moth/doc/summary.txt

77 lines
2.4 KiB
Plaintext
Raw Normal View History

2010-09-07 14:18:39 -06:00
LANL Capture The Flag
=====================
The LANL CTF training and exercise is designed to train novice to expert
analysts in new techniques and tools. Course material is in a tutorial
format, which is bundled into the exercise.
The class portion proceeds as a lecture style, although participants are
encouraged to work at their own pace, soliciting assistance from
instructors during the lab sections of the lecture. A Capture-The-Flag
style exercise follows the training as a mechanism to reinforce concepts
the participants have just learned, as well as introduce new concepts,
and to help participants learn how to deal with an actual security
incident. In the exercise portion, participants form into teams which
compete against each other to gain points in a broad spectrum of
categories.
Event categories and training topics are easily customized to better
meet each site's requirements for training.
Key Features
------------
Portable: Hardware for up to 80 participants fits into a single
suitcase, and the exercise portion can be conducted by a single
organizer for up to 100 participants.
Flexible: Exercise or Training can be run standalone, and can last
anywhere from 2 hours to 5 days.
Lasting: Exercise portion reinforces concepts learned during training.
Modular: Categories can be cherry-picked from an ever-growing list,
creating a custom-tailored training and exercise.
Extensible: New modules can be added quickly.
Categories currently available: (September 2010)
------------------------------------------------
* Base arithmetic
* Introductory computer programming / logical thinking
* Host forensics
* Malware reverse-engineering
* Network reverse-engineering
* Packet capture and analysis tools
* Reconstruction of session data
* Protocol reverse-engineering
* Custom tool development skills
* Linux systems programming
* Using strace, ltrace, gdb
* Understanding race conditions
* Programming securely
* Web application development
* Cross-site scripting attacks
* Input validation
* SQL Injection
* Security vs. obscurity
* Cryptography and codebreaking
* Steganography detection and extraction
* Social engineering
* Binary file formats
* General puzzle-solving skills
Categories in development
-------------------------
* Securing SCADA devices
* Network traffic monitoring
* Log file analysis
* HTML / Javascript reverse-engineering
* Your request goes here!