SlideShare a Scribd company logo

Building the 44CON CTF

44CON
44CON

Building the MWRLabs 44CON CTF for 2012.

Technology
1 of 15
Download to read offline
Building a CTF ... actually kinda tricky Wednesday, 21 November 12
WHO Me.. Some times known as ‘skapp’, I do various things for 44CON, security tester, breaker of things, played and run a few CTFs way back TTYsig, Some times known as ‘Dean’, also a security tester and breaker of things, played and has run some before. Wednesday, 21 November 12
The 2012 Idea 44CON MWRLabs CTF 2012, Evolution A CTF that tested skills of the contestants to find vulnerabilities in applications and systems defend a system from attack (the other teams) identify other interesting things in the CTF environment We also wanted to see if the player could communicate what they found Wednesday, 21 November 12
So The Result Each team had a VM, with custom services running on it Identify what was running on the system Identify any vulnerabilities in those services Try and fix/mitigate these vulnerabilities Using this knowledge to attack the other teams Wednesday, 21 November 12
DETAIL Each VM had four services Two in Ruby (REST Service and SMTP/POP3) One in C (Custom Service) Web App in PHP Each had a couple of vulnerabilities Each required different levels of expertise to exploit Wednesday, 21 November 12
CTF Network 5 other standalone systems to attack Each with different Operating Systems and Software installed Each had a known compromise path Couple of the systems where ones we used for the 2011 CTF that no one managed to compromise Wednesday, 21 November 12
BIG BROTHER We were watching In 2011 we had a Netwitness (a 2011 Sponsor) Full Packet Capture system watching the network. In 2012 we went Open Source Security Onion based setup using SNORT + SNORBY + Full Packet Capture (DaemonLogger) + SQUIL to watch and alert on traffic Proper enterprise switching that allowed us to monitor the CTF VLANs instead of homegrown TAPs we’d used previously Wednesday, 21 November 12
BIG BROTHER We had attacks captured by SNORT rules for analysis High level stats such as this rule break down Wednesday, 21 November 12
BIG BROTHER More ways to visualize the captured data Wednesday, 21 November 12
more INFRASTRUCTURE Cisco 3xxx series switches for the core and distribution of the network Wired network to the CTF network and an isolated Wireless Network via our Wireless LAN controller ESX server running the 5 standalone systems on the CTF network, a standalone system running the scoring server and a standalone system with lots of disk for the monitoring Firewall to prevent the players attacking ‘out of scope’ systems Wednesday, 21 November 12
SCORING Wednesday, 21 November 12
SCORING Modified version of an open source CTF Scoring Server Defensive points If a player was able to defend their system from attack and prevent the other teams stealing their flags they got defensive points. Offensive points Attack the vulnerabilities on the other players systems and gain offensive points Wednesday, 21 November 12
SCORING Advisory Points Here we accepted advisories for the vulnerabilities within the services, these where marked out of 10 by the Judges Reporting style as well as content was important We used the same system for reporting standalone system compromise Good Behavior Everyone was given 100 points, if they breached the rules we deducted points Wednesday, 21 November 12
RESULTS So none of the 2012 Standalone systems got compromised, our two 2011 systems didn’t get popped, they will be back Someone with Nessus managed to get close, but they didn’t follow through on their scan.... The VM got a good bashing, although not all the vulnerabilities were identified. Wednesday, 21 November 12
RESULTS We published everything for the CTF here http://44con-networking.net/mwrlabs-ctf-2012 Final Scores and Advisories Posted here http://44con-networking.net/mwrlabs-ctf-2012/results/ http://44con-networking.net/mwrlabs-ctf-2012/results/ adv/adv.html Each Vulnerability in the services has a write up here http://44con-networking.net/mwrlabs-ctf-2012/ mwrlabs-ctf-2012-vulnerable-services-vulnerabilities Wednesday, 21 November 12

Recommended

Ctf For Beginner
Ctf For BeginnerCtf For Beginner
Ctf For BeginnerWei-Bo Chen
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF n|u - The Open Security Community
 
Muhammad Abrar Istiadi - How to hack #idsecconf2016 Online CTF
Muhammad Abrar Istiadi - How to hack #idsecconf2016 Online CTFMuhammad Abrar Istiadi - How to hack #idsecconf2016 Online CTF
Muhammad Abrar Istiadi - How to hack #idsecconf2016 Online CTFidsecconf
 
