international ucsb sponsored application security ! network security ! os security custom...
TRANSCRIPT
![Page 1: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/1.jpg)
iCTFDecember 2th, 9:15 am
Shauvik Roy Choudhary11/15/2011
![Page 2: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/2.jpg)
General overview
International
UCSB Sponsored
Application security ! network security ! os security
Custom services2
![Page 3: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/3.jpg)
3
Services
About a dozen Unknown protocol or purpose Variety of languages Lots of flaws Might be
interdependent encrypted obfuscated compiled
![Page 4: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/4.jpg)
4
Score Bot
Checks services each round
Sets “flags” in services
Updates status page
Receives stolen “flags”
![Page 5: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/5.jpg)
5
All Services must be up to score points !
This is a General Rule
See exact rules on the game day
![Page 6: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/6.jpg)
6
Challenges
Additional tasks for points
Copious
Various difficulty levels
Enough points to count
Adds to confusion
![Page 7: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/7.jpg)
7
Lab Setup (2008)
![Page 8: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/8.jpg)
8
Team organization
Tight teams around services Responsible for
Patching Exploiting Monitoring ** Backing up Reverting if broken
Challenge chasers Administrators
![Page 9: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/9.jpg)
9
Administrators
Learn, interpret, and explain rules Prioritize efforts
Keep network running Keep services up Patch gapping holes Submitting flags Developing exploits ** Challenges
Direct people into groups Obtain refreshments – GTISC
![Page 10: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/10.jpg)
10
Preparation
Learn Bash, Python, PHP, Perl, Java, JS, C, .Net, MySQL Reverse engineering, Java decompilation
Build Network Tools for quick analysis ** Infrastructure for communication
Practice Patching services, exploitation Working as a team?
![Page 11: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/11.jpg)
11
Essential Skills
Everyone SSH key-based login .ssh/config SCP or SFTP SVN or Other VCS
![Page 12: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/12.jpg)
12
~/.ssh/config
host sniffer hostname 192.168.1.4 user ctf identityfile ~/.ssh/id_rsa_snifferhost vuln hostname 10.X.1.3 user root port 10022 identityfile ~/.ssh/id_rsa_vuln
Have these keys available prior to the game (practice)
![Page 13: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/13.jpg)
SVN Reference
From Hackerz svn co https://192.168.1.4/svn/ctf▪ User: ctf▪ Password: wearethew1nningteam!
svn add <files> svn up svn ci svn st svn diff <file> svn log <file>
From Vulnerable Image svn co https://10.X.1.5/svn/ctf svn up no check in except the initial version
![Page 14: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/14.jpg)
Tools
Service splitter (tcpflow/editcap/custom) Process monitor/hider (htop/custom-ptrace)
Flag broker (custom) Traffic rate-limiter (tc) Top-talkers list (ntop/custom-libpcap) Service monitor and reporter (custom)
Monitors when a service goes down or up and informs the responsible team
SVN, SSH, Chat room, etc.
![Page 15: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/15.jpg)
Game Day
01:00 Receive encrypted VMware image 09:15 Arrive, Eat**, Chat 09:50 Organize into tentative groups 10:00
Receive rules, Receive decryption key Start image Back up services on image !!!!!!! Assign services - reorganize teams
11:00 Start competition No changes to services before competition
![Page 16: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/16.jpg)
16
Lessons from my time (2008)
Expect the unexpected Some points from 2008:▪ Key for fake image was “ucsb”▪ Only attackers were needed▪ More emphasis on challenges
(New languages/ technologies – Haskell , PDF exploit)
Always backup patches / firewall un-patched services
Need for good co-ordination – Chat
Put in your best and keep your cool !
![Page 17: International UCSB Sponsored Application security ! network security ! os security Custom services 2](https://reader036.vdocument.in/reader036/viewer/2022081603/56649e575503460f94b4f227/html5/thumbnails/17.jpg)
Questions
Who will lead? What skills do we lack? How do we get the skills we need? What tools do we need? What should we eat? How should we communicate? We should organize a practice session,
but when, who, how? Does this serve our primary purpose of
preparing you for InfoSec work?