Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

IRISS Conference 2009

  • 15-10-2009 8:39pm
    #1
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭


    Thought this might interest some of you, got forwarded it in email.
    It's free..for a change
    IRISS will hold its first annual conference on the 19th of November 2009 at the D4 Berkley Court hotel. This all day conference will focus on providing you with an overview of the current cyber threats facing businesses in Ireland and what you can do to help deal with those threats.

    Experts on various aspects of cyber crime and cyber security will share their thoughts and experiences with you while a number of panel sessions will provide you with the opportunity to discuss the issues that matter to you most. There will be a number of expert speakers on cyber crime including representatives from;

    The Irish Reporting and Information Security Service
    • An Garda Siochana,
    • The Data Protection Commissioner's Office
    • The European Network and Information Security Agency
    • OWASP (The Open Web Application Security Project).

    In parallel to the above speaking sessions Ireland's first Cyber Security Challenge, HackEire, will be held to identify Ireland's top cyber security experts. HackEire will see 10 teams, up to a maximum of four people per team, compete against each other in a controlled environment to see which team will be the first to exploit weaknesses in a number of systems and declare victory. The purpose the HackEire competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network.

    The conference will be open to anyone with the responsibility for securing their business information assets. There is no charge for those who wish to attend.

    The IRISS Annual Conference is an opportunity to not only increase your knowledge but also to meet and network with your peers in a relaxed environment.

    If you are interested in attending please register at info@iriss.ie

    http://www.iriss.ie/iriss/iriss_conference_2009.htm


Comments

  • #2
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    Will anyone here be attending? lol :D

    Actually, I believe this may be a ...recruitment drive of sorts for the computer crime unit.
    In 2006, there was a rumour that at some point close to 2010, they would consider allowing civilians join the garda fraud squad...could be wrong there.

    if anyone knows anything, let us know.


  • #3
    trout
    Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    I'll probably be going.

    I don't know anything about a recruitement drive though :confused:


  • #4
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    trout wrote:
    I don't know anything about a recruitement drive though

    i'm just kiddin..

    was assuming there are some who might see this, have an interest but then be put off when there's loads of Gardai about. lol :D
    I'll probably be going.

    i won't this year, maybe next..it'd be interesting to see what's involved in the competition.


  • #5
    markofu
    Closed Accounts Posts: 24 markofu


    Information on the competition can be found here - http://www.iriss.ie/iriss/hackeire_2009.htm

    It should be interesting :)


  • #6
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    imho, it would have been more interesting if IRISS wrote some of the server software with vulnerabilities (heap/stack/integer/arithmetic overflows) in it and your job was to find them/write an exploit...that would be more fun to me anyway.


  • Advertisement
  • #7
    markofu
    Closed Accounts Posts: 24 markofu


    Disclaimer: I'm one of the IRISS handlers and I've helped design the CTF.

    All I can say is that it's our first attempt at designing something like this - we hope it's good (and I think it will be). We obviously want to build upon this design so that we can have a bigger and better CTF in the future. As far as I know there hasn't been anything like this in Ireland (though I could be wrong) before.

    I would encourage people (like yourself) to not only come along and try the HackEire competition but to provide feedback on what we did so that we can improve it. We have ideas on how to take it forward but you have to walk before you run sometimes :)

    I'm not sure if you know this but all the IRISS handlers have day jobs and do this on a completely voluntary basis so unfortunately time isn't always on our side.

    Finally, there will be vulnerabilities to exploit and I personally would love to see a custom exploit written to explicitly exploit a vulnerablity and I would get the person a prize myself.


  • #8
    trout
    Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Martyr wrote: »
    imho, it would have been more interesting if IRISS wrote some of the server software with vulnerabilities (heap/stack/integer/arithmetic overflows) in it and your job was to find them/write an exploit...that would be more fun to me anyway.

    It would be quite a feat to find a vuln in a black box competition ... not a lab scenario, build an exploit and then present on it all in the space of 5 hours.

    I couldn't do it ... unless the exploit was very simple :)

    I've read the details as presented on the IRISS site ... I think it looks like a lot of fun


  • #9
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    markofu wrote:
    All I can say is that it's our first attempt at designing something like this - we hope it's good (and I think it will be). We obviously want to build upon this design so that we can have a bigger and better CTF in the future. As far as I know there hasn't been anything like this in Ireland (though I could be wrong) before.

    It's good to finally see something like this taking place, I don't recall any CTF here before either..unless hivercon had one..don't think so.
    I would encourage people (like yourself) to not only come along and try the HackEire competition but to provide feedback on what we did so that we can improve it. We have ideas on how to take it forward but you have to walk before you run sometimes

    wouldn't be able to make it this year.but assuming it becomes an annual event, i'll be there sometime.
    I'm not sure if you know this but all the IRISS handlers have day jobs and do this on a completely voluntary basis so unfortunately time isn't always on our side.

    OK, understand completely.
    trout wrote:
    It would be quite a feat to find a vuln in a black box competition ... not a lab scenario, build an exploit and then present on it all in the space of 5 hours.

    I couldn't do it ... unless the exploit was very simple

    No, I know teams would need a chance :)

    I'm thinking along the lines of each team being given source code or/and binaries to each custom made server or client application.

    Each server app would have a different class of vulnerability, whether it be design, input validation, authentication, backdoor, mis-configuration..etc
    It would be each teams responsibility to identify these problems and exploit them.

    For buffer overflows, i do mean something simple, like exploiting strcpy() as example.

    Or you could have different levels of difficulty 1,2,3..etc

    They don't all necessarily have to be completed that day.

    Objectives would be:
    • Identify any potential vulnerabilities in sources/binaries
    • Briefly describe the problem(s) and suggest solution(s)
    • Write exploit(s)


  • #10
    markofu
    Closed Accounts Posts: 24 markofu


    I think you'll be pleasantly surprised by some of what we have in store then but I obviously can't say too much. It is basic but should be challenging

    Re. binaries etc. - that's the type of thing they do in DefCon etc. in the US. I think we're a bit away from that at this stage though you're right in how you'd organise the contest, i.e. beginning at easy and moving to difficult.

    If this initial contest goes well, ya never know :)


  • #11
    trout
    Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Just got the green light ... I'll be attending :cool:


  • Advertisement
  • #12
    BaconZombie
    Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie


    Completely forgot this was on the 19th, so will have to wait till next year...


  • #13
    trout
    Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Just back from this event ... some very good presentations,and the CTF was excellent. Everyone I spoke to thought it was a great success.

    The CTF was long and a bit harder than the SANS CTF ... some of the exploits were straight-forward / scripted ... the others were slightly more arcane.

    We learned a lot though, and I'd love to do it again next year. :)


  • #14
    markofu
    Closed Accounts Posts: 24 markofu


    Folks,

    Just to let you know that both IRISSCon and HackEire will again be held this year (in Dublin).

    There should again be some outstanding speakers from the InfoSec world presenting at IRISSCon while HackEire will offer the chance to test your security skills in a friendly environment.

    Further updates will be posted on the IRISS website over the coming months and you can also follow @irisscert on Twitter.

    The conference will be held on Thursday, 18th November.

    Cheers...m


Advertisement