:: Upcoming Mid-Atlantic Regional Collegiate Cyber Defense Competition (CCDC)

When it comes to maintaining a business network, keeping up with today’s blitz of technological advances makes it difficult enough, but fending off increasingly aggressive and malicious hackers can make it almost impossible. At this weekend’s 4th Mid-Atlantic Regional (CCDC), student teams from the Community College of Baltimore County, George Washington University, James Madison University, and the University of Pittsburgh will have the opportunity to test their prowess at averting the advances of a team of professional hackers set to attack their simulated business networks. Hosted by the Community College of Baltimore County (CCBC), in conjunction with White Wolf Security and the CyberWATCH Center, with funding from the National Science Foundation (NSF), the three-day event will take place March 27-29, at Damon’s Grill (Banquet Room), located at 118 Shawan Road, Suite HH, Hunt Valley, MD. The winning team will represent the Mid-Atlantic region in the 4th National CCDC in San Antonio, TX, April 17-19.

While similar to other cyber defense competitions in many aspects, the Mid-Atlantic Regional CCDC, as part of the National CCDC, is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. While other exercises examine the abilities of a group of students to design, configure, and protect a network over the course of an entire semester, this competition is focused on the more operational task of assuming administrative and protective duties for an existing “commercial” network. Teams are scored based on their ability to detect and respond to outside threats, maintain availability of existing services (e.g., mail and web servers), respond to business requests (e.g., the addition or removal of additional services), and balance security needs against business needs.

:: Event Schedule:

  • Friday, March 27: day one competition starts at 12pm; Q&A with red team members at 7pm; guest speaker Johnny Long at 7:45pm
  • Saturday, March 28: day two competition starts at 9am
  • Sunday, March 29: day three competition beings at 9am; awards ceremony starts at 1:30pm

:: Cool Command Line Tricks

Using the tips/tricks presented on the following sites will help you develop your command line skills. If you practice these command line goodies, you are guaranteed to take your shell skills to the HNL (whole ‘nother level).

:: Shell-fu: a comprehensive and easily usable resource for anyone working with a shell; you can submit your own tips/tricks and vote on what others have submitted.

:: Comand-line-fu: like Shell-fu, you can record those command line gems that you return to again and again, as well as see how command line Ninjas are using the shell.

:: Snipt: excellent site for storing small pieces of code or commands that you use frequently, and will probably forget; organized by type of shell, OS, scripting languages, server software, and more.

:: Command Line Kung Fu: postings by Ed Skoudis, Hal Pomeranz, and Paul Asadoorian – 3 serious hackers/sysadmins; in each episode a problem is posed (“How do I…?”); Ed, Hal, and Paul then show you how they’d solve the problem using their shell and command line of choice; their multiple OS command line focus sets this site apart from the others.

:: Purposely Insecure Distros

In my 03/19/09 posting, Hacking Tools, I discussed some live Linux distributions geared for those wanting to learn how to use various network and/or web penetration testing tools. Now that you have an arsenal of security tools at your disposal, wouldn’t it be nice if you also had some insecure environments to test the tools out on?

The following is a sampling of Linux and Windows environments that were setup to be insecure, on purpose. Combining the network and web attack tools discussed in the Hacking Distros post, with these purposefully insecure environments, allows you to attempt real exploits against real systems and thus, learn the specifics of the various vulnerabilities and how best to fix them.

:: Damn Vulnerable Linux (DVL): live Linux distro (based on Damn Small Linux); choke full of broken, poorly configured, outdated, and exploitable software that makes it vulnerable to attacks.

:: Hacme Bank: Windows-based environment (see link for requirements) developed by Foundstone, Inc. that simulates a “real-world” web services-enabled online banking application; built with a number of known and common vulnerabilities; designed to teach application developers, programmers, architects and security professionals how to create secure software; not actively supported.

:: Hacme Shipping: Windows-based environment (see link for requirements) developed by Foundstone, Inc. that emulates the on-line services provided by major shipping companies; designed to demonstrate common web application hacking techniques (e.g., SQL Injection, Cross Site Scripting, Escalation of Privileges, Authentication and Authorization flaws) and how they are manifested in the code; not actively supported.

