The LASCON Badge Game was back in 2018 and the feedback I received was that it was the best one so far. It started out with the following QR code on the back of the badge: Following that QR code took you to the URL https://pastebin.com/J61kDSe2. Viewing that URL gives you the following: V2VsY29tZSB0byB0aGUgTEFTQ09OIDIwMTggYmFkZ2UgZ2FtZSF= V2VsY29tZSB0byB0aGUgTEFTQ09OIDIwMTggYmFkZ2UgZ2FtZSE= […]
For those who don’t know, every year I put together a game that starts on the back of the LASCON badge. It’s typically some combination of crypto challenges alongside application security vulnerabilities with the goal of having it take somewhere around 1-3 hours, depending on experience, to complete. Those who complete the game are rewarded […]
The BSides Austin 2016 Mini-CTF began with the back of the badge. There was a large QR code which took a very long time for me to scan with my phone, and when I finally got it, it was just the numbers “07263584”. Not very useful. Below that, however, there was a string of letters and […]
Yesterday I finished competing in my first ever Capture The Flag (CTF) tournament. It was called Kommand and Kontroll Revenge of the Carders and was run by Rod Soto of Prolexic. I’m going to caveat this post by saying that this was my first ever CTF competition so I have absolutely no baseline of comparison. […]
The second CloudCamp in Austin is happening June 10. It’s an unconference about, of course, cloud computing. Read about it and sign up here! I missed the first one but loved OpsCamp so I’m going!
O’Reilly’s Velocity conference is the only generalized Web ops and performance conference out there. We really like it; you can go to various other conferences and have 10-20% of the content useful to you as a Web Admin, or you can go here and have most of it be relevant! They’ve been doing some interim […]
This presentation was by Jason Macy and Mamoon Yunus of Crosscheck Networks – Forum Systems. It wins the award (the one I just made up) for being the most vendor-oriented presentation at the conference. Not that it wasn’t an interesting presentation, but their solution to defend against most of the attacks was “Use an XML […]
This presentation was by Boaz Belboard, the Executive Director of Information Security for Wireless Generation and the Project Leader for the OWASP Security Spending Benchmarks Project. My notes are below: It does cost more to produce a secure product than an insecure product. Most people will still shop somewhere, go to a hospital, or enroll […]
This presentation was by Keith Turpin from The Boeing Company. About three years ago, all of Boeing’s assessments were coming from outsourced service providers. They realized that they were unable to have control over the people and process and had difficulties integrating the controls into the SDLC and decided to bring these functions in house. […]
This presentation was by Robert “RSnake” Hansen and was designed to be a fun conversation to have over drinks with security people. I feel privileged to have been one of those security people who he talked about this with beforehand. A very interesting topic about the non-obvious threats that may or may not exist. […]
