- Food, Drinks & Networking (20mins)
- Introduction & Announcement (10mins)
- "Building Cyber Ranges" by Donavan Cheah (45mins)
- "Fun with Wireshark" by Balasubramaniam Natarajan (45mins)
- Networking (Till Late)
VENUE SPONSOR: Cloudflare
F&B SPONSOR: Centurion Information Security
- Code of Conduct: https://www.div0.sg/code-of-conduct
- For onsite-security reasons, Cloudflare requires attendees to provide several information here:
BUILDING CYBER RANGES
Ever thought how these labs are being built? Let us try to approach this question from the perspective of both problem solver and creator. How can we train such skills from the perspective of a challenge setter? What goes through the mind of a challenge setter when setting a vulnerable machine? How do we then extrapolate this to cover an acceptable breadth and depth of skills to train our fellow cyber enthusiasts?
If you hope to find some perspectives to these questions, particularly from a penetration testing angle, I will give my personal take to these questions. Just as there is no perfect "cyber range" to train penetration testers, there is also no perfect take on this matter. My objective is to leave you with more questions to think about, and perhaps, muster some courage to build your own security challenges, hopefully with both a pedagogical angle to train penetration testers and an artistic angle to provide realistic simulations.
Note: This talk covers "how to think", not "what to think". I will not cover details on techniques required to build vulnerable machines, neither will I dwell too much time on automated vulnerable machine building and its limitations. The only pre-requisites for this talk is rough familiarity with penetration testing methodology, and a broad awareness on boot2root virtual machines. This is NOT a technical talk and is suitable for the general security enthusiast.
FUN WITH WIRESHARK
This topic is targeted towards Novice(college students) to intermediate users belonging to either an Information Security Team or Networks team. Things which will be covered includes Installing Wireshark, Knowing about its interface, Using filters, Following TCP conversation, extracting files. Time taken 30 to 45 mins. If participants are interested could extend for some more time.
DONAVAN CHEAH is currently a Senior Engineer at the Defence Science and Technology Agency (DSTA) in the Cybersecurity Programme Centre, though he studied Physics in his earlier days at NUS. His first foray into penetration testing began with the OSCP, and ever since, have fallen in love with breaking systems. Coupled with his past roles as a tutor, he has decided to also move into setting problems, not just solving them. The end result was building machines for an internal CTF, and then building more machines for the greater infosec community. Five of these machines are featured in Vulnhub. He also currently gives talks on cyber 101 through a more "attack-oriented" approach; showing the general public how cyber attacks can directly impact them, and then providing open-source recommendations to stay cyber-safe on the Internet.
BALASUBRAMANIAM NATARAJAN has over decade long experience in the field of Information Security, he likes to teach technical topics and loves to see the spark in peoples eyes once they understood a concept. :-)