Test lab v.9: impossible or nothing

Colleagues and friends! We are pleased to present a new, 9th version of penetration testing laboratories, which is the virtual company CyBear 32C, which develops various systems and applications, including information security systems. Given the nature of the activity, CyBear 32C is well protected from hacker attacks, and its compromise will require high-quality training in the field of practical information security.

In all our laboratories, there are real topical vulnerabilities inherent in modern companies of a particular field of activity. For example, in the previous, 8th laboratory, we deployed a virtual infrastructure of an average bank containing the systems and services inherent in the bank: web applications, ORACLE, mail service, embedded devices, as well as IPS / WAF protection tools.

The scenarios of our laboratories are not far-fetched, we take into account the current trends in the compromising of networks and systems, we choose a specialization or industry of activity and implement them in a virtual environment. Vulnerabilities that we lay in these systems were discovered during the “combat” penetration tests (we use them in an impersonal form) or were used by intruders. The most important aspects are realism and relevance.
')
The new laboratory will be a virtual company CyBear 32C, which develops various systems and applications, including information security systems. Given the nature of the activity, CyBear 32C is well protected from hacker attacks, and its compromise will require high-quality training in the field of practical information security.

In our laboratories, we try to reflect current threats and risks of compromising information systems. Recently, attacks by professional cyber-criminal groups and single hackers against technology companies related to the development of information security systems, protection tools and the development of cyber-weapons have become more frequent.

The well-known cyber group Hacking Team, which specializes in the development and sale of special spyware for law enforcement agencies and special services of various states, has become the target of cyber attacks, as a result of which an archive of 400GB of various confidential information has become available to the public. The Hacking Team’s personal correspondence with their clients, contracts for the sale of their cyber-products to various states, as well as a large amount of other information related to the company's activities have leaked to the network.

It would seem that such companies should be better prepared than others to attack and repel hacker attacks, but in practice this is far from true:

The site of AvSoft Technologies, a company engaged in the development of antivirus software under the AVG brand, was attacked by hackers. The attackers placed on the AvSoft website a code that downloaded malware onto the victims' PCs.

Even high-tech companies specializing in the development of countering hackers can be successfully (albeit partially) attacked:

An attack on the corporate network of Kaspersky Lab was discovered in the spring of 2015. According to preliminary results of the investigation, Kaspersky Lab was not the only target of the attackers, and other victims in Western, Middle Eastern and Asian countries (most likely, many more affected) have already been discovered. “The way of thinking and tactics of the Duqu 2.0 group is by a whole generation ahead of any cyber attacks and malicious campaigns encountered before,” writes Kaspersky Lab.

Attackers successfully attack companies specializing in repelling attacks and protecting data:

The attack on the anti-virus company BitDefender has become a much more resonant event. In this case, the main reason for the hype in the media was not even the fact of hacking, but the fact that the passwords of users who managed to kidnap the intruders were stored in the clear.

Despite the fact that information about the hacking of BitDefender hit the media on July 31, the attack itself was carried out earlier. So on July 24, a user under the nickname DetoxRansome turned to BitDefender with a request to pay him $ 15 thousand ... Otherwise, he threatened to publish a database of "merged" accounts.

The company's specialization in the development of attack reflection systems absolutely does not mean that the company itself is well protected:

Cyberoam (Sophos) confirmed a cyber-attack aimed at its systems, which resulted in a leak of confidential information, such as personal data of customers and partners.

Companies responsible and specialized in data storage should carefully protect their infrastructure, however, in practice, this is far from it:

In the official blog LastPass appeared a notice indicating that the company's servers have been compromised. Suspicious actions on the company's network were noticed last Friday.

The LastPass team claims that the encrypted user data is safe, but an investigation revealed that the attackers got access to email, a password reminder, salt, and user authentication hashes.

Often, developed and used solutions themselves pose a huge security threat:

Zero security researchers (created by Google to prevent attacks made using previously unknown vulnerabilities) revealed critical vulnerability information (CVE-2016-2208) in Symantec antivirus software. When checking specially designed files in the “PE” format, you can initiate a buffer overflow and organize the execution of the code in the system.

Since Symantec software uses a driver filter to intercept all I / O operations in the system, an attack can be made by sending an exploit to the victim system in almost any way — say, as an e-mail message or a link to a file.

These and many other cases of compromise of security-vendors gave us the direction of the plot of the 9th laboratory, in which we will give everyone to try their hand at hacking a technology company whose employees are ready to repel hacker attacks and consider their infrastructure invulnerable.

A participant acting as an external intruder needs to search for and exploit vulnerabilities, overcoming various protection systems: antivirus, WAF and Firewall, access control systems, etc. The main difference between the laboratories “Test lab” and the CTF competition is in a realistic storyline: the compromise of one node may allow an attack on the rest of the network to be developed.

Laboratories are designed to legally test and reinforce penetration testing skills, each containing a unique storyline. Anyone can take part in the laboratory absolutely free.

The laboratory has started, join us!