CompSec Direct ran Breach Village during a local BSides conference. “We wanted Breach Village to showcase real-problems and not the made up scenarios people see in Capture the Flags events. Realism and modern problems in cyber security are difficult to showcase into a fun learning environment” said Jose Fernandez. Breach Village used our Kleared4 cyber range and our Kleared4 Edge fly away kits.
“We created a CTF built around the problem of social security numbers found on government websites, and created a scenario to allow participants to repeat the process for their home state. Since vibe coding is a real cyber security problem, we created a fun way for people to breach one of our Kleared4 Edge fly away kits in a self-contained game. The most exiting part for me was watching people figure out the bugs we intentionally left in the game, as online AI powered software development is currently a hazard that mature companies are slowly implementing.” said Fernandez. The CTF for Breach Village had over 30 participants submit a correct response while the physical case breaching had over 50 different people try and lock pick the case.
“As we developed our Kleared4 Edge kits, we faced skepticism and doubt from un-named parties adjacent to our defense industry. For us, making the kits tamper resistant is better than having some water-proof case that needs to be open to function. Some Polypropylene Plastic Equipment (PPE) cases have security features that are more practical than a water sealed case that rarely travels over the ocean.”, said Fernandez. Participants at the BSides conference tried their best to physically breach the case without triggering the tamper sensors within.
“A few years ago we talked to a non-profit that specializes in lockpicking. We developed real counter-measures to ensure our cases are not tampered with and only the winner was able to see what was inside the case. When they saw what was next countermeasure, I could see their eyes open up in disbelief and I knew we were onto something” said Fernandez. Only one person was successfully able to breach the case within the time limit. The Breach Village CTF is available at breach.kleared4.com.
“During this event, we did a soft launch of an AI powered solution we created to rate phishing emails and text messages called Rate My Phish. Participants that attended the second day of this conference were able to score additional points on our CTF by uploading phishing emails or text in to our local large learning model (LLM) and getting a rating of over 100 out of 200 points. The only phishing emails I highest scoring phishing email I saw that day hovered around 140/200 using our custom scoring model, and these are emails that sadly people would click on” said Fernandez. Rate My Phish is currently available for free at whyyouclick.kleared4.com
Please contact CompSec Direct to plan and run a CTF using our Kleared4 Cyber Range.
Jose Fernandez made a YouTube live video during the event. Special thanks to Mr. Peralta for his assistance during Breach Village and the organizers of BSides Charm.
