game mark shtern. game objectives secure your infrastructure using ids, application firewalls, or...
TRANSCRIPT
Game
Mark Shtern
Game Objectives
• Secure your infrastructure using IDS, application firewalls, or honeypots
• Plant your flag on opponent’s machine• Prevent intruders from planting their flag• Identify intrusions• Remove your opponents’ flag• Discover your opponents’ password hashes
and brute force them
Game Rules
• You are not allowed to configure any network firewalls (yours or an opponent’s)
• You are not allowed to configure intrusion prevention
• You are allowed to kill any process that belongs to an intruder
• You are allowed to change your opponent’s passwords
Scoring
• Plant/Find Backdoor 5• Plant a flag that is not discovered 20• Catch intrusion 10• Change an opponent’s password 10• Take ownership of an opponent’s complete
infrastructure 40• Lose control of a Windows workstation -5• Lose control of a Linux workstation -10• Lose control of a DC -20
PROJECT PENETRATION TESTING
Mark Shtern
Project penetration testing
• Project presentation on Friday, March 23• 3 questions for presenter
• Review other projects’ design• Find security design flaws and vulnerabilities
in other projects• Post discovered flaws on the course forum• Confirm / deny posted flaws of your project
Scoring• QA phase– Discover vulnerability 5 (-5)– Discover vulnerability and exploit it 10 (-10)– Discover design flaws 20 (-20)– Deny posted flaws 10 (-10)– Unanswered post -5 (5)
• Presentation– Discover security problem in Q&A session 10 (-10)– Unanswered/Unprepared/Irrelevant questions
-10 (10)