Download
1 / 17
170 likes | 279 Vues
This overview provides insights into the preparation and strategies for the International Capture The Flag (iCTF) competition, held at UCSB. Participants must navigate various challenges in application and network security, utilizing a range of programming languages and tools. Emphasis is placed on teamwork, patching vulnerabilities, and exploiting services effectively throughout the competition. Learn key skills such as SSH configuration, version control with SVN, and using custom monitoring tools. Essential for aspiring InfoSec professionals, this guide equips you for success on game day.
E N D
iCTFDecember 2th, 9:15 am Shauvik Roy Choudhary 11/15/2011
General overview • International • UCSB Sponsored • Application security • ! network security • ! os security • Custom services
Services • About a dozen • Unknown protocol or purpose • Variety of languages • Lots of flaws • Might be • interdependent • encrypted • obfuscated • compiled
Score Bot • Checks services each round • Sets “flags” in services • Updates status page • Receives stolen “flags”
All Services must be up to score points ! • This is a General Rule • See exact rules on the game day
Challenges • Additional tasks for points • Copious • Various difficulty levels • Enough points to count • Adds to confusion
Team organization • Tight teams around services • Responsible for • Patching • Exploiting • Monitoring ** • Backing up • Reverting if broken • Challenge chasers • Administrators
Administrators • Learn, interpret, and explain rules • Prioritize efforts • Keep network running • Keep services up • Patch gapping holes • Submitting flags • Developing exploits ** • Challenges • Direct people into groups • Obtain refreshments – GTISC
Preparation • Learn • Bash, Python, PHP, Perl, Java, JS, C, .Net, MySQL • Reverse engineering, Java decompilation • Build • Network • Tools for quick analysis ** • Infrastructure for communication • Practice • Patching services, exploitation • Working as a team?
Essential Skills • Everyone • SSH key-based login • .ssh/config • SCP or SFTP • SVN or Other VCS
~/.ssh/config host sniffer hostname 192.168.1.4 user ctf identityfile ~/.ssh/id_rsa_sniffer host vuln hostname 10.X.1.3 user root port 10022 identityfile ~/.ssh/id_rsa_vuln • Have these keys available prior to the game (practice)
SVN Reference • From Hackerz • svn co https://192.168.1.4/svn/ctf • User: ctf • Password: wearethew1nningteam! • svn add <files> • svn up • svnci • svnst • svn diff <file> • svn log <file> • From Vulnerable Image • svn co https://10.X.1.5/svn/ctf • svn up • no check in except the initial version
Tools • Service splitter (tcpflow/editcap/custom) • Process monitor/hider (htop/custom-ptrace) • Flag broker (custom) • Traffic rate-limiter (tc) • Top-talkers list (ntop/custom-libpcap) • Service monitor and reporter (custom) • Monitors when a service goes down or up and informs the responsible team • SVN, SSH, Chat room, etc.
Game Day • 01:00 Receive encrypted VMware image • 09:15 Arrive, Eat**, Chat • 09:50 Organize into tentative groups • 10:00 • Receive rules, Receive decryption key • Start image • Back up services on image !!!!!!! • Assign services - reorganize teams • 11:00 Start competition • No changes to services before competition
Lessons from my time (2008) • Expect the unexpected • Some points from 2008: • Key for fake image was “ucsb” • Only attackers were needed • More emphasis on challenges (New languages/ technologies – Haskell , PDF exploit) • Always backup patches / firewall un-patched services • Need for good co-ordination – Chat • Put in your best and keep your cool !
Questions • Who will lead? • What skills do we lack? • How do we get the skills we need? • What tools do we need? • What should we eat? • How should we communicate? • We should organize a practice session, but when, who, how? • Does this serve our primary purpose of preparing you for InfoSec work?
