1 / 17

iCTF December 2 th , 9:15 am

iCTF December 2 th , 9:15 am. Shauvik Roy Choudhary 11 / 15 /2011. General overview. International UCSB Sponsored Application security ! network security ! os security Custom services. Services. About a dozen Unknown protocol or purpose Variety of languages Lots of flaws

brigid
Download Presentation

iCTF December 2 th , 9:15 am

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. iCTFDecember 2th, 9:15 am Shauvik Roy Choudhary 11/15/2011

  2. General overview • International • UCSB Sponsored • Application security • ! network security • ! os security • Custom services

  3. Services • About a dozen • Unknown protocol or purpose • Variety of languages • Lots of flaws • Might be • interdependent • encrypted • obfuscated • compiled

  4. Score Bot • Checks services each round • Sets “flags” in services • Updates status page • Receives stolen “flags”

  5. All Services must be up to score points ! • This is a General Rule • See exact rules on the game day

  6. Challenges • Additional tasks for points • Copious • Various difficulty levels • Enough points to count • Adds to confusion

  7. Lab Setup (2008)

  8. Team organization • Tight teams around services • Responsible for • Patching • Exploiting • Monitoring ** • Backing up • Reverting if broken • Challenge chasers • Administrators

  9. Administrators • Learn, interpret, and explain rules • Prioritize efforts • Keep network running • Keep services up • Patch gapping holes • Submitting flags • Developing exploits ** • Challenges • Direct people into groups • Obtain refreshments – GTISC

  10. Preparation • Learn • Bash, Python, PHP, Perl, Java, JS, C, .Net, MySQL • Reverse engineering, Java decompilation • Build • Network • Tools for quick analysis ** • Infrastructure for communication • Practice • Patching services, exploitation • Working as a team?

  11. Essential Skills • Everyone • SSH key-based login • .ssh/config • SCP or SFTP • SVN or Other VCS

  12. ~/.ssh/config host sniffer hostname 192.168.1.4 user ctf identityfile ~/.ssh/id_rsa_sniffer host vuln hostname 10.X.1.3 user root port 10022 identityfile ~/.ssh/id_rsa_vuln • Have these keys available prior to the game (practice)

  13. SVN Reference • From Hackerz • svn co https://192.168.1.4/svn/ctf • User: ctf • Password: wearethew1nningteam! • svn add <files> • svn up • svnci • svnst • svn diff <file> • svn log <file> • From Vulnerable Image • svn co https://10.X.1.5/svn/ctf • svn up • no check in except the initial version

  14. Tools • Service splitter (tcpflow/editcap/custom) • Process monitor/hider (htop/custom-ptrace) • Flag broker (custom) • Traffic rate-limiter (tc) • Top-talkers list (ntop/custom-libpcap) • Service monitor and reporter (custom) • Monitors when a service goes down or up and informs the responsible team • SVN, SSH, Chat room, etc.

  15. Game Day • 01:00 Receive encrypted VMware image • 09:15 Arrive, Eat**, Chat • 09:50 Organize into tentative groups • 10:00 • Receive rules, Receive decryption key • Start image • Back up services on image !!!!!!! • Assign services - reorganize teams • 11:00 Start competition • No changes to services before competition

  16. Lessons from my time (2008) • Expect the unexpected • Some points from 2008: • Key for fake image was “ucsb” • Only attackers were needed • More emphasis on challenges (New languages/ technologies – Haskell , PDF exploit) • Always backup patches / firewall un-patched services • Need for good co-ordination – Chat • Put in your best and keep your cool !

  17. Questions • Who will lead? • What skills do we lack? • How do we get the skills we need? • What tools do we need? • What should we eat? • How should we communicate? • We should organize a practice session, but when, who, how? • Does this serve our primary purpose of preparing you for InfoSec work?

More Related