mirror of https://github.com/dirtbags/moth.git
Rename for github
This commit is contained in:
parent
60227c5a26
commit
30c86d4185
|
@ -1,34 +0,0 @@
|
||||||
Ideas for puzzles
|
|
||||||
=================
|
|
||||||
* Bootable image with FreeDOS, Linux, Inferno? HURD?
|
|
||||||
* Bury puzzles in various weird locations within each OS
|
|
||||||
* Maybe put some in the boot loader, too
|
|
||||||
* Perhaps have some sort of network puzzle as well
|
|
||||||
* Network treasure hunt
|
|
||||||
* DHCP option
|
|
||||||
* Single TCP RST with token in payload
|
|
||||||
* Multiple TCP RST with different payloads
|
|
||||||
* http://10.0.0.2/token
|
|
||||||
* PXE boot some sort of points-gathering client
|
|
||||||
* Init asks for a team hash, and starts awarding points
|
|
||||||
* Broken startup scripts, when fixed award more points
|
|
||||||
* Lots of remote exploits
|
|
||||||
* "qemu -net socket" vpn thingy and then...
|
|
||||||
* sfxrar packed with upx. Change an instruction so it won't actually
|
|
||||||
execute.
|
|
||||||
* pwnables: have scp log passwords somewhere
|
|
||||||
|
|
||||||
Capture the Packet
|
|
||||||
------------------
|
|
||||||
|
|
||||||
* Jim Meilander could teach a class about Bro
|
|
||||||
* Use qemu -net socket,connect=10.0.0.2:5399 for capture the packet
|
|
||||||
|
|
||||||
|
|
||||||
From Jed Crandell
|
|
||||||
-----------------
|
|
||||||
|
|
||||||
* Have password easily read, must determine username with stack
|
|
||||||
examination (like in printf category)
|
|
||||||
* Use %600000u%n to write an arbitrary value to a location in
|
|
||||||
stack, then jump to that location somehow.
|
|
|
@ -1,76 +0,0 @@
|
||||||
LANL Capture The Flag
|
|
||||||
=====================
|
|
||||||
|
|
||||||
The LANL CTF training and exercise is designed to train novice to expert
|
|
||||||
analysts in new techniques and tools. Course material is in a tutorial
|
|
||||||
format, which is bundled into the exercise.
|
|
||||||
|
|
||||||
The class portion proceeds as a lecture style, although participants are
|
|
||||||
encouraged to work at their own pace, soliciting assistance from
|
|
||||||
instructors during the lab sections of the lecture. A Capture-The-Flag
|
|
||||||
style exercise follows the training as a mechanism to reinforce concepts
|
|
||||||
the participants have just learned, as well as introduce new concepts,
|
|
||||||
and to help participants learn how to deal with an actual security
|
|
||||||
incident. In the exercise portion, participants form into teams which
|
|
||||||
compete against each other to gain points in a broad spectrum of
|
|
||||||
categories.
|
|
||||||
|
|
||||||
Event categories and training topics are easily customized to better
|
|
||||||
meet each site's requirements for training.
|
|
||||||
|
|
||||||
|
|
||||||
Key Features
|
|
||||||
------------
|
|
||||||
|
|
||||||
Portable: Hardware for up to 80 participants fits into a single
|
|
||||||
suitcase, and the exercise portion can be conducted by a single
|
|
||||||
organizer for up to 100 participants.
|
|
||||||
|
|
||||||
Flexible: Exercise or Training can be run standalone, and can last
|
|
||||||
anywhere from 2 hours to 5 days.
|
|
||||||
|
|
||||||
Lasting: Exercise portion reinforces concepts learned during training.
|
|
||||||
|
|
||||||
Modular: Categories can be cherry-picked from an ever-growing list,
|
|
||||||
creating a custom-tailored training and exercise.
|
|
||||||
|
|
||||||
Extensible: New modules can be added quickly.
|
|
||||||
|
|
||||||
|
|
||||||
Categories currently available: (September 2010)
|
|
||||||
------------------------------------------------
|
|
||||||
|
|
||||||
* Base arithmetic
|
|
||||||
* Introductory computer programming / logical thinking
|
|
||||||
* Host forensics
|
|
||||||
* Malware reverse-engineering
|
|
||||||
* Network reverse-engineering
|
|
||||||
* Packet capture and analysis tools
|
|
||||||
* Reconstruction of session data
|
|
||||||
* Protocol reverse-engineering
|
|
||||||
* Custom tool development skills
|
|
||||||
* Linux systems programming
|
|
||||||
* Using strace, ltrace, gdb
|
|
||||||
* Understanding race conditions
|
|
||||||
* Programming securely
|
|
||||||
* Web application development
|
|
||||||
* Cross-site scripting attacks
|
|
||||||
* Input validation
|
|
||||||
* SQL Injection
|
|
||||||
* Security vs. obscurity
|
|
||||||
* Cryptography and codebreaking
|
|
||||||
* Steganography detection and extraction
|
|
||||||
* Social engineering
|
|
||||||
* Binary file formats
|
|
||||||
* General puzzle-solving skills
|
|
||||||
|
|
||||||
|
|
||||||
Categories in development
|
|
||||||
-------------------------
|
|
||||||
|
|
||||||
* Securing SCADA devices
|
|
||||||
* Network traffic monitoring
|
|
||||||
* Log file analysis
|
|
||||||
* HTML / Javascript reverse-engineering
|
|
||||||
* Your request goes here!
|
|
||||||
|
|
Loading…
Reference in New Issue