Dailydave mailing list archives
RE: Dreaming of Summer
From: "Brass, Phil (ISS Atlanta)" <PBrass () iss net>
Date: Sat, 6 Dec 2003 18:05:24 -0500
You're kidding, right? The chance to r00t *every* debian box in the world (apt-get update; apt-get upgrade; apt-get install rootkit) isn't worth losing a single local root sploit? The only better targets are the windows ones like Symantec's LiveUpdate and, of course, windowsupdate.microsoft.com... Phil
-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of Dave Aitel Sent: Saturday, December 06, 2003 5:01 PM To: dailydave () lists immunitysec com Subject: Re: [Dailydave] Dreaming of Summer Hmm. I want a game where after you use your 0day, you lose it. Maybe I'll have targets like "debian.org" and "gentoo.org". For the life of me, I can't think of anything on debian.org worth owning that would compensate for losing a good kernel local, or anything on gentoo worth risking rsync for. Whoever it is is losing points fast. -dave Kohlenberg, Toby wrote:Actually, that's very much what the game was like last year-They gaveus a relatively secured build with lots of insecure e-biz-type apps running on it. You got points for keeping them up forextended periodsand also for capturing and then keeping a service. The games have been fairly interesting the last two years. t -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of David Maynor Sent: Saturday, December 06, 2003 8:54 AM To: Brass, Phil (ISS Atlanta) Cc: dtangent () defcon org; dailydave () lists immunitysec com Subject: RE: [Dailydave] Dreaming of Summer On Sat, 2003-12-06 at 11:35, Brass, Phil (ISS Atlanta) wrote:Screw defense. You come in with whatever equipment you want. Thehostsets up a set of targets. You attack them. Maybe there'sa duplicateset of targets, one for each team. Maybe there's just oneset (morechaotic, IMHO). You get points for taking control oftarget servicesand/or networks. That gets rid of the sysadmin aspect.I like the aspect of holding the service after its owned. Atthis pointyou have to consider the switch vs. no switched network. Ifeverybody iattacking the same machine, tcpdump caps are trivial meaningthat teamscould gain access just by copying other teams. I would be infavor of something like a themed contest. Forinstace thisyear we have a ecomm site running on a trusted OS. There isa series ofpoints awarded for how far you get. This deep sixescompeteing againstother teams and makes it more blackhat like, its your team vs the target._______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/da> ilydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Dreaming of Summer surreal (Dec 05)
- Re: Dreaming of Summer David Maynor (Dec 05)
- <Possible follow-ups>
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer surreal (Dec 06)
- Re: Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer Kohlenberg, Toby (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Tri Huynh (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Sean Batt (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Pen-Testing Disclosure was Re: Dreaming of Summer dailydave (Dec 08)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)