HackFest Series: Need IDS Forensic Team Members

Lisa Kachold lisakachold at obnosis.com
Tue Dec 23 14:06:49 MST 2008


Actually, we mostly need people willing to man the DEFENSE (and forensics) side of the HackFest.

We have more than a few who a unstoppable with exploit tech, so we need the important part which consists of:

1) honeypots
2) keyloggers
3) IDS [snort tiger and tripwire]

to give us a full report on what was done.

So the full game is:

A) They get us.
B) We report what they got.
C) Everyone discusses how we might have defended against the attack.

Having machines available to host the fest, would include breaking them in select ways, to allow such things as:

1) SSH exploits, telnet access
2) NFS 
3) adjacent router encroachment
4) web systems including insecure DocumentRoot, Directories, CGIs, and Mysql without a root password.

I can build a system in 2 hours to do all this (say a gentoo build right out of the box) but it would be fun for everyone to have more complete forensics about the exploits, and pit themselves against various distros and builders?



www.Obnosis.com |  http://en.wiktionary.org/wiki/Citations:obnosis |  hackfest.obnosis.com (503)754-4452
January PLUG HackFest = Kristy Westphal, AZ Department of Economic Security Forensics @ UAT 1/10/09 12-3PM
Take the Black [Linux BT3] Pill & leave SecurityMatrix, or take the Blue [XP/Vista Pill] & stay happily ignorant.




> Date: Mon, 22 Dec 2008 21:39:58 -0700
> From: cryptworks at gmail.com
> To: plug-discuss at lists.plug.phoenix.az.us
> Subject: Re: HackFest Series: Need IDS Forensic Team Members
> 
> I have been wanting to biild up a machine, come jan I might have the
> funds to get the last parts. Once up I might be willing to let
> hackfest have a go before I run it live
> 
> On 12/22/08, Ryan Rix <phrkonaleash at gmail.com> wrote:
> > On Monday 22 December 2008 4:20:01 pm Lisa Kachold wrote:
> >> We need more people willing to build and man honeypots, IDS and complete
> >> forensics post fest!  The challenge is to find all the attack vectors and
> >> prove encroachment via logs ad loggers for presentation and educational
> >> contunium after each flag.
> >>
> >> Please email me if interested.
> >
> > I am currently configuring a server under fedora 10... I can create a Xen VM
> > for a honeypot, so long as my main server is left untouched by intruders,
> > when
> > time allows. There is nothing sensitive on the main server, and probably
> > will
> > not be -- just hosting a wordpress blog and a few other toys -- but I would
> > just rather have it that way and not have to worry about cleaning kernel
> > rootkits out and such ;) ), I am on winter break right now and will have
> > ample
> > time to do such things (maybe take part in a few hackfest series' as well)
> >
> > If this ends up happening would someone be willing to help me set up the
> > honeypot? (I should be able to set up the Xen environment myself with
> > tutorials, etc)
> >
> > Thanks and best,
> > Ryan Rix
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> 
> -- 
> Sent from my mobile device
> 
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
> 
> Stephen
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_________________________________________________________________
It’s the same Hotmail®. If by “same” you mean up to 70% faster.
http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_hotmail_acq_broad1_122008
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20081223/c4776edc/attachment.htm 


More information about the PLUG-discuss mailing list