Playing 44CON CTF for fun and profit
Playing 44CON CTF for fun and profitPlaying 44CON CTF for fun and profit
Playing 44CON CTF for fun and profit44CON
 
Python
PythonPython
PythonWei-Bo Chen
 
Pentesting like a grandmaster BSides London 2013
Pentesting like a grandmaster BSides London 2013Pentesting like a grandmaster BSides London 2013
Pentesting like a grandmaster BSides London 2013Abraham Aranguren
 
A CTF Hackers Toolbox
A CTF Hackers ToolboxA CTF Hackers Toolbox
A CTF Hackers ToolboxStefan
 
Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Abraham Aranguren
 

Recommended

Ctf For Beginner
Ctf For BeginnerCtf For Beginner
Ctf For BeginnerWei-Bo Chen
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF n|u - The Open Security Community
 
Muhammad Abrar Istiadi - How to hack #idsecconf2016 Online CTF
Muhammad Abrar Istiadi - How to hack #idsecconf2016 Online CTFMuhammad Abrar Istiadi - How to hack #idsecconf2016 Online CTF
Muhammad Abrar Istiadi - How to hack #idsecconf2016 Online CTFidsecconf
 
Playing 44CON CTF for fun and profit
Playing 44CON CTF for fun and profitPlaying 44CON CTF for fun and profit
Playing 44CON CTF for fun and profit44CON
 
Python
PythonPython
PythonWei-Bo Chen
 
Pentesting like a grandmaster BSides London 2013
Pentesting like a grandmaster BSides London 2013Pentesting like a grandmaster BSides London 2013
Pentesting like a grandmaster BSides London 2013Abraham Aranguren
 
A CTF Hackers Toolbox
A CTF Hackers ToolboxA CTF Hackers Toolbox
A CTF Hackers ToolboxStefan
 
Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Introducing OWASP OWTF Workshop BruCon 2012
Introducing OWASP OWTF Workshop BruCon 2012Abraham Aranguren
 
SDN Abstractions
SDN AbstractionsSDN Abstractions
SDN Abstractionsmartin_casado
 
DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1Docker, Inc.
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation
 
Access control3
Access control3Access control3
Access control3Awhydot
 
Access control3
Access control3Access control3
Access control3Awhydot
 
DEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networksDEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networksFelipe Prado
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksPriyanka Aash
 
SDN, com fer-ho realitat i quins avantatges puc treure-hi
SDN, com fer-ho realitat i quins avantatges puc treure-hiSDN, com fer-ho realitat i quins avantatges puc treure-hi
SDN, com fer-ho realitat i quins avantatges puc treure-hiCSUC - Consorci de Serveis Universitaris de Catalunya
 
Dynamic Synthesis of to Support Interoperability in Autonomic Systems
Dynamic Synthesis of to Support Interoperability in Autonomic SystemsDynamic Synthesis of to Support Interoperability in Autonomic Systems
Dynamic Synthesis of to Support Interoperability in Autonomic SystemsAmel Bennaceur
 
Layer-2 after “The Merge”
Layer-2 after “The Merge”Layer-2 after “The Merge”
Layer-2 after “The Merge”Jiyun Kim
 
Comp tia n+_session_11
Comp tia n+_session_11Comp tia n+_session_11
Comp tia n+_session_11Niit Care
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux SystemNovell
 
Distributed Operating System,Network OS and Middle-ware.??
Distributed Operating System,Network OS and Middle-ware.??Distributed Operating System,Network OS and Middle-ware.??
Distributed Operating System,Network OS and Middle-ware.??Abdul Aslam
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDSMichael Boman
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...Shakas Technologies
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)Jonathan Clarke
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)RUDDER
 
A Xen Case Study
A Xen Case StudyA Xen Case Study
A Xen Case StudyKris Buytaert
 
2008-10-15 Red Hat Deep Dive Sessions: SELinux
2008-10-15 Red Hat Deep Dive Sessions: SELinux2008-10-15 Red Hat Deep Dive Sessions: SELinux
2008-10-15 Red Hat Deep Dive Sessions: SELinuxShawn Wells
 
