20 Mar 18:25
Capture the Flag?
From: Patrick Haller <cplug@...>
Subject: Capture the Flag?
Newsgroups: gmane.org.user-groups.linux.cplug.general
Date: 2007-03-20 17:26:50 GMT
Subject: Capture the Flag?
Newsgroups: gmane.org.user-groups.linux.cplug.general
Date: 2007-03-20 17:26:50 GMT
Hello all, At the recent CPLUG meeting, I announced a Capture the Flag to occur in a month. Capture the Flag (CTF) is a networked security game where people attempt to compromise a local server. CTF achieved prominence at DEF CON [1], but has since spread into the academic world [2]. From the business side, high-threat organizations (banks, military, etc.) have increasingly adopted Enterprise Penetration Testing as a sanity-check for the systems they deploy. While any CTF provides a forum for practicing and actively learning about networked computer security, the emphasis here will be on educational fun. Parallel to the CTF, tutorials on each of the penetration testing stages will be run, discussing possible attack vectors. Where & When ============ To be determined by how many people sign up Signup ====== Email me that you are interested by March 30, 2007. After signup tallying, the date and location will be announced. If that date/location works, either bring or paypal me the CTF fee at the next CPLUG meeting. Cost ==== This CTF will cost $5 per person attending. The last CPLUG Security Conference did not know how many people would show and ran the risk of violating fire codes and the trust of the host. To avoid this, you have to financially promise that you'll attend. If the price isn't right, a helpful volunteer or two would certainly work. Benefits ======== Pizza + Soda + Wicked fun time learning about security Rules ===== 1] No Denial Of Service Attacks For this first CTF, the emphasis should be on penetration testing. The next CTF will most likely be no-holds-barred, so keep your tactics in reserve. 2] The winner will be: the first person to accumulate all possible points OR the person with the most points after 5 hours Setup ===== 1] Bring a secured computer with penetration tools Good bootable CD distributions include: BackTrack [3] Pentoo [4] 2] A 10/100baseT DHCP'd ethernet connection will be provided 3] A target machine running Linux will be provided 4] The network will be powered on when everyone is ready Points ====== 1] Identifying the target machine by IP and MAC address 2] Getting a remote shell on the machine 3] Cracking a secure software package on the machine 4] Getting a root shell on the machine [1] http://slashdot.org/it/01/10/30/0910244.shtml [2] http://www.cs.ucsb.edu/~vigna/CTF/ [3] http://www.remote-exploit.org/backtrack.html [4] http://www.pentoo.ch/-PENTOO-.html Thanks! Patrick. -- -- http://haller.ws PGP 0x560F0523 = 1A66 B95A 0D66 9087 47D8 1CC4 9077 5028 560F 0523
RSS Feed