Nemo's Home

My Experience with the Deloitte Cyber Collegiate Threat Competition (2011)

20 Nov 2011

I recently was part of a team at IIT-Roorkee that won the Deloitte Cyber Collegiate Threat Competition. It was a competition modeled after The Deloitte sponsored CCDC in the US. The event will be organized in the subsequent years as well, and hence this blog post will summarize my experience so as to help any future participants. Moreover, the organizing team has guaranteed us that the competition will be altered significantly in the coming years. This was the first year that this event was organized, after all.

I’ll go into the contest round by round, so beginning with Round 1.

Round 1

Deloitte came to our campus, with little promotion about the event. A presentation was given on the current scenario of Cyber Threat, particularly with respect to India. Free swag was awarded to people who asked some good questions, or answered some as well. After the presentation, a quiz was goven out, consisting mainly of questions about Web Application Security. A few of the questions asked to write down code to circumvent a particular issue (like SQL Injection). But it was mostly about stuff that every security conscious Web Developer would know about.

After the quiz, they selected the top 9 candidates, and asked us to form teams. Make sure that you attend the quiz with your friends, as we definitely had an edge by knowing everyone in our team before the event. The number of teams varied from campus to campus. But if you perform decent enough, you will be selected.

Round 2

Each of the teams were given a VM Image, and we were asked to hack into it. We were not allowed to exploit vulnerabilities in the guest OS, or things like VMWare, or try to boot into the image with another OS, but other than that everything went.

The VM had a library application, with several vulnerabilities. A challenge sheet was mailed to us, and we were expected to finish as many challenges as we could. Any further vulnerabilities not mentioned in the challenge could also be mentioned, but theywere only to be used in the case of a tie with another team.

The time duration for Round 2 was 15 days and we were supposed to submit our reports by then. We were able to complete most of the challenges after we found a blind sql injection vulnerablity. Further, we were able to get a copy of the obsfucated PHP code, which we converted to simpler versions easily enough. We had no way to make use of the code, but it did help us in identifying possible files and entry routes for vulnerabilities.

To get a good score in round 2, try to attack every point in the application. In our case, some of them were too stupid to be used in a real case scenario. For instance, we had password hashes appearing in images. Pour through the javascript code, and search like hell. Stuff like w3af might help you, but since its a limited application only, it is often easier to just track the application flow. We did try kernel level exploites, but the VM was fully patched and up to date.

Round 3

Round 3 was organized at Hyderabad and was a head on hack everything contest. We were handed 3 virtual machines, with lots of vulnerable services. We had to keep those services running, which were periodically pinged by a scorebot. Scores were awarded in three categories : attack, defense, and flags.

Attack points were earned upon getting a shell on any of the other team’s servers.

Flag points of awardedon the basis of getting access to secrets stored inside the other team’s servers.

Defense points were earned on the basis of status of your own service.

The network architecture was 3 tiered. A single central router routed requests to a team’s router, which was then connected to an individual team switch. A switch was connected to the host VM, and the attack machines. Two different subnets were created for attack and defense in each team’s router. All uVMs were present in the attack subnets.

Day 1

Day 1 consisted mostly of us learning about the network and trying to gain access into the other systems. All the services were highly vulnerable, and as a result, we had to patch that vulnerability in our own servers before we attacked anyone with it. DoS attacks started late in theday, but were ever present.

The VMs handed t us included a Windows Server 2003, a debian, and an Ubuntu. Only open source/freeware tools were allowed, and we used lots of stuff including :

  • Backtrack for almost everything since attack laptops given to us had Windows installed
  • LOIC for DoS attacks
  • Wireshark for packet analysis.
  • Snort for intrusion detection.
  • NMap for scanning services
  • Metasploit for trying out exploits
  • Cain and Abel for miscellaneous stuff

Day 2

Day 2 involves lots of pwning,and a surprise twist. All VMs for day 1 had been reset to their current state, and we had to do patch them all over again in first fifteen minutes of the session. Other than that, the increase in traffic was exponential. All our machines were scanned tonell. DoS attacks became normal, and the epic moment of the day was during the last session when we had our router pwned.

