Security BSides Athens 2022

foreign

[Music] relationship [Music]

[Music]

[Music]

[Music]

[Music]

foreign

hi all welcome to besides athens 2022 i'm jessica russo speaking from london we are glad to have received your continued support and participation through the years bringing us to today the seventh besides athens this year we have been extremely busy regaining control of our lives back from coronavirus till the last moment we were not quite sure whether we would manage to host an in-person event hence we decided to stream it on youtube similarly to last year in order to save up some energy for next year's event and maybe a couple of aces in the whole we cannot thank enough our sponsors who reached out to us this year offering their support just for this year we decided to not

accept any sponsorships as this event is going to be virtual and our costs are significantly lower however we have missed you a lot and we are committed to making next year's event a great in-person gathering should you wish to sponsor us or support us in other ways please don't hesitate to reach out to us as soon as possible today's agenda includes 12 talks and one workshop we want to thank our speakers for their amazing efforts we hope that you will love their talks if you already follow us on the social media you must have noticed the design of this year's t-shirt next year when we meet in person we will have the designs of all three years of our virtual events

available for you to pre-order about cps we will follow the same pattern as last year two google forms will become available 10 minutes each for you to fill in and submit the opening of its form will be announced on the stream form a will be released in the morning whereas form b in the afternoon successful completion of both forms will grant you the certificate of attendance for you to be able to claim 10 cps in two weeks time during the event we encourage you to be connected with us on discord to chat about the talks and to ask us any questions you may have also we will be posting updates throughout the day so don't worry if you

have missed anything on the streaming have a great day and see you in person next year on saturday 24th of june 2023 in athens greece goodbye

hey everybody i'm brian cantos i'm the chief security officer with phosphorus cyber security today's presentation is cameras caps and clocks enterprise iot security sucks this is a story of two million interrogated iot devices this slide i just said yikes i didn't really know what else to call it so i went over to showdown and i think most of you are familiar with that the showdown search engine uh to see which devices are um internet accessible if you will and i just typed in a couple terms that you would think of for iot devices i've got camera voice over ip printer and ups so not very scientific just typed them in uh but what we find

here is almost five million cameras you know over 250 000 voice over ip phones uh you know 83 000 plus printers and almost 14 000 ups systems which oh my gosh and the thing about ups systems i won't tell you but you can google this the password is almost never changed and it's a very very simple password on these it's actually the same credential for username and password on these devices i don't know why they would be exposed on the internet but uh iot devices don't need to be exposed to the internet for these attacks to happen but certainly the fact that many of them are increase the likelihood also we're seeing a lot of nation states

now paying attention to iot and investing quite a bit and this is globally so russia has this tool called frontend which was developed for them by some contractors specifically for the russian fsb and this was an iot hacking tool designed to find compromise and compromise iot devices install command and control software and do whatever they wanted from that point or also use as a jumping off point to get in deeper into organizations interestingly a hacking group called digital revolution got their hands on frontend and released the code so you can get it from torrents and all the all the places that you like to get your hacking tools from another interesting case is uh there

have been iot devices that have been banned actually the us house of representative has passed bills that prohibit federal agencies and contractors from actually using certain iot devices so i mean they're they're that well known to have that level of vulnerability that they're they're just not allowed our research what we've actually discovered and this these numbers actually blew me away before i really started getting involved with these organizations there's about three to five iot devices per employee so this is the the craziest looking uh possible chart to show that but if you just look at ten thousand employees for example ten thousand employees you probably have somewhere between thirty thousand and fifty thousand iot devices that's a lot of

devices and it's way more devices than you could possibly manually manage in terms of taking care of the firmware and taking care of the passwords and turning off unneeded services it's just completely untenable you need automated tools you need a centralized process to handle that but it just kind of shows you the breadth and depth of this problem now if you look at law firms for example they'll have a little bit less you look at retailers they'll actually have quite a bit more so it kind of depends on industry but on average take a look at your organization there's probably about three to five iot devices per employee right and we'll get into some of the iot

