[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] The most realistic hacking contest
- To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] The most realistic hacking contest
- From: Dmitry Evteev <devteev@xxxxxxxxxxxxx>
- Date: Mon, 20 Aug 2012 13:37:36 +0000
Everybody is welcome to try on the crown during the King of the Hill contest
from the 20 August to 2 of September.
To try to repeat the feats of the CTF battle participants and fight for the
prizes provided by Positive Technologies, please register at the official web
site http://www.phdays.com/ctf/king/
During the Capture The Flag hacking contest at PHDays 2012 twelve teams from
ten countries have been attacking the networks of other teams and protecting
their own networks for two days and one night non-stop. The conditions were as
close to real life as possible - no invented vulnerabilities, only those that
occur in real contemporary information systems.
The infrastructure for the hacking battle was organized according to the
principle of the King of the Hill game: the points were given not only for
successful attacks against the systems, but also for keeping control over the
systems, which made the contest more intriguing.
The contest became the highlight of the forum program, that is why an idea came
to our minds... Why not to repeat the "royal battle" separately for the
Internet community, let us say, in the second half of August?
What is King of the Hill?
Following the principle maximum authenticity, the contest infrastructure
imitates typical infrastructure of enterprise networks: its external perimeter
includes web applications, DBMS servers and various directories (LDAP), taking
control of which allows reaching the internal perimeter - Microsoft Active
Directory. Everything is like in real life.
The task of the participants of King of the Hill is to detect vulnerabilities
of the systems, exploit them and, the most important of all, keep control over
the systems as long as it is possible. The trick is in regeneration of the sets
of vulnerabilities in the systems. The participants face a dilemma - whether to
try to attack the neighboring systems or to proceed with vulnerability
detection on the systems which are under control already
As in real life, the largest number of points is given for keeping control over
Active Directory, since attacking AD requires keeping control over first level
systems.
The King of the Hill contest was developed by the Positive Technologies experts
and was presented for the first time at PHDays CTF 2012 as part of the hacking
contest.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/