0
Building a CTF                             ... actually kinda trickyWednesday, 21 November 12
WHO              Me.. Some times known as ‘skapp’, I do various things              for 44CON, security tester, breaker of...
The 2012 Idea              44CON MWRLabs CTF 2012, Evolution                     A CTF that tested skills of the contestan...
So The Result              Each team had a VM, with custom services running on              it                     Identif...
DETAIL              Each VM had four services                     Two in Ruby (REST Service and SMTP/POP3)                ...
CTF Network              5 other standalone systems to attack              Each with different Operating Systems and Softw...
BIG BROTHER              We were watching              In 2011 we had a Netwitness (a 2011 Sponsor) Full              Pack...
BIG BROTHER                                     We had attacks                                       captured by          ...
BIG BROTHER                        More ways to visualize the captured                                       dataWednesday...
more INFRASTRUCTURE              Cisco 3xxx series switches for the core and              distribution of the network     ...
SCORINGWednesday, 21 November 12
SCORING             Modified version of an open source CTF Scoring             Server                    Defensive points  ...
SCORING              Advisory Points                     Here we accepted advisories for the vulnerabilities              ...
RESULTS              So none of the 2012 Standalone systems got              compromised, our two 2011 systems didn’t get ...
RESULTS              We published everything for the CTF here                            http://44con-networking.net/mwrla...
Upcoming SlideShare
Loading in...5
×

Building the 44CON CTF

1,720

Published on

Building the MWRLabs 44CON CTF for 2012.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,720
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
18
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "Building the 44CON CTF"

  1. 1. Building a CTF ... actually kinda trickyWednesday, 21 November 12
  2. 2. WHO Me.. Some times known as ‘skapp’, I do various things for 44CON, security tester, breaker of things, played and run a few CTFs way back TTYsig, Some times known as ‘Dean’, also a security tester and breaker of things, played and has run some before.Wednesday, 21 November 12
  3. 3. The 2012 Idea 44CON MWRLabs CTF 2012, Evolution A CTF that tested skills of the contestants to find vulnerabilities in applications and systems defend a system from attack (the other teams) identify other interesting things in the CTF environment We also wanted to see if the player could communicate what they foundWednesday, 21 November 12
  4. 4. So The Result Each team had a VM, with custom services running on it Identify what was running on the system Identify any vulnerabilities in those services Try and fix/mitigate these vulnerabilities Using this knowledge to attack the other teamsWednesday, 21 November 12
  5. 5. DETAIL Each VM had four services Two in Ruby (REST Service and SMTP/POP3) One in C (Custom Service) Web App in PHP Each had a couple of vulnerabilities Each required different levels of expertise to exploitWednesday, 21 November 12
  6. 6. CTF Network 5 other standalone systems to attack Each with different Operating Systems and Software installed Each had a known compromise path Couple of the systems where ones we used for the 2011 CTF that no one managed to compromiseWednesday, 21 November 12
  7. 7. BIG BROTHER We were watching In 2011 we had a Netwitness (a 2011 Sponsor) Full Packet Capture system watching the network. In 2012 we went Open Source Security Onion based setup using SNORT + SNORBY + Full Packet Capture (DaemonLogger) + SQUIL to watch and alert on traffic Proper enterprise switching that allowed us to monitor the CTF VLANs instead of homegrown TAPs we’d used previouslyWednesday, 21 November 12
  8. 8. BIG BROTHER We had attacks captured by SNORT rules for analysis High level stats such as this rule break downWednesday, 21 November 12
  9. 9. BIG BROTHER More ways to visualize the captured dataWednesday, 21 November 12
  10. 10. more INFRASTRUCTURE Cisco 3xxx series switches for the core and distribution of the network Wired network to the CTF network and an isolated Wireless Network via our Wireless LAN controller ESX server running the 5 standalone systems on the CTF network, a standalone system running the scoring server and a standalone system with lots of disk for the monitoring Firewall to prevent the players attacking ‘out of scope’ systemsWednesday, 21 November 12
  11. 11. SCORINGWednesday, 21 November 12
  12. 12. SCORING Modified version of an open source CTF Scoring Server Defensive points If a player was able to defend their system from attack and prevent the other teams stealing their flags they got defensive points. Offensive points Attack the vulnerabilities on the other players systems and gain offensive pointsWednesday, 21 November 12
  13. 13. SCORING Advisory Points Here we accepted advisories for the vulnerabilities within the services, these where marked out of 10 by the Judges Reporting style as well as content was important We used the same system for reporting standalone system compromise Good Behavior Everyone was given 100 points, if they breached the rules we deducted pointsWednesday, 21 November 12
  14. 14. RESULTS So none of the 2012 Standalone systems got compromised, our two 2011 systems didn’t get popped, they will be back Someone with Nessus managed to get close, but they didn’t follow through on their scan.... The VM got a good bashing, although not all the vulnerabilities were identified.Wednesday, 21 November 12
  15. 15. RESULTS We published everything for the CTF here http://44con-networking.net/mwrlabs-ctf-2012 Final Scores and Advisories Posted here http://44con-networking.net/mwrlabs-ctf-2012/results/ http://44con-networking.net/mwrlabs-ctf-2012/results/ adv/adv.html Each Vulnerability in the services has a write up here http://44con-networking.net/mwrlabs-ctf-2012/ mwrlabs-ctf-2012-vulnerable-services-vulnerabilitiesWednesday, 21 November 12
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×