Cryptogeddon – coming soon!
I’d like to give you a heads up on a project that I’ve been working on called Cryptogeddon. I am passionate about infosec and Cryptogeddon is about to become my muse in the infosec space.
In a nutshell, Cryptogeddon is an online cyber security war game. The game consists of various missions, each of which challenges the participant to apply infosec tools to solve technology puzzles – an online scavenger hunt, if you will. Each mission comes with a solution that teaches the participant which tools to use and how to apply the tools to solve the mission.
Each Cryptogeddon Mission Pack consists of the following:
- a synopsis – this introduces the mission, provides some background info and sets the stage for the work that needs to be done;
- Objective(s) – this clearly articulates the tasks that need to be done to complete the mission;
- Asset list – each mission starts with at least one digital asset that you will need in order to complete the mission. The asset list provides an inventory of your starting assets, along with instructions to obtain those assets;
- Tools – this section contains potential spoilers. It lists all of the tools that are required to complete the mission. Only read this section if you need help or if you want to review how you did at the end of the mission;
- Support services – this section details how you get help with your mission if you get stuck, if the instructions or solution are unclear and/or if you find errors with the mission pack;
- Solution – This section outlines the steps to complete the mission. Some people will ignore this section until they’ve completed the mission. Others might need to take a peek to help get through a particularly tricky part of a mission. And others might rely on the solution as a training device to help walk them through the entire mission.
Each mission touches on one or more of the following infosec topics:
- security architecture and design
- network security
- secure coding
- cryptography
- operations security
- access management
- physical security
- IT governance and risk management
And, missions require the use of various infosec tools, including but not limited to:
- TrueCrypt
- Metasploit & Kali
- Nessus
- Amazon Web Services
- w3af
- Linux, Windows, OS X
- Apache, IIS
- GitHub
- VirtualBox
- Sysinternals
Mission packs will be sold individually, with a possible “combo pack” available once I get sufficient missions available for sale. I haven’t settled on final pricing yet, but each mission will be $4.99 or less.
I am launching this game within the next week or so – I am just applying the finishing touches to my first missions and finalizing the public facing website for this product.
In the near future, I will be speaking about Cryptogeddon at a couple of local events:
- Software Hamilton: I will be providing an overview of the game at Software Hamilton’s Demo Camp 13 on Sep 24 2013. At DemoCamp 13, I will be giving a 5 minute overview of this project, followed by 5 minutes of Q&A. You’ll be able to pick up some swag (Cryptogeddon logo stickers) at the event as well.
- Sector: I have been invited to speak at Sector (Canada’s Premier IT Security Conference) on Oct 8 & 9 to share this project. At Sector, I will be giving a 1 hour talk where I walk the audience through “Cryptogeddon: Sector 2013 edition” – a special mission for Sector that anyone will be able to download for free. At this session, I will walk the audience though the mission, demonstrating the various infosec tools needed to solve the challenges presented in the mission. And, in addition to my “Cryptogeddon: Sector 2013 edition” talk, all Sector attendees will receive a Cryptogeddon logo sticker in their conference bags.
I encourage you to sign up for the mailing list at http://cryptogeddon.com/, follow @cryptogeddon on Twitter and check out the first missions as soon as they are released. And, I encourage you to come out to Software Hamilton’s DemoCamp 13 to show your support and to hear from some other interesting local speakers with some great products to share. And, I highly recommend that you register to attend Sector – there will be a lot of bright infosec minds in attendance – I always come away from Sector with a ton of great learnings. Sector is definitely my favourite infosec activity each year.
Stay tuned for more info on Cryptogeddon in the coming days!