Full-Spectrum Capture the Flag

Transcript

1. Full-Spectrum Capture The Flag Andrew Ruef Trail of Bits

2. Getting and Using Other People’s Computers Andrew Ruef Trail of

   Bits

3. Introduction —  Andrew Ruef —  Exploits —  Malware —  Pen

   testing —  Research —  Malware classification —  Vulnerability identification

4. What we’ll discuss —  A bunch of stuff —  I

   will leave the slides often and maybe return to them —  I will use other people’s presentations sometime —  Tell me about what you want to know

5. What we’ll discuss, outline —  Vulnerability discovery —  Exploit development

   —  Tool development —  Using other people’s computers —  What are these things at a high level?

6. Vulnerability discovery —  Given code, find bugs —  Bugs can

   take many shapes —  May need many different bugs —  Vulnerability discovery is about code understanding —  Among some other things —  “code” can also mean “some binaries” —  “understanding” can be achieved through fuzzing

7. Exploit development —  Given bugs, how do you coerce them

   into an exploit? —  Usually the goal of an exploit is running code —  Sometimes the scenarios are weird and this is not the case —  Exploit development can be thought of as program synthesis —  Instead of using if, else, you are using buffer overflows

8. Tool development —  CTF is all about (the breaking of)

   software —  You’ll need some software of your own —  Launch your exploits —  Rootkits (yeah, meterpreter might not be good enough) —  Monitor your systems for compromise —  Coordinate activity amongst your team members —  This is software development EVIL

9. Using OPC (Other People’s Computers) —  CTF people don’t use

   computers like normal people use computers —  How do you hide yourself? How do you detect other hidden people? —  Amusing: fighting covertly with another team for control of a third teams system —  Even more amusing: when this happens by accident —  This is being a bastard sysadmin from hell

10. Along the way —  We will make some diversions — 

    My slides will be inadequate so I’ll show some demos —  You will have questions which will lead to drawings or demos

11. This stuff actually is hard —  It takes a lot

    of practice to get it right —  It takes a lot of doing to get it right —  There are multiple skills overlaid on multiple domains —  We didn’t even really talk about web stuff

12. CTF contains a lot of real-world stuff —  A working

    CTF team is doing what a “normal” security shop would do day to day —  Doing this should give a lot of insight into what goes on in the “real world” ON EASY MODE

13. Have fun (and work a lot) —  Great CTF challenges

    will teach you something —  Terrible CTF challenges will give you stories —  Most challenges will be great or terrible