Difference between revisions of "UCSB CTF 2004"
(→Pics!) |
(→VMWare Game Image Security) |
||
| Line 22: | Line 22: | ||
* nfs exports | * nfs exports | ||
* user passwords | * user passwords | ||
| − | + | * PHP Safe Mode? | |
== Pics! == | == Pics! == | ||
Where are the pictures people made during the event? Where can I download the video somebody created? | Where are the pictures people made during the event? Where can I download the video somebody created? | ||
Revision as of 01:02, 6 December 2004
A team of hackers (known as "0ld Eur0pe"), mainly consisting of the Summerschool Aachen 2004, members of the Chaos Computer Club Cologne and some students of the RWTH[1], participated in the UCSB Capture The Flag 2004 game and were quite successful (see the scoreboard[2], second line).
This page serves as a whiteboard to document the setup we used this year and to collect ideas about what we can do better next time.
Setup
What To Do Better
General
- don't put such a strong focus on host and network security again, this game was about application security
- use some means of internal communication (wiki?)
- split teams into research/abuse instead of attack/defense (Research would read code, produce new exploit and fix bugs, Abuse would automate and use exploits) (?)
- start earlier
- get more hardware boxes which could be used for monitoring and firewalls
VMWare Game Image Security
Check for
- ssh pubkeys
- sshd configuration:
- PubKeyAuthentication
- PermitRootLogin
- nfs exports
- user passwords
- PHP Safe Mode?
Pics!
Where are the pictures people made during the event? Where can I download the video somebody created?
