From 305fba42b33d38f052a3fe55de0770142070d5d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C3=ADas=20Aereal=20Ae=C3=B3n?= <388605+mattaereal@users.noreply.github.com> Date: Wed, 25 Sep 2024 17:30:43 -0300 Subject: [PATCH] Create DIP-55.md Initial commit to the DIP about Awareness Security Campaigns. --- DIPs/DIP-55.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 DIPs/DIP-55.md diff --git a/DIPs/DIP-55.md b/DIPs/DIP-55.md new file mode 100644 index 00000000..cf984aa5 --- /dev/null +++ b/DIPs/DIP-55.md @@ -0,0 +1,46 @@ +--- +DIP: 55 +Title: Security Awareness Activities On-Site +Status: Draft +Themes: Community Involvement, Social +Tags: awareness, campaign, CTF, phishing, red-team, security +Instances: ["Devcon8"] +Authors: matt@theredguild.org, tincho@theredguild.org +Resources Required: Physical space at venue, Operations Support, Tech Support, Volunteers, Access to Infrastructure. +Discussion: https://forum.devcon.org/t/rfc-dip-security-awareness-activities-on-site/4327 +Created: 2024-09-26 +--- + +### Summary of Proposal + +#### Simple Summary +A hands-on, immersive security awareness campaign during Devcon to educate attendees on real-world threats using interactive red-team tactics to raise awareness of off-chain and on-chain security risks. + +The Red Guild proposes an interactive security awareness campaign at Devcon, including simulations of common attack vectors. Through hands-on learning, scavenger hunts, and undercover activities, we aim to improve the community’s ability to detect and avoid security threats. + + +### Abstract +The A.L.E.R.T. – Awareness, Learning, and Education for Real-world Threats proposal aims to raise awareness of real-world security risks faced by attendees at crypto events. These activities will not only educate attendees on the risks they may encounter at Devcon but also in broader blockchain and web3 environments. We hope to foster a proactive security culture by making the learning experience both educational and engaging, with fun elements like scavenger hunts and capture-the-flag challenges. + + +### Motivation & Rationale +This campaign enhances the attendees' experience by providing them with real-world examples of how they can be targeted by security attacks both on-chain and off-chain. The hands-on nature of the activities will make participants more aware of how their actions and habits expose them to risks, allowing them to gain practical knowledge in a controlled environment. By focusing on off-chain risks like phishing and social engineering, this proposal fills a crucial gap in security education that traditional blockchain events often overlook. Attendees will leave with not just theoretical knowledge but also the skills to detect and mitigate common attacks they could face in both blockchain and non-blockchain contexts. + + +### Implementation +Parts of this proposal have been tested at smaller Ethereum community events, including simulated Wi-Fi attacks and phishing campaigns. These events provided valuable insights into the effectiveness of hands-on education in raising security awareness. + +We welcome feedback from attendees and organizers to refine and expand the campaign for future events. Post-event surveys and data on participant engagement will help improve the quality and relevance of the activities. + +The Red Guild Team will agree with the DEVCon team on all activities. +### Operational Requirements & Ownership + +**Responsible parties**: + The Red Guild will be responsible for the design and execution of the campaign. A dedicated team of volunteers will manage on-site operations, ensuring the activities are run smoothly from Day 0. + + **Potential collaborations**: + We could collaborate with other security-focused projects at Devcon, such as those running similar interactive activities. Collaborations with Devcon's tech and operations teams will also be essential to ensure smooth execution and alignment with other event activities. + + +### Links & Additional Information +For further details, please refer to the ongoing discussion in the forum: https://forum.devcon.org/t/rfc-dip-security-awareness-activities-on-site/4327