devices that we see quite a bit of in the worst offenders and you'll start going okay yeah if i start including these things i can completely see how that goes and just like with the stock exchange we were talking about those cesium clocks when we go into organizations to do a proof of value and we say hey how many devices do you think you have iot devices and they'll say i don't know i have x almost 100 of the time their numbers are off by about 40 to 60 percent so again they just didn't know about half of their devices and their environment so we talked about printers a little bit before printers are really a special case because everyone's

got them and everyone's got a lot of them we work with some folks in the hospitality industry for example where they had tens and tens of thousands of printers just printers different models and brands and you know versions and things like that but they have lots of printers now the thing about printers is most sort of enterprise level printers have about a 20 gig hard drive it's not huge it's not small but it's a pretty good size hard drive and what had happened is some attackers had gotten access to these these printers which by the way most of these are uncommon operating systems like linux or android and things of this nature in fact across all iot a flavor of linux or

a flavor of android is by far the most common thing that you'll find and by the way they have a lot of the same capabilities services um in the case of printers however they're far more promiscuous in running so many different protocols they've got every protocol imaginable because they want to be easy to use they want people to be able to connect to them and use them it's the point of the printer so from that perspective it makes great sense but attackers know that and because they know that they take advantage of the fact that those printers are so promiscuous and there are so many ways to connect with them so in this particular case some attackers

had gained access to the printer they had uploaded some of their tools and this was only to a few dozen printers at the time but it did expand greatly to hundreds later on and they used those to go out searching for other critical devices on the network it devices primarily and from them they were extracting data this was all about intellectual property theft they're extracting the data and then they were storing it on those 20 gig hard drives and i'll get to what happens next well a lot of this activity because it was all being controlled through various remote connectivity uh controls and and c2 and things of that nature it created logs and those logs were

showing up in splunk and they were anomalous they said hey we've got a lot of printers that seem to be pretty chatty and we're not really sure why and then what they were seeing was data exfiltration and these printers they were being set up to exfil data over icmp why because everybody allows icmpo and even if it's shut off network ops turns it back on to do some testing they forget to turn off just a really easy way to exfiltrate data you have to make the packets pretty small takes a little bit longer but it usually goes under the radar so they were using these printers to grab it sensitive data compressing it up exfiltrating out over

icmp which eventually caused some alarms to go up and what they found was when they started looking at these printers and say god it's not just one or two it's we have several dozen now more than a hundred now they're infected um it was just the firmware they're running really old firmware some of these devices hadn't been updated in uh up to ten years most of them hadn't been upgraded for about four or five years at least so they were just sitting there vulnerable they were doing their job they're working fine as printers and usually most people don't pay attention to a printer until it stops well printing so the fact that they are running all this

old firmware just made them a big target with a big juicy hard drive and an easy way to exfiltrate that data out now talking about firmware about 26 of the devices we counter have end-of-life firmware meaning that there's just just nothing we can do with that firmware it's completely end of life if you're running it you have to get on a newer version of it of the remaining 74 the average age was six years old um think about your smartphone it probably wouldn't work if you hadn't updated things in six years and i'm almost certain it wouldn't work but now you're talking about your enterprise devices again all of your key systems especially the systems that

manage other systems and that's a really a scary step because if we think about it again there's not a lot of difference between an it device and an iot device in terms of capability network access and the type of negative ramifications it can cause upon your environment and again with iot you can even cause physical harm so if i went and told you 26 of your it devices were our end of life firmware you jump off this video right now and you go fix those that's how serious this is so we start digging into the actual statistics around the vulnerabilities what we found and this is this is probably one of the the most frightening

statistics so far the cbss scores so scores of one to ten ten being the most grievous fifty percent of the devices have a score of an eight in additional 18 have scores of 9 or 10. these are high to critical level vulnerabilities these are the type of vulnerabilities where you don't need local access um you can do remote exploitation they're very uh they're very severe the great majority of the vulnerabilities discovered on these devices were eights nines and tens that's a scary thought again this is one of those things where if this these were your it devices you'd be like oh my god what can i do but because iot devices historically have been so hard to first of all just

