IT Infrastructure Hackathon
Guardian IT Infrastructure Hackathon Real-time services, traffic, exploitation and attack
This fast paced War Games style event puts IT and Operations staff to the test as they defend an interconnected network against ongoing waves of attacks. Teams practice situational awareness by performing packet, traffic, and log analysis to detect attacks, followed by system hardening to thwart them.
• Cultivates teamwork and an appreciation for protecting the enterprise
• Assesses ability to handle real world incidence response without disrupting normal operations
• Live training before and after; breakout sessions throughout
How it Works
Each team (Blue Team) gets an identical network of firewalls, servers and services they need to defend. Security Innovation engineers (Red Team) conduct ongoing automated attacks on all Blue Teams who in turn, analyse the attack traffic and services to understand how they are being attacked and try to keep their systems up and running. Points are gained by keeping each service up and responding to requests. Points are lost when services are unavailable or when attacks are successful.
Red Team attacks each Blue Team at the same time using same attacks on the following:
- Mail Servers
- Active Directory
- Access Controls
- Custom Services
- Domain Name System (DNS)
- Web Servers and Applications
- And much more!
Campaign and Waves
All network traffic is captured and made available to the teams after each wave, giving each team the ability to review the packet captures (PCAPs) to better analyze and understand how they were attacked. To ensure that PCAP files look realistic, numerous automated users utilize services as if they were normal operational users.
While it's important for teams to triage attacks in order to optimize their score, an emphasis is placed on remediating issues while maintaining availability of network services and assets. A service validator on the scoring server automatically makes requests to each service. If the service responds appropriately, points are earned. If the service does not respond, points are not scored. If a service is successfully exploited, points are lost.
Example services and vulnerabilities:
- FTP - Download All, unauthenticated
- FTP - ShellShock
- GitLab - Open Redis Exploitation
- GitLab - Web App Available to the internet
- GitLab - SSH tunnel Exploitation
- GitLab - Password Brute Force
- GitLab - Authentication Web Service
- HTTP - Slowloris Attack
- HTTP – GET Method Exploitation
- LDAP - Check Connection
- SMTP - Open Relay
- SAMBA share - List Open Share
- Tomcat - Bruteforce
- Web - Wordpress Server Side Includes
- WebDav - Upload/Download Content
- HTTP IIS - MS 15034 Exploitation
Easily add, remove and configure firewall rules
Team Status page - view recent logs and download past wave PCAPs
Players should be familiar with OS configuration (Windows and Linux), command line utilities, networking, firewalls, and access controls. Players need to be able to read and analyze log files, modify configurations, and explore network packet captures. Although challenges expose players to applications and source code, no programming experience is necessary.
Network Architecture & Components