:: Hacme Travel: Windows-based environment (see link for requirements) developed by Foundstone, Inc. that simulates a “real-world” travel reservation system, which was built with a number of known and common vulnerabilities (e.g., SQL injection and buffer overflows); users attempt real exploits against a client-server application written in C++; designed to teach application developers, programmers, architects, and security professionals how to create secure software; not actively supported.

:: Mutillidae: a vulnerable set Of PHP scripts written by Iron Geek that implement the OWASP Top Ten Project.

:: OWASP WebGoat Project: insecure J2EE web application designed to teach web application security lessons; in each lesson, you must demonstrate your understanding of a security issue by exploiting a real vulnerability in the WebGoat application (e.g., in one of the lessons you must use SQL Injection to steal fake credit card numbers); a realistic teaching environment, providing you with hints and code to further explain the lesson.

:: Hacking Tools

“Most penetration tests are focused on either network attacks or web application attacks. Given this separation, many pen testers themselves have understandably followed suit, specializing in one type of test or the other. While such specialization is a sign of a vibrant, healthy penetration testing industry, tests focused on only one of these aspects of a target environment often miss the real business risks of vulnerabilities discovered and exploited by determined and skilled attackers.” –From Samurai Web Testing Framework site

The following distros provide a plethora of security-related tools for both network- and web-based penetration testing in a live CD format. These distros will save you hundreds of hours of setup and configuration time.

Network Hacking Distros

:: BackTrack: v4 Beta; best-of-breed live Linux penetration testing environment (based on Slackware); tools are organized by common phases in a hack (e.g., footprinting, scanning, exploitation, etc.)

:: Knoppix Security Tools Distribution (STD): live Linux penetration testing environment (based on Knoppix); old-skewl

Web Hacking Distros

:: Samurai Web Testing Framework: live Linux environment (based on Ubuntu); contains the best of the open source and free tools that focus on testing and attacking websites

:: Where Wizards Stay Up Late

Where Wizards Stay Up Late: The Origins of the Internet is the story of the small group of researchers and engineers whose invention, daring in its day, became the foundation for the Internet. With ARPA’s backing, the quest for a way to connect computers across the country began.

“Thirty years ago, interactive computer networks did not exist anywhere — except in the minds of a handful of computer scientists. In 1966, the Defense Department’s Advanced Research Projects Agency funded a project to create computer communication among its university-based researchers. The experiment was inspired by J.C.R. Licklider, a brilliant research scientist from MIT, and Robert Taylor, the Director of the ARPA office that funded it. At a time when computers were generally regarded as nothing more than giant calculators, Licklider and Taylor saw their potential as communications devices.”

:: For the Budding IDS Analyst

No matter how clever the attacker is, they still must send their malicious payload to your system with a packet. To recognize the abnormal, you must first understand what is normal. By exploring how various protocols work and by recognizing what normal protocol traffic looks like, you can craft strong defenses that meet your personal and/or business needs.

Analyzing captured packets, or trace files, is a logical starting point for anyone wanting to understand what normal traffic looks like. One of the challenges of this approach however, is knowing where to start once you’ve captured the traffic. Another challenge to this approach is knowing where to get trace files to analyze.

The following trace file repositories help address these challenges. These sites are a must see for anyone new to network traffic analysis, or for anyone looking to expand their traffic analysis skills set:

:: pcapr: a repository for people to access specific packet sequences to learn, understand, troubleshoot and/or debug various systems. The site also provides full-text search, automatic tagging, viewing, and editing of these packets.

:: OpenPacket.org: a centralized repository of network traffic traces for researchers, analysts, and other members of the digital security community.

::Protocol Analysis Institute: articles, training information, and trace files relating to network analysis.

:: Lawrence-Berkeley National Laboratory: over 11 GBs of trace files available.

:: Welcome Aboard!

Oh great, another blog – just what this world needs. But wait, I swear it’ll be worth your time to spend a few minutes each day checking out what’s here.

This blog is replacing my static faculty site and is developed with my students in mind. This site will also be of interest to those who are new to the field of information-security, hacking, security-related tools, etc.

The goals of this site are:
:: to provide a constantly updated resource for those new to the field of information security
:: to turn folks onto all things hacking/information security-related that I think is worth exploring in more detail
:: to explore various information security-related tools in detail
:: to get people interested in information security