Solving the US Cyber Challenge: Cyber Quest - PowerPoint PPT Presentation

solving the us cyber challenge cyber quest n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Solving the US Cyber Challenge: Cyber Quest PowerPoint Presentation
Download Presentation
Solving the US Cyber Challenge: Cyber Quest

play fullscreen
1 / 42
Solving the US Cyber Challenge: Cyber Quest
138 Views
Download Presentation
dusan
Download Presentation

Solving the US Cyber Challenge: Cyber Quest

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Solving the US Cyber Challenge: Cyber Quest Skyler Onken Senior, Brigham Young University – Idaho OnPoint Development Group LLC CEH, Security+, ECSA, CISSP (Associate) Twitter: @skyleronken Blog: http://securityreliks.securegossip.com

  2. End State • Technical knowledge • Better understand the skill level expected of new security professionals

  3. What is the USCC? • Government & Corporate • Improve the industry • Identify promising individuals • Assess the education of security students • Varying security related competitions • SANS Training Events (Regional and State)

  4. March 2011 Cyber Quest • 15 Trivia • 15 Practical • Vulnerable Web Application

  5. April 2011 Cyber Quest • 10 Trivia • 20 Practical • PCAP file

  6. The Questions

  7. Trivia Question - #1 • Which DNS record type will request a copy of an entire DNS zone? • ZONE • AXFR • A • PTR

  8. Trivia Question - #2 • Which protocol does the “ping” utility use to test network connectivity between two hosts? • UDP • TCP • IP • ICMP

  9. Trivia Question - #3 • Which HTTP header field identifies the web browser being used by the client? • Host • Server • Browser • User-Agent

  10. Trivia Question - #4 • Which protocol do computers use to exchange information about their MAC addresses to other computers on the same subnet? • DNS • DHCP • ARP • RSVP

  11. Trivia Question - #5 • Before the SPF DNS record type was created to address e-mail spam, which DNS record type did Sender Policy Framework utilize? • MX • TXT • SRV • PTR example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all” example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all"

  12. Trivia Question - #6 • Which of the following represents the correct sequence of TCP packets to complete the 3-way handshake • SYN, SYN-ACK, ACK • SYN, ACK, SYN-ACK • FIN, FIN-ACK, ACK • SYN, FIN, ACK

  13. Trivia Question - #7 • Which of the following represents a valid path to a file share using SMB/CIFS on a Windows system • \\SERVERNAME\SHARENAME • smb.servername.com/sharename • \\SHARENAME.SERVERNAME\ • C:\SERVERNAME\SHARENAME

  14. Trivia Question - #8 • Which HTTP status code indicates that authentication is required? • 400 • 401 • 500 • 200

  15. Trivia Question - #9 • When a TCP port is closed, what type of packet will typically be sent in response to an incoming packet? • TCP RST packet • ICMP Port Unreachable packet • TCP CLD packet • TCP SYN-ACK packet

  16. Trivia Question - #10 • Which HTTP method is most commonly used when submitting sensitive data to a web application? • POST • TRACE • SECURE • GET

  17. Practical Question - #11 • The DNS name “wireless.pseudovision.net” is actually a canonical alias (CNAME record). What DNS name does it point to? • blog.pseudovision.net • server1.pseudovision.net • server2.pseudovision.net • wireless.target.tgt

  18. Practical Question - #12 • Which password did the user at 10.10.10.4 use to connect to 10.10.10.1 using Telnet? • gobbler • contaminated • C007P@33 • admin

  19. Practical Question - #13 • Which operating system is running on 10.10.10.2? • Fedora Linux • Windows XP • Windows 7 • CentOS Linux

  20. Practical Question - #14 • The web page that the user at 10.10.10.3 visited required a username and password. What was the password that the user supplied? • trash • admin • treasure • str0ng!pw sonken@bt:~# echo -n "YWRtaW46c3RyMG5nIXB3" | base64 -d admin:str0ng!pw

  21. Practical Question - #15 • A web page that the user at 10.10.10.4 visited required a username and password. What was the password that the user supplied? • beautiful • beethoven29 • camera101 • yuri

