What’s Going On? This is a “Capture The Flag” hacking contest Teams from a number of Universities/Institutions compete against each other Each team has.

Slides:



Advertisements
Similar presentations
Webgoat.
Advertisements

Chapter 17: WEB COMPONENTS
Packets and Protocols Chapter Seven Real World Packet Captures.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Attacking Session Management Juliette Lessing
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
System and Network Security Practices COEN 351 E-Commerce Security.
CounterMeasures: An Interactive Game for Security Training Advised by: Mark Claypool Kathi Fisler Craig Jordan (IMGD) Matt Knapp (CS) Dan Mitchell (CS)
Welcome to EECS 354 Network Penetration and Security.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Security Guidelines and Management
Capture The Flag Review Fall 2003 Giovanni Vigna University of California Santa Barbara
SENSE Stevens Exercise in Network Security Enhancement Students innovating in the field of cybersecurity. Ilya ChalytNicholas Egebo Kevin LynchBrandon.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Penetration Testing Security Analysis and Advanced Tools: Snort.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
SCOTT KURODA ADVISOR: DR. FRANZ KURFESS Encouraging Secure Programming Practice in Academia.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
 International  UCSB Sponsored  Application security  ! network security  ! os security  Custom services 2.
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
Software Security Testing Vinay Srinivasan cell:
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Configuration Management (CM)
CAPTURE THE FLAG Introductions beer brew man dutchrowboat.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Information Security What is Information Security?
I-Hack’08 International Hacking Competition “Details”
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Dealing with Malware By: Brandon Payne Image source: TechTips.com.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Operating Systems Security
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
Advanced Anti-Virus Techniques
Slammer Worm By : Varsha Gupta.P 08QR1A1216.
EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.
Role Of Network IDS in Network Perimeter Defense.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites Paper by Sooel Son and Vitaly Shmatikov, The University of Texas.
Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Buffer Overflows Incomplete Access Control
Project CTF Yeganeh Safaei Arizona State University
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Critical Security Controls
Security Testing Methods
World Wide Web policy.
Secure Software Confidentiality Integrity Data Security Authentication
Chapter 2: System Structures
Penetration Test Debrief
Defense in Depth Web Server Custom HTTP Handler Input Validation
Security.
6. Application Software Security
Presentation transcript:

What’s Going On? This is a “Capture The Flag” hacking contest Teams from a number of Universities/Institutions compete against each other Each team has to defend a computer it manages and attack the computers managed by other teams The teams have 4 hours for setting up their protections and compromise the other teams’ computers A real-time scoring system determines who is the best at defense and attack

Why Is This A Big Deal? This is the first time in US history that something like this is attempted Other competitions were either –Local (e.g., DEFCON in Las Vegas) –Limited in the number of teams (e.g., max 3-4) –DoD-sponsored (e.g., military exercises) This contest involves graduate students, it’s completely “open”, and has a rigorous scoring system This competition includes 14 teams from Universities and Institutions spread across the nation –UCSB (4) –Georgia Tech (3) –United States Military Academy (3) –University of Texas at Austin (1) –Naval Postgraduate School of Monterey (1) –University of Illinois, Urbana-Champaign (1) –North Carolina State University (1)

How Does This Work? Wujing Generic Tigers White Hats DonBeHatin Shrek Ishanshade Buzz UT_Comsoc 0x90 Jmp esp Open kiosk Wolfpack Nebuchadnezzar Argus Scoring System Virtual Private Network

Teams’ Hosts OS image configured with a number of services running on VMWare –Red Hat 9.0 on VMWare on Red Hat 9.0 Service examples –World Wide Web, FTP, Audio streaming, Custom services Services have a number of exploitable vulnerabilities Each OS image/service set is customized to a particular team OS images are distributed at the beginning of the day Source code for some services is distributed at the beginning of the actual contest

