Explore a conference talk comparing Capture The Flag (CTF) challenges with real-world penetration tests and security program assessments. Delve into the gamification aspects of CTFs, including their fun, competitive, and sometimes frustrating nature. Examine various challenge types such as web security, forensics, cryptography, reverse engineering, and exploit building. Contrast these with enterprise-focused scenarios involving Linux, Windows, Active Directory, and user awareness. Gain insights into how CTF experiences translate to real-world security situations, covering topics like SQL injection, blacklists, and compliance. Learn valuable lessons about attacker mindsets, the importance of security as a core requirement, and the dangers of underestimating adversaries. Conclude with a reminder to reset your perspective when approaching security challenges.
Overview
Syllabus
Intro
Whos in the room
Challenge Makers
CTF
CTF Experience
CTF or WTF
Whats a game
Wikipedia
Fun
Difficult
Competitive
Frustration
Pressure
Sunday Night
Dont Worry
Denial
Secret Web Stuff
Forensics
Crypto Challenges
Reverse Engineering
Exploit Building
Network Security
Enterprise CTF
Linux
Windows
No defense team
Logs
Active Directory
User Awareness
Why the CTF
What did you learn
Pro tip
SQL injection
The real world
Blacklists
NorthSec 2013
Badges
Ask questions
Text addiction
Insecure stuff
People just started caring
Security wasnt a core requirement
Magical thinking
Youre crazy
Dont underestimate your attackers
PCI compliant
Easier to break
You never know
Reset your brain
Conclusion
Taught by
NorthSec
