The A-to-Z of CyberSecurity as a Kid Understands It

Size: px

Start display at page:

Download "The A-to-Z of CyberSecurity as a Kid Understands It"

Kristopher Garrison
10 years ago
Views:

1 The A-to-Z of CyberSecurity as a Kid Understands It May 28th, 2015 Reuben Paul 1

2 Agenda Introduction CyberSecurity Alphabets (A to Z) Demonstration Conclusion

3 Who am I? Reuben Abishai Paul Personal Twitter 9 years old Harmony School of Science, Austin 3

4 Prudent Games CEO Learn while they Play! 4

5 CyberSecurity Journey - Atlanta - Houston (ISC)2 Security Congress Hou.Sec.Con Kids CyberWorld Create A Safe & Secure good hackers? really kids make for Why Keynote - Sept 2014 October 2014 BSides - Austin Hack In The Box HaxPo - Amsterdam Security Cyber The A-to-Z of NG GroundZero InfoSec Summit - -Delhi Kentucky - CyberSecurity DerbyCon May 2015 March 2015 Developing r00t-kidz: Future of CyberSecurity of Babes Mouth From thethe InfoSec 2014 Sept2014 Debut -Nov

Cyber The A-to-Z of NG GroundZero InfoSec Summit - -Delhi Kentucky - CyberSecurity DerbyCon May 2015 March 2015

6 Other Fun Facts Americas Most Beautiful Baby (2007) Americas Youngest Shaolin Do KungFu Blackbelt (2013) DISTCO Contest Winner (2014, 2015) USA Gymnastics State Champion (Rings 2015) 6

7 Agenda Introduction CyberSecurity Alphabets (A to Z) Demonstration Conclusion

8 abc CyberSecurity Alphabets What are Alphabets? Security Concept Basic Building Blocks Kids Learn as Their Foundation Defensive Concept Offensive Concept

9 A Authentication Verifying Identity Are you really who you say you are? 1 How many factors do you see? Three Factors What you Know What you Have Who you Are 2 9

10 B Buffer Overflow Overflow of Memory Input Length > Buffer Size Return Address Overwritten Malicious Code Execution Robin St. Neverland, TX 10

11 C Cross Site Request Forgery (CRSF) Presents Guards invitation gives kid to an guard entry to pass get into Candy party. User Logs Into Website (Bank) Gets a Session Established The Hacker Sends a Phishing With Malicious Link (Code) Code Rides on Top of User Session Tricks kid with Does not ticket YEAH, Wants to use It s his have Entry ticket Time Candy! to Party get Ticket! candy for him Request is Forged 11

User Logs Into Website (Bank) Gets a Session Established The Hacker Sends a Phishing Email With

12 D Denial of Service (DoS) Software/System Unavailable Interruptions 12

13 E Encryption/Decryption Data Conversion Plain-text Cipher-text Algorithm Key Secret 13

14 F Fuzzing Security Testing Exploitable or Not Random (or) Pseduo- Random Test inputs (fuzz) 14

15 G Greybox Testing Security Testing Partial or Limited knowledge Blackbox Whitebox Greybox 15

16 H Hashing Input converted using a Algorithm Fixed Sized Hash Input Algorithm Irreversible Hash 16

17 I Injection Input is treated as a command No input validation Lego Mega Bloks 17

18 J Java Applet Attack Creates Malicious Java Applet User Prompted Run time permission granted when run 18

19 K Keylogging Disclosure atatcks Keystrokes Scanned Dumped Source: 19

20 L Logic Bomb Malcode (or) Mallogic Certain Conditions or Time is met 20

21 M Man in the Middle (MITM) Impersonates Gateway/Router as Client Client as Router Communication goes through the hacker 21

22 N Non-Repudiation Repudiation == Deny Non-Repudiation == Cannot Deny Logging & Auditing 22

23 O One-Time Pad Protection Against Bruteforce Attacks Unique Value Used Once Before Expires 23

24 P Phishing Lure/Bait & Trick Reveal Information Social Engineering 24

25 Q Quarry (Targets) Companies Countries Children 25

26 R Rootkits What is a R00tK1t? Computer Program Remote Control of System Good vs. Bad 26

27 S Social Engineering What is Social Engineering? Trick Someone Get what you want Who are the Best Social Engineers? 27

28 T Tor What is Tor? or At least The Onion Router Use Tor Protect from Network Traffic Surveillance Browse Anonymously Location hidden 28

29 U UDP Flood Attack Guarantee? DoS Attack Lots of UDP Packets Network Congestion NAPSTER RAPSt4R 29

30 V Virus Computer Program Attaches to Host Harmful 30

31 W Whitehat Use Skills for Good Hackers With Ethics Skilled in Dark Arts (BlackHat) 31

32 X XSS (Cross-Site Scripting) Injected Code Executed as Script longhornskidsclub.com 32

33 Y You People Weakest Link Cyber Education is Key Next Generation - Kids 33

34 Z Zero-Day Vulnerability Ohday, -ve day The Power of Zero Defenders Unaware 0 = no value Attackers Advantage (X) 0 = One (Usually) Launched on Day That Software (Software) 0-day = Owned Came Out 34

35 Agenda Introduction Cybersecurity Alphabets (A to Z) Demonstration Conclusion

36 nuf said - Demonstration Let s BEEF up (XSS) Playing the HackCraft game

37 Agenda Introduction Cybersecurity Alphabets (A to Z) Demonstration Conclusion

38 CyberShaolin Teach Kids/Adults about Cyber Security Dangers & Defenses Get Involved Volunteer Donate 38

39 Closing Thoughts Thank you Be Educated and Be Educators of CyberSecurity - especially to kids Contact Information @cybershaolin 39

Web application testing

CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration