lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <A466774BDF16B44295D39A3ABD8B8EA3DF1F6B71@srv-ex03.ptsecurity.ru>
Date: Mon, 20 Aug 2012 13:37:36 +0000
From: Dmitry Evteev <devteev@...ecurity.ru>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: The most realistic hacking contest

Everybody is welcome to try on the crown during the King of the Hill contest from the 20 August to 2 of September.



To try to repeat the feats of the CTF battle participants and fight for the prizes provided by Positive Technologies, please register at the official web site http://www.phdays.com/ctf/king/



During the Capture The Flag hacking contest at PHDays 2012 twelve teams from ten countries have been attacking the networks of other teams and protecting their own networks for two days and one night non-stop. The conditions were as close to real life as possible - no invented vulnerabilities, only those that occur in real contemporary information systems.



The infrastructure for the hacking battle was organized according to the principle of the King of the Hill game: the points were given not only for successful attacks against the systems, but also for keeping control over the systems, which made the contest more intriguing.



The contest became the highlight of the forum program, that is why an idea came to our minds... Why not to repeat the "royal battle" separately for the Internet community, let us say, in the second half of August?



What is King of the Hill?



Following the principle maximum authenticity, the contest infrastructure imitates typical infrastructure of enterprise networks: its external perimeter includes web applications, DBMS servers and various directories (LDAP), taking control of which allows reaching the internal perimeter - Microsoft Active Directory. Everything is like in real life.



The task of the participants of King of the Hill is to detect vulnerabilities of the systems, exploit them and, the most important of all, keep control over the systems as long as it is possible. The trick is in regeneration of the sets of vulnerabilities in the systems. The participants face a dilemma - whether to try to attack the neighboring systems or to proceed with vulnerability detection on the systems which are under control already

As in real life, the largest number of points is given for keeping control over Active Directory, since attacking AD requires keeping control over first level systems.



The King of the Hill contest was developed by the Positive Technologies experts and was presented for the first time at PHDays CTF 2012 as part of the hacking contest.






Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists