Dailydave mailing list archives
RE: Dreaming of Summer
From: Michael J Freeman <mfreeman451 () yahoo com>
Date: Sat, 6 Dec 2003 18:38:55 -0800 (PST)
All you really need to do is take over the Akamai network. They host most of the stuff for symantec, like you get your virus definition updates from an Akamai server, and do services for microsoft (mostly DNS, but they may have the windowsupdate "akamaized" where you get your updates from an Akamai server rather than a M$ site). They also do DNS for lots of other huge sites, whitehouse.gov, fbi.gov, msnbc, yahoo, etc. Not to mention the fact that if you gained control of one of a servers in the NOC you could easily gain control over the entire network of over 15,000 servers and launch one of the most massive distributed DoS attacks in the world, effectively crippling the Internet. Remember the Fluffi Bunni??? --- "Brass, Phil (ISS Atlanta)" <PBrass () iss net> wrote:
You're kidding, right? The chance to r00t *every* debian box in the world (apt-get update; apt-get upgrade; apt-get install rootkit) isn't worth losing a single local root sploit? The only better targets are the windows ones like Symantec's LiveUpdate and, of course, windowsupdate.microsoft.com... Phil-----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com]On Behalf OfDave Aitel Sent: Saturday, December 06, 2003 5:01 PM To: dailydave () lists immunitysec com Subject: Re: [Dailydave] Dreaming of Summer Hmm. I want a game where after you use your 0day,you lose it. MaybeI'll have targets like "debian.org" and"gentoo.org". For the life ofme, I can't think of anything on debian.org worthowning that wouldcompensate for losing a good kernel local, oranything ongentoo worth risking rsync for. Whoever it is is losing pointsfast.-dave Kohlenberg, Toby wrote:Actually, that's very much what the game was likelast year-They gaveus a relatively secured build with lots ofinsecure e-biz-type appsrunning on it. You got points for keeping them upforextended periodsand also for capturing and then keeping a service. The games have been fairly interesting the lasttwo years.t -----Original Message----- From: dailydave-bounces () lists immunitysec com [mailto:dailydave-bounces () lists immunitysec com]On Behalf Of DavidMaynor Sent: Saturday, December 06, 2003 8:54 AM To: Brass, Phil (ISS Atlanta) Cc: dtangent () defcon org;dailydave () lists immunitysec comSubject: RE: [Dailydave] Dreaming of Summer On Sat, 2003-12-06 at 11:35, Brass, Phil (ISSAtlanta) wrote:Screw defense. You come in with whateverequipment you want. Thehostsets up a set of targets. You attack them.Maybe there'sa duplicateset of targets, one for each team. Maybethere's just oneset (morechaotic, IMHO). You get points for takingcontrol oftarget servicesand/or networks. That gets rid of the sysadmin aspect.I like the aspect of holding the service afterits owned. Atthis pointyou have to consider the switch vs. no switchednetwork. Ifeverybody iattacking the same machine, tcpdump caps aretrivial meaningthat teamscould gain access just by copying other teams. I would be infavor of something like a themedcontest. Forinstace thisyear we have a ecomm site running on a trustedOS. There isa series ofpoints awarded for how far you get. This deepsixescompeteing againstother teams and makes it more blackhat like, itsyour team vs thetarget._______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/da>ilydave_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Dreaming of Summer, (continued)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- RE: Dreaming of Summer Brass, Phil (ISS Atlanta) (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Tri Huynh (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Sean Batt (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- Pen-Testing Disclosure was Re: Dreaming of Summer dailydave (Dec 08)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 06)
- Re: Dreaming of Summer Dave Aitel (Dec 06)
- Re: Dreaming of Summer David Maynor (Dec 06)
- RE: Dreaming of Summer David Maynor (Dec 07)
- RE: Dreaming of Summer Halvar Flake (Dec 09)
- RE: Dreaming of Summer David Maynor (Dec 07)