
International

UCSB Sponsored

Application security
 ! network security
 ! os security

Custom services
2





About a dozen
Unknown protocol or purpose
Variety of languages
Lots of flaws
Might be
 interdependent
 encrypted
 obfuscated
 compiled
3

Checks services each round

Sets “flags” in services

Updates status page

Receives stolen “flags”
4
 This is a General Rule
 See exact rules on the game day
5

Additional tasks for points

Copious

Various difficulty levels

Enough points to count

Adds to confusion
6
7


Tight teams around services
Responsible for







Patching
Exploiting
Monitoring **
Backing up
Reverting if broken
Challenge chasers
Administrators
8


Learn, interpret, and explain rules
Prioritize efforts








Keep network running
Keep services up
Patch gapping holes
Submitting flags
Developing exploits **
Challenges
Direct people into groups
Obtain refreshments – GTISC
9

Learn
 Bash, Python, PHP, Perl, Java, JS, C, .Net, MySQL
 Reverse engineering, Java decompilation

Build
 Network
 Tools for quick analysis **
 Infrastructure for communication

Practice
 Patching services, exploitation
 Working as a team?
10

Everyone
 SSH key-based login
 .ssh/config
 SCP or SFTP
 SVN or Other VCS
11
host sniffer
hostname 192.168.1.4
user ctf
identityfile ~/.ssh/id_rsa_sniffer
host vuln
hostname 10.X.1.3
user root
port 10022
identityfile ~/.ssh/id_rsa_vuln

Have these keys available prior to the game (practice)
12

From Hackerz
 svn co https://192.168.1.4/svn/ctf
▪ User: ctf
▪ Password: wearethew1nningteam!
 svn add <files>
 svn up
 svn ci
 svn st
 svn diff <file>
 svn log <file>

From Vulnerable Image
 svn co https://10.X.1.5/svn/ctf
 svn up
 no check in except the initial version






Service splitter (tcpflow/editcap/custom)
Process monitor/hider (htop/custom-ptrace)
Flag broker (custom)
Traffic rate-limiter (tc)
Top-talkers list (ntop/custom-libpcap)
Service monitor and reporter (custom)
 Monitors when a service goes down or up and
informs the responsible team

SVN, SSH, Chat room, etc.




01:00 Receive encrypted VMware image
09:15 Arrive, Eat**, Chat
09:50 Organize into tentative groups
10:00





Receive rules, Receive decryption key
Start image
Back up services on image !!!!!!!
Assign services - reorganize teams
11:00 Start competition
 No changes to services before competition

Expect the unexpected
 Some points from 2008:
▪ Key for fake image was “ucsb”
▪ Only attackers were needed
▪ More emphasis on challenges
(New languages/ technologies – Haskell , PDF exploit)

Always backup patches / firewall un-patched services

Need for good co-ordination – Chat

Put in your best and keep your cool !
16








Who will lead?
What skills do we lack?
How do we get the skills we need?
What tools do we need?
What should we eat?
How should we communicate?
We should organize a practice session, but
when, who, how?
Does this serve our primary purpose of
preparing you for InfoSec work?