[liberationtech] Cryptogeddon

Tue Sep 10 03:44:39 PDT 2013

This sounds a nice idea. 

There was a similar idea (in its early stages) presented at SOUPS 2013 (Symposium on Usable Privacy and Security) earlier this year. [1] 

It was called "Device Dash: An Educational Computer Security Game" presented by Era Vuksani. Unfortunately the Era's thesis is not available just yet (May 18th). [2]

The game was built around the player being a sysadmin in charge of a network. As the sysadmin managed the network, more devices (authorised and unauthorised) were added, and the admin had to react. As the user advanced s/he had access to better tools (firewalls, switches, IDS devices) to better manage the network.

It looked fun and educational.

All the best, 
Bernard

[1] http://cups.cs.cmu.edu/soups/2013/program.html
[2] http://repository.wellesley.edu/thesiscollection/38/

On 10 Sep 2013, at 10:51, Dan O'Huiginn <daniel at ohuiginn.net> wrote:

> 
> I like this concept. I'd particularly love a more basic version of this,
> perhaps using openbadges to reward people who make it through a
> game-cum-course that lets them use security-related tools.
> 
> A perennial problem in security education is getting people enough
> practical experience. That's particularly true of communication tools --
> you need to pair people up to practice communication, which can be hard
> to arrange outside of face-to-face meetings.
> 
> A game would be a great way of dealing with this. I'm thinking of
> something aimed at the fundamentals -- such as:
> 
> - talk with this bot using OTR
> - read a clue that has been GPG encrypted with your public key
> - get some info out of a truecrypt volume
> - access a tor hidden service
> - send some text via a signed, encrypted mail
> 
> [I'll add this to my list of "projects for a rainy weekend", and
> meanwhile wait to see whether Cryptogeddon is anything close to it]
> 
> Dan
> 
> On 10/09/13 02:37, Scott Elcomb wrote:
>> Just stumbled across this post and thought it might be of interest to
>> some on the list.
>> 
>> "In a nutshell, Cryptogeddon is an online cyber security war game. The
>> game consists of various missions, each of which challenges the
>> participant to apply infosec tools to solve technology puzzles – an
>> online scavenger hunt, if you will. Each mission comes with a solution
>> that teaches the participant which tools to use and how to apply the
>> tools to solve the mission."
>> 
>> Further on the article describes the tools one may need to use,
>> including but not limited to:
>> 
>> * TrueCrypt
>> * Metasploit & Kali
>> * Nessus
>> * Amazon Web Services
>> * w3af
>> * Linux, Windows, OS X
>> * Apache, IIS
>> * GitHub
>> * VirtualBox
>> * Sysinternals
>> 
>> <http://www.softwarehamilton.com/2013/09/06/cryptogeddon-coming-soon/>
>> 
> 
> 
> -- 
> Dan O'Huiginn
> Organized Crime and Corruption Reporting Project
> 
> daniel at ohuiginn.net
> http://ohuiginn.net @danohu
> http://reportingproject.net
> skype:danohuiginn
> phone: +387 33 560 066.
> -- 
> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.

--------------------------------------
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org