  22. Practical Question - #16 • Prior to the session recorded in the supplied PCAP file, when was the last time the user at 10.10.10.4 connected to 10.10.10.1 via Telnet? • Monday, March 7th • Wednesday, March 30th • Friday, March 11th • Tuesday, April 5th

  23. Practical Question - #17 • Which of the following TCP ports is closed on 10.10.10.1? • 80 • 445 • 22 • 23

  24. Practical Question - #18 • What are the contents of the payload included in a specially crafted ICMP packet found in the capture file? • abcdefghijklmnopqrstuvwxyz • Words taste like peaches. • Save the cheerleader, save the world! • !"#$%&'()*+,-./01234567

  25. Practical Question - #19 • According to DNS records, what is the IP address of the server “sales.target.tgt”? • 10.10.10.7 • 10.10.10.1 • 10.10.10.40 • 10.10.10.12

  26. Practical Question - #20 • The web page that the user at 10.10.10.4 visited has a picture of a bridge. Which bridge is it? • Tower Bridge • Golden Gate Bridge • Zakim Bridge • Verrazano-Narrows Bridge

  27. Practical Question - #21 • What is the OUI of the MAC address for the computer at 10.10.10.78? • 00:05:69 • 00:0C:29 • 9A:92:A2 • 00:0C:29:9A:92:A2

  28. Practical Question - #22 • What is the name of the file share that the user at 10.10.10.3 connected to? • BUYMORE • CASTLE • FILESHARE • HERDFILES

  29. Practical Question - #23 • Which of the following commands was used to generate the ping packet from 10.10.10.4? • C:\> ping 10.10.10.3 • C:\> ping –n 1 10.10.10.2 • $ ping –c 1 10.10.10.3 • $ ping –t 1 10.10.10.2

  30. Practical Question - #24 • How long should a client resolver cache the IP address associated with the name “blog.pseudovision.net”? • 1 Hour • 15,180 milliseconds • 64 minutes • 86,400 seconds

  31. Practical Question - #25 • According to the Sender Policy Framework, which IP address is allowed to send e-mail on behalf of the “target.tgt” domain? • 10.10.10.40 • 10.10.10.1 • 10.10.10.20 • 10.10.10.8

  32. Practical Question - #26 • Which web browser is the user at 10.10.10.3 using? • Safari • Internet Explorer • Google Chrome • Firefox

  33. Practical Question - #27 • Which operating system is running on 10.10.10.3? • Fedora Linux • Windows 7 • Windows XP • CentOS Linux

  34. Practical Question - #28 • Which version of the web server software is running on 10.10.10.2? • 2.0.52 • 2.2.17 • 1.3.42 • 2.0.63

  35. Practical Question - #29 • Which computer used an ARP probe to make sure that the IP address was not already in use? • 10.10.10.1 • 10.10.10.3 • 10.10.10.2 • 10.10.10.4

  36. Practical Question - #30 • What is the hostname of the system running on 10.10.10.3? • BUYMORE • AWESOME • ORION • JEFFSTER

  37. Outcomes • ~800 Took the exam • Top 300* Went to Cyber Camp • Some with scores as low as 25 attended** • Ages 18-50’s • Students and Professionals • Various backgrounds • Pen Testers • Incident Handlers • Forensic Investigators • Network/Firewall Admins *: Some chose not to attend, so slots were then offered to others **: Based upon my personal conversations with participants

  38. The Gap Between Education and Employment 4 Years 2-5 Years 6 Months – 10 Years Industry Personal Endeavors Educational Institutions

  39. Working Models • Try Outs/Competitions • Development Programs • Training For Service • Internship Recruitment

  40. Possible Solutions 3 Years 3 Years 1-3 Years 0-2 Years 1 Industry Training For Service Development Programs Internships Try Outs Educational Institutions

  41. Other Conclusions • I am not a $ cruncher • Nurture vs. Nature • Don’t rely upon educational institutes • Don’t rely upon other companies or certifications to develop your professional • Quality of professional will save you $ in the long run

  42. Questions?