Come to learn about DNS censorship and how to organize a Capture the Flag competition.RSVP here to save your front row spot on April 23, starting 18:30!
- 18:30 – 19:00 Registration
- 19:00 – 19:45 Michael Casadevall – Censorship through DNS – Studying Tampering of Domain Name Information on the Public Internet
DNS tampering is one of the most common forms of Internet censorship. This is primarily due to a lack of authentication and the ease of manipulating traffic on the fly and can take a multitude of forms. This type of censorship has been used to enforce various gag orders such as was used the British Isles to block torrent websites. It is also a known technique used by China’s Great Firewall. It can be used to simply block websites, redirect users to seemingly correct sites, and is difficult for the typical user to detect. For example, this type of attack could be used to redirect a user silently from a whistleblowing website to a honeypot. While efforts are underway to create secure amendments to DNS, they cannot solve these fundamental problems.
In an effort to understand how widespread DNS censorship is, I have created a special tool known as DNS Catcher to study in-flight responses, and check them against known good authoritative data to confirm their authenticity. By doing so, we can develop new tools and methods to detect DNS tampering, and at a minimum, prevent users from unknowingly connecting to addresses that are known to have been tampered with.
- 19:45 – 20:00 Break
- 20:00 – 20:45 Anatol Prisăcaru – Organizing a CTF: Lessons Learned Over the Years
I bet you’ve always wondered what goes into creating a Capture the Flag competition. I bet you wondered how we balance the feasibility of finding a flag with the challenge of burying it inside systems with obscure vulnerabilities. Popping boxes is fun, but do you know what it takes to craft that satisfying experience?
This talk is going to answer all these questions and more! I’ve been crafting CTF challenges for 5 years now and I have a few stories to tell: from the way we craft challenges to the way we set up the infrastructure. From how to come up with versatile and unpredictable challenges, to how to maintain a good difficulty progression and enforce rules. If you’ve ever been curious about what goes on behind the scenes of a CTF, or ever wanted to organize a competition of your own – I’ve got you.
RSVP here to confirm your attendance to Security Espresso 0x1a.
This event is hosted through TechSociety, an initiative that aims to grow the local tech community stronger by providing free event space, as well as logistical and communication support, to all people that organize free tech-related events.
Thinking about organizing a meetup or an event for the tech community out there? Join TechSociety, and we’ll help you out! All you have to do is submit the registration form available on our website, and we’ll get back to you to set all the details straight!