OWASP - User contributions [en]

User:Greg Foss

2014-06-24T18:16:15Z

Greg Foss:

AppSecUSA 2014 CTF Developer and Volunteer.

Lead developer of the [[Front_Range_OWASP_Conference_2013|SnowFROC 2013 CTF]] challenge.

Greg is a father to two awesome kids, husband to an amazing wife. He's a native Coloradan who received his bachelor’s degree in Computer Information Systems from Colorado State University - Pueblo. While attending college, he owned and operated a small business where he designed, developed, and administered Web applications for local businesses. Greg is currently working as a Senior Security Research Engineer at the LogRhythm Labs threat intelligence team, where he focuses on developing defensive strategies, tools and methodologies to counteract advanced attack scenarios. He has over 7 years of experience in the Information Security industry with an extensive background in Security Operations, focusing on Penetration Testing and Web Application Security. He frequently presents at local security groups such as OWASP and is very active in the Denver security community. Before joining LogRhythm, Greg directed the Red Team at NREL and was tasked with leading the Application Security, Network Penetration Testing and Identity Access Management initiatives. In his free time, Greg enjoys snowboarding, mountain biking, hiking, and spending time with his family and friends.

----------
Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (C|EH), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCIH), LogRhythm Certified Professional, NeXpose Certified Administrator, Security+, Information Technology Infrastructure Library (ITIL) v3

User:Greg Foss

2013-03-30T16:05:09Z

Greg Foss: blah

Lead developer of the [[Front_Range_OWASP_Conference_2013|SnowFROC 2013 CTF]] challenge.

Greg is a father to one awesome son, husband to an amazing wife :-) and has been heavily involved in Information Security and Web Application Development for the past 7+ years. He's a native Coloradan who received his bachelor’s degree in Computer Information Systems from Colorado State University. While attending college, he owned and operated a small business where he designed, developed, and administered Web applications for local businesses. Greg is currently working as a Senior Cyber Security Engineer at the National Renewable Energy Laboratory where he directs the Security Services team; tasked with leading the Application Security, Network Penetration Testing and Identity Access Management initiatives. In his free time, Greg enjoys snowboarding, mountain biking, hiking, and spending time with his family and friends.

----------
Certified Ethical Hacker (C|EH), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCIH), Security+, Information Technology Infrastructure Library (ITIL) v3

Front Range OWASP Conference 2013/CTF

2013-03-20T15:00:18Z

Greg Foss: adding proxy to tools and parallels to the list of VM tools

==Capture the Flag Overview==
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.

Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.



==Rules==
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

===Format===
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:
* A virtual machine player such as [http://www.vmware.com/products/player/ VMware Player], [https://www.virtualbox.org/wiki/Downloads VirtualBox], or [http://www.parallels.com/ Parallels].
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], [[OWASP_Mantra_OS|Mantra OS]], and [[ZAP|OWASP ZAP]] will fit in well).

===Acceptable behavior===
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
* No attacking the scoreboard. Misuse will result in punitive action.
* No targeting the VM. Do not mount the VM and harvest flags from within.
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
* No collusion. Work only within your own team.

===Prizes===
Small prizes will be awarded to winners. People Anyone who worked on the project or who has access project-related repositories are ineligible to win prizes.

Team prizes will be awarded to:
* The team with the most points;
* The team who completed the story first (or, as a tiebreaker, the team with the most plot-specific points);
* The team who took the shortest amount of time to complete Acts I-IV;

Individual prizes will be awarded to:
* The person who solved the hardest challenge (worth the most points);
* The person who solved the most challenges (raw number);
* The person who scored the most points (total sum);

==Getting Started==
===Content acquisition===

This information will be released closer to the day of the event.

===Installation instructions===

Coming soon.

===Registration instructions===

Coming soon.

===Gameplay instructions===

Coming soon.

Front Range OWASP Conference 2013/Introduction

2013-03-15T06:08:20Z

Greg Foss: :-P

====Welcome to SnowFROC 2013 - the 5th Annual Front Range OWASP Security Conference====

[[Image:SnowFROC_Register.png|256px |link=http://www.cvent.com/d/dcqr8m |alt=Click here to register |Register]]

The Colorado OWASP chapters are proud to present the 5th annual SnowFROC. Join 300 other developers, business owners, and security professionals for a day-and-a-half of presentations, training, and Birds-of-a-Feather (BoaF) sessions. The SnowFROC 2013 keynote speaker is Neal Ziring, Technical Director of InfoProtection at NSA.

The conference will occur on Thursday, March 28th at the [[Front_Range_OWASP_Conference_2013#Venue | Denver Marriott City Center]] and will feature four primary tracks:
*High-Level Technical
*Deep-Dive / Hands-on Technical
*Management
*Legal

Running in parallel to the conference proceedings will be a capture the flag (CTF) hacking competition developed exclusively for SnowFROC by Boulder OWASP chapter members. The day will conclude with a moderated panel discussion featuring top industry leaders.

On Friday, March 28, [[Jim_Manico|Jim Manico]] will teach a course in secure coding. '''This training is free to SnowFROC attendees!'''

