Learning From the Underground at Defcon

1
Learning From the Underground at Defcon

• Jonathan Taylor, CISSP
• Enterprise Security Engineer, Sutter Health
• http//www.sutterhealth.org
• Jesse Daguanno
• Senior Developer/Systems Engineer JJRam LLC
• http//www.jjram.com

2
Defcon What is it?

• Oldest Underground Security Convention
• Defcon 11 August 1-3 2003 http//www.defcon.org
• Celebrate Information Security
• Respect good security
• Learn from the mistakes of bad security
• Speakers
• Games (official and unofficial)
• War Driving, Lock Picking, Hacker Jeopardy
• Network Capture the Flag (Root Fu)

3
Defcon Why do I attend?

• For me? I have a lot to learn
• Develop Better Risk Assessment Skills
• Risk (threats)(vulnerabilities)
• Controls
• Vulnerabilities and controls are easy to
  quantify, but REAL threats are difficult to
  discern.
• There is MUCH to learn from the underground
• and they WANT you to know.

4
Root Fu (CTF)

• Formerly called Network Capture the Flag
• Developed and run by Ghetto Hackers, 3-time CTF
  champs

• http//www.ghettohackers.net/rootfu/

5
Root Fu (Contd.)

• Isolated Network
• 8 Teams pitted against each other
• Protect your vulnerable game server from
  compromise by patching and defending
• Compromise your competitors and replace their
  digital certificates

6
Digital Revelation

• CTF Champs Defcon 9-10
• 12 Core Team Members
• Spread out from San Francisco to Washington DC
• Diverse Membership
• Department of Defense, Healthcare, Financial,
  K-12, College Students, Software Developers

7
Digital Revelation

• Competitions won
• Defcon 9 CTF (Merged with Ghetto)
• Defcon 10 CTF
• Interzone II Root Fu (Two team members)
• Defcon 11? We think so ?