Winning a SANS 504 CTF without winning a SANS CTF

less than 1 minute read

Abstract

When a security professional who is running a SANS training course challenges you to ‘Socially engineer the answer to the CTF’ out of him, you have a choice: choose something to make him laugh and garner clues to aid you in owning the network and walking away with a CTF coin, or, take it as a personal challenge and a call to own your instructor.

Against better judgement, the advice of his peers (‘you shouldn’t attack a SANS instructor’) and with the threat of an ex Navy Seal above him, wbbigdave took the second path. Learn how good reconnaissance, modern technology which is billed as an aid to connectivity and convenience, can be used to fully draw even then most switched on and vigilant of security professionals down the rabbit hole. Including but not limited to Facebook and Google who lost significant sums of money to similar techniques. Learn how to walk away with a challenge coin without winning the CTF.

Speaker Profile

Updated: