Sunday, November 18, 2012

Cyberlympics 2012 Round 2 and Round 3 summary

As promised, I am going to give a short summary of the second and third round of the Cyberlympics 2012 competition. Both rounds were organized by SAIC (CyberNEXS), basically we played on their regular training games (CyberNEXS Cyber Security Training).

Round 2 - Penetration Testing

This round was quite fun, since our team members were scattered to different locations, so we had to use Skype in order to work together. There were some technical problems, so the game started around 22:00 instead of the scheduled 21:00.

Anyways, we had to VPN into the CyberNEXS system, then we logged into our attacker Backtrack machines (we got 2, if I remember correctly) and the fun began. The first set of target systems were accessible from our attacker machines, and there were dual homed hosts, providing access to the next subnetwork.

We just did the usual thing: port scanning, launching exploits, cracking and bruteforcing passwords, etc. so nothing extra. Points were given for planting flags and writing detailed reports from the findings. I think we have owned 4 or 5 servers, which was enough for the 4th place in this round.

Round 3 - Centralized  Network Defense Game

In this round, 5 or 6 (can't remember the exact number) servers were given for us running Linux and Windows (servers and desktops too) operating systems, and we had to harden them, but in the meantime, maintain critical services, prevent the attacks and report incidents (points were given for accomplishing these).

We prepared with a few scripts and programs, to automate hardening and help us monitoring the system status. I don't know why we thought that we had to concentrate on attackers from outside, but it was a big surprise when we realized that our systems were heavily backdoored, we spent most of our time removing these and writing incident reports about them.

And that's all! :) Of course I can't give out more details, but I think even this short summary gives an idea how these rounds looked like.

Saturday, November 17, 2012

Cyberlympics 2012 Finals

I hope it's still not too late, but I wanted to post about the Cyberlympics Finals. So it's been almost three weeks from now that our team (gula.sh) went to Miami, and played the last CTF round of the competition.

We had a long flight to the USA, and I was very excited, since I left Europe for the first time.

As second team in the 3rd Round, we had to fight in a preliminary round with other teams from other regions and only the winner of the preliminary round was allowed to participate in the finals.

Fortunately, after 3 hours of fighting, we got the first place in the qualification round and moved into the finals!

Cyberlympics Qualification round results:
  1. gula.sh - Hungary
  2. TeamNaija - Nigeria
  3. Deloitte LATCO - South America
Here's a nice picture of us, after getting into the finals (I have no idea what made me smile like that... ):


Being warmed up already, we played for 6 hours in the finals. It was quite challenging, and we ended up as 2nd runner ups! :)

Cyberlympics Finals results:

  1. hack.ers - Netherlands
  2. UMUC Cyber Padawans - USA
  3. gula.sh - Hungary
  4. FSTeam - Brazil
  5. magpies - Austraila
  6. PRAUDITORS - Hungary
  7. TeamNaija - Nigeria
  8. WhiteHat - Sri Lanka
We got this nice medal here (I stole this from András' Facebook wall, hope he doesn't mind):


We also got 500 bucks which is also nice, even if you split it into 6 :P. The most important thing was that we had a great time preparing and playing and learned a lot of new stuff! :)

After the competition we've celebrated our victory, and spent a couple days with exploring Miami and the Everglades.

After coming back, we got our 15 minutes of fame giving TV interviews (sry, only in Hungarian):


Radio interviews (also in Hungarian):


And Internet sites:

Thanks everyone for your support! Next posts will be about Round 2 and 3 and after that, the Finals in details. Stay tuned! :)