iCTF December 2 th , 9:15 am
description
Transcript of iCTF December 2 th , 9:15 am
iCTFDecember 2th, 9:15 am
Shauvik Roy Choudhary11/15/2011
General overview
International
UCSB Sponsored
Application security ! network security ! os security
Custom services2
3
Services
About a dozen Unknown protocol or purpose Variety of languages Lots of flaws Might be
interdependent encrypted obfuscated compiled
4
Score Bot
Checks services each round
Sets “flags” in services
Updates status page
Receives stolen “flags”
5
All Services must be up to score points !
This is a General Rule
See exact rules on the game day
6
Challenges
Additional tasks for points
Copious
Various difficulty levels
Enough points to count
Adds to confusion
7
Lab Setup (2008)
8
Team organization
Tight teams around services Responsible for
Patching Exploiting Monitoring ** Backing up Reverting if broken
Challenge chasers Administrators
9
Administrators Learn, interpret, and explain rules Prioritize efforts
Keep network running Keep services up Patch gapping holes Submitting flags Developing exploits ** Challenges
Direct people into groups Obtain refreshments – GTISC
10
Preparation Learn
Bash, Python, PHP, Perl, Java, JS, C, .Net, MySQL Reverse engineering, Java decompilation
Build Network Tools for quick analysis ** Infrastructure for communication
Practice Patching services, exploitation Working as a team?
11
Essential Skills
Everyone SSH key-based login .ssh/config SCP or SFTP SVN or Other VCS
12
~/.ssh/config
host sniffer hostname 192.168.1.4 user ctf identityfile ~/.ssh/id_rsa_snifferhost vuln hostname 10.X.1.3 user root port 10022 identityfile ~/.ssh/id_rsa_vuln
Have these keys available prior to the game (practice)
SVN Reference From Hackerz
svn co https://192.168.1.4/svn/ctf▪ User: ctf▪ Password: wearethew1nningteam!
svn add <files> svn up svn ci svn st svn diff <file> svn log <file>
From Vulnerable Image svn co https://10.X.1.5/svn/ctf svn up no check in except the initial version
Tools
Service splitter (tcpflow/editcap/custom) Process monitor/hider (htop/custom-ptrace)
Flag broker (custom) Traffic rate-limiter (tc) Top-talkers list (ntop/custom-libpcap) Service monitor and reporter (custom)
Monitors when a service goes down or up and informs the responsible team
SVN, SSH, Chat room, etc.
Game Day
01:00 Receive encrypted VMware image 09:15 Arrive, Eat**, Chat 09:50 Organize into tentative groups 10:00
Receive rules, Receive decryption key Start image Back up services on image !!!!!!! Assign services - reorganize teams
11:00 Start competition No changes to services before competition
16
Lessons from my time (2008)
Expect the unexpected Some points from 2008:▪ Key for fake image was “ucsb”▪ Only attackers were needed▪ More emphasis on challenges
(New languages/ technologies – Haskell , PDF exploit)
Always backup patches / firewall un-patched services
Need for good co-ordination – Chat
Put in your best and keep your cool !
Questions
Who will lead? What skills do we lack? How do we get the skills we need? What tools do we need? What should we eat? How should we communicate? We should organize a practice session,
but when, who, how? Does this serve our primary purpose of
preparing you for InfoSec work?