Tuesday, July 15, 2014

CTF365

Crimson Agents is on CTF365.  CTF365 is a security training platform that proposes a new approach to Capture the Flag (CTF) competition. It's currently in beta, as such much of the platform is in flux as teams determine how to use this new platform and Crimson Agents is using CTF365 for a variety of benifits.

Bug Hunting

 "Given enough eyeballs, all bugs are shallow" - Eric Raymond

By hosting content and asking a sizable community to "do your worst" we should be able to find bugs for extremely small projects that lack the security resources needed. We currently have a beta version of UnallocatedSpace's future site with the hope of finding a few bugs prior to its full deployment.




To support registration (and to find bugs in other software), we have a webmail server that will soon allow self-registration, and we'll provide instructions to assist testers with documentation for full coverage testing of the applications. Our team fortress is on 10.194.0.44



Tool Development

Having a large and diverse pen-test lab is beneficial for anyone developing or testing tools. CTF365 augments a personal lab with a large environment maintained by other people, ensuring a diverse set of targets. Crimson Agents will be using CTF365 both to ensure the robustness of our tools and to compare results from multiple tools.

Honeypot Research

The oldest way to learn is by observing others. The Crimson Agent's fortress will also include various honeypots to analyze recon and attack methodologies.

Team Practice

Currently the best way to practice for CTFs is to participate in them. This is analogous to saying, the best way to train an army is to fight in a lot of wars. CTF365 provides a flexible and dynamic environment to practice as a team, build cohesion, and solidify roles and expectations prior to being flung into a chaotic and stressful competition. Crimson Agents will be training on CTF365 prior to each CTF to test out team strategies and infrastructure, and perhaps find a few security bugs in the process.

No comments:

Post a Comment