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...44CON
 
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...44CON
 

More Related Content

Similar to Building the 44CON CTF

DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1Docker, Inc.
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationThe Linux Foundation
 
Access control3
Access control3Access control3
Access control3Awhydot
 
Access control3
Access control3Access control3
Access control3Awhydot
 
DEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networksDEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networksFelipe Prado
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksPriyanka Aash
 
Dynamic Synthesis of to Support Interoperability in Autonomic Systems
Dynamic Synthesis of to Support Interoperability in Autonomic SystemsDynamic Synthesis of to Support Interoperability in Autonomic Systems
Dynamic Synthesis of to Support Interoperability in Autonomic SystemsAmel Bennaceur
 
Layer-2 after “The Merge”
Layer-2 after “The Merge”Layer-2 after “The Merge”
Layer-2 after “The Merge”Jiyun Kim
 
Comp tia n+_session_11
Comp tia n+_session_11Comp tia n+_session_11
Comp tia n+_session_11Niit Care
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux SystemNovell
 
Distributed Operating System,Network OS and Middle-ware.??
Distributed Operating System,Network OS and Middle-ware.??Distributed Operating System,Network OS and Middle-ware.??
Distributed Operating System,Network OS and Middle-ware.??Abdul Aslam
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDSMichael Boman
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...Shakas Technologies
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)Jonathan Clarke
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)RUDDER
 
2008-10-15 Red Hat Deep Dive Sessions: SELinux
2008-10-15 Red Hat Deep Dive Sessions: SELinux2008-10-15 Red Hat Deep Dive Sessions: SELinux
2008-10-15 Red Hat Deep Dive Sessions: SELinuxShawn Wells
 

Similar to Building the 44CON CTF (20)

SDN Abstractions
SDN AbstractionsSDN Abstractions
SDN Abstractions
 
DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1DockerCon 16 General Session Day 1
DockerCon 16 General Session Day 1
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
 
Access control3
Access control3Access control3
Access control3
 
Access control3
Access control3Access control3
Access control3
 
DEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networksDEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networks
 
Defcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networksDefcon 22-gregory-pickett-abusing-software-defined-networks
Defcon 22-gregory-pickett-abusing-software-defined-networks
 
SDN, com fer-ho realitat i quins avantatges puc treure-hi
SDN, com fer-ho realitat i quins avantatges puc treure-hiSDN, com fer-ho realitat i quins avantatges puc treure-hi
SDN, com fer-ho realitat i quins avantatges puc treure-hi
 
Dynamic Synthesis of to Support Interoperability in Autonomic Systems
Dynamic Synthesis of to Support Interoperability in Autonomic SystemsDynamic Synthesis of to Support Interoperability in Autonomic Systems
Dynamic Synthesis of to Support Interoperability in Autonomic Systems
 
Layer-2 after “The Merge”
Layer-2 after “The Merge”Layer-2 after “The Merge”
Layer-2 after “The Merge”
 
Comp tia n+_session_11
Comp tia n+_session_11Comp tia n+_session_11
Comp tia n+_session_11
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux System
 
Distributed Operating System,Network OS and Middle-ware.??
Distributed Operating System,Network OS and Middle-ware.??Distributed Operating System,Network OS and Middle-ware.??
Distributed Operating System,Network OS and Middle-ware.??
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)A tale of Disaster Recovery (Cfengine everyday, practices and tools)
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
 
A Xen Case Study
A Xen Case StudyA Xen Case Study
A Xen Case Study
 
2008-10-15 Red Hat Deep Dive Sessions: SELinux
2008-10-15 Red Hat Deep Dive Sessions: SELinux2008-10-15 Red Hat Deep Dive Sessions: SELinux
2008-10-15 Red Hat Deep Dive Sessions: SELinux
 

More from 44CON

They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...44CON
 
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...44CON
 
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...44CON
 
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...44CON
 
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...44CON
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
 
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...44CON
 
Pwning the 44CON Nerf Tank
Pwning the 44CON Nerf TankPwning the 44CON Nerf Tank
Pwning the 44CON Nerf Tank44CON
 
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...44CON
 
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON
 
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON
 
44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON
 
44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON
 
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON
 

More from 44CON (20)

They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzo...
 