discover then manage then manage the passwords address the vulnerabilities in the patching and the firmware uh managed services etc nothing's been done let's dive into the biggest iot offenders and these are the devices where we see sort of the the most grievous issues across the board now we see a lot of other devices that i'm not listing here but uh you know we just had to sort of condense it into the the ones that keep on ringing out as being problematic um again the the pictures that you see here are not the actual brands i'm not not going to call anybody out here that's not the the focus here but kvm switches again most of you are probably familiar

with kvm switches but kvm switch you stick it in a rack you connect it to multiple computers and it lets you control keyboard and mouse and video and sometimes you can cycle power as well we come across a lot of these devices that are running like linux ubuntu version 10. well that's from 2010 right i think the latest version now is 21 point something it's a little bit past 21.1 so this is it's running old stuff and because of that it doesn't just have a few but they have a hundreds hundreds of vulnerabilities now think about this i've spent a lot of money on my endpoint security and application security identity this and network security that

and now i've got this kvm switch that can back door into all these devices running a version of linux that's uh more than a decade old that if i'm an attacker and i can compromise that i can do a lot of malicious things so those devices that are connected i can probably power them off i can change configurations i can you know modify stuff steal stuff whatever i wanted to do so that's a huge back door and that's one of the reasons that a lot of nation states and we talked about russia earlier are building these tools because why bang your head through the firewall and the ips and the encryption that and application security and endpoint

security when i can just go around that back door again like 1995 with that u.s robotics modem plugged into the back of that windows nt351 server in the back of the data center that everybody forgot about right so kvm switch is one of the biggest offenders that we see out there another big one lights out management controls so if you look at the back of this of this server we see a couple ethernet ports on the right and something that looks like an ethernet port where that arrow is well that's not an ethernet port that's a lights out management port right that's that's what you're going to use for management these devices well the thing the thing about these is

there's a few different flavors there's hp has ilo dell has idrac super micro has ipmi so there's a few different flavors those are the main ones they're just little linux servers in fact there's malware specifically designed to target those little linux servers for lights out management systems and again like the kvm switches but a little bit more powerful actually these lights out management controls bypass all that other security that you put on top of that server so you can have 10 million dollars of endpoint security on top of this thing but if that interface isn't secure if it's running a default password for example or a weak password or has a vulnerability in it that can be

exploited because that version of linux or vx work that's running on that has not been updated in the last 10 years that's a problem because now as an attacker the things i can do for that is i can shut the system down i can change the network settings i can run a shell some of these guys i can pop open a virtual terminal as well i can upload software or malware i can do all the bad stuff that an attacker would want to do and again most of your critical servers are going to have these devices and some people say oh well you know i don't even know that thing was there and that's the problem again because

there's no good inventory for discovery for a lot of these a lot of these products server cabinets and racks this is another one that people tend to go oh those do have a lot of iot devices they sure do ups systems which are notorious for having the vendor's default password which takes about five seconds to find if you google it cooling systems cable management tamper resistance sensors and all sorts of other things depending on how fancy that rack happens to be and they're really cool and they're really capable they're almost always running the oldest firmware known to man and the reason for that i think the primary reason is if i want to upload all the firmware on my rack including my

ups system everything else i need to reboot that system in most cases which means all those devices that are relying on that switching gear routing gear computer systems etc they're going to have to be reboot as well so there has to be a change window and when people schedule change windows they don't always think about iot devices unfortunately which causes this problem so these devices are frequently frequently vulnerable and a lot of these are also tied to kvm switches that we talked about earlier exposing you to a lot of problems uh physical access controllers here's another case where you probably have oodles and noodles of these throughout your environment whether it's biometrics or you know a pin or a scan card or a cac

system whatever the solution might be again these are these are linux devices that are that are running on the network and in one particular case we're working with a customer and they had uh the system deployed it was uh it was all default passwords but if those passwords were not default and it's crazy to find the default passwords on door locks it's crazy to think but you always find it they had three critical cbes so have that default password not been there it would have been easy enough to get through one of the critical seats one of the three you could pick the one that you like most to get into that system and we're sitting with the cso and

