Full-Spectrum Capture The Flag Andrew Ruef Trail of Bits 

Getting and Using Other People’s Computers Andrew Ruef Trail of Bits 

Introduction —  Andrew Ruef —  Exploits —  Malware —  Pen testing —  Research —  Malware classification —  Vulnerability identification 

What we’ll discuss —  A bunch of stuff —  I will leave the slides often and maybe return to them —  I will use other people’s presentations sometime —  Tell me about what you want to know 

What we’ll discuss, outline —  Vulnerability discovery —  Exploit development —  Tool development —  Using other people’s computers —  What are these things at a high level? 

Vulnerability discovery —  Given code, find bugs —  Bugs can take many shapes —  May need many different bugs —  Vulnerability discovery is about code understanding —  Among some other things —  “code” can also mean “some binaries” —  “understanding” can be achieved through fuzzing 

Exploit development —  Given bugs, how do you coerce them into an exploit? —  Usually the goal of an exploit is running code —  Sometimes the scenarios are weird and this is not the case —  Exploit development can be thought of as program synthesis —  Instead of using if, else, you are using buffer overflows 

Tool development —  CTF is all about (the breaking of) software —  You’ll need some software of your own —  Launch your exploits —  Rootkits (yeah, meterpreter might not be good enough) —  Monitor your systems for compromise —  Coordinate activity amongst your team members —  This is software development EVIL 

Using OPC (Other People’s Computers) —  CTF people don’t use computers like normal people use computers —  How do you hide yourself? How do you detect other hidden people? —  Amusing: fighting covertly with another team for control of a third teams system —  Even more amusing: when this happens by accident —  This is being a bastard sysadmin from hell 

Along the way —  We will make some diversions —  My slides will be inadequate so I’ll show some demos —  You will have questions which will lead to drawings or demos 

This stuff actually is hard —  It takes a lot of practice to get it right —  It takes a lot of doing to get it right —  There are multiple skills overlaid on multiple domains —  We didn’t even really talk about web stuff 

CTF contains a lot of real-world stuff —  A working CTF team is doing what a “normal” security shop would do day to day —  Doing this should give a lot of insight into what goes on in the “real world” ON EASY MODE 

Have fun (and work a lot) —  Great CTF challenges will teach you something —  Terrible CTF challenges will give you stories —  Most challenges will be great or terrible