SlideShare uma empresa Scribd logo

A journey through an INFOSEC labyrinth: Lessons on security through entrepreneurship

Transferir como ODP, PDF
Avădănei Andrei
Avădănei Andrei

Andrei Avădănei presented on his journey in information security and entrepreneurship. Some key points included: 1. He founded the security conference DefCamp in 2011 and the Cyber Security Research Center in Romania (CCSIR) to promote the local security community and industry. 2. Through DefCamp, he aimed to connect smart security professionals in Romania and worldwide through informal talks, competitions, and networking events. 3. His lessons emphasized an offensive security mindset, iterating on ideas through failures, building honeypots and backups, and staying responsive to feedback to improve. 4. He believes the black hat/white hat distinction is oversimplified and professionals can create positive impact

Tecnologia
1 de 30
A journey through an INFOSEC labyrinth Andrei Avădănei Founder & CEO DefCamp contact@defcamp.ro
After this presentation... ➲ You won't be a better hacker ➲ You won't learn how to break things (if you are a cop, please leave the room, it's nothing interesting here) ➲ You won't learn how to make a conference ➲ You won't learn how to become $$_$$ ➲ You will learn IDEAS
Summary ➲ About me ➲ Security through entrepreneurship ➲ DefCamp ➲ CCSIR ➲ Q&A all the time. :-)
About me ➲ Founder & CEO of DefCamp ➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :)). ➲ Founder CCSIR ➲ Community manager @worldit.info ➲ Vice President at GREPIT ➲ Volunteer at BitDefender Romania ➲ Great results at several thousands national and international competitions ➲ and others.
History ➲ 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. The community evolved and I along with it ➲ 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history. ➲ 2009 - founded worldit.info. 2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendees from Romania. ➲ March 2011 – DefCamp idea sparked my brain. ➲ September 2011 – DefCamp @Bran (~70 attendees) ➲ December 2011 – DefCamp @Iasi. (~150 attendees) ➲ November 2012 – Founded CCSIR. ➲ December 2012 – DefCamp @Bucharest. (~200 attendees) ➲ During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc). ➲ … and many others.
Lesson #1.337 Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed! Disclaimer : ➲ That was my short story … ➲ The whole story is for my future nephews. :-) ➲ In reality there are many IFs, you know those statements from computer science courses ^_^
Lesson #2 If you are a good sniffer it's hard to fail! Listen all complaints of your friends circle and scale their frustration into projects!
Lesson #3 Build a honeypot, log and parse all the traffic. You'll catch a 0day ! Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
Lesson #4 Share wisely! Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
Lesson #5 Create backups in the cloud! You should ALWAYS have an ace up your sleeve!
Lesson #6 Encrypt your data! Sometimes is better to shut your mouth up and weight your words!
Lesson #7 Tunnel your traffic! Monitor how and where your words/projects/ideas are spreading for a better privacy.
Lesson #8 Stay up to date and upgrade if needed! Iterate, iterate, iterate!
Lesson #9 Be prepared to get hacked! Be prepared to fail. I was hacked several times in my history and here I am.
Lesson #10 Be responsive Build, listen your feedback, change, listen your feedback and so on...
Summary Security through entrepreneurship ➲ 1. Offensive security is better than defensive security! ➲ 2. If you are a good sniffer it's hard to fail! ➲ 3. Build a honeypot, log and parse all the traffic. You'll catch a 0day! ➲ 4. Share wisely! ➲ 5. Create backups in the cloud! ➲ 6. Encrypt your data! ➲ 7. Tunnel your traffic! ➲ 8. Stay up to date and upgrade if needed! ➲ 9. Be prepared to get hacked! ➲ 10. Be responsive.
Ok, great, I'm not done...yet
DefCamp ➲ IT Security & Hacking Conference ➲ Informal talks ➲ Connect smart guys from Romania and World Wide ➲ Experience exchange, connect with people, innovate ➲ Building a platform for launching and promoting local industry enthusiasts to the world ➲ DCTF, Wall of Sheep ➲ Three editions 'till now (Bran, Iasi, Bucharest) ➲ More to come
Boring, right?
But, what about... Offline SQL Injection Offline check-in system Private parties
Or, why not ... Passion, competitions, experience exchange After parties results flirting with the shooter :> Hacker girls :X
Or even more... Sharing Mass-media Protection Great audience
Why DefCamp? ➲ Because we care about passion ➲ We are not business guys but are trying to make a business from passion ➲ We have great speakers world wide, a smart audience, cool parties, hot chicks and black hats! :-) ➲ You can find a job (for ex. KPMG this year con), you can find friends, experience, resources ➲ You find 0days, vulnerabilities, showoffs, POCs, practical and theoritical talks ➲ We have something for everybody but you should learn where to look. ➲ We are not give everything, but you can get all by yourself ➲ ….
CCSIR ➲ Cyber Security Research Center from Romania (Centrul de Cercetare in Securitate Informatica din Romania) ➲ Projects ➲ Security Communication platform ➲ Security research ➲ Tracking ➲ Experience exchange ➲ International partnerships ➲ Do we have something like this in Romania!?!? We don't. ➲ ccsir.ro will be our public interface
Last but not least – some ideas ➲ Why Romania? It's a good place to start scalable projects. ➲ Try to predict the unpredictable and have a backup plan for unknown. ➲ Quality is very important, the money will come.. ➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc) ➲ Merge these stuff in an unusual way to create new things ➲ You cannot build something revolutionary, but you could build something different based on others experience ➲ Be honest, be crazy, believe in you and in your instincts ➲ Build a network of inputs around you and learn how to output only the important bit ➲ Pay attention to the people who listen more and talk less, they might be the next star ➲ Create small things step by step and thing big, now it depends about your legs length :P ➲ ➲ ➲ ...and most important, be persistent!
Bonus : Black hat vs White Hat vs W/E Color Hat ➲ It's a bullshit (B U L L S H I T), only a buzz word ➲ We hate when hackers are considered thieves ➲ I believe that there isn't any pure black hat or white hat ➲ … but there is a mix of variables that can tag you on a specific time in a side or another ➲ You can create great things in the INFOSEC field in a professional way ➲ CCSIR might be a good approach for making proffesional research
Thank you!
Now, who wants to drink a beer in the neighborhood ?:-)

