Proposal: Security training and eventual CTF - Security & Cryptography
Users browsing this thread: 11 Guest(s)
|
|||
It would be interesting to set up a few capture the flag tournaments(CTF) in a few months with training sessions leading up to the tournaments. UnixHub would be a great base to try this with enthusiastic members who have a great mix of experience providing excellent collaborative potential.
So my proposal is as follows: Training
Not every member at UnixHub will be versed in information security but I have a feeling almost every member would be interested in learning a thing or two about the 'darker' side of computer geekery that is hacking or penetration testing. Due to this it would be cool to run a few training sessions which could start at the basics and work it's way forward slowly to prepare everyone with a few skills which may be utilised in the competitions to come. This would involve:
Capture the Flag
Assuming the tasks would be monthly, if each task had significant depth it would be safe to assume within roughly 6 months members would have a developed enough base knowledge to perform a full hack of their own but leave enough unknown for it not to be trivial. I am not quite sure how we would structure the CTF yet so this section will remain open to suggestions over the months if this idea comes to fruition. To my knowledge there are a few different types of CTF which could be done. Challenges and Benefits
Obviously this idea isn't without it's challenges and it isn't entirely selfless on my behalf.
Other than that, this could provide a learning experience or at least some fun for anyone interested in security. Anyone more interested in the system admin side could also learn the do's and don'ts helping setting up the tasks/CTF if they don't want to get into the attacking side. Finally, sorry about the layout of this, tried to put things in sections and then just waffled in each of them. Lets hear comments, suggestions, feedback in any sense! If anyone can provide what is needed in terms of consulting or helping with the systems for the tasks/CTF. The structure for both is up for grabs at the moment so any input is great. Thanks, Derby. |
|||
|
|||
I think this is a wonderful ideas, great post! I would be willing to lend my server out for this. I would be willing to sign a contract stating I gave permission to penetrate my system etc like they do when you pay someone to pen test your systems.
|
|||
|
|||
If everything is well monitored then why not.
On the other hand, everyone here is pretty busy so we should plan everything before hand so it fits our schedule. |
|||
|
|||
I would most defiantly join!
It would be kinda cool to have a Knights Code of Condcut that we all abide by and that we all sign. Also we could have cool nicknames :D
The world is quaking from our Linux Thoughts!
|
|||
|
|||
The point of the training is for people who don't know about this stuff NeoTerra! All you need is a willingness to learn ;)
Edit - It's also far from organised, it's just an idea yet. I'm going to need a lot of help to organise it properly. |
|||
|
|||
|
|||
I know barely anything about security but if people would be willing to allow me in (slightly confused as to who this is aimed at, people like me or people who at least know a bit?), but if it's the former, or both, I'd love to.
|
|||
|
|||
I'd be extremely interested in this. Great idea, Derby.
Klan9 > Plan9! (H0pe)
Klan9foLyfe |
|||
|
|||
Hehe, why not!
|
|||
|
|||
This is aimed at everyone, whether you know nothing or are a full blown security researcher.
It will be great to get a mix so people can teach others throughout it too. Spread the knowledge! |
|||
|
|||
I should point out, while I'm thinking about it, that if we do use someones server we would do the utmost to separate the hacking-space from the server's actual space. I'm sure someone will know of a way to make this possible.
|
|||
|
|||
Quote:Sounds like a job for a FreeBSD jail.Or KVM. VPS are cheap these days. But I like this idea even more the more I think about it. :) |
|||
|
|||
I'm glad you like the idea shtols, KVM would be good to look at, you say?
|
|||
|
|||
(23-09-2013, 08:21 PM)NeoTerra Wrote:(23-09-2013, 08:08 PM)Derby Wrote: I should point out, while I'm thinking about it, that if we do use someones server we would do the utmost to separate the hacking-space from the server's actual space. I'm sure someone will know of a way to make this possible. Not if I can break out of the jail :) |
|||
|
|||
Quote:I'm glad you like the idea shtols, KVM would be good to look at, you say?Virtualization in general. But I'm by far no expert on that subject. |
|||
|
|||
|
|||
I like the idea.
Perhaps we could take up a collection to separate the serious participants from the flakes? Buy in for a cheap price like $5. (USD) or something? Use the funds to pay for hosting? Or if someone has server space as Kopri mentioned, then use the funds for UH administration purposes? I'd be willing to pay as well as agree to specific terms in order to protect the host. |
|||
|
|||
Yeah I would be willing to take my server out from behind NAT and poke a few holes in my security. I would need everyones IP address so I can blacklist EVERYONE but you guys since I don't want someone with ill intent to gain access to my box.
My idea of this is for instance I'm running a lighttpd webserver. They have a hidden dir that requires a user password once you have that you can see that stats page, and more devious things. I would have re setup the webserver so it's not chrooted since I doubt anyone has a privilege escalation hack up their sleeve. |
|||
|
|||
;-) Very interested. Hehe
|
|||
|
|||
I haven't forgotten about this or given up, I've had a situation IRL requiring a lot of time at the moment.
I am still very interested in this idea and wouldn't mind a few people, along with kopri (thanks for the support so far), helping out on the setting up! :) |
|||
|
|||
Really great idea! Even if I have no idea on what to do, I'd love to see how it goes, have people saying what they did and how. To all hackers here, is that possible to get a post about that when it will be over?
|
|||
|
|||
Yeah it would be cool to give solutions once the task is finished. Explain the different aspects that could have been used during the task for anyone that may have missed something.
It would also be a good way to learn, the whole point is to allow people who may not know much about it to join in with a bit of reading. Some websites such as http://www.enigmagroup.org/ do it very well already and have a good ethos around learning and developing knowledge and skills in the area. |
|||
|
|||
I'm in :>
|
|||
|
|||
I would be very interested in this. I don't think I have the necessary skill sets, aside from talking to a few pen-testers at work. I'll put my learning hat on.
|
|||
|
|||
I totally forgot about this! I am glad no one started with out me!!
The world is quaking from our Linux Thoughts!
|
|||
|
|||
For years, the Capture the Flag platform has been a common and very popular part of the hacker convention scene. Teams come from all over the world to show their skill and technique in various competitions.
|
|||
|
|||
...Thanks?
|
|||