CTFs – Not Just for Halo (CarolinaCon 13 & BSidesMCR 2017)

As this year is coming to a close, I thought I’d share my “CTFs – Not Just for Halo” presentation(s).

CTFs – Not Just for Halo – Introduction

After winning our black badge, BSides Raleigh 2016 asked @claytondorsey and I to speak. We decided to talk about CTFs in general, and try to motivate people to take part in them. Unfortunately, our employer pulled our talk at the last-minute.

Fast-forward to 2017, and CarolinaCon 13 accepted CFP submission (for the same talk)!

CarolinaCon 13

The first conference that we gave our talk at was CarolinaCon 13.

This was actually the first conference talk for either Clayton or me, but it went really well.

CTFs - CarolinaCon Schedule

The talk went great, and we got plenty of good feedback.

CTFs - Presenting

I even shared some of my secrets/passwords with some of the crowd! Thankfully Curbob edited these out of the video, but lesson learned.

CTFs - Advanced Tactics

Some people even joined the CTF because of our talk, which was a great feeling.

If you want, you can download our slide-deck (.pptx) ctfsNotJustForHalo-CarolinaConhere.

Also, thanks to Curbob, you can find us on Youtube!

CTFs at BSidesMCR 2017

The second conference that presented at was BSidesMCR 2017.

CTFs - BSidesMCR Schedule

This was still my second talk ever, but, unfortunately, Clayton was unable to make it out to this one.

While it took some asking and permission slips, work agreed to send me to England for this presentation! My travel time was pretty long, as I had a 9 hour layover in each direction.

I won’t repost everything from my review of the conference itself, but this was a great opportunity.

For this talk, I updated our slide-deck to use a Secureworks branded template.

CTFs - Title Slide

It was great presenting to an international crowd, and there were a ton of great questions and suggestions.

CTFs - Talking

The rooms themselves were also auditorium style seating, so I got to practice in front of a bigger crowd as well!

CTFs - Room

I came away with even more ideas for out talk after this one, which was good. In addition to that, some of the questions helped me think about ideas for our actual CTF.

In addition to my talk, I also had a co-worker presenting at the conference as well. He was actually selected to talk there before me, which helped both of us get approved by work.

Eric was giving a talk on “Hacking Wireless Home Security Systems”, which was pretty awesome. It actually inspired me to build my own DIY security system. I haven’t finished (or started) yet, but once I do I’ll definitely blog about it.

No slides, but you can find Eric’s talk on Youtube as well/

We also managed to win a 3D Printer, but most of that story is on my original post about the conference.

If you want to follow its (now idle) antics, then you can always follow it on Twitter!

Finally, if you want, you can download our updated slide-deck (.pptx) here.

Just like CarolinaCon, my talk was also recorded here.

BSides Raleigh 2017

Finally, I also presented at BSides Raleigh 2017.

CTFs - BSides Raleigh Schedule

Originally, we submitted the same talk, but there was a slight conflict with Jordan’s submission.

In the end, we decided to combine the two talks into one mega panel!

This panel went great, and all of EverSec was able to be on stage and contribute.

We got tons of good questions, ideas, and real interest in CTFs. Hopefully we were able to convince some people to go out and play (or run) CTFs.

There were no slides, but I will definitely share the video if it ever gets posted.

>CTFs – Not Just for Halo – Conclusion

I’d like to think that our talk(s) were informative and motivational, and we got plenty of good feedback.

I don’t really plan on updating this talk anymore, but let me know if you would like me to give it again anywhere. I am always down for sharing my love of CTFs, or helping run/win them!

doyler on Githubdoyler on Twitter
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCP, eCPPT, eWPT, eWPTX, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next (currently GXPN) or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *