《网络攻防赛,提升你的安全技术水平.pdf》由会员分享,可在线阅读,更多相关《网络攻防赛,提升你的安全技术水平.pdf(53页珍藏版)》请在三一文库上搜索。
1、Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Ivan Btler ivan.buetlercompass- National Cyber Storm Competition HandsHands- -On Security ChallengesOn Security Challenges OWASP AppSec Beijing 2013 Compass Security AG Sli
2、de 2 www.csnc.ch My Name is Ivan Btler CEO Compass Security AG Switzerland Compass Security AG Slide 3 www.csnc.ch My Home, Switzerland Compass Security AG Slide 4 www.csnc.ch Compass Security AG Penetration Testing Forensic Analysis Compass Security AG Slide 5 www.csnc.ch Why am I here? Because we
3、run a Remote Security Lab in Switzerland. It is called HackingHacking- -LabLab Security Puzzles / Challenges / HandsSecurity Puzzles / Challenges / Hands- -OnOn Because OWASP is offering free Hacking- Lab OWASP TOP 10OWASP TOP 10 Web Security Challenges Because Hacking-Lab is being used for NATIONAL
4、 CYBER STORM COMPETITIONSNATIONAL CYBER STORM COMPETITIONS Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona At the endAt the end: You should understand how to setup your own security lab security lab and how to use the fr
5、eefree OWASP challenges Compass Security AG Slide 7 www.csnc.ch A long time ago . I was looking for a young jedi knight 俗塵 - 絕地武士 CTF 2007 in Switzerland Compass Security AG Slide 8 www.csnc.ch 2009 Swiss Cyber Storm 2 Fist Swiss Cyber Talent Competition 瑞士的網絡天賦競爭 Compass Security AG Slide 9 www.csn
6、c.ch 2011 Swiss Cyber Storm 3 International CTF SCS3 in Switzerland Prize獎 = New CarNew Car新車 Compass Security AG Slide 10 www.csnc.ch 2013 - Swiss Cyber Storm 4 Compass Security AG Slide 11 www.csnc.ch Challenge Categories Web Security Malware / Trojan / Bugs Windows Security Apple Security Penetra
7、tion Testing Networking Forensics Reverse Engineering VoiP / SS7 / GSM Wireless Security Unix / Linux Security Crypto Challenges Programming Fun Challenge iPhone Challenge Android Challenge Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach
8、2038 CH-8645 Jona What is Hacking-Lab? Compass Security AG Slide 13 www.csnc.ch What is Hacking-Lab? Compass Security AG Slide 14 www.csnc.ch Understanding Hacking-Lab 1)Registration 2)Challenge Details Solving the challenges(VPN) Send Solution Solution Grading Tel +41 55 214 41 60 Fax +41 55 214 41
9、 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona SQL Injection & XML External Entity Attack DemonstrationDemonstration Hacking-Lab Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona
10、Details about Hacking-Lab Compass Security AG Slide 17 www.csnc.ch What is Hacking-Lab? (1) Vulnerable Servers and Applications (Web, Windows, Linux, iOS, Android) (2) Description about the security challenges (3) Tools required for solving the challenges (4) Teacher functions (accept/reject solutio
11、ns) solutions, solution movies Compass Security AG Slide 18 www.csnc.ch Details about Hacking-Lab (1/4) (1) Vulnerable Servers and Applications (Web, Windows, Linux, iOS, Android) (2) Description about the security challenges (3) Tools required for solving the challenges (4) Teacher function (accept
12、/reject solutions) Compass Security AG Slide 19 www.csnc.ch Details about Hacking-Lab Vulnerable ServersServers Remote Security Lab Vulnerable MobileMobile Apps Automatic Revert to Snapshot Automatic Revert to Snapshot Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Securit
13、y AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Movie 1: Vulnerable Servers (ESXi) Compass Security AG Slide 21 www.csnc.ch Vulnerable Servers (ESX Virtualization) Compass Security AG Slide 22 www.csnc.ch Vulnerable Servers (ESX Virtualization) Vulnerable Servers * SIP Gateway * IIS * Web Security *
14、Fuzzing Challenge * Pyhton Challenge * Mimikatz * Shell of the Future * License Challenge * Nessus Scanning Compass Security AG Slide 23 www.csnc.ch Vulnerable Servers (ESX Virtualization) Vulnerable Servers * Splung Engine * Java Script Arena * Web Goat * Struts Challenge * Buffer Overflow * HTML5
