Game

Mark Shtern

Game Objectives

• Secure your infrastructure using IDS, application firewalls, or honeypots

• Plant your flag on opponent’s machine• Prevent intruders from planting their flag• Identify intrusions• Remove your opponents’ flag• Discover your opponents’ password hashes

and brute force them

Game Rules

• You are not allowed to configure any network firewalls (yours or an opponent’s)

• You are not allowed to configure intrusion prevention

• You are allowed to kill any process that belongs to an intruder

• You are allowed to change your opponent’s passwords

Scoring

• Plant/Find Backdoor 5• Plant a flag that is not discovered 20• Catch intrusion 10• Change an opponent’s password 10• Take ownership of an opponent’s complete

infrastructure 40• Lose control of a Windows workstation -5• Lose control of a Linux workstation -10• Lose control of a DC -20

PROJECT PENETRATION TESTING

Mark Shtern

Project penetration testing

• Project presentation on Friday, March 23• 3 questions for presenter

• Review other projects’ design• Find security design flaws and vulnerabilities

in other projects• Post discovered flaws on the course forum• Confirm / deny posted flaws of your project

Scoring• QA phase– Discover vulnerability 5 (-5)– Discover vulnerability and exploit it 10 (-10)– Discover design flaws 20 (-20)– Deny posted flaws 10 (-10)– Unanswered post -5 (5)

• Presentation– Discover security problem in Q&A session 10 (-10)– Unanswered/Unprepared/Irrelevant questions

-10 (10)