International UCSB Sponsored Application security ! network security ! os security Custom services 2 About a dozen Unknown protocol or purpose Variety of languages Lots of flaws Might be interdependent encrypted obfuscated compiled 3 Checks services each round Sets “flags” in services Updates status page Receives stolen “flags” 4 This is a General Rule See exact rules on the game day 5 Additional tasks for points Copious Various difficulty levels Enough points to count Adds to confusion 6 7 Tight teams around services Responsible for Patching Exploiting Monitoring ** Backing up Reverting if broken Challenge chasers Administrators 8 Learn, interpret, and explain rules Prioritize efforts Keep network running Keep services up Patch gapping holes Submitting flags Developing exploits ** Challenges Direct people into groups Obtain refreshments – GTISC 9 Learn Bash, Python, PHP, Perl, Java, JS, C, .Net, MySQL Reverse engineering, Java decompilation Build Network Tools for quick analysis ** Infrastructure for communication Practice Patching services, exploitation Working as a team? 10 Everyone SSH key-based login .ssh/config SCP or SFTP SVN or Other VCS 11 host sniffer hostname 192.168.1.4 user ctf identityfile ~/.ssh/id_rsa_sniffer host vuln hostname 10.X.1.3 user root port 10022 identityfile ~/.ssh/id_rsa_vuln Have these keys available prior to the game (practice) 12 From Hackerz svn co https://192.168.1.4/svn/ctf ▪ User: ctf ▪ Password: wearethew1nningteam! svn add <files> svn up svn ci svn st svn diff <file> svn log <file> From Vulnerable Image svn co https://10.X.1.5/svn/ctf svn up no check in except the initial version Service splitter (tcpflow/editcap/custom) Process monitor/hider (htop/custom-ptrace) Flag broker (custom) Traffic rate-limiter (tc) Top-talkers list (ntop/custom-libpcap) Service monitor and reporter (custom) Monitors when a service goes down or up and informs the responsible team SVN, SSH, Chat room, etc. 01:00 Receive encrypted VMware image 09:15 Arrive, Eat**, Chat 09:50 Organize into tentative groups 10:00 Receive rules, Receive decryption key Start image Back up services on image !!!!!!! Assign services - reorganize teams 11:00 Start competition No changes to services before competition Expect the unexpected Some points from 2008: ▪ Key for fake image was “ucsb” ▪ Only attackers were needed ▪ More emphasis on challenges (New languages/ technologies – Haskell , PDF exploit) Always backup patches / firewall un-patched services Need for good co-ordination – Chat Put in your best and keep your cool ! 16 Who will lead? What skills do we lack? How do we get the skills we need? What tools do we need? What should we eat? How should we communicate? We should organize a practice session, but when, who, how? Does this serve our primary purpose of preparing you for InfoSec work?