PART 1: TASTE OF CYBER RECAP

Decorative dot pattern
News
POSTED ON 11-April-24

On 13 March 2024 over 60 tertiary students and career transitioners had the opportunity to gain hands on cyber experience at Taste of Cyber. Co-hosted by Canberra Cyber Hub and University of Canberra, 6 Canberra Cyber businesses ran sessions on everything from Capture the Flag and Governance Risk and Compliance to encryption and cyber communication. But what were the take aways from these activities? In this article discover more about 3 of the sessions ran by Cyconsol, Securus Consulting Group and Proactive Labs.

 

Governance, Risk and Compliance (GRC) with Cyconsol

In cyber security CIA stands for Confidentiality, Integrity, and Availability. Assets are hardware, software or data that are connected in a network. For you, this might mean a laptop, for a business this might mean a large client database.

 

Cyconsol challenged participants to think about different assets and what aspect of the CIA triad would be impacted if the asset was attacked. The scenarios ranged from the participants personal laptops to a hospital computer network.

 

Cyconsol then spoke about how GRC helps businesses identify and manage cyber risk, meet regulatory standards, while aligning to business goals.

 

For more information about GRC: https://aws.amazon.com/what-is/grc/

 

Access Controls with Securus Consulting Group

Do you have a key card or fob to open doors at your work or home? Have you ever considered how secure these access controls are? These were the questions explored in the Access Control session by Securus Consulting Group.

 

The world has moved on from simple padlocks and keys, preferring electronic ways to unlock doors. Radio-frequency Identification (RFID) and Near Field Communication (NFC) devices are some of the new ways we keep people out. However, these devices are quite vulnerable to exploit, as participants discovered during the session. With some simple code and cyber tools, participants copied and replicated key cards. This was followed by a discussion on how to identify vulnerabilities and how these are used in physical penetration testing in the cyber industry.

 

To learn more about Physical Penetration testing ISACA have a fantastic resource: https://www.isaca.org/resources/white-papers/2023/physical-penetration-testing

 

Capture the Flag with Proactive Labs

Capture the Flags are well known in cyber as a way of challenging and developing cyber skills. In these CTFs competitors must find a string or flag hidden in a website. To do this player must understand how the flag might be hidden, and ways of finding it. This is similar to the skills penetration testers use when identifying and exploiting vulnerabilities in a system, to identify areas for improved cyber security.

 

Proactive Labs ran participants through a series of Capture the Flag activities, explaining the exploit used to identify the flag as well as relating this to real world applications of the exploit, such as those used in the Optus attack. This allowed participants to learn more about CTFs as well as the role of penetration testing in cyber security.

 

To find out more about penetration testing: https://www.hackerone.com/knowledge-center/what-penetration-testing-how-does-it-work-step-step