iCTFDecember 2th, 9:15 am

Shauvik Roy Choudhary11/15/2011

General overview

International

UCSB Sponsored

Application security ! network security ! os security

Custom services2

3

Services

About a dozen Unknown protocol or purpose Variety of languages Lots of flaws Might be

interdependent encrypted obfuscated compiled

4

Score Bot

Checks services each round

Sets “flags” in services

Updates status page

Receives stolen “flags”

5

All Services must be up to score points !

This is a General Rule

See exact rules on the game day

6

Challenges

Additional tasks for points

Copious

Various difficulty levels

Enough points to count

Adds to confusion

7

Lab Setup (2008)

8

Team organization

Tight teams around services Responsible for

Patching Exploiting Monitoring ** Backing up Reverting if broken

Challenge chasers Administrators

9

Administrators Learn, interpret, and explain rules Prioritize efforts

Keep network running Keep services up Patch gapping holes Submitting flags Developing exploits ** Challenges

Direct people into groups Obtain refreshments – GTISC

10

Preparation Learn

Bash, Python, PHP, Perl, Java, JS, C, .Net, MySQL Reverse engineering, Java decompilation

Build Network Tools for quick analysis ** Infrastructure for communication

Practice Patching services, exploitation Working as a team?

11

Essential Skills

Everyone SSH key-based login .ssh/config SCP or SFTP SVN or Other VCS

12

~/.ssh/config

host sniffer hostname 192.168.1.4 user ctf identityfile ~/.ssh/id_rsa_snifferhost vuln hostname 10.X.1.3 user root port 10022 identityfile ~/.ssh/id_rsa_vuln

Have these keys available prior to the game (practice)

SVN Reference From Hackerz

svn co https://192.168.1.4/svn/ctf▪ User: ctf▪ Password: wearethew1nningteam!

svn add <files> svn up svn ci svn st svn diff <file> svn log <file>

From Vulnerable Image svn co https://10.X.1.5/svn/ctf svn up no check in except the initial version

Tools

Service splitter (tcpflow/editcap/custom) Process monitor/hider (htop/custom-ptrace)

Flag broker (custom) Traffic rate-limiter (tc) Top-talkers list (ntop/custom-libpcap) Service monitor and reporter (custom)

Monitors when a service goes down or up and informs the responsible team

SVN, SSH, Chat room, etc.

Game Day

01:00 Receive encrypted VMware image 09:15 Arrive, Eat**, Chat 09:50 Organize into tentative groups 10:00

Receive rules, Receive decryption key Start image Back up services on image !!!!!!! Assign services - reorganize teams

11:00 Start competition No changes to services before competition

16

Lessons from my time (2008)

Expect the unexpected Some points from 2008:▪ Key for fake image was “ucsb”▪ Only attackers were needed▪ More emphasis on challenges

(New languages/ technologies – Haskell , PDF exploit)

Always backup patches / firewall un-patched services

Need for good co-ordination – Chat

Put in your best and keep your cool !

Questions

Who will lead? What skills do we lack? How do we get the skills we need? What tools do we need? What should we eat? How should we communicate? We should organize a practice session,

but when, who, how? Does this serve our primary purpose of

preparing you for InfoSec work?