SlideShare uma empresa Scribd logo

A journey through an INFOSEC labyrinth

Transferir como ODP, PDF
Avădănei Andrei
Avădănei Andrei

Andrei Avădănei presented on his journey in information security and entrepreneurship. Some key points included: 1. He founded the security conference DefCamp in 2011 and the Cyber Security Research Center in Romania (CCSIR) to promote the local security community and industry. 2. Through DefCamp, he aimed to connect smart security professionals in Romania and worldwide through informal talks, competitions, and networking events. 3. His lessons emphasized an offensive security mindset, iterating on ideas through failures, building honeypots and backups, and staying responsive to feedback to improve. 4. He believes the black hat/white hat distinction is oversimplified and professionals can create positive impact

Tecnologia
1 de 30
A journey through an INFOSEC labyrinth Andrei Avădănei Founder & CEO DefCamp contact@defcamp.ro
After this presentation... ➲ You won't be a better hacker ➲ You won't learn how to break things (if you are a cop, please leave the room, it's nothing interesting here) ➲ You won't learn how to make a conference ➲ You won't learn how to become $$_$$ ➲ You will learn IDEAS
Summary ➲ About me ➲ Security through entrepreneurship ➲ DefCamp ➲ CCSIR ➲ Q&A all the time. :-)
About me ➲ Founder & CEO of DefCamp ➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :)). ➲ Founder CCSIR ➲ Community manager @worldit.info ➲ Vice President at GREPIT ➲ Volunteer at BitDefender Romania ➲ Great results at several thousands national and international competitions ➲ and others.
History ➲ 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. The community evolved and I along with it ➲ 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history. ➲ 2009 - founded worldit.info. 2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendees from Romania. ➲ March 2011 – DefCamp idea sparked my brain. ➲ September 2011 – DefCamp @Bran (~70 attendees) ➲ December 2011 – DefCamp @Iasi. (~150 attendees) ➲ November 2012 – Founded CCSIR. ➲ December 2012 – DefCamp @Bucharest. (~200 attendees) ➲ During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc). ➲ … and many others.
Lesson #1.337 Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed! Disclaimer : ➲ That was my short story … ➲ The whole story is for my future nephews. :-) ➲ In reality there are many IFs, you know those statements from computer science courses ^_^
Lesson #2 If you are a good sniffer it's hard to fail! Listen all complaints of your friends circle and scale their frustration into projects!
Lesson #3 Build a honeypot, log and parse all the traffic. You'll catch a 0day ! Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
Lesson #4 Share wisely! Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
Lesson #5 Create backups in the cloud! You should ALWAYS have an ace up your sleeve!
Lesson #6 Encrypt your data! Sometimes is better to shut your mouth up and weight your words!
Lesson #7 Tunnel your traffic! Monitor how and where your words/projects/ideas are spreading for a better privacy.
Lesson #8 Stay up to date and upgrade if needed! Iterate, iterate, iterate!
Lesson #9 Be prepared to get hacked! Be prepared to fail. I was hacked several times in my history and here I am.
Lesson #10 Be responsive Build, listen your feedback, change, listen your feedback and so on...
Summary Security through entrepreneurship ➲ 1. Offensive security is better than defensive security! ➲ 2. If you are a good sniffer it's hard to fail! ➲ 3. Build a honeypot, log and parse all the traffic. You'll catch a 0day! ➲ 4. Share wisely! ➲ 5. Create backups in the cloud! ➲ 6. Encrypt your data! ➲ 7. Tunnel your traffic! ➲ 8. Stay up to date and upgrade if needed! ➲ 9. Be prepared to get hacked! ➲ 10. Be responsive.
Ok, great, I'm not done...yet
DefCamp ➲ IT Security & Hacking Conference ➲ Informal talks ➲ Connect smart guys from Romania and World Wide ➲ Experience exchange, connect with people, innovate ➲ Building a platform for launching and promoting local industry enthusiasts to the world ➲ DCTF, Wall of Sheep ➲ Three editions 'till now (Bran, Iasi, Bucharest) ➲ More to come
Boring, right?
But, what about... Offline SQL Injection Offline check-in system Private parties
Or, why not ... Passion, competitions, experience exchange After parties results flirting with the shooter :> Hacker girls :X
Or even more... Sharing Mass-media Protection Great audience
Why DefCamp? ➲ Because we care about passion ➲ We are not business guys but are trying to make a business from passion ➲ We have great speakers world wide, a smart audience, cool parties, hot chicks and black hats! :-) ➲ You can find a job (for ex. KPMG this year con), you can find friends, experience, resources ➲ You find 0days, vulnerabilities, showoffs, POCs, practical and theoritical talks ➲ We have something for everybody but you should learn where to look. ➲ We are not give everything, but you can get all by yourself ➲ ….
CCSIR ➲ Cyber Security Research Center from Romania (Centrul de Cercetare in Securitate Informatica din Romania) ➲ Projects ➲ Security Communication platform ➲ Security research ➲ Tracking ➲ Experience exchange ➲ International partnerships ➲ Do we have something like this in Romania!?!? We don't. ➲ ccsir.ro will be our public interface
Last but not least – some ideas ➲ Why Romania? It's a good place to start scalable projects. ➲ Try to predict the unpredictable and have a backup plan for unknown. ➲ Quality is very important, the money will come.. ➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc) ➲ Merge these stuff in an unusual way to create new things ➲ You cannot build something revolutionary, but you could build something different based on others experience ➲ Be honest, be crazy, believe in you and in your instincts ➲ Build a network of inputs around you and learn how to output only the important bit ➲ Pay attention to the people who listen more and talk less, they might be the next star ➲ Create small things step by step and thing big, now it depends about your legs length :P ➲ ➲ ➲ ...and most important, be persistent!
Bonus : Black hat vs White Hat vs W/E Color Hat ➲ It's a bullshit (B U L L S H I T), only a buzz word ➲ We hate when hackers are considered thieves ➲ I believe that there isn't any pure black hat or white hat ➲ … but there is a mix of variables that can tag you on a specific time in a side or another ➲ You can create great things in the INFOSEC field in a professional way ➲ CCSIR might be a good approach for making proffesional research
Thank you!
Now, who wants to drink a beer in the neighborhood ?:-)