Pics from the Event are at Facebook.

Conclusion

Kudos to the Deloitte Team for organizing such a brilliant contest. We had lots of fun. They have assured us that next year it will be even bigger and better. And that the format will be entirely Different. Ext hear so this blog post might not be as helping as you may have thought.

Github +1 URLs

17 Oct 2011

I was working on the Google +1 Listing API (undocumented). So here’s a list of my current +1 urls on github.com. Most of the projects pertain to web-designing. I’ll update this list automatically every week or so, provided I remember to/set a cron job.

jayferd/color.js

color.js - The missing color library
typicaljoe/taffydb

taffydb - TaffyDB - an open source JavaScript Database for your browser
antirez/lamernews

lamernews - Lamer News -- an HN style social news site written in Ruby/Sinatra/Redis/JQuery
felixge/node-mysql

node-mysql - A pure node.js JavaScript Client implementing the MySql protocol.
daneden/animate.css

animate.css - A big ol' goody bag filled with CSS animations for WebKit, Firefox and beyond.
javve/list

Do you want a 7 KB cross-browser native JavaScript that makes your plain HTML lists super flexible, searchable, sortable and filterable? Yea
azer/jekyll-social-activities

jekyll-social-activities - a jekyll project template to list social network activities
e1ven/Robohash

Robohash - RoboHash.org
donpark/node-robohash

node-robohash - node.js implementation of Robohash. It's neither complete nor render general SVG.
lg/marshmallow

marshmallow - An open source Campfire server
tmcw/big

big - presentations for busy messy hackers
All of the Hooks

Service Hooks are available for more events (issues, pull requests, forks, etc). Update them through the API!
chromakode/karmabot

karmabot - A highly extensible IRC karma+information bot written in Python.
moserware/PHPSkills

PHPSkills - An implementation of the TrueSkill algorithm in PHP
nodejitsu/docs

docs - Community powered rocket fuel for node.js
spin.js

An animated CSS activity indicator with VML fallback.
Alice.js Demos

Alice.js Demos. Alice.js (A Lightweight Independent CSS Engine) is a micro JavaScript library focused on using hardware-accelerated capabili
tcorral/Design-Patterns-in-Javascript

Design-Patterns-in-Javascript - Based in examples on Head First Design Patterns
atduskgreg/srender

srender - John Resig's Simple Javascript Templating turned into a jQuery Plugin
mrdavidlaing/functional-javascript

functional-javascript - A fun set of koans to teach you functional programming techniques in Javascript
mrdavidlaing/javascript-koans

javascript-koans - Koans to learn Javascript
robrighter/current

current - Node.js app for visualizing http requests on a lan
bcoe/endtable

endtable - A ridiculously simple Object Mapper for Node running on top of CouchDB.
sproutcore/sproutcore

sproutcore - JavaScript Application Framework - JS library only
tpope's Profile

tpope (Tim Pope). You're not logged in! Login; Pricing & Signup. Name: Tim Pope. Website/Blog: http://tpo.pe/. Company: Waiting on t
tpope/vim-fugitive

vim-fugitive - fugitive.vim: a Git wrapper so awesome, it should be illegal
github/gitignore

A collection of useful .gitignore templates
Chosen - a JavaScript plugin for jQuery and Prototype - makes select boxes better

Standard Select.
harvesthq/chosen

chosen - Chosen is a library for making long, unwieldy select boxes more friendly.
rthauby/Paige

Paige - Super simple project page generation
docco.coffee

Docco is a quick-and-dirty, hundred-line-long, literate-programming-style documentation generator. It produces HTML that displays your comme
LeaVerou/prefixfree

prefixfree - Break free from prefix hell!
twitter/scala_school

scala_school - Lessons in the Fundamentals of Scala
arcturo/library

A library of free eBooks we're working on
tcr/selection.js

selection.js - A tiny JavaScript DOM selection library for modern browsers and IE5-8.
First Annual Octocat Dodgeball Invitational

