1. A journey through an INFOSEC labyrinth Andrei Avdnei Founder & CEO DefCampcontact@defcamp.ro

2. After this presentation... You wont be a better hacker You wont learn how to break things (if you are a cop, please leave the room, its nothing interesting here) You wont learn how to make a conference You wont learn how to become $$_$$ You will learn IDEAS 3. Summary About me Security through entrepreneurship DefCamp CCSIR Q&A all the time. :-) 4. About me Founder & CEO of DefCamp and CTO (tech), CFO (financial), CMO (marketing), Sales Manager,Community Manager, Speaker, Team Coordinator :)). Founder CCSIR Community manager @worldit.info Vice President at GREPIT Volunteer at BitDefender Romania Great results at several thousands national andinternational competitions and others. 5. History 2006-2007 - I was doing my best to learn how to build viruses in Pascal (lame, I know) - I began to meet and discuss with people - I was proud about by my first RFI (LOL!) - In the same period I began to help a security community to evolve. Thecommunity evolved and I along with it 2008 - I began to attend at local and national IT competitions - First result : 0 pts and last place. - Second result after several months : First place. - The rest is history. 2009 - founded worldit.info.2010 until today - I joined in GREPIT. Organised G5, G6 and G7 in great teams. - I made OpenIT @Suceava, 12 hours competition with over 60 attendeesfrom Romania. March 2011 DefCamp idea sparked my brain. September 2011 DefCamp @Bran (~70 attendees) December 2011 DefCamp @Iasi. (~150 attendees) November 2012 Founded CCSIR. December 2012 DefCamp @Bucharest. (~200 attendees) During this time I got good results at (inter)national computer science competitions (algo, web dev, soft dev, security, educational etc). and many others. 6. Lesson #1.337Offensive security is better than defensive security! Be tenacious, try to get more failures to succeed!Disclaimer : That was my short story The whole story is for my future nephews. :-) In reality there are many IFs, you know those statements fromcomputer science courses ^_^ 7. Lesson #2 If you are a good sniffer its hard to fail!Listen all complaints of your friends circle and scale their frustration into projects! 8. Lesson #3Build a honeypot, log and parse all the traffic. Youll catch a 0day !Listen all your friends ideas, iterate them and store them. Sooner or later you will concat! 9. Lesson #4Share wisely!Talk in your circles about your ideas, but never all your ideas! Keep a few for the desert. 10. Lesson #5 Create backups in the cloud!You should ALWAYS have an ace up your sleeve! 11. Lesson #6 Encrypt your data!Sometimes is better to shut your mouth up and weight your words! 12. Lesson #7Tunnel your traffic!Monitor how and where your words/projects/ideas are spreading for a better privacy. 13. Lesson #8Stay up to date and upgrade if needed!Iterate, iterate, iterate! 14. Lesson #9Be prepared to get hacked!Be prepared to fail. I was hacked several times in my history and here I am. 15. Lesson #10 Be responsiveBuild, listen your feedback, change, listen your feedback and so on... 16. Summary Security through entrepreneurship 1. Offensive security is better than defensive security! 2. If you are a good sniffer its hard to fail! 3. Build a honeypot, log and parse all the traffic. Youllcatch a 0day! 4. Share wisely! 5. Create backups in the cloud! 6. Encrypt your data! 7. Tunnel your traffic! 8. Stay up to date and upgrade if needed! 9. Be prepared to get hacked! 10. Be responsive. 17. Ok, great, Im not done...yet 18. DefCamp IT Security & Hacking Conference Informal talks Connect smart guys from Romania and World Wide Experience exchange, connect with people, innovate Building a platform for launching and promoting localindustry enthusiasts to the world DCTF, Wall of Sheep Three editions till now (Bran, Iasi, Bucharest) More to come 19. Boring, right? 20. But, what about...Offline SQL Injection Offline check-in systemPrivate parties 21. Or, why not ... Passion, competitions, experience exchangeAfter parties resultsflirting with the shooter:> Hacker girls :X 22. Or even more... SharingMass-mediaProtectionGreat audience 23. Why DefCamp? Because we care about passion We are not business guys but are trying to make abusiness from passion We have great speakers world wide, a smart audience,cool parties, hot chicks and black hats! :-) You can find a job (for ex. KPMG this year con), you canfind friends, experience, resources You find 0days, vulnerabilities, showoffs, POCs, practicaland theoritical talks We have something for everybody but you should learnwhere to look. We are not give everything, but you can get all by yourself . 24. CCSIR Cyber Security Research Center from Romania (Centrulde Cercetare in Securitate Informatica din Romania) Projects Security Communication platform Security research Tracking Experience exchange International partnerships Do we have something like this in Romania!?!? We dont. ccsir.ro will be our public interface 25. Last but not least some ideas Why Romania? Its a good place to start scalable projects. Try to predict the unpredictable and have a backup plan for unknown. Quality is very important, the money will come.. Try to learn different stuff (tech, marketing, sales, laws, communication etc) Merge these stuff in an unusual way to create new things You cannot build something revolutionary, but you could build something different basedon others experience Be honest, be crazy, believe in you and in your instincts Build a network of inputs around you and learn how to output only the important bit Pay attention to the people who listen more and talk less, they might be the next star Create small things step by step and thing big, now it depends about your legs length :P ...and most important, be persistent! 26. Bonus : Black hat vs White Hat vs W/E Color Hat Its a bullshit (B U L L S H I T), only a buzz word We hate when hackers are considered thieves I believe that there isnt any pure black hat or white hat but there is a mix of variables that can tag you on aspecific time in a side or another You can create great things in the INFOSEC field in aprofessional way CCSIR might be a good approach for making proffesionalresearch 27. Thank you! 28. Now, who wants to drink a beer in the neighborhood ?:-)