Preparing For The Strategic Security CTF

Name: Preparing For The Strategic Security CTF
Uploaded: 2017-08-12T19:58:39+00:00
Duration: PTM35S23
Channel: Junior Watson
Description: Preparing For The Strategic Security CTF

Preparing For The Strategic Security CTF
Presented By: Joe McCray Strategic Security, Inc. ©

Strategic Security, Inc. © http://www.strategicsec.com/
Generic CTF Prep CTF Overview What Is A CTF? Generic CTF Prep Strategic Security Specific CTF Prep Incident Response System Hardening System Logging Intrusion Detection System Attacking Systems Maintaining Access Strategic Security, Inc. ©

What We Will Be Covering Today
Today We Will Be Covering What Is A CTF? Generic CTF Prep Strategic Security Specific CTF Prep Incident Response System Hardening System Logging Intrusion Detection System Attacking Systems Maintaining Access Strategic Security, Inc. ©

What is A CTF? Strategic Security, Inc. ©

What Is A CTF? According to Wikipedia: In computer security, Capture the Flag (CTF) is a computer security competition. CTF contests are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. Reverse-engineering, network sniffing, protocol analysis, system administration, programming, and cryptanalysis are all skills which have been required by prior CTF contests at DEF CON. There are two main styles of capture the flag competitions: attack/defense and jeopardy. Strategic Security, Inc. ©

What Is A CTF?…(cont.) According to Wikipedia: Jeopardy style competitions usually involve multiple categories of problems, each of which contains a variety of questions of different point values. Teams race to be the first to solve the most number of points, but do not directly attack each other. Strategic Security, Inc. ©

What Is A CTF?…(cont.) According to Wikipedia: In an attack/defense style competition, each team is given a machine (or a small network) to defend on an isolated network. Teams are scored on both their success in defending their assigned machine and on their success in attacking other team's machines. Image from: Strategic Security, Inc. ©

What Is A CTF?…(cont.) According to Wikipedia: Depending on the nature of the particular CTF game, teams may either be attempting to take an opponent's flag from their machine or teams may be attempting to plant their own flag on their opponent's machine. Image from: Strategic Security, Inc. ©

Generic CTF Prep Strategic Security, Inc. ©

Generic CTF Prep Jeopardy Style CTF Prep Similar to preparing for the TV Show Jeopardy: Really hard to cram for so hit the common trivia stuff Hacker history High profile attacks/vulnerabilities Hacker movies Skip the protocol/programming stuff – either you know it or you don’t Network Attack/Defense Prep Download all patches for common OSs, or build your own repos Organize your incident response tools Have trusted binaries for most common Oss Organize your exploitation/post-exploitation tools/scripts Strategic Security, Inc. ©

Strategic Security CTF Prep
Strategic Security, Inc. ©

Step 1: Start with the basics Verify that the place you will be playing from has fast/stable internet Verify that the network that you will be playing from is secure/safe Create a separate subnet for yourself (cheap router) Turn off or firewall all of the other computers in your subnet Make sure no one else is using your subnet during the game Verify that the attack workstation/Virtual Machine you will be using has at least 2GB of RAM Verify that the defensive server has at least 4GB of RAM Download/Install the latest version of VMWare Workstation or Player Strategic Security, Inc. ©

Step 2: Get Your Team Organized Set up a means for your team to interactively communicate in real time Google Hangout, Skype, IRC, etc Set up a means for your team to share resources (docs, tools, etc) Google Hangout, Google Docs, Sharepoint, Wiki Understand that some teammates may be in different timezones Break your team up by function(s) Attackers Defenders Systems Administrators Researchers Strategic Security, Inc. ©

Step 2: Get Your Team Organized (Cont.) Players that do not have a team will be placed on teams by Thursday 5 Dec. Get your new teammates integrated quickly Job role(s) Access to team resources Get everyone’s tools, scripts together and try to get them documented so team members can know how to use them and more importantly what they look like to your defensive mechanisms Strategic Security, Inc. ©

Incident Response Strategic Security, Inc. ©

Incident Response Step 3: Prepare For Incident Response The first critical skill required of this game will be incident response Your system will be backdoored Your system will be rootkited Your system will be loaded with vulnerabilities Everything from weak passwords, to custom buffer overflows Required Incident Response Skills Your team will have to be able to quickly find and remove backdoors Your team will have to be able to quickly find and remove rootkits Strategic Security, Inc. ©

Incident Response The Methodology (Step 1: List all running processes) GUI Tools Task Manager Process Explorer: Command-line Tools Tasklist Command: PsList: Strategic Security, Inc. ©

