Whitehats, Red Team-Blue Team, Capture the Flag…

Recently Allan Stojanovic, one of the key members of the network visibility and InfoSec incident response team, organized and participated in a ‘Whitehat Challenge’ with CERN. Their goal was to, in a controlled way, hack at CERN’s infrastructure for the purpose of discovering vulnerabilities and, in turn, improving the security design of services.

CERN acknowledgement:


And the CERN info on ‘Whitehat Challenge’:


The toolbox of information security is full of vendor products: detection/blocking attacks, prevention, and finding vulnerabilities. The ‘whitehat’ challenge is different. Akin to penetration testing, this is primarily a skill that people bring. The skill includes the abilities to:

  • discover what’s connected on the network, and use that to:
  • gather information of one particular device, and use that to:
  • find a single vulnerability on that device, and use that to…

You get the idea. This type of work usually requires expert level knowledge and it explains in part why information security staffing is a challenge in today’s world. How can this be remedied? Part of the answer lies in infosec community events such as the whitehat challenge that CERN ran. This was a grassroots effort to bring experts together to exercise their skill as well as give CERN a valuable test of their infrastructure. Another example of this kind of event are ‘Capture-the-Flag’ competitions where teams try to find the ‘flag’ by using their infosec penetration skills. Finally we have Red Team-Blue Team competitions where the Red Team are the infosec attackers and the Blue Team are the defenders.

These kinds of events are important to strengthen infosec expertise thus contributing to the ability of our institution, the University of Toronto, to protect itself in the infosec environment we find ourselves. I look forward to working with other community members to organize an event or two here!