Recomendados

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
Avădănei Andrei
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)
Kit O'Connell
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)
Kit O'Connell
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
ChristopherTalib
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)
ClubHack
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber Defense
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
IT-oLogy
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modules
jerryorr
 

Recomendados

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
Avădănei Andrei
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)
Kit O'Connell
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)
Kit O'Connell
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security online
ChristopherTalib
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)
ClubHack
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber Defense
Paul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
IT-oLogy
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modules
jerryorr
 
Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010
Christian Heilmann
 
Let's interface
Let's interfaceLet's interface
Let's interface
Christian Heilmann
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
Paul Woodhead
 
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Paul Culmsee
 
Information Security for startups
Information Security for startupsInformation Security for startups
Information Security for startups
Stijn Vande Casteele
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
Chandrapal Badshah
 
Where Bad Code Comes From
Where Bad Code Comes FromWhere Bad Code Comes From
Where Bad Code Comes From
Marcin Floryan
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Codemotion
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"
Christian Heilmann
 
Touchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesTouchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: Notes
Visnja Milidragovic
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC Oslo
Christian Heilmann
 
Audrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAudrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharing
Agile Lietuva
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21
Yulia Ovchinnikova
 
Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.
Lele Canfora
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays
 
10 Career Tips for Software Developers
10 Career Tips for Software Developers10 Career Tips for Software Developers
10 Career Tips for Software Developers
Cory Miller
 
Killing the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteKilling the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynote
Christian Heilmann
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 
Nordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapNordkapp dConstruct09 Recap
Nordkapp dConstruct09 Recap
Teppo Kotirinta
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
Avădănei Andrei
 
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Avădănei Andrei
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
Avădănei Andrei
 

Mais conteúdo relacionado

Semelhante a A journey through an INFOSEC labyrinth

Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Paul Culmsee
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21
Yulia Ovchinnikova
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays
 

Semelhante a A journey through an INFOSEC labyrinth (20)

Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010
 
Let's interface
Let's interfaceLet's interface
Let's interface
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
 
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
 
Information Security for startups
Information Security for startupsInformation Security for startups
Information Security for startups
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
 
Where Bad Code Comes From
Where Bad Code Comes FromWhere Bad Code Comes From
Where Bad Code Comes From
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"
 
Touchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesTouchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: Notes
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC Oslo
 
Audrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAudrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharing
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21
 
Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
 
10 Career Tips for Software Developers
10 Career Tips for Software Developers10 Career Tips for Software Developers
10 Career Tips for Software Developers
 
Killing the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteKilling the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynote
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
 
Nordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapNordkapp dConstruct09 Recap
Nordkapp dConstruct09 Recap
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
 

Mais de Avădănei Andrei

Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
Avădănei Andrei
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
Avădănei Andrei
 

Mais de Avădănei Andrei (9)

Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
 
Polish the Wheel
Polish the WheelPolish the Wheel
Polish the Wheel
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
 
SmartFender
SmartFenderSmartFender
SmartFender
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentare
 
Spaghetti Code vs MVC
Spaghetti Code vs MVCSpaghetti Code vs MVC
Spaghetti Code vs MVC
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

