Presentation is loading. Please wait.

Presentation is loading. Please wait.

Learning From the Underground at Defcon Jonathan Taylor, CISSP Enterprise Security Engineer, Sutter Health Jesse D’aguanno.

Published byRosemary Beasley Modified over 7 years ago

Similar presentations

Presentation on theme: "Learning From the Underground at Defcon Jonathan Taylor, CISSP Enterprise Security Engineer, Sutter Health Jesse D’aguanno."— Presentation transcript:

1 Learning From the Underground at Defcon Jonathan Taylor, CISSP Enterprise Security Engineer, Sutter Health http://www.sutterhealth.org Jesse D’aguanno Senior Developer/Systems Engineer JJRam LLC http://www.jjram.com

2 Defcon: What is it? Oldest “Underground” Security Convention Defcon 11 – August 1-3 2003 http://www.defcon.orghttp://www.defcon.org Celebrate Information Security Respect good security Learn from the mistakes of bad security Speakers Games (official and unofficial) War Driving, Lock Picking, Hacker Jeopardy Network Capture the Flag (Root Fu)

3 Defcon: Why do I attend? For me? I have a lot to learn Develop Better Risk Assessment Skills Risk = (threats)(vulnerabilities) Controls Vulnerabilities and controls are easy to quantify, but REAL threats are difficult to discern. There is MUCH to learn from the underground… …and they WANT you to know.

4 Root Fu (CTF) Formerly called Network Capture the Flag Developed and run by Ghetto Hackers, 3-time CTF champs http://www.ghettohackers.net/rootfu/

5 Root Fu (Contd.) Isolated Network 8 Teams pitted against each other Protect your vulnerable game server from compromise by patching and defending Compromise your competitors and replace their digital certificates

6 Digital Revelation CTF Champs – Defcon 9-10 12 Core Team Members Spread out from San Francisco to Washington DC Diverse Membership: Department of Defense, Healthcare, Financial, K-12, College Students, Software Developers

7 Digital Revelation Competitions won Defcon 9 CTF (Merged with Ghetto) Defcon 10 CTF Interzone II Root Fu (Two team members) Defcon 11? We think so

Download ppt "Learning From the Underground at Defcon Jonathan Taylor, CISSP Enterprise Security Engineer, Sutter Health Jesse D’aguanno."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Capture the Flag Games Measuring Skill with Hacking Contests By Riley Caezar Eller.

Capture the Flag Games Measuring Skill with Hacking Contests By Riley Caezar Eller.
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Cross Security Group Presented by: Thomas Carrozza Senior Systems Engineer.

Cross Security Group Presented by: Thomas Carrozza Senior Systems Engineer.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Computer Security Workshops Security 101 - Introduction, Central Principles and Concepts.

Computer Security Workshops Security Introduction, Central Principles and Concepts.
® © 2005 University HealthSystem Consortium UHC Powerpoint.ppt Cybersecurity for Medical Devices presented at the MedSun Audioconference by Catherine Sprague,

® © 2005 University HealthSystem Consortium UHC Powerpoint.ppt Cybersecurity for Medical Devices presented at the MedSun Audioconference by Catherine Sprague,
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Health Alert Network Vulnerability Assessment Protect against: Compromised information Lost productivity.

Health Alert Network Vulnerability Assessment Protect against: Compromised information Lost productivity.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Bruce Schneier Lanette Dowell November 25, 2009. Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.

Bruce Schneier Lanette Dowell November 25, Introduction  “It is insufficient to protect ourselves with laws; we need to protect ourselves with.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
CAPTURE THE FLAG (CTF) Maxim A. Kulakov (Vladimir State University)

CAPTURE THE FLAG (CTF) Maxim A. Kulakov (Vladimir State University)
Comp 8130 Presentation Security Testing Group Members: U4266680 Hui Chen U4242754 Ming Chen U4266538 Xiaobin Wang.

Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.

 Discovered in June/July 2010  Targeted Siemens software and equipment running Microsoft Windows  First malware for SCADA systems to spy and subvert.
Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.

Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
What is Next-Generation Disaster Recovery and Service Availability? Why do We Need it? Dan Smith Senior Manager, Solution Consulting and Engineering, GTSI.

What is Next-Generation Disaster Recovery and Service Availability? Why do We Need it? Dan Smith Senior Manager, Solution Consulting and Engineering, GTSI.
Information Security. What is Information Security? A. The quality of being secure B. To protect the confidentiality, integrity, and availability of information.

Information Security. What is Information Security? A. The quality of being secure B. To protect the confidentiality, integrity, and availability of information.

Similar presentations

Ads by Google