TeamStation AI System Report LATAM IT Salaries 2024
Building the 44CON CTF
1. Building a CTF
... actually kinda tricky
Wednesday, 21 November 12
2. WHO
Me.. Some times known as ‘skapp’, I do various things
for 44CON, security tester, breaker of things, played
and run a few CTFs way back
TTYsig, Some times known as ‘Dean’, also a security
tester and breaker of things, played and has run
some before.
Wednesday, 21 November 12
3. The 2012 Idea
44CON MWRLabs CTF 2012, Evolution
A CTF that tested skills of the contestants
to find vulnerabilities in applications and systems
defend a system from attack (the other teams)
identify other interesting things in the CTF environment
We also wanted to see if the player could communicate what
they found
Wednesday, 21 November 12
4. So The Result
Each team had a VM, with custom services running on
it
Identify what was running on the system
Identify any vulnerabilities in those services
Try and fix/mitigate these vulnerabilities
Using this knowledge to attack the other teams
Wednesday, 21 November 12
5. DETAIL
Each VM had four services
Two in Ruby (REST Service and SMTP/POP3)
One in C (Custom Service)
Web App in PHP
Each had a couple of vulnerabilities
Each required different levels of expertise to exploit
Wednesday, 21 November 12
6. CTF Network
5 other standalone systems to attack
Each with different Operating Systems and Software
installed
Each had a known compromise path
Couple of the systems where ones we used for the
2011 CTF that no one managed to compromise
Wednesday, 21 November 12
7. BIG BROTHER
We were watching
In 2011 we had a Netwitness (a 2011 Sponsor) Full
Packet Capture system watching the network.
In 2012 we went Open Source
Security Onion based setup using SNORT +
SNORBY + Full Packet Capture (DaemonLogger) +
SQUIL to watch and alert on traffic
Proper enterprise switching that allowed us to
monitor the CTF VLANs instead of homegrown TAPs
we’d used previously
Wednesday, 21 November 12
8. BIG BROTHER
We had attacks
captured by
SNORT rules for
analysis
High
level stats
such as this
rule break
down
Wednesday, 21 November 12
9. BIG BROTHER
More ways to visualize the captured
data
Wednesday, 21 November 12
10. more INFRASTRUCTURE
Cisco 3xxx series switches for the core and
distribution of the network
Wired network to the CTF network and an isolated
Wireless Network via our Wireless LAN controller
ESX server running the 5 standalone systems on the
CTF network, a standalone system running the scoring
server and a standalone system with lots of disk for
the monitoring
Firewall to prevent the players attacking ‘out of
scope’ systems
Wednesday, 21 November 12
12. SCORING
Modified version of an open source CTF Scoring
Server
Defensive points
If a player was able to defend their system
from attack and prevent the other teams
stealing their flags they got defensive points.
Offensive points
Attack the vulnerabilities on the other players
systems and gain offensive points
Wednesday, 21 November 12
13. SCORING
Advisory Points
Here we accepted advisories for the vulnerabilities
within the services, these where marked out of 10 by
the Judges
Reporting style as well as content was important
We used the same system for reporting standalone
system compromise
Good Behavior
Everyone was given 100 points, if they breached the
rules we deducted points
Wednesday, 21 November 12
14. RESULTS
So none of the 2012 Standalone systems got
compromised, our two 2011 systems didn’t get popped,
they will be back
Someone with Nessus managed to get close, but they
didn’t follow through on their scan....
The VM got a good bashing, although not all the
vulnerabilities were identified.
Wednesday, 21 November 12
15. RESULTS
We published everything for the CTF here
http://44con-networking.net/mwrlabs-ctf-2012
Final Scores and Advisories Posted here
http://44con-networking.net/mwrlabs-ctf-2012/results/
http://44con-networking.net/mwrlabs-ctf-2012/results/
adv/adv.html
Each Vulnerability in the services has a write up here
http://44con-networking.net/mwrlabs-ctf-2012/
mwrlabs-ctf-2012-vulnerable-services-vulnerabilities
Wednesday, 21 November 12