Play CTF! A Great Way to Learn Hacking - Fsec 2017

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=rfjV8XukxO8


Duration: 33:51
135,664 views
3,585

Abstract:
For many of us hacking means creativity - if you have ever witnessed a complex heap memory corruption exploit, you realise how close this is to art. But when we look at how IT security is taught, we often see uncreative memorisation of dangerous functions or generally a checklist approach. Nobody can understand or know everything in IT Security and isolation of topics only leads to interesting attack ideas being lost at the topic boundaries. Like in math we rather like to develop an intuition and understanding of underlying concepts that help us to adapt to any system we want to hack. Especially because the IT world is changing extremely fast and staying up-to-date is necessary.
I believe, for anybody who is interested in IT security, as well as developers who should write secure code, it’s important to train hacking creatively.

CTF (Capture The Flag) challenges are kind of like math puzzles for hackers - sometimes they are about exploiting basic issues and sometimes they are very esoteric. But they always require creative thinking. Security trainings, academic education and books will get you far enough to deliver good work, but I believe playing CTFs can make the difference between good or excellent work.

With this talk I want to motivate you to play CTFs and showcase various example challenge solutions, to show you stuff you hopefully haven't seen before and get you inspired to find more interesting vulnerabilities.

Fsec Conference: https://fsec.foi.hr
Recording and Editing by: https://twitter.com/Ministraitor

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://geni.us/ntg3b
→ Graphics tablet:* https://geni.us/wacom-intuos
→ Camera#1 for streaming:* https://geni.us/sony-camera
→ Lens for streaming:* https://geni.us/sony-lense
→ Connect Camera#1 to PC:* https://geni.us/cam-link
→ Keyboard:* https://geni.us/mech-keyboard
→ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF



Other Videos By LiveOverflow


2017-12-22Searching for Bitcoins in GitHub repositories with Google BigQuery
2017-12-15Adapting the 32bit exploit to 64bit for format4 - bin 0x27
2017-12-08Some thoughts on Mobile App Security - is it FUD?
2017-12-01format2 on a modern Ubuntu - bin 0x26
2017-11-27Looking for Feedback - Link to Survey in the Description
2017-11-24Stack grooming and 100% reliable exploit for format0 - bin 0x25
2017-11-17Playing around with a Format String vulnerability and ASLR. format0 - bin 0x24
2017-11-10RTMP Heap Overflow CVE-2016-10191 - Exploiting FFmpeg ft. Paul Cher
2017-11-04Analysis of CVE-2016-10190 - Exploiting FFmpeg ft. Paul Cher
2017-10-27First look at a simple PoC crash - Exploiting FFmpeg ft. Paul Cher
2017-10-20Play CTF! A Great Way to Learn Hacking - Fsec 2017
2017-10-17KRACK - Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
2017-10-13Using z3 to find a password and reverse obfuscated JavaScript - Fsec2017 CTF
2017-10-06Software Side-Channel attack on AES - White Box Unboxing 4/4 - RHme3 Qualifier
2017-09-29Some failed attack ideas - White Box Unboxing 3/4 - RHme3 Qualifier
2017-09-22TL;DR it's AES... - White Box Unboxing 2/4 - RHme3 Qualifier
2017-09-15Understanding the execution flow of the binary - White Box Unboxing 1/4 - RHme3 Qualifier
2017-09-10[Live] Reverse Engineering new PopUnder for Chrome 63 on Windows
2017-09-08†: Use-after-free with fast bins
2017-09-08Use-after-free and overwrite entry in GOT - Exploitation part 2/2 - RHme3 Qualifier
2017-09-01Exploring pwnable with ltrace and gdbinit script - Exploitation part 1/2 - RHme3 Qualifier


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial
fsec2017
fsec 2017
liveoveoverflow talk
conference
talk
speaker
conference talk
infosec
security
how to learn hacking