Presentation is loading. Please wait.

Presentation is loading. Please wait.

2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd.

Similar presentations

Presentation on theme: "2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd."— Presentation transcript:


2 2

3 root@labla/# whoami

4 The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd. Writing code for fun and food. And security enthusiastic Twitter:@nahidupa

5 What is the event all about? Computer security? Information security? Cyber Security? Is it a game? Are we going to learn hacking? 5

6 Capture The Flag(CTF) In computer security, Capture the Flag (CTF) is a computer security wargame. Each team is given a machine (or small network) to defend on an isolated network.--wikipedia 6

7 Its not just a competition… more than it… HOW? 7

8 8

9 9

10 The domain is giant 10

11 If you want to be a Penetration Tester 11 A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders with authorize by the owner of that system.securitycomputer systemnetwork

12 Prerequisites 1. Good understanding network architecture. 2. How modern operating system work and system administration. 3. Application/Database/Service how they designed and work. 12

13 Penetration testing Penetration testing methodology Information Gathering/Reconnaissance Scanning/Enumeration Vulnerability Identification Exploitation Report 13

14 Tools and tactics Do not reinvent the wheel…Use existing tools But do not just depends on Tools/Scripts…In some case you have to write your own 14

15 Books 15

16 If you want to be a Malware Analyst 16

17 Kick start Basic Static Analysis Basic Dynamic Analysis 17

18 Lab Setup 18

19 Collect sample Hashing: A Fingerprint for Malware Look like-- 373e7a863a1a345c60edb9e20ec3231 pic.php?f=16&t=308 19

20 Sysinternals tools 20 Tcpview.exe Procexp.exe Procmon.exe

21 Reverse engineering ollydbg Immunity debugger Ida Pro 21

22 Books 22

23 If you want to be a Vulnerability Researcher 23

24 Common techniques Fuzzing Code review Disassemblers Debuggers 24

25 25

26 26 Books

27 27 If you want to be a Exploit Developer

28 Prerequisites Programming Assembly Memory management Windows/*nix internal Kernel 28

29 29 Books

30 30 If you want to be a Forensic Analyst

31 31 Books

32 32 Coolest Jobs in Information Security #1 Information Security Crime Investigator/Forensics Expert #2 System, Network, and/or Web Penetration Tester #3 Forensic Analyst #4 Incident Responder #5 Security Architect #6 Malware Analyst #7 Network Security Engineer #8 Security Analyst #9 Computer Crime Investigator #10 CISO/ISO or Director of Security #11 Application Penetration Tester #12 Security Operations Center Analyst #13 Prosecutor Specializing in Information Security Crime #14 Technical Director and Deputy CISO #15 Intrusion Analyst #16 Vulnerability Researcher/ Exploit Developer #17 Security Auditor #18 Security-savvy Software Developer #19 Security Maven in an Application Developer Organization #20 Disaster Recovery/Business Continuity Analyst/Manager

33 But you have only one life 33

34 Just become a learning machine 34

35 Here comes community Collaborative learning 35

36 36

37 About OWASP OWASP’s mission is “to make application security visible, so that people and organizations can make informed decisions about true application” Attacker not use black art to exploit your application

38 OWASP Bangladesh Bangladeshi community of Security professional Globally recognized Open for all Free for all What do we have to offer? Monthly Meetings Mailing List Presentations & Groups Open Forums for Discussion Vendor Neutral Environments

39 220 Chapters 39

40 Our Successes OWASP Tools and Documentation: ~15,000 downloads (per month) ~30,000 unique visitors (per month) ~2 million website hits (per month) OWASP Chapters are blossoming worldwide 1500+ OWASP Members in active chapters worldwide 20,000+ participants OWASP AppSec Conferences: Chicago, New York, London, Washington D.C, Brazil, China, Germany, more… Distributed content portal 100+ authors for tools, projects, and chapters OWASP and its materials are used, recommended and referenced by many government, standards and industry organizations. 40

41 Conferences 41

42 Download Get OWASP Books

43 Ok enough ! Can you please tell me what I need to do today?


45 Questions. 1. A question from cryptography. (300 points) 2. A question from malware analysis. (not that much hardcore as it sound) (150 points) 3. A forensic analysis ( The easiest question of the contest) (50 points) 45

46 Final Questions. 1. A server named GetRoot_v00t will be given. (500 points) 2. Another server named GetRoot_Drag0n will be given. (1000 points) Both server is taken down from live, because it is suspected as compromised by attacker and the attacker changed its root password. So your job is to recover the root access of those server as well as create a report of what venerability those server has to the judges. 46

47 Rules You must run the given Virtual machine only in NATed mode. Take Screenshots in each success steps include them to a document. You can ask judge for clue to solve a problem with sacrificing some point(s). It's will be totally depending on judge how much point he will deduct for the clue before he give the clue he will tell you how much point will be deducted. This rule because this type contest is new will not be available in future. You are suppose to work with given machine(vmware), Any type of activity that might be destructive for lab setup or host machine or any type of destructive activity using lab internet is strictly forbidden. If any team do such activity, the team cannot continue the contest anymore also IUT will take legal action about such activity. You should stay around your work station until it not require to move. 47

48 We select the winner according the following criteria (We will do partial marking.) 1.How many points the participants has (scoring). 2.How complete the solutions are (quality). 3. Creativity, Geek Factor. 48

49 Not End! Open question hands on 49

Download ppt "2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd."

Similar presentations

Ads by Google