Thursday, May 13, 2010

RootWars - Day Two

Well, yesterday was an eventful day. Team 1 was able to obtain root within 15 minutes using one of the backdoors enabled in the default RootWars VM image. They were successful in locking Team 2 out of their system. Team 2 had to reboot the image in single user mode and make some adjustments to prepare themselves for week 3. There are two lessons that I truly hoped the students walked away with:

Incident Handling skills are crucial. All of the hacking and penetration testing skills are glamorous and sexy but if you cannot defend you will be hacked. If you cannot identify that an intruder is on your system, then you are defenseless at that point. And if you cannot remove the intruder from your system efficiently then you are subject to his whims and mercy (or lack thereof).

Be aggressive. Not just in your offense, but in your defense as well. You cannot avail yourself of all of the backdoors, Trojans and rootkits against your opponent in a RootWars scenario until you have aggressively searched for, found and eradicated them from your own. Then you can leverage that knowledge in attacks against your adversary. This is truly a case where your best offense is a good defense.

I shared quite a few tips with Team 2 and a few with Team 1 in an effort to even things up a bit and also make sure that the frustration levels involved remain tolerable.

All in all the exercise is proceeding well. Team 1 will need to work on sportsmanship conduct as we proceed but I have addressed that with them personally. This exercise is supposed to be fun and a learning experience for everyone involved. I look forward to week 3 and hope that all of the students do as well. Until next time.

May Your Skill Prevail.

No comments: