mirror of https://github.com/dirtbags/moth.git
77 lines
2.4 KiB
Plaintext
77 lines
2.4 KiB
Plaintext
LANL Capture The Flag
|
|
=====================
|
|
|
|
The LANL CTF training and exercise is designed to train novice to expert
|
|
analysts in new techniques and tools. Course material is in a tutorial
|
|
format, which is bundled into the exercise.
|
|
|
|
The class portion proceeds as a lecture style, although participants are
|
|
encouraged to work at their own pace, soliciting assistance from
|
|
instructors during the lab sections of the lecture. A Capture-The-Flag
|
|
style exercise follows the training as a mechanism to reinforce concepts
|
|
the participants have just learned, as well as introduce new concepts,
|
|
and to help participants learn how to deal with an actual security
|
|
incident. In the exercise portion, participants form into teams which
|
|
compete against each other to gain points in a broad spectrum of
|
|
categories.
|
|
|
|
Event categories and training topics are easily customized to better
|
|
meet each site's requirements for training.
|
|
|
|
|
|
Key Features
|
|
------------
|
|
|
|
Portable: Hardware for up to 80 participants fits into a single
|
|
suitcase, and the exercise portion can be conducted by a single
|
|
organizer for up to 100 participants.
|
|
|
|
Flexible: Exercise or Training can be run standalone, and can last
|
|
anywhere from 2 hours to 5 days.
|
|
|
|
Lasting: Exercise portion reinforces concepts learned during training.
|
|
|
|
Modular: Categories can be cherry-picked from an ever-growing list,
|
|
creating a custom-tailored training and exercise.
|
|
|
|
Extensible: New modules can be added quickly.
|
|
|
|
|
|
Categories currently available: (September 2010)
|
|
------------------------------------------------
|
|
|
|
* Base arithmetic
|
|
* Introductory computer programming / logical thinking
|
|
* Host forensics
|
|
* Malware reverse-engineering
|
|
* Network reverse-engineering
|
|
* Packet capture and analysis tools
|
|
* Reconstruction of session data
|
|
* Protocol reverse-engineering
|
|
* Custom tool development skills
|
|
* Linux systems programming
|
|
* Using strace, ltrace, gdb
|
|
* Understanding race conditions
|
|
* Programming securely
|
|
* Web application development
|
|
* Cross-site scripting attacks
|
|
* Input validation
|
|
* SQL Injection
|
|
* Security vs. obscurity
|
|
* Cryptography and codebreaking
|
|
* Steganography detection and extraction
|
|
* Social engineering
|
|
* Binary file formats
|
|
* General puzzle-solving skills
|
|
|
|
|
|
Categories in development
|
|
-------------------------
|
|
|
|
* Securing SCADA devices
|
|
* Network traffic monitoring
|
|
* Log file analysis
|
|
* HTML / Javascript reverse-engineering
|
|
* Your request goes here!
|
|
|