Very soon, Positive Hack Days will once again make a cut, pushing hackers, security guards, analysts and security experts to face The Standoff.
This year we, courageous and decisive guys from the Jet CSIRT Security Monitoring and Response Center, will strengthen the Jet Security Team – we will help our defenders fight back the attackers. Usually, our daily lives consist of continuous monitoring, analysis and maintenance of the security level of the protected segment, but the challenge in the form of a cool cyber battle will not hurt us either.
We are going to the “Confrontation” for the first time, however, in general, the tasks set at the competition are close to our daily work: it is necessary to build and adjust the processes for detecting and investigating incidents and also for responding to them on an unknown infrastructure. We are given very little time for setting up the infrastructure – just a month. And this means that all the May pleasures – kebabs, planting potatoes and other adventures – we will have to postpone. Today we want to share the expectations of the upcoming cyber battles.
Let's start with the good: in the “Confrontation” infrastructure, advocates can twist any settings, policies and put everything that
wish allowed by the organizers. On real projects, everything usually rests on the capabilities of the customer, the presence of certain GIS on the site and boils down to finding the golden mean between the capabilities and wishes of the customer – often not at the expense of the mandatory aspects associated with building the monitoring process. To adjust the response processes in our virtual city, we need a more subtle approach. It’s just not possible to close the ports of the services and block all the addresses of the “crooks”, because the organizers will check the availability / inaccessibility of infrastructure resources, and they will do everything to ensure a balance of defense and attack. At the same time, we have a clear idea that at the time of the start of the competition the infrastructure will not be compromised. At the same time, according to the rules of the game, a bunch of loopholes for hackers will be precisely locked in it. Like other teams of defenders, we know the exact time of the beginning and end of the alleged attacks, and this will certainly help us to gather all the forces to reflect the concentrated number of attacks in a certain period.
This year, the hackathon for application developers will be held for the first time at The Standoff. It is not difficult to guess that these applications will be placed in the infrastructure of the defenders, and developers will patch all the holes on their knees during the event. This will mainly create additional attack vectors, which are unlikely to prepare for. But we will get a new experience in building interaction with the “internal” development team and in identifying and eliminating vulnerabilities in the online mode, which is also cool.
In general, The Standoff is one of the largest CTF events. Our main goal is to experience targeted attacks on the infrastructure, try new methods and scenarios to identify incidents that we cannot test on real projects. See you at PHDays!