Dailydave mailing list archives

Re: Dreaming of Summer

From: Dave Aitel <dave () immunitysec com>
Date: Sat, 06 Dec 2003 16:01:03 -0600

Hmm. I want a game where after you use your 0day, you lose it. MaybeI'll have targets like "debian.org" and "gentoo.org". For the life ofme, I can't think of anything on debian.org worth owning that wouldcompensate for losing a good kernel local, or anything on gentoo worthrisking rsync for. Whoever it is is losing points fast.


-dave


Kohlenberg, Toby wrote:

Actually, that's very much what the game was like last year- They gave
us
a relatively secured build with lots of insecure e-biz-type apps running
on it. You got points for keeping them up for extended periods and also
for
capturing and then keeping a service.

The games have been fairly interesting the last two years.

t

-----Original Message-----
From: dailydave-bounces () lists immunitysec com
[mailto:dailydave-bounces () lists immunitysec com] On Behalf Of David
Maynor
Sent: Saturday, December 06, 2003 8:54 AM
To: Brass, Phil (ISS Atlanta)
Cc: dtangent () defcon org; dailydave () lists immunitysec com
Subject: RE: [Dailydave] Dreaming of Summer


On Sat, 2003-12-06 at 11:35, Brass, Phil (ISS Atlanta) wrote:

Screw defense.  You come in with whatever equipment you want.  The

host

sets up a set of targets.  You attack them.  Maybe there's a duplicate
set of targets, one for each team.  Maybe there's just one set (more
chaotic, IMHO).  You get points for taking control of target services
and/or networks.

That gets rid of the sysadmin aspect.

I like the aspect of holding the service after its owned. At this point
you have to consider the switch vs. no switched network. If everybody i
attacking the same machine, tcpdump caps are trivial meaning that teams
could gain access just by copying other teams.

I would be infavor of something like a themed contest. For instace this
year we have a ecomm site running on a trusted OS. There is a series of
points awarded for how far you get. This deep sixes competeing against
other teams and makes it more blackhat like, its your team vs the

target.



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Dreaming of Summer surreal (Dec 05)
- Re: Dreaming of Summer David Maynor (Dec 05)
- <Possible follow-ups>
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
  - RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer surreal (Dec 06)
  - Re: Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer Kohlenberg, Toby (Dec 06)
  - Re: Dreaming of Summer Dave Aitel (Dec 06)
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
  - RE: Dreaming of Summer David Maynor (Dec 06)
    - Re: Dreaming of Summer Tri Huynh (Dec 06)
  - Re: Dreaming of Summer Dave Aitel (Dec 06)
    - Re: Dreaming of Summer David Maynor (Dec 06)
    - Re: Dreaming of Summer Sean Batt (Dec 06)
    - Re: Dreaming of Summer David Maynor (Dec 06)
    - Pen-Testing Disclosure was Re: Dreaming of Summer dailydave (Dec 08)
    - Re: Dreaming of Summer David Maynor (Dec 06)
  - RE: Dreaming of Summer Michael J Freeman (Dec 06)

(Thread continues...)