Security Debate 2018 — Hackers vs Security Engineers

Last night (6th Feb,2018), Meetup Madness Group held a security debate between security engineers and hackers. The event had about 709 tickets sold and the event was hosted in NAB office in Melbourne CBD.

I had the honour of being part of the security engineers aka the blue team panel.

Red-Blue team(from left)-Matt(misisng in the pic), Tim, Michael, Daniel, Yun, Cameron, Ashish, Julian, Photo Credit: Shilpi B
Moderator -Red-Blue team(from left)-Andrew, Pamela, Silvio, Anne, Matt, Tim, Michael, Daniel, Yun, Cameron, Ashish, Julian; Photo Credit: David G

Debate Objective
The objective of the blue team was to propose defence tactics against different scenario some of which had an isolated LTE (4G) network, Intel zero day, rogue mobile apps, bypassed WAF controls, NSA level access etc. As you can imagine the objective the Hackers aka the red team was to come up with attack scenarios on infiltrating the attack surface.

Blue Team
Ashish Rajan
Julian Berton
Yun Zhi Lin
Cameron Townshend

Red Team
Matt Flannery
Tim Noise
Michael McKinnon
Daniel R.

Moderators
Andrew Dell
Pamela O’Shea, Ph.D.
Silvio Cesare
Annie Lin

Organisers
Stephen Wallace
Brad Hester

MC
Gerhard Schweinitz

Format:

Audience decides the winner of each question.

Questions

Some of the folks asked me for questions and I have asked the Moderators for a copy of the full scenario questions- in the meanwhile I have notes from what I remember of the questions and these are in order of how I remember not how they were asked: ##Update: The link to questions at the bottom of the article.

Experience

It was an epic night!

The questions were a mix of extreme scenarios and some scenarios that some of us have seen or heard of. There were no perfect answers provided by either team but the questions followed with a 30sec team huddle forced team to come up interesting out of the box scenarios for both attacking and defending a network.

The out of box ideas with only 30sec to think, highlighted the platheora of experience that both the team brought to the table.

My hope is some the ideas discussed gave some insight to the audience on the kind of defence it is possible to have (before the Machine learning cyber war starts).

All smiles before the start of the debate

Result

The blue team won :)

A special shoutout and thank you for everyone who attended and made the event a huge success.

Group Photo Credit: Cameron T

Update: 8 February,2018 — The question from both Sydney and Melbourne are available here: https://gist.github.com/hashishrajan/1b605e8d5bca21915fceb6ae1fa4ea2e

Security expert with a goal to make security an enabler instead of a blocker in the exciting world of cloud and machine learning. www.ashishrajan.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store