For reasons I can’t quite talk about yet, this has been a super busy time, and I look forward to sharing the exciting developments that have kept me occupied. In the meantime, my friends at Agile Stationery have transcribed a talk that Mark Vinkovits and I gave at AppSec Cali last year. Their posts are…
Read More Threat Model Thursday: Games
Post thumbnail
Spudnet is a new game to teach networking and security concepts. The creators were kind enough to send me a pre-production copy, and I can tell you – it looks and feels super solid, and, more importantly, it plays well. The Kickstarter has already met its goals, and while all Kickstarters have risk, the creators…
Read More Enter the SpudNet
NorthSec CTF 2019 in Montreal
Looking at what is popular with smaller niche crowds can give greater insight into the “next thing”. This natural selection of attention can inspire an evolution of methods and practices. Capture the Flag Events (CTFs) and electronic Sports (eSports) are good examples of a relatively new trend. I’ve had the chance to be front row…
Read More Capture the Flag events and eSports
Post thumbnail
The White Box, and its accompanying book, “The White Box Essays” are a FANTASTIC resource, and I wish I’d had them available to me as I designed Elevation of Privilege and helped with Control-Alt-Hack. The book is for people who want to make games, and it does a lovely job of teaching you how, including…
Read More The White Box Essays (Book Review)
Post thumbnail
SANS has announced a new boardgame, “Pivots and Payloads,” that “takes you through pen test methodology, tactics, and tools with many possible setbacks that defenders can utilize to hinder forward progress for a pen tester or attacker. The game helps you learn while you play. It’s also a great way to showcase to others what…
Read More Pivots and Payloads
Post thumbnail
The fine folks at Logmein have released a version of Elevation of Privilege that adds privacy! Check out the fine work by Mark Vinkovits at their blog, “Privacy-By-Design Can Be Entertaining” by Mark Vinkovits.
Read More Privacy Extension to Elevation of Privilege game
Post thumbnail
Emergynt has created the Emergynt Risk Deck, a set of 51 cards, representing actors, vulnerabilities, targets, consequences and risks. It’s more a discussion tool than a game, but I have a weakness for the word “emergent,” and I’ve added it to my list of security games Also, Lancaster University has created an Agile Security Game.
Read More Games and CardsThere’s a very interesting paper on the Cyber Grand Challenge by team Shellphish. Lots of details about the grand challenge itself, how they designed their software, how they approached the scoring algorithm, and what happened in the room. There’s lots of good details, but perhaps my favorite is: How would a team that did *nothing*…
Read More Cyber Grand ShellphishI’m excited to see the call for papers for Passwords 2016. There are a few exciting elements. First, passwords are in a category of problems that someone recently called “garbage problems.” They’re smelly, messy, and no one really wants to get their hands dirty on them. Second, they’re important. Despite their very well-known disadvantages, and…
Read More Passwords 2016I have to start off by apologizing for how very late this review is, an embarrassing long time ago, the kind folks at No Starch Press very kindly gave me a copy of “Super Scratch Programming Adventure” to review. Scratch for those that aren’t familiar is a kids oriented programming language designed by Mitchel Resnick…
Read More A Very Late Book Review