Photos of the space

I’ve been in an out of the space a lot this week.  We’ve seen some significant donations of furniture and equipment including a server rack, a server and some switches.  I was in the space taking some pictures today and I thought I would share the pics with all of you.

Its hard to get a picture that does the space justice. However these two came out pretty good.

SONY DSC

SONY DSC

Wilmington University CTF

On Saturday January 30th, myself a few like minded security professionals met to participate in a CTF held by Wilmington University and facilitated by Eric Arnoth. Eric was nice enough to open up the CTF he runs to help train his students to compete at CCDC to members of Shell and the other security professionals. This opportunity to be a part of a simulated blue team defending a network against attack from a red team is rare outside of Security Conferences or SANS training.

Victor AKA Rusty Shackleford put this summary of events together for us:
CTF at Wilmington University with Cyberwildcats.

Saturday, January 31, 2016

Two teams in total both playing defensive against attackers not on location.

We were in the neighborhood of -16,000 points when the scoreboard stopped
updating. My only hope is that we reached a magic number and scorebot choked:
death by integer overflow. I doubt it since scorebot is based on Python which
isn’t typically afflicted by such a problem. Still, I like to believe we got
some revenge that day even if it was shooting the messenger, scorebot.

Things started ordinarily enough. Log into servers, change passwords, restrict
remote access, but where applying firewalls and application hardening started
we ran into a problem. We believe the DNS service went down, or stopped
responding. This left us with a glaring block of red where our servers and
services are displayed on the board. Since scorebot can’t resolve domain names,
it can’t go on to ping servers and test for available services. It was at this
point I could only go on to make minor changes to obviously bad things. I found
and renamed a file with a call to phpinfo() and an installation directory for
phpBB3. Making broader changes wasn’t possible until we were back on the
scoreboard since every change to an application could cause downtime I was
hesitant to stack multiple changes to multiple systems and create a tangled
mess.

Things slowed down after this and my time was spent bouncing between a few tasks
I thought were useful and manageable. I only owned 4 of 7 servers where some
just wouldn’t accept an ssh connection and others the credentials we were
provided didn’t work and investigated these systems. I would periodically check
network connections for signs of unauthorized access. My attention was
occasionally diverted to scanning for rogue hosts that popped up in our network
or helping in some way to getting our DNS working again.

After the dust settled, we got some advise. I recorded notes on things I missed:
our Drupal server was vulnerable to shell shock and a zencart installation
directory was left available to exploitation granting root access to our web
server. Also, one of the rogue systems that came online unexpectedly was
compromised too but I didn’t catch how that effected us — perhaps it was used
to plant another beacon.

This was a learning experience and about as bad as it can get. Being our first
time playing as a team we learned a lot and we really couldn’t do worse (unless
scorebot keeps counting past -16,000 that is).

Rusty Shackleford