their team and we're actually able to show them with a click of a button we could have locked or unlocked all 6400 doors door lock systems that they had throughout this financial services company and again the iot tax iot devices can have that impact on the physical world printers we talked a little bit about printers before they're certainly one of the most commonly attacked devices especially from nation states but cyber criminals like them too if any of you were at black hat back in 2019 in vegas there was some research that was released where they found critical level vulnerabilities again these are level 10 vulnerabilities on over 10 000 different printer types and brands and there's

just so many different types of printers out there but that's that's pretty incredible over over 10 000 devices had critical level vulnerabilities and again they're highly promiscuous they're running a lot of services they've got wired and wired list connections they probably have bluetooth they might be running other other protocols as well you can manage it via https or ssh some of you can tell that into they're just very very open and that's taking advantage and again because a lot of them have that big storage drive it's great to use them to attack i.t devices and exfiltrate your data out the way we talked about it before but again it's one of the biggest targets for state-sponsored hackers i would say

it's probably in the top three next one voice over ip phones and video conferencing systems like printers organizations have a ton of voice over ip systems and even when people weren't at at the office there's still so many active iot systems that we actually saw an uptick in the number of attacks on iot devices but now i guess they're calling it the great return here in silicon valley we see you know the likes of apple and facebook and google people are all going back to work again traffic's increasing because of that which is usually a pretty good sign probably an iot device could detect that but there's a lot of these voice over ip phones and they're usually running a

flavor of android what we find with a lot of these devices is they've got undocumented ssh administration capabilities running on them with default credentials again and a lot of this goes back to what we were talking about before with the manufacturers of some of these devices aren't necessarily software development houses they're more they manufacture things sometimes like farm equipment and things of that nature so they have a small crew they're not putting a lot of time and effort into into testing certainly not looking at security if they are it's very little and because of that they're saying well i'm just going to white label that i'm going to use that library from that group and they might not even know they

have that undocumented ssh with default credentials right and it just got rolled out that way because they hadn't done that level of testing so that's a that's a pretty scary thing um with this one organization i guess you can call this a beacon of hope but maybe it's kind of sad they had 31 000 phones only 700 only 700 had a critical level cve as we know it really only takes one so these again are uh an example of something that there's just so many they're so voluminous 31 000 phone systems if you want to upgrade the firmware or rotate the passwords every 90 days that you use for managing those or whatever steps it would be impossible

to try to do these things manually and then the last group i wanted to cover were secure our security cameras these suck the most there's so many of them and there's so many problems again some of these cameras shipped directly from their manufacturers with the malware already installed so you skip the middleman you just go straight to straight to being infected and having your device controlled these cameras have been known to actually turn on when they're supposed to be off they're known to record audio when they're supposed to be on you and they also take these streams and they can pipe them back to various countries so that's a problem right there again a lot of these devices

have been banned but cameras are devices that if they're compromised they can certainly be used for spying um we mentioned some of the attacks that are very common in it and iot and how they're the same from ransomware to data theft ddos command and control malware distribution things of that nature one case we were working with a customer i think they had something like 9000 or 9500 a lot they had a lot of video cameras and they had been cryptojacked uh most of you probably know that means i want to take this device and i want to use it to mine crypto so they had all these cameras that were doing crypto mining and the way they detected it i'd love to

say it was some cool sim tool or alerted this it was their power build their power bill was really really high and they didn't know why if you've ever looked at organizations that do crypto mining it's it's pretty energy intensive so that's how they found it these guys are usually running linux usually some form of like busy box which is a common a common piece that's on there and the thing that's interesting about video cameras is a lot of the older ones are designed so i have 10 000 cameras but they all have to have the exact same password that's talking to the management console like something like you see here in the middle which

