Re: [liberationtech] Cryptogeddon
I like this concept. I'd particularly love a more basic version of this, perhaps using openbadges to reward people who make it through a game-cum-course that lets them use security-related tools. A perennial problem in security education is getting people enough practical experience. That's particularly true of communication tools -- you need to pair people up to practice communication, which can be hard to arrange outside of face-to-face meetings. A game would be a great way of dealing with this. I'm thinking of something aimed at the fundamentals -- such as: - talk with this bot using OTR - read a clue that has been GPG encrypted with your public key - get some info out of a truecrypt volume - access a tor hidden service - send some text via a signed, encrypted mail [I'll add this to my list of projects for a rainy weekend, and meanwhile wait to see whether Cryptogeddon is anything close to it] Dan On 10/09/13 02:37, Scott Elcomb wrote: Just stumbled across this post and thought it might be of interest to some on the list. In a nutshell, Cryptogeddon is an online cyber security war game. The game consists of various missions, each of which challenges the participant to apply infosec tools to solve technology puzzles – an online scavenger hunt, if you will. Each mission comes with a solution that teaches the participant which tools to use and how to apply the tools to solve the mission. Further on the article describes the tools one may need to use, including but not limited to: * TrueCrypt * Metasploit Kali * Nessus * Amazon Web Services * w3af * Linux, Windows, OS X * Apache, IIS * GitHub * VirtualBox * Sysinternals http://www.softwarehamilton.com/2013/09/06/cryptogeddon-coming-soon/ -- Dan O'Huiginn Organized Crime and Corruption Reporting Project dan...@ohuiginn.net http://ohuiginn.net @danohu http://reportingproject.net skype:danohuiginn phone: +387 33 560 066. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Cryptogeddon
This sounds a nice idea. There was a similar idea (in its early stages) presented at SOUPS 2013 (Symposium on Usable Privacy and Security) earlier this year. [1] It was called Device Dash: An Educational Computer Security Game presented by Era Vuksani. Unfortunately the Era's thesis is not available just yet (May 18th). [2] The game was built around the player being a sysadmin in charge of a network. As the sysadmin managed the network, more devices (authorised and unauthorised) were added, and the admin had to react. As the user advanced s/he had access to better tools (firewalls, switches, IDS devices) to better manage the network. It looked fun and educational. All the best, Bernard [1] http://cups.cs.cmu.edu/soups/2013/program.html [2] http://repository.wellesley.edu/thesiscollection/38/ On 10 Sep 2013, at 10:51, Dan O'Huiginn dan...@ohuiginn.net wrote: I like this concept. I'd particularly love a more basic version of this, perhaps using openbadges to reward people who make it through a game-cum-course that lets them use security-related tools. A perennial problem in security education is getting people enough practical experience. That's particularly true of communication tools -- you need to pair people up to practice communication, which can be hard to arrange outside of face-to-face meetings. A game would be a great way of dealing with this. I'm thinking of something aimed at the fundamentals -- such as: - talk with this bot using OTR - read a clue that has been GPG encrypted with your public key - get some info out of a truecrypt volume - access a tor hidden service - send some text via a signed, encrypted mail [I'll add this to my list of projects for a rainy weekend, and meanwhile wait to see whether Cryptogeddon is anything close to it] Dan On 10/09/13 02:37, Scott Elcomb wrote: Just stumbled across this post and thought it might be of interest to some on the list. In a nutshell, Cryptogeddon is an online cyber security war game. The game consists of various missions, each of which challenges the participant to apply infosec tools to solve technology puzzles – an online scavenger hunt, if you will. Each mission comes with a solution that teaches the participant which tools to use and how to apply the tools to solve the mission. Further on the article describes the tools one may need to use, including but not limited to: * TrueCrypt * Metasploit Kali * Nessus * Amazon Web Services * w3af * Linux, Windows, OS X * Apache, IIS * GitHub * VirtualBox * Sysinternals http://www.softwarehamilton.com/2013/09/06/cryptogeddon-coming-soon/ -- Dan O'Huiginn Organized Crime and Corruption Reporting Project dan...@ohuiginn.net http://ohuiginn.net @danohu http://reportingproject.net skype:danohuiginn phone: +387 33 560 066. -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Cryptogeddon
Just stumbled across this post and thought it might be of interest to some on the list. In a nutshell, Cryptogeddon is an online cyber security war game. The game consists of various missions, each of which challenges the participant to apply infosec tools to solve technology puzzles – an online scavenger hunt, if you will. Each mission comes with a solution that teaches the participant which tools to use and how to apply the tools to solve the mission. Further on the article describes the tools one may need to use, including but not limited to: * TrueCrypt * Metasploit Kali * Nessus * Amazon Web Services * w3af * Linux, Windows, OS X * Apache, IIS * GitHub * VirtualBox * Sysinternals http://www.softwarehamilton.com/2013/09/06/cryptogeddon-coming-soon/ -- Scott Elcomb @psema4 on Twitter / Identi.ca / Github more Atomic OS: Self Contained Microsystems http://code.google.com/p/atomos/ Member of the Pirate Party of Canada http://www.pirateparty.ca/ -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.