-
Notifications
You must be signed in to change notification settings - Fork 98
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial commit to the DIP about Awareness Security Campaigns.
- Loading branch information
1 parent
e15a0f0
commit 305fba4
Showing
1 changed file
with
46 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| --- | ||
| DIP: 55 | ||
| Title: Security Awareness Activities On-Site | ||
| Status: Draft | ||
| Themes: Community Involvement, Social | ||
| Tags: awareness, campaign, CTF, phishing, red-team, security | ||
| Instances: ["Devcon8"] | ||
| Authors: matt@theredguild.org, tincho@theredguild.org | ||
| Resources Required: Physical space at venue, Operations Support, Tech Support, Volunteers, Access to Infrastructure. | ||
| Discussion: https://forum.devcon.org/t/rfc-dip-security-awareness-activities-on-site/4327 | ||
| Created: 2024-09-26 | ||
| --- | ||
|
|
||
| ### Summary of Proposal | ||
|
|
||
| #### Simple Summary | ||
| A hands-on, immersive security awareness campaign during Devcon to educate attendees on real-world threats using interactive red-team tactics to raise awareness of off-chain and on-chain security risks. | ||
|
|
||
| The Red Guild proposes an interactive security awareness campaign at Devcon, including simulations of common attack vectors. Through hands-on learning, scavenger hunts, and undercover activities, we aim to improve the community’s ability to detect and avoid security threats. | ||
|
|
||
|
|
||
| ### Abstract | ||
| The A.L.E.R.T. – Awareness, Learning, and Education for Real-world Threats proposal aims to raise awareness of real-world security risks faced by attendees at crypto events. These activities will not only educate attendees on the risks they may encounter at Devcon but also in broader blockchain and web3 environments. We hope to foster a proactive security culture by making the learning experience both educational and engaging, with fun elements like scavenger hunts and capture-the-flag challenges. | ||
|
|
||
|
|
||
| ### Motivation & Rationale | ||
| This campaign enhances the attendees' experience by providing them with real-world examples of how they can be targeted by security attacks both on-chain and off-chain. The hands-on nature of the activities will make participants more aware of how their actions and habits expose them to risks, allowing them to gain practical knowledge in a controlled environment. By focusing on off-chain risks like phishing and social engineering, this proposal fills a crucial gap in security education that traditional blockchain events often overlook. Attendees will leave with not just theoretical knowledge but also the skills to detect and mitigate common attacks they could face in both blockchain and non-blockchain contexts. | ||
|
|
||
|
|
||
| ### Implementation | ||
| Parts of this proposal have been tested at smaller Ethereum community events, including simulated Wi-Fi attacks and phishing campaigns. These events provided valuable insights into the effectiveness of hands-on education in raising security awareness. | ||
|
|
||
| We welcome feedback from attendees and organizers to refine and expand the campaign for future events. Post-event surveys and data on participant engagement will help improve the quality and relevance of the activities. | ||
|
|
||
| The Red Guild Team will agree with the DEVCon team on all activities. | ||
| ### Operational Requirements & Ownership | ||
|
|
||
| **Responsible parties**: | ||
| The Red Guild will be responsible for the design and execution of the campaign. A dedicated team of volunteers will manage on-site operations, ensuring the activities are run smoothly from Day 0. | ||
|
|
||
| **Potential collaborations**: | ||
| We could collaborate with other security-focused projects at Devcon, such as those running similar interactive activities. Collaborations with Devcon's tech and operations teams will also be essential to ensure smooth execution and alignment with other event activities. | ||
|
|
||
|
|
||
| ### Links & Additional Information | ||
| For further details, please refer to the ongoing discussion in the forum: https://forum.devcon.org/t/rfc-dip-security-awareness-activities-on-site/4327 |