Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Full-Spectrum Capture the Flag

Full-Spectrum Capture the Flag

Getting and Using Other People's Computers

Trail of Bits

May 08, 2014
Tweet

More Decks by Trail of Bits

Other Decks in Technology

Transcript

  1. Introduction —  Andrew Ruef —  Exploits —  Malware —  Pen

    testing —  Research —  Malware classification —  Vulnerability identification
  2. What we’ll discuss —  A bunch of stuff —  I

    will leave the slides often and maybe return to them —  I will use other people’s presentations sometime —  Tell me about what you want to know
  3. What we’ll discuss, outline —  Vulnerability discovery —  Exploit development

    —  Tool development —  Using other people’s computers —  What are these things at a high level?
  4. Vulnerability discovery —  Given code, find bugs —  Bugs can

    take many shapes —  May need many different bugs —  Vulnerability discovery is about code understanding —  Among some other things —  “code” can also mean “some binaries” —  “understanding” can be achieved through fuzzing
  5. Exploit development —  Given bugs, how do you coerce them

    into an exploit? —  Usually the goal of an exploit is running code —  Sometimes the scenarios are weird and this is not the case —  Exploit development can be thought of as program synthesis —  Instead of using if, else, you are using buffer overflows
  6. Tool development —  CTF is all about (the breaking of)

    software —  You’ll need some software of your own —  Launch your exploits —  Rootkits (yeah, meterpreter might not be good enough) —  Monitor your systems for compromise —  Coordinate activity amongst your team members —  This is software development EVIL
  7. Using OPC (Other People’s Computers) —  CTF people don’t use

    computers like normal people use computers —  How do you hide yourself? How do you detect other hidden people? —  Amusing: fighting covertly with another team for control of a third teams system —  Even more amusing: when this happens by accident —  This is being a bastard sysadmin from hell
  8. Along the way —  We will make some diversions — 

    My slides will be inadequate so I’ll show some demos —  You will have questions which will lead to drawings or demos
  9. This stuff actually is hard —  It takes a lot

    of practice to get it right —  It takes a lot of doing to get it right —  There are multiple skills overlaid on multiple domains —  We didn’t even really talk about web stuff
  10. CTF contains a lot of real-world stuff —  A working

    CTF team is doing what a “normal” security shop would do day to day —  Doing this should give a lot of insight into what goes on in the “real world” ON EASY MODE
  11. Have fun (and work a lot) —  Great CTF challenges

    will teach you something —  Terrible CTF challenges will give you stories —  Most challenges will be great or terrible