Game Mark Shtern.

Slides:



Advertisements
Similar presentations
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Advertisements

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Network Security and its Impact on Network Continuity.
Web Server Administration TEC 236 Securing the Web Environment.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Practical Training of Information Security Masahito Gotaishi, R & D Initiative, Chuo Universty.
Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.
TCP/IP Networking 09/10 Lab Exercises RULES OF THE GAME.
T RIP W IRE Karthik Mohanasundaram Wright State University.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Introduction to InfoSec – Recitation 15 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Part 2- An IT Auditing Framework
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
Web Server Administration Chapter 10 Securing the Web Environment.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Security Testing Case Study 360logica Software Testing Services.
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
FORESEC Academy FORESEC Academy Security Essentials (III)
AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
GCSC August Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
Preparing For The Strategic Security CTF
Research Report Summary CIS Benchmark Security Configurations Eliminate 80 – 90 % of Known Operating System Vulnerabilities Bert Miuccio
Mark Shtern.  Secure your infrastructure using IDS, application firewalls, or honeypots  Plant your flag on opponent’s machine  Prevent intruders from.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Game Mark Shtern. Game Objectives Secure your infrastructure using IDS, application firewalls, or honeypots Plant your flag on opponent’s machine Prevent.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Filip Chytrý Everyone of you in here can help us improve online security....
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Huntsville City School Board
Seminar On Ethical Hacking Submitted To: Submitted By:
CSCE 548 Student Presentation By Manasa Suthram
Working at a Small-to-Medium Business or ISP – Chapter 8
A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.
Employee clicks on fake
Secure Software Confidentiality Integrity Data Security Authentication
Cyber Security Why You Should Care.
Internet Service Provider Attack Scenario
LINUX SECURITY Dongmei Wu ID: /25/00.
Security Essentials for Small Businesses
Lesson 16-Windows NT Security Issues
Identity & Access Management
This is a typical Windows user desktop
Game Mark Shtern.
Machine Learning Course.
Networking for Home and Small Businesses – Chapter 8
Game Mark Shtern.
Intrusion Detection system
Security through Group Policy
Networking for Home and Small Businesses – Chapter 8
Intrusion.
Networking for Home and Small Businesses – Chapter 8
Using a Nessus Scanner on a
Presentation transcript:

Game Mark Shtern

Game Objectives Secure your infrastructure using IDS, application firewalls, or honeypots Plant your flag on opponent’s machine Prevent intruders from planting their flag Remove your opponents’ flag Identify intrusions Discover your opponents’ password hashes and brute force them The flag is signed file. Students cannot recreate flag.

Game Rules You are not allowed to configure any network firewalls (yours or an opponent’s) You are not allowed to configure intrusion prevention You are allowed to kill any process that belongs to an intruder You are allowed to change your opponent’s passwords

Scoring Plant/Find Backdoor 5 Plant a flag 20 Catch intrusion 10 Change an opponent’s password 10 Take ownership of an opponent’s complete infrastructure 40 Lose control of a Windows workstation -5 Lose control of a Linux workstation -10 Lose control of a DC -20

PROJECT PENETRATION TESTING Mark Shtern

Project penetration testing Project presentation (12 minutes) on Monday, April 1 6 question for presenter Review other projects’ design Find security design flaws and vulnerabilities in other projects Post discovered flaws on the course forum Confirm / deny posted flaws of your project

Scoring QA phase Presentation -10 (10) Discover vulnerability 5 (-5) Discover vulnerability and exploit it 10 (-10) Discover design flaws 20 (-20) Deny posted flaws 10 (-10) Unanswered post -5 (5) Presentation Discover security problem in Q&A session 10 (-10) Unanswered/Unprepared/Irrelevant questions -10 (10)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.