How to prepare for the hacker tournament party

^{With the hacker tournament Symantec Cyber ​​Challenge. Barcelona 2012}

We have a lot of questions about the CRC hacker tournament held by Symantec and CROC. I continue about the preparation for the passage of the game. A word to the participant of the first part - Andrei Leonov:

You need to see, feel the hooks on all fronts:
')
- Application vulnerabilities - here we need not only knowledge, but also flair. RCE, XSS, SQLinj, XXE, SSFR, CSRF, errors in loading files, alax / backround scripts (they are much more common than in main scripts). In my personal experience, here the scanner can spend an order of time longer than a manual check. Moreover, in recent times, “vulnerabilities from examples” are becoming less and less common, and localization is almost always needed.

- Vulnerabilities of services on the server - this is not very strong. A good example of this is the job with an unclosed mail server and the EXPN command.

- Attention to detail - sometimes one little thing can get rid of a couple of sleepless nights. Or dull, monotonous work.

- OSINT - measure seven times - cut once. Preparing for an attack / audit is no less important than the attack / audit itself. As was rightly said at the last PHD (in my free presentation) - you can immediately begin to attack and spend a week fighting windmills, or you can spend two days preparing, and find a subdomain vulnerable by the simplest vector, because him "no one knows (!)."

- The ability to investigate incidents - to see the consequences / consequences is not great task, to understand what led to them - this is where the true creativity. And good programmers with a bad temper are sometimes inventive to the horror.

- Knowledge in the field of cryptography - it is necessary to understand at least the basics of how to encrypt, how to decipher it, what algorithms can be considered persistent, which do not. What is worth wasting time on the reverse, and leaving what is left to the great-grandchildren, and even great-great-grandchildren.

- Knowledge of tools that make life easier: Backtrack or Kali are very helpful in this, everything is there to start, or rather, even to continue, you can get lost there at the start of your information security activities :). These two distributions can be used as a great Soviet encyclopedia. He opened, launched each tool, wondered which stones from his shoulders could be transferred to the computer. I did not understand what it is all about - I searched, read on the Internet. Understood the basics, looked for examples of use, examples of operation. I tried not only to exploit and get a list of databases, but also figured out the source codes and / or the coincidence that led to this.

- A collection of dictionaries / rainbow tables for brutus, attacks not the base of hashes - nowhere without them. Thank God, passwords in clear form are becoming less common. But without dictionaries, even the base of simple md5 can become a big obstacle. 100K hashes in Google is not vobsh. Here I advise you to deal with relatively new types of attacks - hybrid dictionary attacks, hybrid attacks on the most frequent character sets. Such attacks sometimes give stunning results.

- Social engineering is generally a separate volume of information security encyclopedia. I sent a letter - I compromised the machine with metaasploit - no ... do not do it :) But anyway, people and the result of their activity is the weakest link. Do not use them - insanely stupid.

- Knowledge of English is unconditional. Despite the fact that the Russian community is quite developed. And there is a large number of not only practitioners, but also theorists. We are only a part of the world, and a huge reservoir of knowledge is born by experts from other countries, and their results, workshops, PoC in English. You do not know English - you are definitely in the tail of knowledge.

Plot

Some decisions in the game affect the knowledge of the plot. A cyber attack will consist of five stages: intelligence, penetration, detection, capture and exit. Of course, the hardest thing would be to make a clean exit, so that you would not be traced by “white hats”. Below is the situation at the start of the tournament in the game world.

EntraDyn Corporation (EDC) is a global leader in the design, construction and launch of satellites. Profitable contracts spurred increased demand for low-orbit satellites and their launches and tightened the battle between EDC and its main competitor, RK Industries.

Alex Lockwood, director of satellite technology at EDC, was appointed to this post a year ago to strengthen the dominance of EDC in the private satellite market. There were several incidents in the EDC security system, after which the EDC Director General and Board of Directors gave Ms. Lockwood only a few days to figure out what had happened.

Then Alex Lockwood and the EDC corporation hired representatives of one of the best information security consulting firms to prove if it is possible to hack the EDC network from outside and steal data. 5 days were assigned for this task.

We have already told how the players passed the test .



There is evidence to suggest that RKI hacked into networks and EDC systems to steal design drawings, documents, and other information and thereby gain a competitive advantage over EDC. Alex Lockwood, director of the top-secret EDC satellite program, hired your information security consulting firm to find evidence of a hack, and RKI is now suspected of launching an attack. Now you have the role of the "bad guy." You were paid to penetrate the networks and RKI systems and find out if this company really organized the attack and what it could steal. At all about everything you have only four and a half hours.

Using your “ethical” hacking skills, you will need to complete a series of tasks, take flags and earn points. Your task is to penetrate the networks and systems of RKI, to find evidence of its involvement in the attack on EDC and, in particular, to find out what was stolen.

The situation is complicated by the fact that we are talking about Project V - the top-secret EDC satellite program hidden inside the department of civil satellite technologies. EDC had previously hired specialists to evaluate their systems, and their analysis revealed that a security breach had already taken place. However, the company's top management continues to publicly deny the existence of both the project itself and the security breach.

More importantly, the event will be someone Giles Knox, a former employee of EDC, whose place was taken by Alex Lockwood, substituting him and forcing him to quit.

Summary

Like this. I repeat that it would be good to sleep and have a rest before the game (this is the most frequent mistake of the participants of the Olympiad). Plus - at least get acquainted with the basic tools that are provided for the game (for example, put utilities out of it and pick them up), or prepare your own tools for working with the network. More tips here .

Places still remained. Free registration for participants here .