Session Details

Honeypots, Cybercompetitions, and Bug Bounties  

Level :
Beginner
Interested : (-) - Registered : (-)

Presentation

Websites get hacked frequently, and most administrators cannot determine how the attacker got in. We are developing techniques to detect and prevent attacks usig deliberately vulnerable "honeypot" sites and watching the attacks on them. We use Tripwire, Dropbox, Twitter, crontab, and shell scripts to detect intrusions and rapidly exfiltrate the evidence to external servers. The evidence we gather helps us understand current real-world threats and methods. Cybercompetitions are extremely valuable to test and sharpen hacking skills, but they are typically too difficult for security beginners. We have found helpful training tools to guide and encourage students including PicoCTF, EasyCTF, and CTFtime. We now have a strong competitive hacking team, CCSF_HACKERS, competing in more than ten contest per semester. We also have an enthusiastic hacking club, including security students and coders, which is growing rapidly. Every website should offer bug bounties, or at least have a responsible discosure policy. This is easy to do, costs little or nothing, and greatly improves security. I'll explain how to do this and report the results of my own disclosure policy--students and other researchers have hacked me many times, getting into my email and Twitter accounts, rooting my servers, and adding harmless defacements to my Web sites. They all got my thanks and were placed on a Hall of Fame page. These people are heroes, helping me stay secure, not criminals or enemies.

The Speakers

img

Sam Bowne

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at CodeCamp, DEFCON, BayThreat, LayerOne, and Toorcon, and taught classes and seminars at many other schools and teaching conferences. He has a Ph.D. and a CISSP and a lot of other certifications, and a lot of computer and cables and firewalls and stuff.
  • Not Interested
  • Interested

SPONSORS List