Why? We were brainstorming in the office and decided we should throw balls at our enemies. But why stop at destroying our enemies with foam

nide - Beautiful IDE for Node.JS

nide. Beautiful IDE for Node.JS. nide is a web-based IDE for Node.js, designed with simplicity and ease-of-use in mind. The current version

mikeal/request

Simplified HTTP request client.
unconed/TermKit

TermKit - Experimental Terminal platform built on WebKit + node.js. Currently only for Mac and Windows, though the prototype works 90% in an
If Dropbox Used GitHub’s Pricing Plan

If Dropbox Used GitHub's Pricing Plan. What if Dropbox used GitHub's pricing model? Folders? Yes, folders. I have a lot of folders.

Must Use Web Applications

15 Oct 2011

Here are a few of the applications that I would heavily recommend.

Workflowy

Here’s how Workflow describes itself.

WorkFlowy is a simple, but powerful way to manage all the information in your life.

Here’s their introductory video:

If that does not hook you, I don’t know what will.

Clipboard

Clipboard is a content archiver tool that makes it quick, snappy, easy, and cool. It has got tons of features and is still in private beta. However, since Michael Arrington blogged about it, it has begun accepting larger number of invites. I’ve only started to use it, but it has been quite awesome till now.

My favorite feature is embed. Everything I’ve embedded on this page is via clipboard, as a demo. You can clip tweets, pics, videos and what not and embed it on your blog easily.

Ge.tt

Ge.tt is one of the many file sharing sites that seem to have cropped up in Web 2.0. Its USP is its simplicty, however don’t be fooled by it. It has got lots of features as well:

Gett Screenshot

  • Share URLs while your stuff is uploading
  • Share without even logging in
  • Drag and drop upload
  • Versioning for file Uploads
  • Share multiple files under a single upload
  • Limited Analytics (See number of Downloads)

So yes, its not as powerful as many others, but has got quite enough features to keep me busy.

Minus]

Minus is a simple image sharing service. It was amongst the first to offer Drag-And-Drop upload back before it was cool. Right now, it is trying to become the next flickr, allowing people to subscribe to each other. If you are someone who posts cool pics regularly, check this out.

Minus Home Page

My primary browser is Chromium, and here are some Chrome Applications that I use regularly:

Offline GMail

Was a Chrome extension that used Google Gears for letting you use GMail completely offline.

Offline GMail Screenshot

Pros:

  • Looks cool
  • Allows multiple accounts
  • Drafs facility
  • Labels

Cons

  • Not all the functionality of Online GMail

Collaborative Editors

I like collaborative editing, working together with people in real-time. Unfortunately, the biggest entrant fizzed out. However, there are still quite a lot of competitors left in the field.

Google Docs

I tend to avoid Google Docs usually, as it is too much of a bloat for me. The integration with Google Chat is good, but sometimes all you need is a plain text editor. There is also an Offline Google Docs application, although it does not allow one to edit documents. Also no presentations.

Etherpad

Etherpad is quite good, as a plain text collaborative editor. I tend it to use it frequently, and it has some excellent features. It makes a thousand revisions of each of my posts, and allows me to play through them, and see who made wat change in real-time. All this, for free. Plus you get chat, and basic formatting (bold, italics, underline).

The previously mentioned workflowy keeps your lists in sync over time, so it is collaborative, though not in real time.

Also, mention goes out to pastehtml, which does an excellent job. Its neither collaborative nor has sharing, but it had me hooked at editable markdown. You can type in markdown, publish in html, and come back and edit your documents, as per your your heart’s wish.

Grooveshark

I rarely listen to music online, but when I do, its either on Youtube or Grooveshark.

Grooveshark Screenshot

Looking back at this document, it seems that there are not many web-apps that I use.

Some other applications that I regularly use, in no particular order:

  • FreedCamp - A free alternative to Basecamp
  • IssueBurner - Simple Issue Tracking via Email
  • Postary - A simple blogging platform. “Write.Share.”
  • LastPass - Password Manager

I’ll probably add some Chrome Extensions later as well.