

BSides London - Scapy Workshop

CONTROLLED HUNTS, SPECIAL HUNTS, TAGS AND PERMITS...Controlled Hunts, Special Hunts, Tags and Permits 108 Idaho Big Game 2017 & 2018 Seasons & Rules idfg.idaho.gov removed from their

BITCOIN FORENSICS : Bsides Delhi Conference