Presentation is loading. Please wait.

Presentation is loading. Please wait.

Solving the US Cyber Challenge: Cyber Quest

Similar presentations

Presentation on theme: "Solving the US Cyber Challenge: Cyber Quest"— Presentation transcript:

1 Solving the US Cyber Challenge: Cyber Quest
Skyler Onken Senior, Brigham Young University – Idaho OnPoint Development Group LLC CEH, Security+, ECSA, CISSP (Associate) Blog: Doing this because if you got the questions wrong, there was no information on what the correct answer is. This is supposed to be learning experience.

2 End State Technical knowledge
Better understand the skill level expected of new security professionals

3 What is the USCC? Government & Corporate Improve the industry
Identify promising individuals Assess the education of security students Varying security related competitions SANS Training Events (Regional and State)

4 March 2011 Cyber Quest 15 Trivia 15 Practical
Vulnerable Web Application

5 April 2011 Cyber Quest 10 Trivia 20 Practical PCAP file

6 The Questions

7 Trivia Question - #1 Which DNS record type will request a copy of an entire DNS zone? ZONE AXFR A PTR AXFR = Asynchronous Full Transfer Zone RFC 1034

8 Trivia Question - #2 Which protocol does the “ping” utility use to test network connectivity between two hosts? UDP TCP IP ICMP

9 Trivia Question - #3 Which HTTP header field identifies the web browser being used by the client? Host Server Browser User-Agent

10 Trivia Question - #4 Which protocol do computers use to exchange information about their MAC addresses to other computers on the same subnet? DNS DHCP ARP RSVP

11 Trivia Question - #5 Before the SPF DNS record type was created to address spam, which DNS record type did Sender Policy Framework utilize? MX TXT SRV PTR “Early implementations used TXT records for implementation before the new record type was commonly available in DNS software. Use of TXT records for SPF is intended as a transitional mechanism. However, according to the current RFC, 4408, section 3.1.1, "An SPF-compliant domain name SHOULD have SPF records of both RR (Resource Record) types. A compliant domain name MUST have a record of at least one type," and as such, TXT record use is not deprecated.” IN TXT "v=spf1 +mx -all” IN SPF "v=spf1 +mx -all"

12 Trivia Question - #6 Which of the following represents the correct sequence of TCP packets to complete the 3-way handshake SYN, SYN-ACK, ACK SYN, ACK, SYN-ACK FIN, FIN-ACK, ACK SYN, FIN, ACK RFC 793

13 Trivia Question - #7 Which of the following represents a valid path to a file share using SMB/CIFS on a Windows system \\SERVERNAME\SHARENAME \\SHARENAME.SERVERNAME\ C:\SERVERNAME\SHARENAME

14 Trivia Question - #8 Which HTTP status code indicates that authentication is required? 400 401 500 200

15 Trivia Question - #9 When a TCP port is closed, what type of packet will typically be sent in response to an incoming packet? TCP RST packet ICMP Port Unreachable packet TCP CLD packet TCP SYN-ACK packet Too many people were lured in by the ICMP Type 3 Code 3

16 Trivia Question - #10 Which HTTP method is most commonly used when submitting sensitive data to a web application? POST TRACE SECURE GET

17 Practical Question - #11 The DNS name “” is actually a canonical alias (CNAME record). What DNS name does it point to?

18 Practical Question - #12 Which password did the user at use to connect to using Telnet? gobbler contaminated admin We switch the destination and sources because the string “Password” should be coming back from the server

19 Practical Question - #13 Which operating system is running on ? Fedora Linux Windows XP Windows 7 CentOS Linux

20 Practical Question - #14 The web page that the user at visited required a username and password. What was the password that the user supplied? trash admin treasure str0ng!pw Router, so its uses Basic Authorization echo -n "YWRtaW46c3RyMG5nIXB3" | base64 -d admin:str0ng!pw

21 Practical Question - #15 A web page that the user at visited required a username and password. What was the password that the user supplied? beautiful beethoven29 camera101 yuri This login was to an HTTP form

22 Practical Question - #16 Prior to the session recorded in the supplied PCAP file, when was the last time the user at connected to via Telnet? Monday, March 7th Wednesday, March 30th Friday, March 11th Tuesday, April 5th

23 Practical Question - #17 Which of the following TCP ports is closed on ? 80 445 22 23

24 Practical Question - #18 What are the contents of the payload included in a specially crafted ICMP packet found in the capture file? abcdefghijklmnopqrstuvwxyz Words taste like peaches. Save the cheerleader, save the world! !"#$%&'()*+,-./ ICMP on windows is full of the alphabet. Therefore the package is not that