Recomendados

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experienceAvădănei Andrei
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Kit O'Connell
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Kit O'Connell
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security onlineChristopherTalib
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)ClubHack
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber DefensePaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesjerryorr
 

Recomendados

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experienceAvădănei Andrei
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Kit O'Connell
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Kit O'Connell
 
Manage your privacy and security online
Manage your privacy and security onlineManage your privacy and security online
Manage your privacy and security onlineChristopherTalib
 
Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)Mantra hack3rs browser (abhi-m)
Mantra hack3rs browser (abhi-m)ClubHack
 
Practical Cyber Defense
Practical Cyber DefensePractical Cyber Defense
Practical Cyber DefensePaul Dutot IEng MIET MBCS CITP OSCP CSTM
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
Turn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesTurn your spaghetti code into ravioli with JavaScript modules
Turn your spaghetti code into ravioli with JavaScript modulesjerryorr
 
Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Christian Heilmann
 
Let's interface
Let's interfaceLet's interface
Let's interfaceChristian Heilmann
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdfPaul Woodhead
 
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Paul Culmsee
 
Information Security for startups
Information Security for startupsInformation Security for startups
Information Security for startupsStijn Vande Casteele
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?Chandrapal Badshah
 
Where Bad Code Comes From
Where Bad Code Comes FromWhere Bad Code Comes From
Where Bad Code Comes FromMarcin Floryan
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Codemotion
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Christian Heilmann
 
Touchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesTouchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesVisnja Milidragovic
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloChristian Heilmann
 
Audrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAudrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAgile Lietuva
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Yulia Ovchinnikova
 
Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Lele Canfora
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays
 
10 Career Tips for Software Developers
10 Career Tips for Software Developers10 Career Tips for Software Developers
10 Career Tips for Software DevelopersCory Miller
 
Killing the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteKilling the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteChristian Heilmann
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?Christopher Grayson
 
Nordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapNordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapTeppo Kotirinta
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp
 
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableAvădănei Andrei
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins ScannerAvădănei Andrei
 

Mais conteúdo relacionado

Semelhante a A journey through an INFOSEC labyrinth: Lessons on security through entrepreneurship

Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Christian Heilmann
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdfPaul Woodhead
 
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Paul Culmsee
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?Chandrapal Badshah
 
Where Bad Code Comes From
Where Bad Code Comes FromWhere Bad Code Comes From
Where Bad Code Comes FromMarcin Floryan
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Codemotion
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Christian Heilmann
 
Touchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesTouchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesVisnja Milidragovic
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloChristian Heilmann
 
Audrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAudrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAgile Lietuva
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Yulia Ovchinnikova
 
Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Lele Canfora
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays
 
10 Career Tips for Software Developers
10 Career Tips for Software Developers10 Career Tips for Software Developers
10 Career Tips for Software DevelopersCory Miller
 
Killing the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteKilling the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteChristian Heilmann
 
Nordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapNordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapTeppo Kotirinta
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp
 

Semelhante a A journey through an INFOSEC labyrinth: Lessons on security through entrepreneurship (20)

Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010Reasons to be cheerful - Fronteers 2010
Reasons to be cheerful - Fronteers 2010
 
Let's interface
Let's interfaceLet's interface
Let's interface
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
 
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
Escaping the Knowledge Management Black Hole: New Approaches to Leveraging Or...
 
Information Security for startups
Information Security for startupsInformation Security for startups
Information Security for startups
 
How to get started in InfoSec ?
How to get started in InfoSec ?How to get started in InfoSec ?
How to get started in InfoSec ?
 
Where Bad Code Comes From
Where Bad Code Comes FromWhere Bad Code Comes From
Where Bad Code Comes From
 
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
Christian Heilmann - Seven Things to Do to Make You a Happier JavaScript Deve...
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"
 
Touchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: NotesTouchpoint 2012 Symposium on Interaction Design: Notes
Touchpoint 2012 Symposium on Interaction Design: Notes
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC Oslo
 
Audrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharingAudrys kažukauskas Agile offsharing
Audrys kažukauskas Agile offsharing
 
Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21Hudson Valley DevFest 2021 / HVTechFest'21
Hudson Valley DevFest 2021 / HVTechFest'21
 
Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.Make your code talk! a radically new way to create, share and find information.
Make your code talk! a radically new way to create, share and find information.
 
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
apidays Paris 2022 - Let’s not make the diversity mistake in NoCode, Manon Me...
 
10 Career Tips for Software Developers
10 Career Tips for Software Developers10 Career Tips for Software Developers
10 Career Tips for Software Developers
 
Killing the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynoteKilling the golden calf of coding - We are Developers keynote
Killing the golden calf of coding - We are Developers keynote
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
 
Nordkapp dConstruct09 Recap
Nordkapp dConstruct09 RecapNordkapp dConstruct09 Recap
Nordkapp dConstruct09 Recap
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
 

Mais de Avădănei Andrei

Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableAvădănei Andrei
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Avădănei Andrei
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscurityAvădănei Andrei
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentareAvădănei Andrei
 

Mais de Avădănei Andrei (10)

Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
 
Polish the Wheel
Polish the WheelPolish the Wheel
Polish the Wheel
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
 
SmartFender
SmartFenderSmartFender
SmartFender
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentare
 
Spaghetti Code vs MVC
Spaghetti Code vs MVCSpaghetti Code vs MVC
Spaghetti Code vs MVC
 

Último

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 

A journey through an INFOSEC labyrinth: Lessons on security through entrepreneurship

