Dailydave mailing list archives
RE: Dreaming of Summer
From: <ph00dy () hushmail com>
Date: Sun, 7 Dec 2003 16:10:58 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey *, Sorry to chime in on this so late, but I've been too busy to read email as of late and couldn't resist on the reply. Ctf was a sysadmin contest. Not by design of the contest as much as the scoring. The scoring focus was on uptime instead of roottime(tm). Look at the results. Anyone who was there will remember ceasar talking about how "sharkbait" had owned * many times over and had thier flags all over everyone, but somehow they got 3rd because the other teams had better uptimes. It's the ghetto crew's deal so they can score it however they want (which was a mystery to everyone watching the board as it went up and down for no particular reason), but in my mind a contest of that nature should probably have more focus on who's owning who and for how long and less on if your mudd is up or not. Also... no disrespect to anyone but I'd also like to say that my perception of a "secured build" generally isn't one with sql injection vulns, bad passwords, vulnerable applications, trojained binaries, and configuration files with passwords sitting on the / of the webserver running on openbsd, but that is just me. All that being said it was still fun. ph00dy
Actually, that's very much what the game was like last year- They gave us a relatively secured build with lots of insecure e-biz-type apps running on it. You got points for keeping them up for extended periods and also for capturing and then keeping a service. The games have been fairly interesting the last two years. t -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of David Maynor Sent: Saturday, December 06, 2003 8:54 AM To: Brass, Phil (ISS Atlanta) Cc: dtangent () defcon org; dailydave () lists immunitysec com Subject: RE: [Dailydave] Dreaming of Summer On Sat, 2003-12-06 at 11:35, Brass, Phil (ISS Atlanta) wrote:Screw defense. You come in with whatever equipment you want.The hostsets up a set of targets. You attack them. Maybe there's a duplicate set of targets, one for each team. Maybe there's just one set(morechaotic, IMHO). You get points for taking control of target services and/or networks. That gets rid of the sysadmin aspect.I like the aspect of holding the service after its owned. At this point you have to consider the switch vs. no switched network. If everybody i attacking the same machine, tcpdump caps are trivial meaning that teams could gain access just by copying other teams. I would be infavor of something like a themed contest. For instace this year we have a ecomm site running on a trusted OS. There is a series of points awarded for how far you get. This deep sixes competeing against other teams and makes it more blackhat like, its your team vs the target. -- David Maynor http://www.0dayspray.com/~dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj/TwiYACgkQI04fV6DUWemOtQCfaE1BX6aaoK3KMLW9MmwdufNMBOkA n1UWKQkjNbgSaFCKCR6YUPDbGKdp =WxB3 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- RE: Dreaming of Summer, (continued)
- RE: Dreaming of Summer Michael J Freeman (Dec 06)
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer Halvar Flake (Dec 09)
- RE: Dreaming of Summer David Maynor (Dec 07)
- RE: Dreaming of Summer Halvar Flake (Dec 09)
- RE: Dreaming of Summer David Maynor (Dec 07)
- RE: Dreaming of Summer The Dark Tangent (Dec 09)