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
 
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
 
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
 
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
 
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
 
Pwning the 44CON Nerf Tank
Pwning the 44CON Nerf TankPwning the 44CON Nerf Tank
Pwning the 44CON Nerf Tank
 
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
 
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?
 
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
 
44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train
 
44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
 
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Building the 44CON CTF

  • 1. Building a CTF ... actually kinda tricky Wednesday, 21 November 12
  • 2. WHO Me.. Some times known as ‘skapp’, I do various things for 44CON, security tester, breaker of things, played and run a few CTFs way back TTYsig, Some times known as ‘Dean’, also a security tester and breaker of things, played and has run some before. Wednesday, 21 November 12
  • 3. The 2012 Idea 44CON MWRLabs CTF 2012, Evolution A CTF that tested skills of the contestants to find vulnerabilities in applications and systems defend a system from attack (the other teams) identify other interesting things in the CTF environment We also wanted to see if the player could communicate what they found Wednesday, 21 November 12
  • 4. So The Result Each team had a VM, with custom services running on it Identify what was running on the system Identify any vulnerabilities in those services Try and fix/mitigate these vulnerabilities Using this knowledge to attack the other teams Wednesday, 21 November 12
  • 5. DETAIL Each VM had four services Two in Ruby (REST Service and SMTP/POP3) One in C (Custom Service) Web App in PHP Each had a couple of vulnerabilities Each required different levels of expertise to exploit Wednesday, 21 November 12
  • 6. CTF Network 5 other standalone systems to attack Each with different Operating Systems and Software installed Each had a known compromise path Couple of the systems where ones we used for the 2011 CTF that no one managed to compromise Wednesday, 21 November 12
  • 7. BIG BROTHER We were watching In 2011 we had a Netwitness (a 2011 Sponsor) Full Packet Capture system watching the network. In 2012 we went Open Source Security Onion based setup using SNORT + SNORBY + Full Packet Capture (DaemonLogger) + SQUIL to watch and alert on traffic Proper enterprise switching that allowed us to monitor the CTF VLANs instead of homegrown TAPs we’d used previously Wednesday, 21 November 12
  • 8. BIG BROTHER We had attacks captured by SNORT rules for analysis High level stats such as this rule break down Wednesday, 21 November 12
  • 9. BIG BROTHER More ways to visualize the captured data Wednesday, 21 November 12
  • 10. more INFRASTRUCTURE Cisco 3xxx series switches for the core and distribution of the network Wired network to the CTF network and an isolated Wireless Network via our Wireless LAN controller ESX server running the 5 standalone systems on the CTF network, a standalone system running the scoring server and a standalone system with lots of disk for the monitoring Firewall to prevent the players attacking ‘out of scope’ systems Wednesday, 21 November 12
  • 12. SCORING Modified version of an open source CTF Scoring Server Defensive points If a player was able to defend their system from attack and prevent the other teams stealing their flags they got defensive points. Offensive points Attack the vulnerabilities on the other players systems and gain offensive points Wednesday, 21 November 12
  • 13. SCORING Advisory Points Here we accepted advisories for the vulnerabilities within the services, these where marked out of 10 by the Judges Reporting style as well as content was important We used the same system for reporting standalone system compromise Good Behavior Everyone was given 100 points, if they breached the rules we deducted points Wednesday, 21 November 12
  • 14. RESULTS So none of the 2012 Standalone systems got compromised, our two 2011 systems didn’t get popped, they will be back Someone with Nessus managed to get close, but they didn’t follow through on their scan.... The VM got a good bashing, although not all the vulnerabilities were identified. Wednesday, 21 November 12
  • 15. RESULTS We published everything for the CTF here http://44con-networking.net/mwrlabs-ctf-2012 Final Scores and Advisories Posted here http://44con-networking.net/mwrlabs-ctf-2012/results/ http://44con-networking.net/mwrlabs-ctf-2012/results/ adv/adv.html Each Vulnerability in the services has a write up here http://44con-networking.net/mwrlabs-ctf-2012/ mwrlabs-ctf-2012-vulnerable-services-vulnerabilities Wednesday, 21 November 12