How to Participate in a CTF

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with James Pope, Vince Stoffer, and Blake Cahen from Corelight to discuss Capture The Flag (CTF) competitions and how they can be an invaluable learning tool for security professionals. Whether you're new to CTFs or a seasoned competitor, this episode covers everything from getting started to advanced strategies. The conversation dives into network-based CTFs, the skills required, and how Corelight’s own CTF events offer hands-on experience in network forensics.

Topics Discussed:

  • What is a CTF? Understanding how security CTF competitions work and what skills they test.

  • Getting Started with CTFs: Tips for beginners, from choosing the right event to practicing with the right tools.

  • Network Forensics and Security Analysis: How network-based CTFs differ from other styles and what data sources are most valuable.

  • Common Pitfalls and Mistakes: Strategies to avoid overthinking problems and making costly errors during competitions.

  • AI and the Evolution of CTFs: How AI is impacting CTF challenges and whether it’s changing how competitions are designed.

Guest Info:

  • James Pope – Director of Technical Marketing & Enablement at Corelight and experienced CTF organizer.

  • Vince Stoffer – Field CTO at Corelight, with a background in network security and incident response.

  • Blake Cahen – Security expert with experience in offensive cyber operations and threat hunting.

Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]

How to Participate in a CTF
Corelight


Brian Dye on Network Detection and Response (NDR) with Corelight

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with Brian Dye from Corelight to discuss the evolution of cybersecurity, the importance of Network Detection and Response (NDR), and the challenges modern organizations face with securing their networks. Brian shares valuable insights into how Corelight leverages open-source technologies and data to provide advanced threat detection and forensics.

Key Topics Covered:

  • The Evolution of Corelight
    Brian discusses the history of Corelight, the transition from the open-source project Zeek (formerly Bro) to the Corelight company, and the importance of supporting the open-source community. He also touches on how the company has grown as cybersecurity needs have evolved.

  • Network Detection and Response (NDR)
    Corelight's NDR solutions help organizations detect advanced threats that bypass traditional security controls like firewalls and EDR. Brian explains the differences between EDR and NDR, and why both are essential for a comprehensive cybersecurity strategy.

  • AI and Machine Learning in Security
    Brian dives into how Corelight has embraced AI and machine learning, particularly with generative AI (GenAI), to improve threat detection and response capabilities. He shares examples of how organizations are using GenAI to automate security workflows and accelerate alert investigations.

  • The Changing Threat Landscape
    Brian talks about how attackers are evolving their tactics, moving away from malware-based attacks to techniques like "living off the land" (LoL) to avoid detection. He discusses the importance of understanding these advanced attack methods and how NDR tools help provide the data needed to investigate and respond.

  • Real-World Success Stories
    Brian shares examples of how Corelight has helped organizations respond to cyber threats, including a ransomware attack scenario where Corelight's tools provided the necessary data to help the victim organization make informed decisions about whether to pay a ransom.

  • The Future of Network Security
    Looking ahead, Brian outlines the future of Corelight and its focus on expanding its data capabilities to enable more advanced detections. He highlights the importance of data as a foundational element for security and how Corelight plans to continue innovating in the NDR space.

Guest Bio:

Brian Dye is the Chief Product Officer at Corelight, a leading provider of Network Detection and Response (NDR) solutions. With years of experience in cybersecurity, Brian is dedicated to helping organizations defend against advanced threats using open-source tools and innovative technology.

Links and Resources:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

What is Network Detection and Response (NDR) with Corelight
Brian Dye