mirror of https://github.com/dirtbags/moth.git
Rename for github
This commit is contained in:
parent
60227c5a26
commit
30c86d4185
|
@ -1,34 +0,0 @@
|
|||
Ideas for puzzles
|
||||
=================
|
||||
* Bootable image with FreeDOS, Linux, Inferno? HURD?
|
||||
* Bury puzzles in various weird locations within each OS
|
||||
* Maybe put some in the boot loader, too
|
||||
* Perhaps have some sort of network puzzle as well
|
||||
* Network treasure hunt
|
||||
* DHCP option
|
||||
* Single TCP RST with token in payload
|
||||
* Multiple TCP RST with different payloads
|
||||
* http://10.0.0.2/token
|
||||
* PXE boot some sort of points-gathering client
|
||||
* Init asks for a team hash, and starts awarding points
|
||||
* Broken startup scripts, when fixed award more points
|
||||
* Lots of remote exploits
|
||||
* "qemu -net socket" vpn thingy and then...
|
||||
* sfxrar packed with upx. Change an instruction so it won't actually
|
||||
execute.
|
||||
* pwnables: have scp log passwords somewhere
|
||||
|
||||
Capture the Packet
|
||||
------------------
|
||||
|
||||
* Jim Meilander could teach a class about Bro
|
||||
* Use qemu -net socket,connect=10.0.0.2:5399 for capture the packet
|
||||
|
||||
|
||||
From Jed Crandell
|
||||
-----------------
|
||||
|
||||
* Have password easily read, must determine username with stack
|
||||
examination (like in printf category)
|
||||
* Use %600000u%n to write an arbitrary value to a location in
|
||||
stack, then jump to that location somehow.
|
|
@ -1,76 +0,0 @@
|
|||
LANL Capture The Flag
|
||||
=====================
|
||||
|
||||
The LANL CTF training and exercise is designed to train novice to expert
|
||||
analysts in new techniques and tools. Course material is in a tutorial
|
||||
format, which is bundled into the exercise.
|
||||
|
||||
The class portion proceeds as a lecture style, although participants are
|
||||
encouraged to work at their own pace, soliciting assistance from
|
||||
instructors during the lab sections of the lecture. A Capture-The-Flag
|
||||
style exercise follows the training as a mechanism to reinforce concepts
|
||||
the participants have just learned, as well as introduce new concepts,
|
||||
and to help participants learn how to deal with an actual security
|
||||
incident. In the exercise portion, participants form into teams which
|
||||
compete against each other to gain points in a broad spectrum of
|
||||
categories.
|
||||
|
||||
Event categories and training topics are easily customized to better
|
||||
meet each site's requirements for training.
|
||||
|
||||
|
||||
Key Features
|
||||
------------
|
||||
|
||||
Portable: Hardware for up to 80 participants fits into a single
|
||||
suitcase, and the exercise portion can be conducted by a single
|
||||
organizer for up to 100 participants.
|
||||
|
||||
Flexible: Exercise or Training can be run standalone, and can last
|
||||
anywhere from 2 hours to 5 days.
|
||||
|
||||
Lasting: Exercise portion reinforces concepts learned during training.
|
||||
|
||||
Modular: Categories can be cherry-picked from an ever-growing list,
|
||||
creating a custom-tailored training and exercise.
|
||||
|
||||
Extensible: New modules can be added quickly.
|
||||
|
||||
|
||||
Categories currently available: (September 2010)
|
||||
------------------------------------------------
|
||||
|
||||
* Base arithmetic
|
||||
* Introductory computer programming / logical thinking
|
||||
* Host forensics
|
||||
* Malware reverse-engineering
|
||||
* Network reverse-engineering
|
||||
* Packet capture and analysis tools
|
||||
* Reconstruction of session data
|
||||
* Protocol reverse-engineering
|
||||
* Custom tool development skills
|
||||
* Linux systems programming
|
||||
* Using strace, ltrace, gdb
|
||||
* Understanding race conditions
|
||||
* Programming securely
|
||||
* Web application development
|
||||
* Cross-site scripting attacks
|
||||
* Input validation
|
||||
* SQL Injection
|
||||
* Security vs. obscurity
|
||||
* Cryptography and codebreaking
|
||||
* Steganography detection and extraction
|
||||
* Social engineering
|
||||
* Binary file formats
|
||||
* General puzzle-solving skills
|
||||
|
||||
|
||||
Categories in development
|
||||
-------------------------
|
||||
|
||||
* Securing SCADA devices
|
||||
* Network traffic monitoring
|
||||
* Log file analysis
|
||||
* HTML / Javascript reverse-engineering
|
||||
* Your request goes here!
|
||||
|
Loading…
Reference in New Issue