  • 1. A journey through an INFOSEC labyrinth Andrei Avădănei Founder & CEO DefCamp contact@defcamp.ro
  • 2. After this presentation... ➲ You won't be a better hacker ➲ You won't learn how to break things (if you are a cop, please leave the room, it's nothing interesting here) ➲ You won't learn how to make a conference ➲ You won't learn how to become $$_$$ ➲ You will learn IDEAS
  • 3. Summary ➲ About me ➲ Security through entrepreneurship ➲ DefCamp ➲ CCSIR ➲ Q&A all the time. :-)
  • 4. About me ➲ Founder & CEO of DefCamp ➲ … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :)). ➲ Founder CCSIR ➲ Community manager @worldit.info ➲ Vice President at GREPIT ➲ Volunteer at BitDefender Romania ➲ Great results at several thousands national and international competitions ➲ and others.
  • 5. History ➲ 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. The community evolved and I along with it ➲ 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history. ➲ 2009 - founded worldit.info. 2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendees from Romania. ➲ March 2011 – DefCamp idea sparked my brain. ➲ September 2011 – DefCamp @Bran (~70 attendees) ➲ December 2011 – DefCamp @Iasi. (~150 attendees) ➲ November 2012 – Founded CCSIR. ➲ December 2012 – DefCamp @Bucharest. (~200 attendees) ➲ During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc). ➲ … and many others.
  • 6. Lesson #1.337 Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed! Disclaimer : ➲ That was my short story … ➲ The whole story is for my future nephews. :-) ➲ In reality there are many IFs, you know those statements from computer science courses ^_^
  • 7. Lesson #2 If you are a good sniffer it's hard to fail! Listen all complaints of your friends circle and scale their frustration into projects!
  • 8. Lesson #3 Build a honeypot, log and parse all the traffic. You'll catch a 0day ! Listen all your friends ideas, iterate them and store them. Sooner or later you will concat!
  • 9. Lesson #4 Share wisely! Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert.
  • 10. Lesson #5 Create backups in the cloud! You should ALWAYS have an ace up your sleeve!
  • 11. Lesson #6 Encrypt your data! Sometimes is better to shut your mouth up and weight your words!
  • 12. Lesson #7 Tunnel your traffic! Monitor how and where your words/projects/ideas are spreading for a better privacy.
  • 13. Lesson #8 Stay up to date and upgrade if needed! Iterate, iterate, iterate!
  • 14. Lesson #9 Be prepared to get hacked! Be prepared to fail. I was hacked several times in my history and here I am.
  • 15. Lesson #10 Be responsive Build, listen your feedback, change, listen your feedback and so on...
  • 16. Summary Security through entrepreneurship ➲ 1. Offensive security is better than defensive security! ➲ 2. If you are a good sniffer it's hard to fail! ➲ 3. Build a honeypot, log and parse all the traffic. You'll catch a 0day! ➲ 4. Share wisely! ➲ 5. Create backups in the cloud! ➲ 6. Encrypt your data! ➲ 7. Tunnel your traffic! ➲ 8. Stay up to date and upgrade if needed! ➲ 9. Be prepared to get hacked! ➲ 10. Be responsive.
  • 17. Ok, great, I'm not done...yet
  • 18. DefCamp ➲ IT Security & Hacking Conference ➲ Informal talks ➲ Connect smart guys from Romania and World Wide ➲ Experience exchange, connect with people, innovate ➲ Building a platform for launching and promoting local industry enthusiasts to the world ➲ DCTF, Wall of Sheep ➲ Three editions 'till now (Bran, Iasi, Bucharest) ➲ More to come
  • 20. But, what about... Offline SQL Injection Offline check-in system Private parties
  • 21. Or, why not ... Passion, competitions, experience exchange After parties results flirting with the shooter :> Hacker girls :X
  • 22. Or even more... Sharing Mass-media Protection Great audience
  • 23. Why DefCamp? ➲ Because we care about passion ➲ We are not business guys but are trying to make a business from passion ➲ We have great speakers world wide, a smart audience, cool parties, hot chicks and black hats! :-) ➲ You can find a job (for ex. KPMG this year con), you can find friends, experience, resources ➲ You find 0days, vulnerabilities, showoffs, POCs, practical and theoritical talks ➲ We have something for everybody but you should learn where to look. ➲ We are not give everything, but you can get all by yourself ➲ ….
  • 24.
  • 25. CCSIR ➲ Cyber Security Research Center from Romania (Centrul de Cercetare in Securitate Informatica din Romania) ➲ Projects ➲ Security Communication platform ➲ Security research ➲ Tracking ➲ Experience exchange ➲ International partnerships ➲ Do we have something like this in Romania!?!? We don't. ➲ ccsir.ro will be our public interface
  • 26.
  • 27. Last but not least – some ideas ➲ Why Romania? It's a good place to start scalable projects. ➲ Try to predict the unpredictable and have a backup plan for unknown. ➲ Quality is very important, the money will come.. ➲ Try to learn different stuff (tech, marketing, sales, laws, communication etc) ➲ Merge these stuff in an unusual way to create new things ➲ You cannot build something revolutionary, but you could build something different based on others experience ➲ Be honest, be crazy, believe in you and in your instincts ➲ Build a network of inputs around you and learn how to output only the important bit ➲ Pay attention to the people who listen more and talk less, they might be the next star ➲ Create small things step by step and thing big, now it depends about your legs length :P ➲ ➲ ➲ ...and most important, be persistent!
  • 28. Bonus : Black hat vs White Hat vs W/E Color Hat ➲ It's a bullshit (B U L L S H I T), only a buzz word ➲ We hate when hackers are considered thieves ➲ I believe that there isn't any pure black hat or white hat ➲ … but there is a mix of variables that can tag you on a specific time in a side or another ➲ You can create great things in the INFOSEC field in a professional way ➲ CCSIR might be a good approach for making proffesional research
  • 30. Now, who wants to drink a beer in the neighborhood ?:-)