InfoSec Gamification
-
Upload
jose-l-quinones-borrero -
Category
Technology
-
view
1.358 -
download
0
Transcript of InfoSec Gamification
INFOSEC GAMIFICATIONJose L. Quiñones, BS
MCP, MCSA, MCT, CEH, CEI, GPEN, GCIH, RHCSA
HOW WE LEARN?
RTFM?
Discovery
Doing
Repetition
Mastering
LEVELS OF LEARNING
Knowledge: Exhibit memory of learned materials by recalling facts, terms, basic concepts and answers
Comprehension: Demonstrate understanding of facts and ideas by organizing, comparing, translating, interpreting, giving descriptions, and stating the main ideas
Application: Using acquired knowledge. Solve problems in new situations by applying acquired knowledge, facts, techniques and rules in a different way
Analysis: Examine and break information into parts by identifying motives or causes. Make inferences and find evidence to support generalizations
Evaluation: Present and defend opinions by making judgments about information, validity of ideas or quality of work based on a set of criteria
Synthesis: Compile information together in a different way by combining elements in a new pattern or proposing alternative solutions
WHAT IS GAMIFICATION?
Is the use of game thinking and game mechanics in non-game contexts to engage users in solving problems.
A review of research on gamification shows that most studies on gamification find positive effects from gamification in education.
Strives to leverage people's natural desires for socializing, learning, mastery, competition, achievement, status, self-expression, altruism, or closure.
ASPECTS OF GAMIFICATION
Gamification strategies use rewards for players who accomplish desired tasks or competition to engage players. Types of rewards include points, achievement badges or levels, the filling of a progress bar, or providing the user with currency.
Making the rewards for accomplishing tasks visible to other players or providing leader boards are ways of encouraging players to compete.
WE ALL LIKE WINNING …
HOW CAN WE USE IT?
Measure: Skills
Knowledge
Creativity
Identify Talent Who knew that guy/gal was that good?
Teach/Learn/Train Using realistic scenarios and specific areas of development
TYPES / TECHNIQUES
Capture the Flag
King of the hill / Free for all
Red Team /Blue Team
Puzzles
Scavenger Hunts
Specific Challenges
INFOSEC TOPICS
Systems Administration
Forensics
Local Exploitation/Privilege Escalation / Abuse
Network Penetration
Web Applications
Penetrating the perimeter (DMZ/Firewall)
Pivoting
Development/Coding/Programming
Reverse Engineering
WHERE TO FIND THEM?
ACTUALLY …
WHERE TO FIND STUFF TO PRACTICE …OWASP Webgoat: https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Iron Geek – Mutillidea: http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-
php-owasp-top-10
http://sourceforge.net/projects/mutillidae/
HD Moore Metasploitable 2: http://sourceforge.net/projects/metasploitable/
https://community.rapid7.com/docs/DOC-1875
Repository of Challenges: – http://capture.thefl.ag or http://captf.com
Exploit Development (Linux): http://exploit-exersices.com
Cyberaces.org: https://tutorials.cyberaces.org/tutorials
SO NOW YOU KNOW … LET’S JUMP IN!
CODEFIDELIO.ORG
… and go to the challenges section.
THANKS!
Email: [email protected]
Twitter: @josequinones
G+: https://plus.google.com/u/2/+JoseLQuinonesBorrero