Presentation is loading. Please wait.

Presentation is loading. Please wait.

Game Mark Shtern.

Published byKurt Johansson Modified over 5 years ago

Similar presentations

Presentation on theme: "Game Mark Shtern."— Presentation transcript:

1 Game Mark Shtern

2 Game Objectives Secure your infrastructure using IDS, application firewalls, or honeypots Plant your flag on opponent’s machine Prevent intruders from planting their flag Remove your opponents’ flag Identify intrusions Discover your opponents’ password hashes and brute force them The flag is signed file. Students cannot recreate flag.

3 Game Rules You are not allowed to configure any network firewalls (yours or an opponent’s) You are not allowed to configure intrusion prevention You are allowed to kill any process that belongs to an intruder You are allowed to change your opponent’s passwords

4 Environment Deploy IT services
Telnet Domain controller DHCP Web Server Network File Sharing Open at least 3 ports on each Linux workstations Create at least 3 user accounts in each Linux/Windows workstation

5 Scoring Plant/Find Backdoor 5 Plant a flag 20 Catch intrusion 10
Change an opponent’s password 10 Take ownership of an opponent’s complete infrastructure 40 Lose control of a Windows workstation -5 Lose control of a Linux workstation -10 Lose control of a DC -20

6 PROJECT PENETRATION TESTING
Mark Shtern

7 Project penetration testing
Project presentation (10 minutes) on Wednesday, March 26 5 question for presenter Review other projects’ design Find security design flaws and vulnerabilities in other projects Post discovered flaws on the course forum Confirm / deny posted flaws of your project

8 Scoring Presentation -10 (10) QA phase
Discover security problem in Q&A session 10 (-10) Unanswered/Unprepared/Irrelevant questions -10 (10) QA phase Discover vulnerability 5 (-5) Discover vulnerability and exploit it 10 (-10) Discover design flaws 20 (-20) Deny posted flaws 10 (-10) Unanswered post -5 (5)

Download ppt "Game Mark Shtern."

Similar presentations

CN 8822. Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,
Configuring Windows to run Dr.Web scanner remotely.

Configuring Windows to run Dr.Web scanner remotely.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Windows 2003 Server. Windows 2003 Server Contents Fitur Windows 2003 Server Installation And Configuration Windows Management Resource  User Management.

Windows 2003 Server. Windows 2003 Server Contents Fitur Windows 2003 Server Installation And Configuration Windows Management Resource  User Management.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Network Security and its Impact on Network Continuity.

Network Security and its Impact on Network Continuity.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan

Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan
Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.

Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.
TCP/IP Networking 09/10 Lab Exercises RULES OF THE GAME.

TCP/IP Networking 09/10 Lab Exercises RULES OF THE GAME.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Part 2- An IT Auditing Framework

Part 2- An IT Auditing Framework
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Web Server Administration Chapter 10 Securing the Web Environment.

Web Server Administration Chapter 10 Securing the Web Environment.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Similar presentations

Ads by Google