which is an architectural flaw i mean you could set it up and there's some newer ones where you have the streaming password is the same but the management password is different so it has two different passwords uh because of that issue so when you're talking about password management on these things uh you have to keep in mind that hey if you're if you are going to change the password and use something complicated now i have to do it for all 10 000 devices and it has to be the same thing has to be a group password again from a secure perspective not a great design but sometimes you have to work within the limitations of those devices as well

so again virtually every organization has hundreds if not thousands or even tens of thousands of these types of devices there's often finger pointing when it comes to cameras well i thought facilities took care of that no i thought it did no i think it was supposed to be security and it's kind of like spider-man right they're all pointing at each other it just it it's just very commonly targeted and they tend to be very easy to take advantage of and on the consumer side again we're not focusing too much on the consumer side here but one of the most popular cameras on amazon last year most popular camera highest rated you know approve this and that

shipped with malware already installed on it to summarize um you know iot devices they're virtually always vulnerable i wish i wish there was another another way to say that it just sucks hence the title of the presentation um historically it was really hard to just find these devices just say i i don't even know what i have i know i got a bunch of cameras and some door locks i think and lights out management i hadn't even thought of that but just finding them that's that's a problem then the next step of course is once they're found remediating the risks which is the bigger part of the equation right i just don't want to find it i want to fix that

and then i want to keep it fixed right so that's really important now there's solutions to help with this right enterprise iot security platforms um somewhat of a newer concept in this world and i put a couple versions down here of course this is something that phosphorus does but we're not the only people that plan iot security you can take a look at some of these other vendors everybody has a little bit of a different approach to this some a little bit more legacy some a little bit more modern but now these tools can help you discovering the device and what vulnerabilities are on my device updating my firmware managing those credentials and those certificates and hardening those devices

and then what's really critical is integrating with all my other it security tools for logging for soar capability for ticketing systems and then being able to pull all that together with a reporting capability that makes this easy for me to manage at scale if you're able to do this not only are you able to sort of discover your iot environment and lock it down but you're able to do it at scale with these automated tools and make these devices secure you're just not hiding off in a vlan just not closing your eyes and hoping nothing bad is going to happen and you're greatly reducing the risk on your organization with something that's very easy to do

in most cases running discovery from these enterprise iot security platforms is like running a vulnerability scan right the firmware is just kept up there you don't have to go hunt for the firmware yourself the integration api integration with the pam tools is already there it just works and it just fits so something you probably want to check out if you're trying to address your iot security so again my name is brian cantos i'm the chief security officer with phosphorus cyber security and thanks so much for your time

hello everyone my name is cristina sculody and i am a cyber security expert at alanisa today i would like to give you an overview on team europe and the international cyber security challenge let's start with international cyber security challenge the first edition of the international cyber security challenge took place in athens in june of 2022 in particular from the 14th of june until the 17th of june we had the four days event that was following the the schedule that you can see on your slide so the first day we had the testing day where people came to test the infrastructure and also the tools that they would use for the competition then the day of the 15th of june we had

the first day of the ctf which was a jeopardy ctf and the different teams had to compete in five main different categories of geoparty style ctf challenges on the third day we had the attack and defense day a ctf that is focusing on having an infrastructure with different services that one has not only to attack to the other teams but also to defend for its team and finally at the last day we had the award ceremony where we announced the winners the teams that took part in the icc of 2022 were seven we had teams participating from canada us latin america africa oceania asia and europe in total we had more than 64 nations being involved in the teams and

representing the different regions that just mentioned the icc takes example from the very successful project of veneza since 2016 which is the acsc the european cyber security challenge where the different member states and other countries from europe and the eftas have representation of teams that go to an annual event to compete in a ctf as mentioned one of the teams that participated in the icc of 2022 was team europe and for an isa that was a separate project training and preparing team europe for the icc finals anisa's main objectives for team europe was to form and train the final team europe we had to make sure that we will create a diverse balanced and strong team of 15

