Security Workshop:Scenario1

From Gridkaschool

This is a warm-up exercise to let you get to know your systems a bit.

First, you will be given 15-20 minutes to familiarize yourself with your site in a known good state. At this point, the systems are idling, and no malicious activities have taken place on them. You may perform any system hardening you see fit (but please read the game rules first).

Please note that your systems will be reinstalled from scratch before Scenario 2, so keep track of any changes you want to re-apply tomorrow.

Eventually, bad things may start to happen. Please respond to any attacks, and perform post-attack forensics.

Scores will be awarded to the teams as follows:

  • The first team that reports the attacking IP address and the targetted user in this scenario receives 100 points.
  • The first team that reports the full path name of a malware binary and its sha1 hash sum (run the file through sha1sum to calculate this) will receive 250 points.
  • The first team that reports a backdoor password in a malware binary receives 500 points.

Report your findings by sending e-mail to Starfleet Command. Don't forget to include your site name.

Observations of attacking IP addresses and malware files will be broadcast to all sites through the Status Dashboard.

Retrieved from "https://wiki.scc.kit.edu/gridkaschool/index.php?title=Security_Workshop:Scenario1&oldid=647"