Incident Response The Methodology (Step 2: Identify malicious processes) Look up every process that is running to see if it is legitimate Resources: Of course Google! Strategic Security, Inc. ©

Incident Response The Methodology (Step 3: Kill all malicious processes) GUI Tools Task Manager Process Explorer: Command-line Tools Taskkill Command: PsKill Strategic Security, Inc. ©

Incident Response The Methodology (Step 4: Find All Malicious Connections) TCPView (GUI Tool): Netstat Command: During the game – take note of your teammates’ IP addresses If there is an IP that doesn’t belong to your teammates connected to your server – that is probably an attacker from another team and you should kill that connection Strategic Security, Inc. ©

Incident Response The Methodology (Step 5: Kill All Malicious Connections) TCPView (GUI Tool): Taskkill Command wKillcx Strategic Security, Inc. ©

Incident Response The Methodology (Step 6: Find Malicious Services) References: service/ local-services-for-malware-rootkits-more/ g-malware-that-will-only-run-as-a-service Strategic Security, Inc. ©

Incident Response The Methodology (Step 7: Find Rootkits) References: detection-and-removal-guide Strategic Security, Inc. ©

Incident Response Resources
Good Technical Incident Response Resources References: Strategic Security, Inc. ©

What Are We Covering Today
Today We Will Be Covering What Is A CTF? Generic CTF Prep Strategic Security Specific CTF Prep Incident Response System Hardening System Logging Intrusion Detection Systems Attacking Systems Maintaining Access Strategic Security, Inc. ©

System Hardening Strategic Security, Inc. ©

System Hardening The Methodology (Step 1: Create Hardening Checklists) STIG Hardening Guides Generic Hardening Resources Strategic Security, Inc. ©

System Hardening The Methodology (Step 2: Organize Your Tools and Scripts) MBSA Benchmark Assessment Tools Strategic Security, Inc. ©

System Hardening The Methodology (Step 3: Focus on Scripting) Scripting For Security Interesting Book I Came Across Today Haven’t read it Don’t know the author But looks interesting and may help with this game Strategic Security, Inc. ©

System Hardening The Methodology (Step 4: Focus on Continuous Monitoring) Be conscious of the potential skill of the attackers Consider yourself breached at all times during the game IMPORTANT Throughout the game be sure to constantly verify that your security configurations have not changed Strategic Security, Inc. ©

System Hardening The Methodology (Step 1: Create Hardening Checklists) Stigs Hardening Guides Generic Hardening Resources Blah Strategic Security, Inc. ©

System Logging The Methodology (Step 1: Understand Windows Logging) Windows Logging Basics tutorials/windows_os_security/Understanding_Windows_Logging.html Event ID Listings Strategic Security, Inc. ©

System Logging The Methodology (Step 2: Organize Log Analysis Tools) Free Tools Learn To Use Log Parser and Log Parser Lizard Take it to the next level with Splunk event-correlation-home-lab-34422 Strategic Security, Inc. ©

System Logging The Methodology (Step 4: Set Up Automated Tasks) Windows Automation Basics automate-tasks-in-windows in-windows-server-2003 Strategic Security, Inc. ©

The Methodology (Step 1: Start With The Basics) Do you have the resources to run an IDS? VMWare Workstation or ESXi (recommended) At least 2GB of RAM to allocate to the IDS Run on the same host machine as your team server (eases network configuration issues) Are you willing to build it/debug it now? Probably want a full day or 2 to just to play around with it if this is your first time Run attacks with metasploit and get a feel of what alerts look like and how fast they come in Strategic Security, Inc. ©

The Methodology (Step 2: Decide What To Deploy) Lots of IDSs to choose from Network Based Snort Suricata Bro Host-Based OSSEC Strategic Security, Inc. ©

The Methodology (Step 2: Decide What To Deploy - Cont) Network based IDS are good, but are highly prone to false positives Host-Based IDS are great, but require something running on the host The best option is to combine the two IDS types, but that can be a lot of work The problem with deploying both of them is that it can be a lot of work Strategic Security, Inc. ©

The Methodology (Step 3: Deploy with bang for buck in mind) Use something that gives you the most bang for your buck (tools/features) Use something that you can build quickly My Recommendations: Security Onion: OSSIM: Strategic Security, Inc. ©

Preparing For The Strategic Security CTF

Similar presentations

Presentation on theme: "Preparing For The Strategic Security CTF"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Preparing For The Strategic Security CTF

Similar presentations

Presentation on theme: "Preparing For The Strategic Security CTF"— Presentation transcript:

Similar presentations

About project

Feedback