Fight On, State! .. wait, our machine is down?

By GARRETT MICHAEL MILLER on December 9, 2007 2:57 PM | | Comments (2) | TrackBacks (0)

This past Friday, I got to compete on Penn State's iCTF team, comprised of twenty members of none other than IST's IA Club. I was thrilled to have had the opportunity to compete with them, and eagerly looked forward to the competition.

From the iCTF website:

The contest, (known as "Capture The Flag") is a distributed, wide-area security exercise, whose goal is to test the security skills of students from both the attack and defense viewpoints. This is the 6th edition of the security exercise, and its largest version.

Each team is given an Internet server that provides a number of services. The services have a number of undisclosed vulnerabilities, which have been included by the contest organizers.

The goal of each team is to maintain the set of services available and uncompromised throughout the contest phase, by finding the vulnerabilities and fixing them in their own copy of the server. The teams will also leverage the vulnerabilities they found to compromise other teams' servers.

During the contest, an automated scoring system keeps track, for each team, of what services are available, and which services have been compromised (that is, "who is hacking who"). Points are assigned to the teams according to their ability to defend their systems and successfully compromise the systems of other teams.

At approximately 9 AM EST, we arrived at the apartment we were competing at. The server image was made available at 11 AM, and "open fire" at 1 PM. Unfortunately, it took us far longer to decrypt and install the image than we had hoped. And then, for reasons quite unbeknownst to myself, we had some difficulties in connecting our server to the competition VPN, thus making it impossible to attack other machines. Nevertheless, we had a great deal of the offensive and defensive teams working furiously to get it up, while the research team poked and prodded at the image to attempt to find vulnerabilities for when we finally got it operational.

Which, unfortunately, never happened. I did learn a lot, however, particularly in some areas pertaining to encryption technologies, Python, and WEP cracking. I look forward to what else I can learn in the IA Club, as well as next year's competition.

And now, some pictures (warning, crappy cell phone pics):

offense.jpg

The offense side of the room.


research.jpg

The research team's setup.

0 TrackBacks

Listed below are links to blogs that reference this entry: Fight On, State! .. wait, our machine is down?.

TrackBack URL for this entry: https://blogs.psu.edu/mt4/mt-tb.cgi/1896

2 Comments

Tim Nary said:

That iCTF event was pretty cool, even though we never scored any points. I think it would be cool for the IA club just to tear apart the image and play with it in one of the upcoming meetings. This could help select the team next year, as well as prepare us better, so hopefully next year we can score some points!

December 10, 2007 11:23 PM
Matt Maisel said:

Wow, this event looks like it was really fun. I am sure that you learned a great deal more about network security in the process.

December 13, 2007 6:21 PM

Leave a comment

January 2008

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
Creative Commons License
This weblog is licensed under a Creative Commons License.

Archives

Recent Posts

Search


Recent Comments

Matt Maisel on Fight On, State! .. wait, our machine is down?: Wow, this
Tim Nary on Fight On, State! .. wait, our machine is down?: That iCTF

Sign In