Man, it was a great week. If you ever have the chance to go to a SANS Course, do it, and do it often. It may be expensive, but the networking opportunities are great, and the instructors are just good people.
During the "Capture the Flag", which I will not give out information about (so don't ask), I felt utterly useless. I had done all that I felt I could do, but it's amazing that you can take experiences from your own work and apply it to issues. Once we'd gotten in, I remembered something about a security issue at our office, and in doing so, I found a flag! I went from thinking I was a failure to being a hero of our team. What we didn't know was that another team had found all the flags, but because of a configuration issue on their browser, they missed a flag they'd discovered. If they'd not done that, they would have won.
But because of that mistake, our team capitalized on the the CTF, and won first place!
Mr. Boettcher and I had a blast over the week, networking with various people and instructors, meeting a tons of great people, hearing Robert 'RSnake' Hansen speaking at the SANS Summit, and just getting some really excellent training on tools like Burp, SamuraiWTF, Sqlmap, and others.
We also got several interviews in the can. Episode 5 is with Frank Kim, an Instructor with SANS, who was teaching the Secure Java coding class. We got him to sit down with us and discuss some of the issues dealing with the culture of secure coding
Have a listen: Frank Kim Interview
No comments:
Post a Comment