Topher Timzen - The Trials and Tribulations of Building Your Own CTF and Shooting Gallery.

Topher Timzen (@TTimzen) It is said that “the best defense is a good offense” which means organizations and defenders need to think offensively in order to detect and evade threats. A good method for instilling an offensive mindset into defenders is to place them in offensive scenarios. This is where the CTF and Shooting Gallery concepts comes into play. By creating an internal shooting gallery in your organization, you can have an isolated playground for anyone to practice offensive security techniques. Furthermore, Capture The Flag (CTF) events are becoming increasingly popular at security conferences and inside of organizations. Unfortunately, there is a barrier of entry for those that have never played CTF before and occasionally individuals feel overwhelmed with all there is to know about participating, creating or hosting one. Over the last 2 years Topher has put together several CTF events - each being hosted in a drastically different way. This talk will cover the basics of building a shooting gallery, CTF challenges along with hosting and deploying them in order to increase organizational effectiveness and knowledge. Topher is currently a Vulnerability Enthusiast at a Fortune 50 Red Team and enjoys causing constructive mischief. Coming from an offensive background, he has a research emphasis on reverse engineering, malware, exploitation development, incident response and live memory hacking. He has spoken at various security conferences including DEF CON, SecTor, ToorCamp and BSides.