Owen Redwood – On Training Students to find 0-days
Owen (aka sk4ld) Redwood is a Ph.D. candidate at the Florida State University. He founded the CTF team n0l3ptr, which in turn produced a graduate level course titled “Offensive Security” in 2013. His dissertation research in on counter-intelligence tools for critical infrastructure, and involves honeypots, SCADA, tons of math, and publishing threat intelligence in realtime. Owen currently works part time for Raytheon SI Govs, while teaching, and finishing his dissertation. He currently teaches Offensive Computer Security (http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/).
He enjoys long romantic walks to the liquor store, CTF’s, and playing guitar.
This talk will be discussing the Offensive Computer Security and Offensive Network Security courses at FSU, and how each student is required to find an 0-day (for the Offensive Computer Security Course) & ethically disclose it. The state of infosec security will be considered, and we will discuss the value of teaching offense to students in order to produce better defenders. Owen has been helping students around the country bring Offensive Computer Security to their curriculum, through directed independent studies, and has even reached highschools with the course.
Few schools teach offensive security material in any form, let alone hands on with exploit development, web application hacking, or vulnerability research topics… Most schools focus on cryptography, firewalls, IDS/IPS, ACLs, passwords, and at best cover malware reverse engineering. Let’s change that!!!
This talk is aimed at fellow students (graduate / undergraduate), instructors, and those no longer in school but interested in giving back to the community.
I’ll primarily focus on providing steps to follow in order to explore teaching and/or researching offensive security material at your own school. The talk will have *useful* resources for instructors to learn how to do offense (n00bs are welcome!), and how to go about teaching it in a manner useful for defense.
The link for the Offensive Computer Security course is:
The link for the Offensive Network Security course is: