Author Archive: Taylor Lobb

Building Better Security Takes a Village

Hacker Village was introduced at Adobe Tech Summit in 2015. The Hacker Village was designed to provide hands-on, interactive learning about common security attacks that could target Adobe systems and services. Hacker Village was created to illustrate why certain security vulnerabilities create a risk for Adobe. More traditional training techniques can sometimes fall short when trying to communicate the impact that a significant vulnerability can have on organization. Hacker Village provides real-world examples for our teams by showing how hackers might successfully attack a system- illustrating using the same techniques those attackers often use. In 2015, it consisted of six booths. Each booth was focused on a specific type of industry common attack (cross-site scripting, SQL injection, etc.) or other security-related topic. The concept was to encourage our engineers to challenge themselves by “thinking like a hacker” and attempt to be successful with various known exploits in web applications, cryptography, and more.

The first iteration of Hacker Village was a success. Most of the participants completed multiple labs, with many visiting all six booths. The feedback was positive and the practical knowledge gained was helpful for all of our engineering teams across the country.

2017 brought the return of Hacker Village to Tech Summit. We wanted to build on the success of the first Hacker Village by bringing back some revised versions of the popular booths. 2017 saw new iterations of systems hacking using Metasploit, password cracking with John the Ripper, and more advanced web application vulnerability exploitation. This year we introduced some exciting new booths as well. Visitors were able to attempt to bypass firewalls to gain network access or attempt to spy on network traffic with a “man in the middle” attack. The hardware hacking booth challenged participants to take over a computer via USB port exploits like a USB “Rubber Ducky.” Elsewhere, participants could deploy their own honeypot with a RaspberryPi at the honeypot booth or attempt hacks of connected smart devices in the Internet of Things booth.

Since we did not have enough room in the first iteration for all that were interested from our engineering teams, we made sure to increase the available space to allow a broader group of engineers access to the Village. We increased the number of booths from six to eight and more than doubled the number of lab stations. With the increased number of stations, participation nearly doubled as well. The feedback was very positive once again with the only complaint being that everyone wanted a lot more time to try out new ideas.

We are currently considering a “travelling” Hacker Village as well – a more portable version that can be set up at additional Adobe office locations and at times in between our regular Tech Summits. The Hacker Village is just one of the many programs we have at Adobe for building a better security culture.

Taylor Lobb
Manager, Security and Privacy