Counter-Hacking in New Jersery….
I have finally returned home after spending the last seven days sequestered in a lavish hotel about ten miles south of Red Bank, NJ (home of Kevin Smith and his comic book store) I was there to attend training called “Hacker Techniques, Exploits & Incident Handling” for my GCIH (GIAC Certified Incident Handler) certification. What an amazing week!
From Sun Tzu’s ‘The Art of War’ (Translation and commentary by Lionel Giles, Sourced from Project Gutenberg):
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.”
-Sun Tzu, Art of War
We started with the an overview of the basics of incident handling and quickly moved into “Knowing the enemy…” by studying all sorts of really amazing (and sometimes ridiculously simple) attack vectors and ways to exploit them. Network attacks, various Unix/Linux attacks, Windows attacks… you name it, we probably covered it. From simple smurf attacks to buffer overflows to kernel level rootkits and even hints of escaping virtual machines! (pretty scary stuff) The class started at 9:00am sharp every morning, continuing on until 8:00 or 8:30pm nearly every night (we took a night off on Wednesday, and class ended Saturday afternoon).
The culmination of the training was a ‘Capture the Flag’ style game where we were allowed to flex our new skills against a series of windows (2k and 2k3 servers) and linux servers in an attempt to attack each server, gain access and find a file that contained clues to our final objective. Several of the participants played as three to six man teams, while others hacked alone. I started out with a couple of very able cohorts, but we each became quickly immersed in the process and became defacto ‘lone gunmen’. We were allowed to begin our attacks at 9:30am with the first flags found within twenty minutes. The second flags fell much later (near 11:30a).
I was poking and prodding each machine, furiously trying many different attack vectors while others around me seemed to be surging ahead, locked into combat with a particular exploit or two that were certain to win them the game. I managed to quickly get the first flag a little bit after everyone else (not a good sign), next I captured the fourth flag around 11:00a. I managed to get the third flag (the hardest one of the four by far) and finally captured the second flag at about 12:50p. With all of the flags captured, I managed to assemble each of the clues provided by the flags, which pointed to a file with a password protected, steganographically embedded message. I analyzed the file and was able to extract the hidden phrase, and lo and behold yours truly won the game just after 1:00pm.
About twenty minutes later a team of six people managed to snag second place, and after another twenty minutes, third and fourth place was claimed.
The point of all this was to embody the teaching of Sun Tzu and “know the enemy and know yourself” so that we can all better defend our networks and servers by “Counterhacking” if you will. My instructor literally wrote the definitive book on the subject:
Now comes the hard part… I will spend the next week and a half (possibly more) studying all of the material in-depth to prepare for the two 90 minute tests in order to earn the certification.
I can’t recommend this training highly enough to those whose job is to serve as systems administrators, network administrators or security administrators. The skills learned will be of immense value in assessing and securing our corporate infrastructures.
