not my place to comment on white hat or not and i certainly wouldnt name anyone on the team. not my place at all. the guys on the team are the ones who can write the sploits on the fly when needed. The team lead is a guy who knows his stuff in and out as does the rest of the guys who flew in.
Also flooding a connection is forbidden for the most part. I know since I had a perfect sploit lined up for one of the servers that would of DOS'ed it easily but the red teams hands were tied on that point. But yes if the server couldnt respond its a service outage. Some teams did that enough just by themselves (dam those ASA cables ehh?;) )
actually pretty much everyone makes a living off of the profession. That being said I was completly humbled by the team that was assembled and learned alot being there with them. Team Hilarious was great.
To be fair, I was red team at nationals (albeit I was humlbed greatly by the rest of the red team), I was the team captain for UTSA at regionals this year. I've seen it from the blue team, white team and red team viewpoint. Blue is the most frustrating I do say but in the end I've always walked away having learned something.
Usually competitions like this are in "Which OS is most secure" kinds of settings, where the ostensible purpose is to find out which OS is the most secure. However, in this case, you had you had a bunch of different OSs all linked together, and you had to protect them from a bunch of security professionals. I imagine these "pros" probably weren't hard-core hackers, and given that, I'm not sure what the value of the exercise was. These "pros" as you said are actually professional flown in from around the country who either are partners in consulting companies or just a level below that. Everyone on the red team does it for a living at the national level and certainly is not a bunch of non hardcore hackers who said o lets have fun. But then again what do i know, I was on the red team.
This competition is about best defending a network in as short a time as possible. Each region creates its own scenario independent from the national level and it creates different levels of fun and realism for the teams. In essence this competition is realistic from a sys admin point of view and thats mainly the people who will be admining these system. Once again I say this as a red team point of view and that of someone who was team captain of the UTSA team this year (the hosts of the national competition every year).
Well this competition was actually a great one. I was one of the red team members for the nationals (and also the only person to have gone from a regional team captain to the national red team). The competition was very close to the very end with only a few subtle mistakes being made as of the second day.
The run down is usually like this for the red team:
Day 1: Boxes are extremly vulnerable and red team had a hayday with easily found exploits. We set some backdoors and have some fun with the servers. Looking for customer data that is stored on them.
Day 2: Teams have patched most boxes and taken care of most of the vulns out there. Red team goes after websites finding exploits for the most part since boxes are locked down other than holes we inserted ourselves. Default passwords on ecommerce sites are usually one of the last things to change.
Day 3: Boxes and teams are finally pretty locked down. Some last holes are left over from the red team. Nessus and Core Impact and other tools are worthless at this point at the latest (if not midday saturday). This day red team is pretty much just having fun, especially the team lead, Dave with his laughing that echos down the halls making the other teams nervous.
In all every team did a great job. Everyone learned alot (heck I learned alot red teaming with some of these guys). Stupid mistakes were made by every team and we (the red team) loved the teams for it. Can't wait to come back next year and seeing what the teams will do then.
Slashdot Mirror
not my place to comment on white hat or not and i certainly wouldnt name anyone on the team. not my place at all. the guys on the team are the ones who can write the sploits on the fly when needed. The team lead is a guy who knows his stuff in and out as does the rest of the guys who flew in. Also flooding a connection is forbidden for the most part. I know since I had a perfect sploit lined up for one of the servers that would of DOS'ed it easily but the red teams hands were tied on that point. But yes if the server couldnt respond its a service outage. Some teams did that enough just by themselves (dam those ASA cables ehh? ;) )
actually pretty much everyone makes a living off of the profession. That being said I was completly humbled by the team that was assembled and learned alot being there with them. Team Hilarious was great.
To be fair, I was red team at nationals (albeit I was humlbed greatly by the rest of the red team), I was the team captain for UTSA at regionals this year. I've seen it from the blue team, white team and red team viewpoint. Blue is the most frustrating I do say but in the end I've always walked away having learned something.
This competition is about best defending a network in as short a time as possible. Each region creates its own scenario independent from the national level and it creates different levels of fun and realism for the teams. In essence this competition is realistic from a sys admin point of view and thats mainly the people who will be admining these system. Once again I say this as a red team point of view and that of someone who was team captain of the UTSA team this year (the hosts of the national competition every year).
Well this competition was actually a great one. I was one of the red team members for the nationals (and also the only person to have gone from a regional team captain to the national red team). The competition was very close to the very end with only a few subtle mistakes being made as of the second day. The run down is usually like this for the red team: Day 1: Boxes are extremly vulnerable and red team had a hayday with easily found exploits. We set some backdoors and have some fun with the servers. Looking for customer data that is stored on them. Day 2: Teams have patched most boxes and taken care of most of the vulns out there. Red team goes after websites finding exploits for the most part since boxes are locked down other than holes we inserted ourselves. Default passwords on ecommerce sites are usually one of the last things to change. Day 3: Boxes and teams are finally pretty locked down. Some last holes are left over from the red team. Nessus and Core Impact and other tools are worthless at this point at the latest (if not midday saturday). This day red team is pretty much just having fun, especially the team lead, Dave with his laughing that echos down the halls making the other teams nervous. In all every team did a great job. Everyone learned alot (heck I learned alot red teaming with some of these guys). Stupid mistakes were made by every team and we (the red team) loved the teams for it. Can't wait to come back next year and seeing what the teams will do then.