what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Friday, October 12, 2012

HackBattle2012 The rerun

HackBattle 2012 which had started last week, opened with the Blackhat team (Blackdiamond) gaining access to the two servers faster than we expected. They were followed by team Ownerz and team Takerz. We had set several vulnerabilities and were fully tested, and worked well for each network. After the blackhats took over, they set up several backdoors and malwares pieces, which the team that took over the servers was expected to identify and quarantine forensically before 8th of October 2012. As this time approached most of the teams realized the team Blackdiamond had already gained through and they wondered how they did that.

On 8th in the afternoon team Blackdiamond came back in, pkilled every process on each TTY, and regained control of the servers, therefore winning this year.

So on 9th we decided to bring the game back with a new sceneraio as below. We are calling it Hackbattle2012 'The Rerun'.

So the scenario is as below, we have a network with two servers, both webservers, one acting as a blog server and the other as normal website. Both of these servers are vulnerable to different flaws, e.g SQLi, LFI, Information Disclosure etc.

These servers are controlled by several users, sitting behind their laptops and its business as usual. This penetration scenario is BLACKBOX and so all attackers are supposed to be covert, and should use any means necessary to gain access to the infrastructure.

The above is made simpler and should help all the groups understand some pentest skills as they work together and exchange ideas. Kinda of Knowledge transfer for everyone.

Am also giving out small clues and directions to those who ask me about what to look for etc.

Enjoy the game, and remember more practice and the perfect you get.

See all teams tomorrow at CIO East Africa office.



No comments: