Difference between revisions of "UCSB CTF 2004"
(→What To Do Better) |
(→General) |
||
| Line 8: | Line 8: | ||
== What To Do Better == | == What To Do Better == | ||
=== General === | === General === | ||
| − | * don't put such a strong focus on host and network security again, this game was about application security | + | * don't put such a strong focus on host and network security again, this game was about application security |
* use some means of internal communication (wiki?) | * use some means of internal communication (wiki?) | ||
| − | * split teams into research/abuse instead of attack/defense ( | + | * split teams into research/abuse instead of attack/defense (Research would read code, produce new exploit and fix bugs, Abuse would automate and use exploits) (?) |
| − | Research would read code, produce new exploit and fix bugs | + | * start earlier |
| − | Abuse would automate and use exploits | + | * get more hardware boxes which could be used for monitoring and firewalls |
=== VMWare Game Image Security === | === VMWare Game Image Security === | ||
Revision as of 23:59, 5 December 2004
A team of hackers (known as "0ld Eur0pe"), mainly consisting of the Summerschool Aachen 2004, members of the Chaos Computer Club Cologne and some students of the RWTH[1], participated in the UCSB Capture The Flag 2004 game and were quite successful (see the scoreboard[2], second line).
This page serves as a whiteboard to document the setup we used this year and to collect ideas about what we can do better next time.
Setup
What To Do Better
General
- don't put such a strong focus on host and network security again, this game was about application security
- use some means of internal communication (wiki?)
- split teams into research/abuse instead of attack/defense (Research would read code, produce new exploit and fix bugs, Abuse would automate and use exploits) (?)
- start earlier
- get more hardware boxes which could be used for monitoring and firewalls
VMWare Game Image Security
Check for
- ssh pubkeys
- sshd configuration:
- PubKeyAuthentication
- PermitRootLogin
- nfs exports
- user passwords
- PHP Safe Mode?
