[olug] Cyber Defense Competition @ IWCC

Jared Bernard jared.bernard at gmail.com
Thu Mar 31 10:17:48 CDT 2016


I like the PermitRootLogin. I'll make sure that's set for this year's
competition.

I'll just mention again, we could use some more red team members. There is
one point in the competition we have a mock "emergency" (usually a fire
drill) where everyone except the red is required to leave the building and
the red team has a few minutes to scour the blue teams area. In the past
students have left notebooks out with usernames and passwords.

On Wed, Mar 30, 2016 at 7:19 PM Rob Townley <rob.townley at gmail.com> wrote:

> ssh daemon left with PermitRootLogin and passwords allowed instead of ssh
> keys only.  This is usually the default until the system is setup.
>
>
>
> On Mar 30, 2016 6:56 PM, "Jared Bernard" <jared.bernard at gmail.com> wrote:
>
> > @Joseph.gulizia -  IoT is a good idea but may be beyond our students and
> > needs to be supported by Esxi for this year's event. However, definitely
> a
> > possibility for future events.
> >
> > @rob.townley - I'll take a look at Trixbox.
> >
> > Most likely the network will consist of 2 Linux boxes, 1 Windows Server
> > with AD and 3 or 4 Windows client machines.
> >
> >
> >
> > On Wed, Mar 30, 2016 at 5:28 PM Rob Townley <rob.townley at gmail.com>
> wrote:
> >
> > > Versions of TrixBox that shared entire / filesystem in RW mode for
> > guests.
> > >
> > > On Mar 30, 2016 4:40 PM, "Craig Wolf" <wolfout101 at gmail.com> wrote:
> > >
> > > > Heck, just install a Windows 7 box and let them have at it.  8)
> > > >
> > > > Craig Wolf
> > > > (402)990-3010
> > > >
> > > > Strengths: Activator, Relator, Adaptability, Learner, Achiever
> > > >
> > > > On Wed, Mar 30, 2016 at 3:12 PM, Kevin <sharpestmarble at gmail.com>
> > wrote:
> > > >
> > > > > I know you mentioned applications, configurations, or scenarios.
> Did
> > > you
> > > > > think of IoT devices?
> > > > >
> > > > > On Wed, Mar 30, 2016 at 1:33 PM, Joseph Gulizia <
> > > > joseph.gulizia at gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Sounds interesting.  I'll know more after Friday so I can plan to
> > be
> > > > off
> > > > > > and attend.
> > > > > >
> > > > > > On Wed, Mar 30, 2016 at 12:48 PM, Jared Bernard <
> > > > jared.bernard at gmail.com
> > > > > >
> > > > > > wrote:
> > > > > >
> > > > > > > I'm an instructor at Iowa Western and we are preparing for our
> > > annual
> > > > > > cyber
> > > > > > > defense competition. We are looking for suggestions of
> > > applications,
> > > > > > > configurations or scenarios that are exploitable which our
> > students
> > > > > will
> > > > > > > have to secure and harden in the competition. In the past we've
> > had
> > > > > older
> > > > > > > versions of Debian running an outdated version of Apache, php,
> > > vsftp,
> > > > > > > poorly developed webpage, some type of outdated wiki,
> unnecessary
> > > > > > services
> > > > > > > with default configs, CMS or custom scripts.
> > > > > > >
> > > > > > > Any other suggestions or modifications of what we tried in the
> > > past?
> > > > > > >
> > > > > > > Also, If anyone is interested, we have some openings on the red
> > > team
> > > > to
> > > > > > > anyone who might be interested in hacking and taking advantage
> > the
> > > > > > exploits
> > > > > > > on our student's network. Competition is April 29, free meal,
> > > snacks
> > > > > and
> > > > > > > beverages. Should be lots of fun.
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Jared Bernard
> > > > > > > _______________________________________________
> > > > > > > OLUG mailing list
> > > > > > > OLUG at olug.org
> > > > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > > > >
> > > > > > _______________________________________________
> > > > > > OLUG mailing list
> > > > > > OLUG at olug.org
> > > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > > >
> > > > > _______________________________________________
> > > > > OLUG mailing list
> > > > > OLUG at olug.org
> > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>


More information about the OLUG mailing list