Dailydave mailing list archives
Re: The long tail of vulnerable operating systems
From: Joseph McCray <joe () learnsecurityonline com>
Date: Fri, 16 Nov 2007 20:43:28 -0500
Being someone that actually hosts CTFs as well as having come up in the good old days of the RootHack.org, PullThePlug.org, and competed in the CTFs at Def Con - I would say that you probably see a lot CTFs with old OSs because: 1. Often times competitors have a difficult enough time just compromising that stuff. 2. Katie's point about old OSs, and crapplications still deployed in a lot of companies is true and will never change. If it ever does then we won't have jobs anymore. 3. Hacking is changing. Web app/client-side/reverse engineering is really what's going on now and it's hard to put together a CTF with that type of stuff. A really high skill level is required to set up and score the game, and a high skill level is required of the participants just to play. 3. The bottom line is -- it's an awful lot of work to put together a complex network of modern OSs, and apps that are still vulnerable to something, set up a scoring system that actually works in that complex of an environment to see that you only have a few participants that lack the skill to exploit even the simple stuff you put out there. In my experience the people that have skill, and do this everyday for a job really don't play very often. People get up for the big CTFs like the one at Def Con because it's once a year and basically because there really isn't that level of competition anywhere else in the world. If you are really looking for some CTFs that are hard core - meaning no Nessus, no Metasploit, real hacking (web app/custom binary exploitation/reverse engineering type stuff) you are probably going to be left with Def Con's CTF, and probably HITB Con's CTF. If you are looking for CTFs that aren't quite to the Def Con/HITB Con kind of level, but are just running newer OSs and apps I can't really think of anything free and open to the public to be honest. You'll probably end up setting up something yourself if that's the kind of CTF you want. Hope this helps.... -- Joe McCray Toll Free: 1-866-892-2132 Email: joe () learnsecurityonline com Web: https://www.learnsecurityonline.com Learn Security Online, Inc. * Security Games * Simulators * Challenge Servers * Courses * Hacking Competitions * Hacklab Access "The only thing worse than training good employees and losing them is NOT training your employees and keeping them." - Zig Ziglar
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: The long tail of vulnerable operating systems, (continued)
- Re: The long tail of vulnerable operating systems Matt Hargett (Nov 15)
- Re: The long tail of vulnerable operating systems Steve Shockley (Nov 13)
- Re: The long tail of vulnerable operating systems Katie M (Nov 13)
- Re: The long tail of vulnerable operating systems Darryl Luff (Nov 14)
- Re: The long tail of vulnerable operating systems dan (Nov 15)
- Re: The long tail of vulnerable operating systems Adriel Desautels (Nov 14)
- Re: The long tail of vulnerable operating systems Katie M (Nov 15)
- Re: The long tail of vulnerable operating systems Adriel Desautels (Nov 15)
- Re: The long tail of vulnerable operating systems Darryl Luff (Nov 14)
- Re: The long tail of vulnerable operating systems Weston, David G. (Nov 15)
- Re: The long tail of vulnerable operating systems Chris Eagle (Nov 13)
- Re: The long tail of vulnerable operating systems Joseph McCray (Nov 17)