Flags Each service has one or more flags associated with it When a service is (re)started the flags are initialized to the initial values for the hosting team The initial value for service X running on the OS of team A is different from the initial value of service X running on the OS of team B To own another team’s service –Determine the initial value for the service flag for your team –Write the initial value into the other team’s flag for that same service

Monitoring/Scoring Each service is equipped with –A “get flag” method –A “set flag” method Getting and setting the flags do not involve exploiting a vulnerability A service can be in different states –Dead –Running –Functional (running and flags can be retrieved and set) –Functional and 0wned by the hosting team –Functional and 0wned by another team

Monitoring/Scoring The scoring systems attempts to read the flag –If no connection can be established the service is considered down No points are assigned –If the flags are not accessible the service is considered non-functional No points are assigned

Monitoring/Scoring The flag is analyzed –If the flag is the initial flag value of the hosting team A new hash chain for the service is initialized The team receives no point –If the flag is the value of the hosting team and the number of get/set iterations in the hash chain is greater than a threshold (e.g., 3) A new flag value is written The hosting team receives points –If the flag is the initial value of another team A new flag value is written and a new hash chain is started The other team immediately receives points –If the flag is the correct value of the hash chain of another team The other team receives points

Example: Normal operation Service X is started on the OS of team A –X’s flag is automatically set to f0 = c9a56d b The scoring system reads the flag and starts a new hash chain c1 for service X owned by A on host A –X’s flag is set to f1 = hash(c1,X,A,A,f0) Periodically, the scoring system reads the flag, checks its value against the last value stored for the current hash chain, and the values match –X’s flag is set ot f2 = hash(c1,X,A,A,f1) This operation is repeated a number of times (e.g., 3) before the hosting team starts acquiring points

Something went wrong If the flag does not contain the value that was set by the scoring mechanism during the last iteration, several things may have happened: –The service has been restarted by the hosting team –Another team put their flag for the service –Some garbage got written on the flag value

Example: Service is restarted If a service is restarted the flag is reset to the initial value f0 The scoring mechanism starts a new chain c2 for service X owned by team A on host A The scoring mechanism writes a new flag value f1=hash(c2,X,A,A,f0) Points will be assigned after a number of iterations (e.g., 3)

Example: Service is 0wned The new flag is the initial flag for the service associated with another team (say g0 = d2e22fa) A new hash chain c3 is started and the flag is set to f1(c3,X,B,A,g0) The service is owned by the team and points are assigned to that team immediately Note: there is no way to know if one of your service is owned by another team by just looking at the flag value

Example: Flag is corrupted The flag does not match the value in the current hash chain and also does not match the initial value for any of the teams The service is considered non- functional and no points are assigned Note: this condition can be detected by looking at the scoring panel

Scoring Panel The scoring panel provides a snapshot of the status of the CTF It is accessible through a web page (refreshed every 30 seconds) It provides information of team’s ping connectivity (ability to answer to ping probes) It provides information about the status of services –Down –Running but non-functional –Functional –Note: It does not provide information about the ownership of a service

Scoring Panel It provides information about how many services are 0wned by a team –This is useful if a team wants to check if the attack was successful because the number of services owned will increase It provides information about the performance of a team in the last scoring period (say, last 10 minutes) Note: It does not provide absolute score values Penalties to the scoring value can be assigned because of improper behavior (e.g., DOS attacks) The final winner will be declared only at the end of the exercise

Attack Techniques Buffer overflow Format string Shell attacks Race conditions Misconfigurations Authentication attacks Web-based attacks –Directory traversal –Cookie-based services –Cross-site scripting –Server-side applications Lack of parameter validation (e.g., SQL injection)

Skills Scanning Firewalling For each type of vulnerability –How to identify a vulnerability –How to exploit a vulnerability –How to patch a vulnerability (without disrupting the get/set flag methods) –How to detect a vulnerability For each service –How to monitor the requests to a service –How to monitor the execution of a request –Protocol security analysis –Application security analysis

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.