25 Practical Question - #19 According to DNS records, what is the IP address of the server “”?

26 Practical Question - #20 The web page that the user at visited has a picture of a bridge. Which bridge is it? Tower Bridge Golden Gate Bridge Zakim Bridge Verrazano-Narrows Bridge sent back TO the user Image HTTP

27 Practical Question - #21 What is the OUI of the MAC address for the computer at ? 00:05:69 00:0C:29 9A:92:A2 00:0C:29:9A:92:A2 Org. Unique ID is first 3 octets

28 Practical Question - #22 What is the name of the file share that the user at connected to? BUYMORE CASTLE FILESHARE HERDFILES The filter hides the fact that the IPC$ share connections were not established

29 Practical Question - #23 Which of the following commands was used to generate the ping packet from ? C:\> ping C:\> ping –n $ ping –c $ ping –t One ping tells us its not (a) or (d) Destination tells us it is (b) or (d) ICMP Data means its windows

30 Practical Question - #24 How long should a client resolver cache the IP address associated with the name “”? 1 Hour 15,180 milliseconds 64 minutes 86,400 seconds

31 Practical Question - #25 According to the Sender Policy Framework, which IP address is allowed to send on behalf of the “target.tgt” domain?

32 Practical Question - #26 Which web browser is the user at using? Safari Internet Explorer Google Chrome Firefox Previous Slide

33 Practical Question - #27 Which operating system is running on ? Fedora Linux Windows 7 Windows XP CentOS Linux

34 Practical Question - #28 Which version of the web server software is running on ? 2.0.52 2.2.17 1.3.42 2.0.63

35 Practical Question - #29 Which computer used an ARP probe to make sure that the IP address was not already in use? “An ARP probe is an ARP request constructed with an all-zero sender IP address. The term is used in the IPv4 Address Conflict Detection specification (RFC 5227). Before beginning to use an IPv4 address (whether received from manual configuration, DHCP, or some other means), a host implementing this specification must test to see if the address is already in use, by broadcasting ARP probe packets.”

36 Practical Question - #30 What is the hostname of the system running on ? BUYMORE AWESOME ORION JEFFSTER

37 Outcomes ~800 Took the exam Top 300* Went to Cyber Camp
Some with scores as low as 25 attended** Ages 18-50’s Students and Professionals Various backgrounds Pen Testers Incident Handlers Forensic Investigators Network/Firewall Admins The nature of the cyber quest has improved. The skills required are more well rounded; not just aimed at one specific security related field. *: Some chose not to attend, so slots were then offered to others **: Based upon my personal conversations with participants

38 The Gap Between Education and Employment
4 Years 2-5 Years 6 Months – 10 Years Industry Personal Endeavors Shortage does not need to be as short as seen - Hiring the wrong people. They don’t have the passion NOR the skillset. 10 years to develop a group of professionals Already working in the indsutry Have a really great connection What causes the black hole? Urgent need Not wanting to invest time and money into training What is happening in the black hole? Unrelated work Cross-Training (good) Building resume to get a job Problem? Certification based industry, not practical experience Self-funding is the only means of training End State: 1) We need to nurture the desire in those who have it right out of school. Without that, it may dwindle and die. 2) We are looking at nearly twice the time to develop a sufficiently trained professional workforce Educational Institutions

39 Working Models Try Outs/Competitions Development Programs
Training For Service Internship Recruitment Try Outs: Like the USCC, see what Lockheed and Booze Allen Hamilton are doing Dev Programs: Like the NSA. Doing this in management areas of companies. Training For Service: Mandatory employment or service for training. Already doing this for Military/Gov’t

40 Educational Institutions
Possible Solutions 3 Years 3 Years 1 1-3 Years 0-2 Years Industry Training For Service Development Programs Working Models: Try outs (ex, USCC) – Lockheed, Booze Allen Hamilton, etc Development Programs like the NSA Training for “Service”, will lead to drawing professionals into your company. Can be picky Could be getting security clearances as well Upon completion of training, which is essentially an entry position, they will be obligated for employment longer than normal More competative for your positions since people want to take part of your programs. Internships Try Outs Educational Institutions

41 Other Conclusions I am not a $ cruncher Nurture vs. Nature
Don’t rely upon educational institutes Don’t rely upon other companies or certifications to develop your professional Quality of professional will save you $ in the long run Better security professionals will save $ in the long run because of data breaches, etc.

42 Questions?

Download ppt "Solving the US Cyber Challenge: Cyber Quest"

Similar presentations

Ads by Google