young people aged from 18 to 26 years old as it was in the rules of the icc for participating we had also to achieve the best possible result for the icc of 2020 2022 that was one of our main goals and in order to assure that we will do our best we wanted to collaborate with people and stakeholders that would help us in this project to train and form team europe so we have the team europe trainers a group of five people from different countries with experiences etfs that collaborated with the nisa closely throughout the training path of team europe we had also the icc steering committee which is the steering committee that defines the rules and

also shares all the information for the different teams that are participating in the international cyber security challenge the steering committee of the european cyber security challenge was also involved since it nominated young people for joining esteemed europe candidates in the first place and out of these candidates for team europe we selected the final team europe we also created a subcommittee the international subcommittee as we call it of ecsc which was people that were representing the easy steering committee but at the same time were being consulted by us for everything that was taking into consideration for deciding for team europe and for the icc as well so we started with the pre-selection process where as i said before we had to

create a pool of eligible members for team europe and we reached out to the acc steering committee where the national representatives proposed up to four candidates each up to two male and up to two female candidates per country we had the pre-selection concluding with all the candidates that were nominating successfully joining certain trainings and ctf qualifiers that were provisioned in order to reach to the decision of the final team europe it is important to state here that inisa covered all the expenses for the candidates traveling in the competition during the bootcamps that we organized and all the events that were dedicated in preparing team europe and training team europe candidates also together with the trainers of team

europe we prepared all the criteria the processes for the selection the training path we prepared the requirements for the platforms and everything else that had to do with the preparation of team europe was done in collaboration with team europe trainers now let's look closer the training path that we developed for team europe we started with setting up an online training platform since may of 2021 where we provided access to the first pool of candidates of team europe that we had from the from the nominations of the ecsc steering committee in the beginning we had 36 candidates for team europe from the call for expression of interest that we had and from the nominations that we

we were provided from the acsc steering committee all of them were granted access to an online training platform that was a continuous training module that we had so since may of 2021 until the finals of the international competition um we had this platform up and running for all the candidates and later on for team europe to be able to prepare to to test their skills and to practice then in july of 2021 we had our first bootcamp in tallinn of estonia we had the first bootcamp where we had all the 36 candidates for team europe coming and meeting for the first time and had several trainings on different topics later on we had the city of qualifiers

which was an online event that was that was held early september for all the candidates in order to assess the the strong profiles and who could make it for the final team in the ecsc of 2021 in prague we also opened the second call for expression of interest where we were able to collect more candidates for team europe and there we reached to the 55 candidates for team europe after that we had the second bootcamp where we invited almost all team europe candidates in turin and we had again a three days event training on different topics where i'm going to present later on in detail in march we had the third bootcamp in the hague where again we had

team building activities and also trainings for the 55 candidates of team europe that we had after the second call and and of course we had also second ctf qualifier early april in order to again assess the um the technical skills of the of the candidates and reach to the final decision of who is going to be in the team euro so some statistics i have here is that out of the 55 candidates that we managed to have for team europe after the second call for expression of interest we had 21 countries that were represented in this pool of candidates and the gender balance statistics that i can share here is that we had out of the 55 candidates

40 male and 15 female candidates for team europe in detail the bootcamps that i mentioned before are presented here so in july of 2021 we had the first bootcamp in thailand of estonia where we had trainings on mobile security and attack and defense at the third day of the event in in estonia we had also a team building activity in order to provide the opportunity to the members uh to the candidates of team europe to bond and to learn more about each other on the second bootcamp that we had in touring of italy we had trainings on web exploitation and cryptography and again we had also a team building activity in order to build more cohesion in team and ensure

that collaboration elements are being enhanced in the third bootcamp that we had in the hague we had of course again trainings that were focusing on attack and defense once again because we consider it an important element since it was um 50 of the icc finals and that made it the topic of course that it was of importance but we had also trainings on forensics and binary exploitation as you can see besides the trainings and the boot camps that i mentioned we had also two ctf qualifiers we wanted to make sure that we have increased participation during these online events and for that reason we organized them during weekends it was a 24-hour strength straight event both