Friday will also offer BoaF sessions. Join like-minded industry leaders and discuss pressing issues facing the industry and you. BoaF sessions are self-lead and may address and issue you would like. Pitch your idea and get the ball rolling!

Finally, Friday will feature a postmortem of the CTF tournament. In addition to discussing solutions, techniques, and tools, we will encourage participants to attack the previously out-of-bounds CTF framework. Itching to break into the scoreboard and rack up the points? The gloves come off Friday morning.

==Conference Committee==
[[User:Mark_Major|Mark Major]]: Director

[[User:Brad_Carvalho|Brad Carvalho]]: Sponsorship, Executive events
 [[User:Craig_Klosterman|Craig Klosterman]]: Merchandise
 [[User:Steve_Kosten|Steve Kosten]]: Sponsorship, Executive events
 [[User:Glen Matthes|Glen Matthes]]: Planning
 [[User:Chris_Rossi|Chris Rossi]]: CTF, Networking events
 [[User:Greg_Foss|Greg Foss]]: CTF

==Colorado Chapter Hosts==
[[Boulder|OWASP Boulder chapter]]: [[User:Mark_Major|Mark Major]]
 [[Denver|OWASP Denver chapter]]: [[User:Steve_Kosten|Steve Kosten]], [[User:Brad_Carvalho|Brad Carvalho]] (acting)

User:Greg Foss

2013-03-15T06:06:32Z

Greg Foss: blah

Building and breaking things... Lead developer of the [[Front_Range_OWASP_Conference_2013|SnowFROC 2013 CTF]] challenge.

Greg is a father to one awesome son, husband to an amazing wife :-) and has been heavily involved in Information Security and Web Application Development for the past 7+ years. He's a native Coloradan who received his bachelor’s degree in Computer Information Systems from Colorado State University. While attending college, he owned and operated a small business where he designed, developed, and administered Web applications for local businesses. Greg is currently working as a Senior Cyber Security Engineer at the National Renewable Energy Laboratory where he directs the Security Services team; tasked with leading the Application Security, Network Penetration Testing and Identity Access Management initiatives. In his free time, Greg enjoys snowboarding, mountain biking, hiking, and spending time with his family and friends.

----------
Certified Ethical Hacker (C|EH), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCIH), Security+, Information Technology Infrastructure Library (ITIL) v3

User:Greg Foss

2013-03-06T05:59:23Z

Greg Foss:

Hacker by day, coder by night...

Greg is a father to one awesome son, husband to an amazing wife :-) and has been heavily involved in Information Security and Web Application Development for the past 7+ years. He's a native Coloradan who received his bachelor’s degree in Computer Information Systems from Colorado State University. While attending college, he owned and operated a small business where he designed, developed, and administered Web applications for local businesses. Greg is currently working as a Senior Cyber Security Engineer at the National Renewable Energy Laboratory where he directs the Security Services team; tasked with leading the Application Security, Network Penetration Testing and Identity Access Management initiatives. In his free time, Greg enjoys snowboarding, mountain biking, hiking, and spending time with his family and friends.

----------
Certified Ethical Hacker (C|EH), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCIH), Security+, Information Technology Infrastructure Library (ITIL) v3

User:Greg Foss

2013-03-06T05:58:40Z

Greg Foss:

Hacker by day, coder by night...

Greg is a father to one awesome son, husband to an amazing wife :-) and has been heavily involved in Information Security and Web Application Development for the past 7+ years. He's a native Coloradan who received his bachelor’s degree in Computer Information Systems from Colorado State University. While attending college, he owned and operated a small business where he designed, developed, and administered Web applications for local businesses. Greg is currently working as a Senior Cyber Security Engineer at the National Renewable Energy Laboratory where he directs the Security Services team; tasked with leading the Application Security, Network Penetration Testing and Identity Access Management initiatives. In his free time, Greg enjoys snowboarding, mountain biking, hiking, and spending time with his family and friends.

Certifications: Certified Ethical Hacker (C|EH), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCIH), Security+, Information Technology Infrastructure Library (ITIL) v3

User:Greg Foss

2013-03-06T05:57:58Z

Greg Foss: Certified information security professional with over 7 years of experience specializing in web development and network security

Hacker by day, coder by night...

Greg is a father to one awesome son, husband to an amazing wife :-) and has been heavily involved in Information Security and Web Application Development for the past 7+ years. He's a native Coloradan who received his bachelor’s degree in Computer Information Systems from Colorado State University. While attending college, he owned and operated a small business where he designed, developed, and administered Web applications for local businesses. Greg is currently working as a Senior Cyber Security Engineer at the National Renewable Energy Laboratory where he directs the Security Services team; tasked with leading the Application Security, Network Penetration Testing and Identity Access Management initiatives. In his free time, Greg enjoys snowboarding, mountain biking, hiking, and spending time with his family and friends.

Certifications:
-Certified Ethical Hacker (C|EH)
-GIAC Penetration Tester (GPEN)
-GIAC Web Application Penetration Tester (GWAPT)
-GIAC Certified Incident Handler (GCIH)
-Security+
-Information Technology Infrastructure Library (ITIL) v3