[olug] Cyber Defense Competition @ IWCC
Joseph Gulizia
joseph.gulizia at gmail.com
Tue Apr 26 22:41:29 CDT 2016
I will be there as part of a hacker team. How many others are there?
On Thu, Mar 31, 2016 at 10:17 AM, Jared Bernard <jared.bernard at gmail.com>
wrote:
> I like the PermitRootLogin. I'll make sure that's set for this year's
> competition.
>
> I'll just mention again, we could use some more red team members. There is
> one point in the competition we have a mock "emergency" (usually a fire
> drill) where everyone except the red is required to leave the building and
> the red team has a few minutes to scour the blue teams area. In the past
> students have left notebooks out with usernames and passwords.
>
> On Wed, Mar 30, 2016 at 7:19 PM Rob Townley <rob.townley at gmail.com> wrote:
>
> > ssh daemon left with PermitRootLogin and passwords allowed instead of ssh
> > keys only. This is usually the default until the system is setup.
> >
> >
> >
> > On Mar 30, 2016 6:56 PM, "Jared Bernard" <jared.bernard at gmail.com>
> wrote:
> >
> > > @Joseph.gulizia - IoT is a good idea but may be beyond our students
> and
> > > needs to be supported by Esxi for this year's event. However,
> definitely
> > a
> > > possibility for future events.
> > >
> > > @rob.townley - I'll take a look at Trixbox.
> > >
> > > Most likely the network will consist of 2 Linux boxes, 1 Windows Server
> > > with AD and 3 or 4 Windows client machines.
> > >
> > >
> > >
> > > On Wed, Mar 30, 2016 at 5:28 PM Rob Townley <rob.townley at gmail.com>
> > wrote:
> > >
> > > > Versions of TrixBox that shared entire / filesystem in RW mode for
> > > guests.
> > > >
> > > > On Mar 30, 2016 4:40 PM, "Craig Wolf" <wolfout101 at gmail.com> wrote:
> > > >
> > > > > Heck, just install a Windows 7 box and let them have at it. 8)
> > > > >
> > > > > Craig Wolf
> > > > > (402)990-3010
> > > > >
> > > > > Strengths: Activator, Relator, Adaptability, Learner, Achiever
> > > > >
> > > > > On Wed, Mar 30, 2016 at 3:12 PM, Kevin <sharpestmarble at gmail.com>
> > > wrote:
> > > > >
> > > > > > I know you mentioned applications, configurations, or scenarios.
> > Did
> > > > you
> > > > > > think of IoT devices?
> > > > > >
> > > > > > On Wed, Mar 30, 2016 at 1:33 PM, Joseph Gulizia <
> > > > > joseph.gulizia at gmail.com>
> > > > > > wrote:
> > > > > >
> > > > > > > Sounds interesting. I'll know more after Friday so I can plan
> to
> > > be
> > > > > off
> > > > > > > and attend.
> > > > > > >
> > > > > > > On Wed, Mar 30, 2016 at 12:48 PM, Jared Bernard <
> > > > > jared.bernard at gmail.com
> > > > > > >
> > > > > > > wrote:
> > > > > > >
> > > > > > > > I'm an instructor at Iowa Western and we are preparing for
> our
> > > > annual
> > > > > > > cyber
> > > > > > > > defense competition. We are looking for suggestions of
> > > > applications,
> > > > > > > > configurations or scenarios that are exploitable which our
> > > students
> > > > > > will
> > > > > > > > have to secure and harden in the competition. In the past
> we've
> > > had
> > > > > > older
> > > > > > > > versions of Debian running an outdated version of Apache,
> php,
> > > > vsftp,
> > > > > > > > poorly developed webpage, some type of outdated wiki,
> > unnecessary
> > > > > > > services
> > > > > > > > with default configs, CMS or custom scripts.
> > > > > > > >
> > > > > > > > Any other suggestions or modifications of what we tried in
> the
> > > > past?
> > > > > > > >
> > > > > > > > Also, If anyone is interested, we have some openings on the
> red
> > > > team
> > > > > to
> > > > > > > > anyone who might be interested in hacking and taking
> advantage
> > > the
> > > > > > > exploits
> > > > > > > > on our student's network. Competition is April 29, free meal,
> > > > snacks
> > > > > > and
> > > > > > > > beverages. Should be lots of fun.
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > > Jared Bernard
> > > > > > > > _______________________________________________
> > > > > > > > OLUG mailing list
> > > > > > > > OLUG at olug.org
> > > > > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > > > > >
> > > > > > > _______________________________________________
> > > > > > > OLUG mailing list
> > > > > > > OLUG at olug.org
> > > > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > > > >
> > > > > > _______________________________________________
> > > > > > OLUG mailing list
> > > > > > OLUG at olug.org
> > > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > > >
> > > > > _______________________________________________
> > > > > OLUG mailing list
> > > > > OLUG at olug.org
> > > > > https://lists.olug.org/mailman/listinfo/olug
> > > > >
> > > > _______________________________________________
> > > > OLUG mailing list
> > > > OLUG at olug.org
> > > > https://lists.olug.org/mailman/listinfo/olug
> > > >
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list