Here's a chance to put those Cyberpatriot skills to use:
https://hackerone.com/hackthearmy
(http://krebsonsecurity.com/wp-content/uploads/2016/11/hackthearmy.png)
http://krebsonsecurity.com/2016/11/dod-opens-mil-to-legal-hacking-within-limits/
Isn't Cyber Patriot defend only?
Quote from: Spaceman3750 on November 24, 2016, 03:19:38 AM
Isn't Cyber Patriot defend only?
Can learned skills not be used elsewhere, off the CAP clock, so to speak?
Quote from: etodd on November 24, 2016, 03:40:53 AM
Quote from: Spaceman3750 on November 24, 2016, 03:19:38 AM
Isn't Cyber Patriot defend only?
Can learned skills not be used elsewhere?
Sure, and knowing where vulnerabilities can lie is pretty helpful in offense, but I don't think that is what Eclipse was inferring. At least not how I read it.
An open door is open - whether you lock it from the inside or walk in from the outside is on the viewer.
So, what exactly is "Defense"? If our infrastructure or organizations are attacked, isn't a well executed counterattack a valid and often very effective "defense"? Why WOULDN'T CyberPatriot participants learn how to not only set up a defensive perimeter and identify/neutralize intrusions ex post, but also conduct counter attacks on an identified cyber aggressor to deter future attacks?
Quote from: Live2Learn on November 24, 2016, 05:56:22 PM
So, what exactly is "Defense"? If our infrastructure or organizations are attacked, isn't a well executed counterattack a valid and often very effective "defense"? Why WOULDN'T CyberPatriot participants learn how to not only set up a defensive perimeter and identify/neutralize intrusions ex post, but also conduct counter attacks on an identified cyber aggressor to deter future attacks?
Defense can be broken down into three pieces: prevent, detect, and respond. Cyber Patriot seems to focus heavily on protect, with a little detect and respond at the national level with the introduction of a red team.
Hacking back is often talked about even in private sector INFOSEC. The biggest issue is legal and ethical ramifications - just because they attacked you doesn't make attacking them any less of a crime. Second to that is the fact that attribution is extremely difficult and there is often no way to know for sure that you are attacking the right person and not an innocent person or organization whose compromised infrastructure was used to mask the true source of the attack.
Public sector is a little different but I don't have any experience there.
Quote from: Live2Learn on November 24, 2016, 05:56:22 PM
So, what exactly is "Defense"? If our infrastructure or organizations are attacked, isn't a well executed counterattack a valid and often very effective "defense"? Why WOULDN'T CyberPatriot participants learn how to not only set up a defensive perimeter and identify/neutralize intrusions ex post, but also conduct counter attacks on an identified cyber aggressor to deter future attacks?
Because the cyberpatriot rules explicitly state not to.
The good news is that your computer education program at your squadron in no way has to be limited to the cyberpatriot curriculum.
Imma hack the army and order their coolest equipment to my yard.
Hopefully the ethics of what they are involved in are addressed at some point during Cyber Patriot.
Just like tracers which also reveal the position of the shooter, you can't show someone how to secure
a computer or network without also giving them at least some of the tools to also exploit or compromise it,
that's just the reality of how they work.
Quote from: Eclipse on November 26, 2016, 05:09:24 AM
Hopefully the ethics of what they are involved in are addressed at some point during Cyber Patriot.
Just like tracers which also reveal the position of the shooter, you can't show someone how to secure
a computer or network without also giving them at least some of the tools to also exploit or compromise it,
that's just the reality of how they work.
Fair enough.
The CyberPatriot curriculum would in no way prepare you to hack into anything. There was a session at the last Wing conference that made it a point that the CAP Cyber training that's being rolled out does not equal CyberPatriot either. My daughter attended the Cyber Fam course last year and said very little of what she was taught had anything to do with the CyberPatriot competition. There's a misconception that sending your cadets down there turns them into CyberPatriot stars, not so. That being said, I'm very excited to see the advanced training being offered this year (beta mode), it's great exposure for them (us).
Sent from my iPhone using Tapatalk
Quote from: xray328 on December 01, 2016, 02:13:01 PM
The CyberPatriot curriculum would in no way prepare you to hack into anything. There was a session at the last Wing conference that made it a point that the CAP Cyber training that's being rolled out does not equal CyberPatriot either. My daughter attended the Cyber Fam course last year and said very little of what she was taught had anything to do with the CyberPatriot competition. There's a misconception that sending your cadets down there turns them into CyberPatriot stars, not so. That being said, I'm very excited to see the advanced training being offered this year (beta mode), it's great exposure for them (us).
Sent from my iPhone using Tapatalk
What advanced training are you referring to?
They're trying to roll out an advanced cyber networking NCSA. I haven't seen it on the NCSA website as of yet though.
Sent from my iPhone using Tapatalk
Quote from: xray328 on December 01, 2016, 03:39:28 PM
They're trying to roll out an advanced cyber networking NCSA. I haven't seen it on the NCSA website as of yet though.
Sent from my iPhone using Tapatalk
Ah, yes, we are working on the curriculum for that course now.
It's now listed on the NCSA site, CyberDefense Training Academy - Maryland Campus
Sent from my iPhone using Tapatalk
Quote from: xray328 on December 01, 2016, 05:22:07 PM
It's now listed on the NCSA site, CyberDefense Training Academy - Maryland Campus
Sent from my iPhone using Tapatalk
Excellent!
I am the Chief of Staff for the Maryland Campus this year.
Nice! Any idea where it's being held? Andrews by chance?
Sent from my iPhone using Tapatalk
Quote from: xray328 on December 01, 2016, 05:27:00 PM
Nice! Any idea where it's being held? Andrews by chance?
Sent from my iPhone using Tapatalk
That is still being determined by the NHQ Cyber team.
It's in the toooobes man!
(http://snarglr.com/s/2012/10/20/google-datacenter-tech-11.jpg)