Presentation is loading. Please wait.

Presentation is loading. Please wait.

2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd.

Published byAllen Ferguson Modified over 10 years ago

Similar presentations

Presentation on theme: "2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd."— Presentation transcript:

1

2 2

3 root@labla/# whoami

4 The OWASP Foundation http://www.owasp.org Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd. Writing code for fun and food. And security enthusiastic Twitter:@nahidupa

5 What is the event all about? Computer security? Information security? Cyber Security? Is it a game? Are we going to learn hacking? 5

6 Capture The Flag(CTF) In computer security, Capture the Flag (CTF) is a computer security wargame. Each team is given a machine (or small network) to defend on an isolated network.--wikipedia 6

7 Its not just a competition… more than it… HOW? 7

8 8

9 9

10 The domain is giant 10

11 If you want to be a Penetration Tester 11 A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders with authorize by the owner of that system.securitycomputer systemnetwork

12 Prerequisites 1. Good understanding network architecture. 2. How modern operating system work and system administration. 3. Application/Database/Service how they designed and work. 12

13 Penetration testing Penetration testing methodology Information Gathering/Reconnaissance Scanning/Enumeration Vulnerability Identification Exploitation Report 13

14 Tools and tactics Do not reinvent the wheel…Use existing tools But do not just depends on Tools/Scripts…In some case you have to write your own 14

15 Books 15

16 If you want to be a Malware Analyst 16

17 Kick start Basic Static Analysis Basic Dynamic Analysis 17

18 Lab Setup 18

19 Collect sample Hashing: A Fingerprint for Malware Look like-- 373e7a863a1a345c60edb9e20ec3231 http://www.kernelmode.info/forum/viewto pic.php?f=16&t=308 19

20 Sysinternals tools 20 Tcpview.exe Procexp.exe Procmon.exe

21 Reverse engineering ollydbg Immunity debugger Ida Pro 21

22 Books 22

23 If you want to be a Vulnerability Researcher 23

24 Common techniques Fuzzing Code review Disassemblers Debuggers 24

25 25

26 26 Books

27 27 If you want to be a Exploit Developer

28 Prerequisites Programming Assembly Memory management Windows/*nix internal Kernel 28

29 29 Books

30 30 If you want to be a Forensic Analyst

31 31 Books

32 32 Coolest Jobs in Information Security #1 Information Security Crime Investigator/Forensics Expert #2 System, Network, and/or Web Penetration Tester #3 Forensic Analyst #4 Incident Responder #5 Security Architect #6 Malware Analyst #7 Network Security Engineer #8 Security Analyst #9 Computer Crime Investigator #10 CISO/ISO or Director of Security #11 Application Penetration Tester #12 Security Operations Center Analyst #13 Prosecutor Specializing in Information Security Crime #14 Technical Director and Deputy CISO #15 Intrusion Analyst #16 Vulnerability Researcher/ Exploit Developer #17 Security Auditor #18 Security-savvy Software Developer #19 Security Maven in an Application Developer Organization #20 Disaster Recovery/Business Continuity Analyst/Manager

33 But you have only one life 33

34 Just become a learning machine 34

35 Here comes community Collaborative learning 35

36 36

37 About OWASP OWASP’s mission is “to make application security visible, so that people and organizations can make informed decisions about true application” Attacker not use black art to exploit your application

38 OWASP Bangladesh Bangladeshi community of Security professional Globally recognized Open for all Free for all What do we have to offer? Monthly Meetings Mailing List Presentations & Groups Open Forums for Discussion Vendor Neutral Environments

39 220 Chapters 39

40 Our Successes OWASP Tools and Documentation: ~15,000 downloads (per month) ~30,000 unique visitors (per month) ~2 million website hits (per month) OWASP Chapters are blossoming worldwide 1500+ OWASP Members in active chapters worldwide 20,000+ participants OWASP AppSec Conferences: Chicago, New York, London, Washington D.C, Brazil, China, Germany, more… Distributed content portal 100+ authors for tools, projects, and chapters OWASP and its materials are used, recommended and referenced by many government, standards and industry organizations. 40

41 Conferences 41

42 Download Get OWASP Books

43 Ok enough ! Can you please tell me what I need to do today?

44 WE DO NOT HAVE ANY PREPARATION

45 Questions. 1. A question from cryptography. (300 points) 2. A question from malware analysis. (not that much hardcore as it sound) (150 points) 3. A forensic analysis ( The easiest question of the contest) (50 points) 45

46 Final Questions. 1. A server named GetRoot_v00t will be given. (500 points) 2. Another server named GetRoot_Drag0n will be given. (1000 points) Both server is taken down from live, because it is suspected as compromised by attacker and the attacker changed its root password. So your job is to recover the root access of those server as well as create a report of what venerability those server has to the judges. 46

47 Rules You must run the given Virtual machine only in NATed mode. Take Screenshots in each success steps include them to a document. You can ask judge for clue to solve a problem with sacrificing some point(s). It's will be totally depending on judge how much point he will deduct for the clue before he give the clue he will tell you how much point will be deducted. This rule because this type contest is new will not be available in future. You are suppose to work with given machine(vmware), Any type of activity that might be destructive for lab setup or host machine or any type of destructive activity using lab internet is strictly forbidden. If any team do such activity, the team cannot continue the contest anymore also IUT will take legal action about such activity. You should stay around your work station until it not require to move. 47

48 We select the winner according the following criteria (We will do partial marking.) 1.How many points the participants has (scoring). 2.How complete the solutions are (quality). 3. Creativity, Geek Factor. 48

49 Not End! Open question hands on 49

Download ppt "2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd."

Similar presentations

Web Security Common security threats and hacking.

Web Security Common security threats and hacking.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
The OWASP Foundation ABC About me MOSHIUL ISLAM, CISA A: Information System Auditor B: Currently working for a Bank – EBL, IT Security.

The OWASP Foundation ABC About me MOSHIUL ISLAM, CISA A: Information System Auditor B: Currently working for a Bank – EBL, IT Security.
Hacking outside the box Mike Aiello. Objectives Describe jobs in “Infosec Discuss why communication is critically important to Infosec professionals.

Hacking outside the box Mike Aiello. Objectives Describe jobs in “Infosec" Discuss why communication is critically important to Infosec professionals.
MIS 3580 Defending Against Cyber Crime

MIS 3580 Defending Against Cyber Crime
This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.

This is a work of the U.S. Government and is not subject to copyright protection in the United States. The OWASP Foundation OWASP AppSec DC October 2005.
Alfred Thompson Microsoft Corporation Academic Relations Team.

Alfred Thompson Microsoft Corporation Academic Relations Team.
Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.

Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.
Herbert Bos Erik van der Kouwe Remco Vermeulen Andrei Bacs

Herbert Bos Erik van der Kouwe Remco Vermeulen Andrei Bacs
Certification and Training Presented by Sam Jeyandran.

Certification and Training Presented by Sam Jeyandran.
The OWASP Foundation AppSecEU11 Where we are.. Where we are going Tom Brennan, Eoin Keary, Seba Deleersnyder, Dave Wichers, Jeff Williams,

The OWASP Foundation AppSecEU11 Where we are.. Where we are going Tom Brennan, Eoin Keary, Seba Deleersnyder, Dave Wichers, Jeff Williams,
Confidentiality Integrity Accountability Communications Data Hardware Software Next.

Confidentiality Integrity Accountability Communications Data Hardware Software Next.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Www.issa.org1. 2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)

2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)
 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Similar presentations

Ads by Google