15、Challenge * JSP Challenge * Oracle Challenges * Conficker * Metasploit Lab Compass Security AG Slide 24 www.csnc.ch Vulnerable Servers (ESX Virtualization) Vulnerable Servers * Server LiveCD * SSH Challenge * Backtrack * Unix Challenge * Active Directory * Terminal Server * Chat The Hacking-Lab serv
16、ers will revert to snapshot revert to snapshot ever 1, 2 or 4 hours Compass Security AG Slide 25 www.csnc.ch Details about Hacking-Lab (2/4) (1) Vulnerable Servers and Applications (Web, Windows, Linux, iOS, Android) (2) Description about the security challenges (3) Tools required for solving the ch
17、allenges (4) Teacher function (accept/reject solutions) Compass Security AG Slide 26 www.csnc.ch Compass Security AG Slide 27 www.csnc.ch Compass Security AG Slide 28 www.csnc.ch Compass Security AG Slide 29 www.csnc.ch Compass Security AG Slide 30 www.csnc.ch Compass Security AG Slide 31 www.csnc.c
18、h Compass Security AG Slide 32 www.csnc.ch Details about Hacking-Lab (3/4) (1) Vulnerable Servers and Applications (Web, Windows, Linux, iOS, Android) (2) Description about the security challenges (3) Tools required for solving the challenges (4) Teacher function (accept/reject solutions) Compass Se
19、curity AG Slide 33 www.csnc.ch Tools required to solve the Challenges VPN to Lab OpenVPNOpenVPN into ESX Server Infrastructure LiveCDLiveCD Compass Security AG Slide 34 www.csnc.ch LiveCD freefree Download http:/media.hackinghttp:/media.hacking- - LiveCD ISO LiveCD VirtualBox OVA LiveCD Vmware OVA C
20、ompass Security AG Slide 35 www.csnc.ch Hacking-Lab LiveCD Project Compass Security AG Slide 36 www.csnc.ch How to connect using VPN VPN Compass Security AG Slide 37 www.csnc.ch How to use the Browser Browser 1) Two profiles 2) Attacker 3) Victim 4) SwitchProxy 5) LiveHttpHeader 6) . more Compass Se
21、curity AG Slide 38 www.csnc.ch How to use ZAP Proxy ZAP Inspection Proxy 1) Web Analysis 2) Man in the Middle 3) Open Source 4) Java based 5) Loading = slow Compass Security AG Slide 39 www.csnc.ch How to get a Root Shell ROOT Shell Compass Security AG Slide 40 www.csnc.ch How to access Microsoft XP
22、 (VDI) Vmware View VDI Compass Security AG Slide 41 www.csnc.ch Details about Hacking-Lab (4/4) (1) Vulnerable Servers and Applications (Web, Windows, Linux, iOS, Android) (2) Description about the security challenges (3) Tools required for solving the challenges (4) Teacher function (accept/reject
23、solutions) Compass Security AG Slide 42 www.csnc.ch Solution Grading as Teacher Compass Security AG Slide 43 www.csnc.ch Solution Grading as Teacher Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Hacking-Lab for China C
24、ompass Security AG Slide 45 www.csnc.ch Problems for Chinese Users Problems with httpshttps:/www.hacking- It is not working from everywhere in China Problems with OpenVPNOpenVPN It is not working from everywhere in China Proposed SolutionProposed Solution TranslatingTranslating the OWASP TOP 10 to t
25、he Chinese language Hosting a Chinese server http:/china.hacking- Compass Security AG Slide 46 www.csnc.ch http:/china.hacking- Future PlansPlans for China China Switzerland PS: Must be checked with Chinese law! Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Security AG We
26、rkstrasse 20 Postfach 2038 CH-8645 Jona This is a prototype not ready yet! Movie: china.hacking- Compass Security AG Slide 48 www.csnc.ch http:/china.hacking- OWASP TOP 10 Challenges in Chinese Language Compass Security AG Slide 49 www.csnc.ch http:/china.hacking- Tel +41 55 214 41 60 Fax +41 55 214
27、 41 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Conclusion How to buildbuild your own security security lablab Compass Security AG Slide 51 www.csnc.ch Conclusion Free OWASP TOP 10 challengesFree OWASP TOP 10 challenges httpshttps:/www.hacking:/www.hackin
28、g- - Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona What do you think? Tel +41 55 214 41 60 Fax +41 55 214 41 61 teamcsnc.ch www.csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Ivan Btler ivan.buetlercompass- Thank you very much!