times for both city of qualifiers in order to accommodate all different time zones as we had candidates also residing in different countries than eu we had to assess the technical skills but also the strategy of all the people that would take part in the qualifiers and in order to make sure that we take the best experts that we need in the main categories that would be also in the icc finals without the qualifiers focusing in the five categories of challenges that would be also the five categories of challenges for the icc so we have the web exploitation binary exploitation reverse engineering forensics and crypto challenges in the ctf qualifiers in order to identify the best profiles in

all these categories we had of of course three difficulty levels per category easy medium and hard so that would allow people that are not mastering specific categories to also accumulate points for other categories and in total we had 15 challenges in each cpf qualifier as i mentioned before the first city of qualifier with 36 candidates that we had at that time took place on september of 2021 while the second ctf qualifier took place in april of 2022 with 55 candidates

after this training path that i presented we had the final bootcamp when we selected the final team europe so following the second city of qualifier we were able to have all the information available that would allow us to select the final team europe and after selecting the final team europe we are organized for one more bootcamp only with the team europe plus five people that were added in the reserve list so we had in total 20 people that participated in the final boot camp of team europe from the 13th to the 15th of may in vienna it was again a three days event that was aiming to simulate the days of the icc finals so the first

day in order to test the tools and also to to clarify the roles and responsibilities on each of each team member we had the geoparty ctf where we had challenges for from the different five main categories that i that i showed to you before and the people collaborating for the first time as a team in order to successfully solve the challenges of the geoparty ctf in the second day we had an attack and defense ctf where all together again they had to collaborate as a team define the roles and responsibilities on who is um who is patching who is exploiting who is doing the cis admin all these different roles and responsibilities again had to

be defined divided within the team but also there was an opportunity to test the tools that they had available in order to uh to to conduct the attack and defense ctf on the third day we had the technical briefing after observing what was learned from the two days experience that we had previously we had the session dedicated on the lessons learned and on what should be improved until the finals and of course we had also a training that was focusing on windows this time and this is team europe in this nice picture in the sunny weather of athens you can see the 15 members of team europe plus the five members of team europe trainers in a

picture right before the first day of the competition of the jeopardy ctf some words about the diversity of team europe and the statistics so out of the 20 people that we had selected which was the 15 main members of team europe plus the five members for the reserve list we had a percentage of 20 percent of female represented in the team and 80 percent represented of males in the team we also had 12 countries represented in the final team of 15 members of team europe and we had 15 countries represented in the final team of team europe plus the reserve list members as you can see there these are all the different countries that we had

from czech republic to italy to spain to norway to belgium you can see that we had people coming from many different countries of europe some words about the ages that we had in the team europe so in the blue bar charts you can see that we had people from 21 to 26 years old in team europe while in team europe um calculating also the reserve list members we had people from 19 years old up to 26 years old and this is the skill set of team europe as i mentioned before we have five main categories for the geoparty ctf which is the binary exploitation the reverse engineering web exploitation crypto and forensics and in order to

know what are our strengths and weaknesses we have this nice diagram where we had with the blue line it represented the skill set of team europe while with the red line we had represented the skill set of team europe plus the reserve list and after all this preparation after all this hard work and after all these trainings that we had and i presented to you with team europe we were in the very happy position to win the first place in the international cyber security challenge so you can see here a very nice picture of the vice president of the european commission margaret giving the price of the first place of the overall winners to team

europe where they celebrated a lot and they of course enjoyed a lot this uh this win we had of course asia coming second and also u.s coming third and i think that bravo and congratulations is deserved to all the teams that participate in the icc so if you are interested also in participating in the next team europe candidates since we are preparing now already for the next year competition that is going to take place in the us for 2023 please register in the open csc.eu and make sure that you don't miss out the ctf that we will organize in order to identify young people from 18 to 25 years old that can master one of the main

categories of challenges that we presented and that can make it for the candidates of team europe for next year if you're interested in finding more information about what i presented for team europe and the international cyber security challenge feel free to reach me through email or my mobile and i will be responding back to you as soon as possible i'm cristina schuludi and thank you very much for your attention

you