Bootcamp Highlights: Security 101
What you need to know
Aura Information Security helps customers through testing and policy work to help identify and solve problems that the customer can go on to fix. We have two teams; offensive which tries to break down a product after its build, and defensive which is more proactive and helps customers develop policy and response strategies.
What makes up Aura Security?
Cyber Attack Testing covers all of the most common things that you hear about. This includes penetration testing which is where thy actively try to hack in the system as well as Red Teaming which is where you try to physically hack into their environment including breaking into their office of using social engineering. Defensive Security really is the essential part of cyber security. It includes things like red shielding which aims to counter the red teaming that hackers may try to use. Secure by Design is when Aura jumps into development teams to make sure that they are developing with best practices in mind. This lowers the amount of security bugs introduced into a system and also ensures that every keeps a security focus during the products development.
Education and Training is part of Aura’s outreach where they host education sessions, like this one, to help everyone be a bit more security aware. Post Attack Rapid Response is an essential part of security consulting where Aura creates plans with their clients to effectively respond to attacks. This prior planning means that everyone knows what they have to do when they suffer from an attack.
Something Aura’s Done
One of the big things at Aura is that everyone is really helpful. One of the research projects that Aura has done is simplifying card cloning. Previously if you wanted to clone someones card to get access to their building you would have to get very close to them with what looks like a mess of PCBs and wires. We wanted to make it easier so we developed a long range card cloning tool that can easily fit into a satchel. Now all you have to do is walk next to someone that has their access card out and within seconds you have read the card and all you have to do it copy it onto another card and then you have full access.
After Aura’s presentation they ran a custom capture the flag event that they created. A Capture the Flag is when you are given a product, usually a webpage, that has known vulnerabilities in it and your task is to find those vulnerabilities and get the secrets stored in them. The great thing about CTF’s is that you can do them online. If it sounds like something that you’re interested in get google and see how you go, being able to say that you have participated in a CTF looks great on your CV and will give you lots of talking points in your interviews.