A journey through an INFOSEC labyrinth

  • 1. A journey through an INFOSEC labyrinth Andrei Avădănei Founder & CEO DefCamp contact@defcamp.ro
  • 2. After this presentation... ➲ You won't be a better hacker ➲ You won't learn how to break things (if you are a cop, please leave the room, it's nothing interesting here) ➲ You won't learn how to make a conference ➲ You won't learn how to become $$_$$ ➲ You will learn IDEAS
  • 3. Summary ➲ About me ➲ Security through entrepreneurship ➲ DefCamp ➲ CCSIR ➲ Q&A all the time. :-)
  • 4. About me ➲ Founder & CEO of DefCamp ➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :)). ➲ Founder CCSIR ➲ Community manager @worldit.info ➲ Vice President at GREPIT ➲ Volunteer at BitDefender Romania ➲ Great results at several thousands national and international competitions ➲ and others.
  • 5. History ➲ 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. The community evolved and I along with it ➲ 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history. ➲ 2009 - founded worldit.info. 2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendees from Romania. ➲ March 2011 – DefCamp idea sparked my brain. ➲ September 2011 – DefCamp @Bran (~70 attendees) ➲ December 2011 – DefCamp @Iasi. (~150 attendees) ➲ November 2012 – Founded CCSIR. ➲ December 2012 – DefCamp @Bucharest. (~200 attendees) ➲ During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc). ➲ … and many others.
  • 6. Lesson #1.337 Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed! Disclaimer : ➲ That was my short story … ➲ The whole story is for my future nephews. :-) ➲ In reality there are many IFs, you know those statements from computer science courses ^_^
  • 7. Lesson #2 If you are a good sniffer it's hard to fail! Listen all complaints of your friends circle and scale their frustration into projects!
  • 8. Lesson #3 Build a honeypot, log and parse all the traffic. You'll catch a 0day ! Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
  • 9. Lesson #4 Share wisely! Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
  • 10. Lesson #5 Create backups in the cloud! You should ALWAYS have an ace up your sleeve!
  • 11. Lesson #6 Encrypt your data! Sometimes is better to shut your mouth up and weight your words!
  • 12. Lesson #7 Tunnel your traffic! Monitor how and where your words/projects/ideas are spreading for a better privacy.
  • 13. Lesson #8 Stay up to date and upgrade if needed! Iterate, iterate, iterate!
  • 14. Lesson #9 Be prepared to get hacked! Be prepared to fail. I was hacked several times in my history and here I am.
  • 15. Lesson #10 Be responsive Build, listen your feedback, change, listen your feedback and so on...
  • 16. Summary Security through entrepreneurship ➲ 1. Offensive security is better than defensive security! ➲ 2. If you are a good sniffer it's hard to fail! ➲ 3. Build a honeypot, log and parse all the traffic. You'll catch a 0day! ➲ 4. Share wisely! ➲ 5. Create backups in the cloud! ➲ 6. Encrypt your data! ➲ 7. Tunnel your traffic! ➲ 8. Stay up to date and upgrade if needed! ➲ 9. Be prepared to get hacked! ➲ 10. Be responsive.
  • 17. Ok, great, I'm not done...yet
  • 18. DefCamp ➲ IT Security & Hacking Conference ➲ Informal talks ➲ Connect smart guys from Romania and World Wide ➲ Experience exchange, connect with people, innovate ➲ Building a platform for launching and promoting local industry enthusiasts to the world ➲ DCTF, Wall of Sheep ➲ Three editions 'till now (Bran, Iasi, Bucharest) ➲ More to come
  • 20. But, what about... Offline SQL Injection Offline check-in system Private parties
  • 21. Or, why not ... Passion, competitions, experience exchange After parties results flirting with the shooter :> Hacker girls :X
  • 22. Or even more... Sharing Mass-media Protection Great audience
  • 23. Why DefCamp? ➲ Because we care about passion ➲ We are not business guys but are trying to make a business from passion ➲ We have great speakers world wide, a smart audience, cool parties, hot chicks and black hats! :-) ➲ You can find a job (for ex. KPMG this year con), you can find friends, experience, resources ➲ You find 0days, vulnerabilities, showoffs, POCs, practical and theoritical talks ➲ We have something for everybody but you should learn where to look. ➲ We are not give everything, but you can get all by yourself ➲ ….
  • 24.
  • 25. CCSIR ➲ Cyber Security Research Center from Romania (Centrul de Cercetare in Securitate Informatica din Romania) ➲ Projects ➲ Security Communication platform ➲ Security research ➲ Tracking ➲ Experience exchange ➲ International partnerships ➲ Do we have something like this in Romania!?!? We don't. ➲ ccsir.ro will be our public interface
  • 26.
  • 27. Last but not least – some ideas ➲ Why Romania? It's a good place to start scalable projects. ➲ Try to predict the unpredictable and have a backup plan for unknown. ➲ Quality is very important, the money will come.. ➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc) ➲ Merge these stuff in an unusual way to create new things ➲ You cannot build something revolutionary, but you could build something different based on others experience ➲ Be honest, be crazy, believe in you and in your instincts ➲ Build a network of inputs around you and learn how to output only the important bit ➲ Pay attention to the people who listen more and talk less, they might be the next star ➲ Create small things step by step and thing big, now it depends about your legs length :P ➲ ➲ ➲ ...and most important, be persistent!
  • 28. Bonus : Black hat vs White Hat vs W/E Color Hat ➲ It's a bullshit (B U L L S H I T), only a buzz word ➲ We hate when hackers are considered thieves ➲ I believe that there isn't any pure black hat or white hat ➲ … but there is a mix of variables that can tag you on a specific time in a side or another ➲ You can create great things in the INFOSEC field in a professional way ➲ CCSIR might be a good approach for making proffesional research
  • 30. Now, who wants to drink a beer in the neighborhood ?:-)