Hello Team Ninja,
Here are a number of links and notes from today's Finals round preview.
*Finals Challenge Document*
https://drive.google.com/file/d/1shWkoToxmQwhGV5sfyboFSGvpO6Nht5n/view
*Finals Challenge Environment*
https://drive.google.com/file/d/197Z2sP0IoQNCQPoubrDQYRMRzqNaBuTd/view
*My Notes from the meeting:*
-A series of different nodes that need to be protected on a network.
-We will remotely connect to each device/server
-Availability must be maintained for services on a node
-scorebot checks services every minute (service is down= incorrect
submission, lose points and accuracy)
-blocking red team and scorebot IP's may = DQ
-Don't stand up Dummy services
-may install any services if service is still available
-Working on synchronized terminals (bottlenecks if working on the same Kali
box)
-familiarize with 5 target machines (apache, node.js, ftp, sql, redis)
-ssh (hostname) to access the target machine
-all vulnerabilities can be remediated
-log analysis highly valuable skill for the challenge
-all terminal sessions will be logged
-Default Machine used _Kali2021.1 default meta package
-We can restart servers
-There will be backdoors on the servers (exploits and backdoors can be
removed)
*Theory Crafting (ProfC)*
-Might be worth looking at these machines/services to update. review of
apt-get and yum.
-so change the root passwords and passwords for the services. :-)
But not the service checking accounts
-Definitely strong and different passwords for each account/service
-So maybe a google shared notes sheet ahead of time to share info??
-Maybe even lock accounts that are not necessary, but being careful to not
lock an account that is required for a service.
-So maybe be ready to download packages and SCP over to the systems as
required.
-Maybe also lock down ports except for default ports
-Definitely need to patch the services asap.
-Recommendation - have log analysis packages at the ready for each of the
services. SCP over to the machines and install at the beginning.
-Would take a look at / have cheat sheets ready for ufw
*Please don't forget the Finals Schedule is as follows:*
Below is the preliminary schedule for the* Finals on Saturday,* *May 22nd,
2021.*
11am Start Orientation, approximately 30 minutes
Break until Noon Please use bathroom, grab water / juice / soda, eat, grab
snacks
12pm to 4pm Finals Challenge – please plan for an extra 45 minutes, just in
case.
4pm to 5pm Break to finalize scores and set-up virtual Awards Ceremony
Order Dinner using your gift card
5pm to 6pm Awards Ceremony
Go Spartans!
