Dailydave mailing list archives
Re: Dreaming of Summer
From: Dave Aitel <dave () immunitysec com>
Date: Sat, 06 Dec 2003 16:01:03 -0600
Hmm. I want a game where after you use your 0day, you lose it. Maybe I'll have targets like "debian.org" and "gentoo.org". For the life of me, I can't think of anything on debian.org worth owning that would compensate for losing a good kernel local, or anything on gentoo worth risking rsync for. Whoever it is is losing points fast.
-dave Kohlenberg, Toby wrote:
Actually, that's very much what the game was like last year- They gave us a relatively secured build with lots of insecure e-biz-type apps running on it. You got points for keeping them up for extended periods and also for capturing and then keeping a service. The games have been fairly interesting the last two years. t -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com] On Behalf Of David Maynor Sent: Saturday, December 06, 2003 8:54 AM To: Brass, Phil (ISS Atlanta) Cc: dtangent () defcon org; dailydave () lists immunitysec com Subject: RE: [Dailydave] Dreaming of Summer On Sat, 2003-12-06 at 11:35, Brass, Phil (ISS Atlanta) wrote:Screw defense. You come in with whatever equipment you want. Thehostsets up a set of targets. You attack them. Maybe there's a duplicate set of targets, one for each team. Maybe there's just one set (more chaotic, IMHO). You get points for taking control of target services and/or networks. That gets rid of the sysadmin aspect.I like the aspect of holding the service after its owned. At this point you have to consider the switch vs. no switched network. If everybody i attacking the same machine, tcpdump caps are trivial meaning that teams could gain access just by copying other teams. I would be infavor of something like a themed contest. For instace this year we have a ecomm site running on a trusted OS. There is a series of points awarded for how far you get. This deep sixes competeing against other teams and makes it more blackhat like, its your team vs thetarget.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Dreaming of Summer surreal (Dec 05)
- Re: Dreaming of Summer David Maynor (Dec 05)
- <Possible follow-ups>
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer surreal (Dec 06)
- Re: Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer Kohlenberg, Toby (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Tri Huynh (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Sean Batt (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Pen-Testing Disclosure was Re: Dreaming of Summer dailydave (Dec 08)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)