Fun and Games: Lock Picking, Capture the Flag Contests, Simulations, and More
8th Layer Insights
English - March 22, 2022 04:00 - 1 hour - ★★★★★ - 54 ratingsSocial Sciences Science Business cybersecurity psychology behavior science human layer human factor social engineering scams security culture phishing security awareness Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
What images come to mind when you see or hear the word 'Cybersecurity?' That word probably evokes mental images of people hunched over keyboards launching cyberattacks at each other. Or maybe you picture someone picking a lock or stealing a badge to slip into a building. In other words, most people picture the battle... or what some might think of as "the fun parts." But, here's the thing. Not everyone gets to participate in these aspects of cybersecurity and, in many cases, finding safe and legal ways to practice these skills can be challenging. So where can curious minds turn?
That's where gamification can really help. There are a ton of really fun and engaging ways to learn these skills without fear of being arrested or breaking something. These are also great ways to level-up cybersecurity skills and help bring new people into the field. In this episode, we explore the "fun and games" of cybersecurity: lock picking, (CTFs) capture the flag competitions, simulations, and even pickpocketing and magical (sleight of hand and misdirection) thinking.
Perry's guests are Alethe Denis (social engineer and DefCon 2019 Social Engineering CTF winner), Deviant Ollam (penetration tester, lock picking guru, and Board Member of The Open Organization of Lockpickers), Chris Kirsch (Co-Founder and CEO of Rumble, DefCon 2017 Social Engineering CTF winner) , and Gerald Auger (Founder of Simply Cyber, Director of Cybersecurity Education & Cybersecurity Program Manager at ThreatGEN).
Guests:
Alethe Denis (LinkedIn) (Twitter) (Website)
Deviant Ollam (Twitter) (YouTube) (Website)
Chris Kirsch (LinkedIn) (Twitter)
Gerald Auger (LinkedIn) (Twitter) (YouTube)
Resources & Books:
What is Gamification?
Lockpicking Resources from Deviant Ollam
Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, by Deviant Ollam
Practical Lock Picking: A Physical Penetration Tester's Training Guide, by Deviant Ollam
TOOOL US -- The Open Organization of Lockpickers
TOOOL US instructional videos on YouTube
The Official TOOOL Slides
The Lockpicking Lawyer on YouTube
Bump Keys in the News - San Francisco #3 -- YouTube clip
TraceLabs OSINT Capture the Flags
50 CTF (Capture the Flag) & Pentesting Websites to Practice Your Hacking & Cybersecurity Skills in 2021
Hands-on Hacking Demo | CTF - Capture the Flag in 15 Minutes!, YouTube video by ITProTV
Capture the Flag? Change Your Life, YouTube video by John Hammond
Don’t Wait for the Perfect Time for a Tabletop Exercise, National Law Review
ThreatGEN's Red & Blue Game
Gerald Auger's Simply Cyber Discord Server
Chris Krisch's pickpocketing talk at Layer8 Security Conference
Production Credits:
Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.
Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.
8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/
Want to get in touch with Perry? Here's how:
Email: hello [at] 8thLayerInsights [dot] com
What images come to mind when you see or hear the word 'Cybersecurity?' That word probably evokes mental images of people hunched over keyboards launching cyberattacks at each other. Or maybe you picture someone picking a lock or stealing a badge to slip into a building. In other words, most people picture the battle... or what some might think of as "the fun parts." But, here's the thing. Not everyone gets to participate in these aspects of cybersecurity and, in many cases, finding safe and legal ways to practice these skills can be challenging. So where can curious minds turn?
That's where gamification can really help. There are a ton of really fun and engaging ways to learn these skills without fear of being arrested or breaking something. These are also great ways to level-up cybersecurity skills and help bring new people into the field. In this episode, we explore the "fun and games" of cybersecurity: lock picking, (CTFs) capture the flag competitions, simulations, and even pickpocketing and magical (sleight of hand and misdirection) thinking.
Perry's guests are Alethe Denis (social engineer and DefCon 2019 Social Engineering CTF winner), Deviant Ollam (penetration tester, lock picking guru, and Board Member of The Open Organization of Lockpickers), Chris Kirsch (Co-Founder and CEO of Rumble, DefCon 2017 Social Engineering CTF winner) , and Gerald Auger (Founder of Simply Cyber, Director of Cybersecurity Education & Cybersecurity Program Manager at ThreatGEN).
Guests:
Alethe Denis (LinkedIn) (Twitter) (Website)
Deviant Ollam (Twitter) (YouTube) (Website)
Chris Kirsch (LinkedIn) (Twitter)
Gerald Auger (LinkedIn) (Twitter) (YouTube)
Resources & Books:
What is Gamification?
Lockpicking Resources from Deviant Ollam
Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, by Deviant Ollam
Practical Lock Picking: A Physical Penetration Tester's Training Guide, by Deviant Ollam
TOOOL US -- The Open Organization of Lockpickers
TOOOL US instructional videos on YouTube
The Official TOOOL Slides
The Lockpicking Lawyer on YouTube
Bump Keys in the News - San Francisco #3 -- YouTube clip
TraceLabs OSINT Capture the Flags
50 CTF (Capture the Flag) & Pentesting Websites to Practice Your Hacking & Cybersecurity Skills in 2021
Hands-on Hacking Demo | CTF - Capture the Flag in 15 Minutes!, YouTube video by ITProTV
Capture the Flag? Change Your Life, YouTube video by John Hammond
Don’t Wait for the Perfect Time for a Tabletop Exercise, National Law Review
ThreatGEN's Red & Blue Game
Gerald Auger's Simply Cyber Discord Server
Chris Krisch's pickpocketing talk at Layer8 Security Conference
Production Credits:
Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks.
Artwork by Chris Machowski @ https://www.RansomWear.net/ and Mia Rune @ https://www.MiaRune.com.
8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/
Want to get in touch with Perry? Here's how:
Email: hello [at] 8thLayerInsights [dot] com