SANS Penetration Testing

SANS Penetration Testing
10 Dec 2011

SANS Keynote Preso: Put Your Game Face On

3 comments Posted by eskoudis
Filed under Challenges, Presentations

By Ed Skoudis

Last night, I presented a new talk at a keynote session for the SANS Cyber Defense Initiative conference. My goodness, was I excited, as the topic is something that has been very near and dear to my heart for the past 15 years. The talk was all about how info sec professionals can use challenges to develop their skills and careers, including Capture the Flag games, as well as a whole bunch of other challenge types. We touched on topics such as gamification, challenge designs, and a sampling of some really great free challenges available to everyone on the Internet. Here is a slide from the talk discussing some of the stuff we're thinking about and working on at Counter Hack Challenges:


Here is the overall description of the talk:

Put Your Game Face On: Using InfoSec Challenges to Build Your Skills and Career
- Ed Skoudis, SANS Institute Fellow

There are a multitude of info sec challenges available today, letting info sec pros evaluate and build their skills in a fun and exciting way.

Going beyond traditional lecture and exercise-based learning, some challenges are fantastic, while other sadly stink up the place. Some focus on tried-and-true formats such as Capture the Flag hacking competitions, while others push the envelope in structure, topic, and style, providing fertile environments for forensics experts, auditors, and secure software developers. What makes for a good challenge? What are some of the best ones freely available today? How can info sec pros use challenges to better their skills and improve their careers? In this lively presentation, Ed Skoudis, no stranger to playing or writing info sec challenges, will address these topics and more in a fun, interactive session. Whether you are interested in being a challenge participant who gets real value, or want to start authoring your own challenges, you won't want to miss this session!

Feel free to download my slides here (Put Your Game Face On), and please make sure to check out the last 5 slides or so, where I provide an inventory of available free Capture the Flag and other info sec challenges available on the Internet.

Last night was the debut of the talk. I'll be presenting updated versions of it again at SANS New Orleans Jan 19-24 and SANS Orlando March 25-30. W00t!

Permalink | Comments RSS Feed - Post a comment | Trackback URL

3 Comments

Posted December 10, 2011 at 1:55 PM | Permalink | Reply
Patrick

Awesome, many thanks for posting your talk from last night.

Posted December 11, 2011 at 11:31 AM | Permalink | Reply
Ed

Thanks! I had a wonderful time presenting this. The folks in the room asked some great questions.

Posted December 14, 2011 at 5:02 PM | Permalink | Reply
Matt

Great slide deck, Ed! I wish I was there for the talk. I particularly like slide 10 regarding perceptions of completing real-world "challenges". This really sheds light on why I see a lot of complacency in this field. People hit a problem where they don't consider themselves proficient and just shrug it off claim that it's impossible. CTFs are a great way to overcome your fears, learn a lot, and have fun while you're at it.

Also, I highly recommend exploit-exercises.com for anyone interested in reverse engineering and exploit development. :D

Post a Comment






* Indicates a required field.

RSS

Search Blog:

Categories

Recent Posts

Recent Comments

Popular Posts

Archives

Links

Latest Blog Posts

Part 2: Quick and Useful Tricks for Analyzing Binaries for Pen Testers
May 16, 2013 - 12:24 PM

Netcat without -e? No Problem!
May 06, 2013 - 2:49 PM

Intentional Evil: A Pen Tester's Overview of Android Intents
May 02, 2013 - 6:22 PM

Latest Tweets @pentesttips

New blog post by @yorikv on pen test tips for file analysis. [...]
May 16, 2013 - 1:35 PM

Check out new @edskoudis blog article on using fun shell fu [...]
May 7, 2013 - 6:32 PM

New @CCrowMontance blog post on tools & techniques for a [...]
May 2, 2013 - 6:34 PM

Latest Papers

Event Monitoring and Incident Response
By Ryan Boyle

Website Security for Mobile
By Alan Ho

Website Security for Mobile
By Alan Ho

"This is the best hands-on course available anywhere."
- Whitney Janes, FedEx

"Ed Skoudis is the best teacher I've ever had. He is 100% competent and professional."
- Petra Klein, FRA

"This was by far the best course I have ever taken."
- Peter Lombars, Intrucom Inc.