Welcome!

Microservices Expo Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan, Charles Araujo

News Feed Item

Lastline Sponsors International Capture the Flag IT Security Exercise and “White Hat Hacker” Competition on Friday December 4, 2015

Advanced malware protection provider Lastline™ is delighted to announce its sponsorship and support of the UC Santa Barbara International Capture The Flag (iCTF) competition taking place this Friday, December 4 beginning at 9 a.m. PST (see registration information below). The iCTF competition is a distributed, wide-area security exercise conducted to test and sharpen the security skills of the participants, with multiple cash prizes on the line.

The iCTF is the world's longest-running educational hacking competition which integrates both attack and defense security aspects in a live setting. The contest is organized by Professor Giovanni Vigna of the Department of Computer Science at UCSB and Lastline Co-founder/CTO, together with Shellphish, the well-known UCSB Security Lab hacking team. The popular event is held annually over an eight hour day, and draws participants from around the world. The UCSB Capture The Flag event features a multi-site, multi-team hacking contest in which several teams compete independently against each other.

“This is not only a great event to test participants on their security expertise, it’s a lot of fun to participate and watch teams compete,” said Vigna. “We’re testing security skills, teamwork and creative spirit.”

Each team maintains a set of services that must remain available and uncompromised throughout the contest, while simultaneously trying to compromise other teams' services. Each team receives an identical copy of the virtual host containing the vulnerable services, and must find and fix vulnerabilities in their copy of the hosts without disrupting the services. Teams also use their knowledge about these vulnerabilities to compromise the servers being run by other teams. In compromising a service, the winning team can bypass the service's security mechanisms and "capture the flag" associated with that service.

The UCSB iCTF competition has evolved from a number of previous security "live exercises" that were carried out locally at UCSB, in 2001 and 2002. In 2004, the UCSB iCTF evolved into an international exercise and featured teams from the United States and Europe. Since then, the iCTF has gone through 12 editions (one every year) with more teams and innovative designs each year.

This year’s new twist is that the teams are required to provide one of the vulnerable services in order to participate. This results in a “crowdsourced evil” effect, in which, in addition to the attack and defense skills of the teams, the participants’ creativity is put to the test.

Those interested in registering or more information can contact Dr. Vigna directly:

Cash Prizes

The winner of the competition will receive a $500 US cash prize. An additional $500 cash prize will be awarded to the “best service.” The best service is voted by the teams themselves at the end of the competition. An additional $500 prize for “best dashboard” will also be awarded. During the competition, the organizers will review each dashboard and vote for the best submission.

All prizes are sponsored by the Shellphish team itself.

About Dr. Vigna

Dr. Giovanni Vigna has been researching and developing security technology for more than 20 years, working on malware analysis, web security, vulnerability assessment, and intrusion detection. In addition to his roles as Professor in the Department of Computer Science at the University of California in Santa Barbara and as the director of the Center for CyberSecurity at UCSB, Dr. Vigna serves as Lastline’s co-founder and CTO. He is the organizer of the iCTF, the world's largest educational capture the flag competition. He is also the leader of the Shellphish team, which is the longest-running DefCon CTF team. The Shellphish team recently qualified in the DARPA Cyber Grand Challenge (CGC) and will play the final CGC competition at DefCon 2016.

About Lastline

Lastline is innovating the way companies detect active breaches caused by advanced persistent threats, targeted attacks and evasive malware. Lastline’s open architecture integrates advanced threat defenses and intelligence into existing operational workflows and security systems. Inspection of suspicious objects occurs at scale in real-time using a full-system emulation approach to sandboxing that is superior to virtual machine-based and OS emulation techniques. Lastline's technology correlates network and object analysis to achieve timely breach confirmation and incident response. Lastline was built by Anubis and Wepawet researchers and industry veterans with decades of experience focused specifically on advanced breach weaponry and tactics.

Headquartered in Redwood City, California with offices throughout North America, Europe and Asia, Lastline’s platform is used by global managed security service providers, Global 2000 enterprises and leading security vendors worldwide. To learn more, visit www.lastline.com.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@MicroservicesExpo Stories
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
You often hear the two titles of "DevOps" and "Immutable Infrastructure" used independently. In his session at DevOps Summit, John Willis, Technical Evangelist for Docker, covered the union between the two topics and why this is important. He provided an overview of Immutable Infrastructure then showed how an Immutable Continuous Delivery pipeline can be applied as a best practice for "DevOps." He ended the session with some interesting case study examples.
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
"This all sounds great. But it's just not realistic." This is what a group of five senior IT executives told me during a workshop I held not long ago. We were working through an exercise on the organizational characteristics necessary to successfully execute a digital transformation, and the group was doing their ‘readout.' The executives loved everything we discussed and agreed that if such an environment existed, it would make transformation much easier. They just didn't believe it was reali...
"Opsani helps the enterprise adopt containers, help them move their infrastructure into this modern world of DevOps, accelerate the delivery of new features into production, and really get them going on the container path," explained Ross Schibler, CEO of Opsani, and Peter Nickolov, CTO of Opsani, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes a lot of work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reduction in cost ...
Don’t go chasing waterfall … development, that is. According to a recent post by Madison Moore on Medium featuring insights from several software delivery industry leaders, waterfall is – while still popular – not the best way to win in the marketplace. With methodologies like Agile, DevOps and Continuous Delivery becoming ever more prominent over the past 15 years or so, waterfall is old news. Or, is it? Moore cites a recent study by Gartner: “According to Gartner’s IT Key Metrics Data report, ...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis tool. It is an extremely lightweight tool that can integrate with pretty much any build process right now," explained Andrew Siegmund, Application Migration Specialist for CAST, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Archi...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...