Skyler Onken Senior Brigham Young University Idaho OnPoint Development Group LLC CEH Security ECSA CISSP Associate Twitter skyleronken Blog httpsecurityrelikssecuregossipcom ID: 378011
Download Presentation The PPT/PDF document "Solving the US Cyber Challenge: Cyber Qu..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Solving the US Cyber Challenge: Cyber Quest
Skyler Onken
Senior, Brigham Young University – Idaho
OnPoint
Development Group LLC
CEH, Security+, ECSA, CISSP (Associate)
Twitter: @
skyleronken
Blog: http://securityreliks.securegossip.comSlide2
End State
Technical knowledge
Better
u
nderstand the skill
level expected of
new security professionals Slide3
What is the USCC?
Government & Corporate
Improve the industry
Identify promising individuals
Assess the education of security students
Varying security related competitions
SANS Training Events (Regional and State)Slide4
March 2011 Cyber Quest
15 Trivia
15 Practical
Vulnerable Web ApplicationSlide5
April 2011 Cyber Quest
10 Trivia
20 Practical
PCAP fileSlide6
The QuestionsSlide7
Trivia Question - #1
Which DNS record type will request a copy of an entire DNS zone?
ZONE
AXFR
A
PTRSlide8
Trivia Question - #2
Which protocol does the “ping” utility use to test network connectivity between two hosts?
UDP
TCP
IP
ICMPSlide9
Trivia Question - #3
Which HTTP header field identifies the web browser being used by the client?
Host
Server
Browser
User-AgentSlide10
Trivia Question - #4
Which protocol do computers use to exchange information about their MAC addresses to other computers on the same subnet?
DNS
DHCP
ARP
RSVPSlide11
Trivia Question - #5
Before the SPF DNS record type was created to address e-mail spam, which DNS record type did Sender Policy Framework utilize?
MX
TXT
SRV
PTR
example.com
. IN
TXT
"
v
=spf1 +
mx
a:colo.example.com/28 -all”
example.com
. IN
SPF
"
v
=spf1 +
mx
a:colo.example.com/28 -all"Slide12
Trivia Question - #6
Which of the following represents the correct sequence of TCP packets to complete the 3-way handshake
SYN, SYN-ACK, ACK
SYN, ACK, SYN-ACK
FIN, FIN-ACK, ACK
SYN, FIN, ACKSlide13
Trivia Question - #7
Which of the following represents a valid path to a file share using SMB/CIFS on a Windows system
\\SERVERNAME\SHARENAME
smb.servername.com/sharename
\\SHARENAME.SERVERNAME\
C:\SERVERNAME\SHARENAMESlide14
Trivia Question - #8
Which HTTP status code indicates that authentication is required?
400
401
500
200Slide15
Trivia Question - #9
When a TCP port is closed, what type of packet will typically be sent in response to an incoming packet?
TCP RST packet
ICMP Port Unreachable packet
TCP CLD packet
TCP SYN-ACK packetSlide16
Trivia Question - #10
Which HTTP method is most commonly used when submitting sensitive data to a web application?
POST
TRACE
SECURE
GETSlide17
Practical Question - #11
The DNS name “
wireless.pseudovision.net
” is actually a canonical alias (CNAME record). What DNS name does it point to?
blog.pseudovision.net
server1.pseudovision.net
server2.pseudovision.net
wireless.target.tgtSlide18
Practical Question - #12
Which password did the user at 10.10.10.4 use to connect to 10.10.10.1 using Telnet?
gobbler
contaminated
C007P@33
adminSlide19
Practical Question - #13
Which operating system is running on 10.10.10.2?
Fedora Linux
Windows XP
Windows 7
CentOS
LinuxSlide20
Practical Question - #14
The web page that the user at 10.10.10.3 visited required a username and password. What was the password that the user supplied?
trash
admin
treasure
str0ng!pw
sonken@bt
:~# echo -
n
"YWRtaW46c3RyMG5nIXB3" | base64 -
d
admin:
str0ng!pwSlide21
Practical Question - #15
A web page that the user at 10.10.10.4 visited required a username and password. What was the password that the user supplied?
beautiful
beethoven29
camera101
yuriSlide22
Practical Question - #16
Prior to the session recorded in the supplied PCAP file, when was the last time the user at 10.10.10.4 connected to 10.10.10.1 via Telnet?
Monday, March 7th
Wednesday, March 30th
Friday, March 11th
Tuesday, April 5thSlide23
Practical Question - #17
Which of the following TCP ports is closed on 10.10.10.1?
80
445
22
23Slide24
Practical Question - #18
What are the contents of the payload included in a specially crafted ICMP packet found in the capture file?
abcdefghijklmnopqrstuvwxyz
Words taste like peaches.
Save the cheerleader, save the world!
!"#$%&'()*+,-./01234567Slide25
Practical Question - #19
According to DNS records, what is the IP address of the server “
sales.target.tgt
”?
10.10.10.7
10.10.10.1
10.10.10.40
10.10.10.12Slide26
Practical Question - #20
The web page that the user at 10.10.10.4 visited has a picture of a bridge. Which bridge is it?
Tower Bridge
Golden Gate Bridge
Zakim
Bridge
Verrazano-Narrows BridgeSlide27
Practical Question - #21
What is the OUI of the MAC address for the computer at 10.10.10.78?
00:05:69
00:0C:29
9A:92:A2
00:0C:29:9A:92:A2Slide28
Practical Question - #22
What is the name of the file share that the user at 10.10.10.3 connected to?
BUYMORE
CASTLE
FILESHARE
HERDFILESSlide29
Practical Question - #23
Which of the following commands was used to generate the ping packet from 10.10.10.4?
C:\> ping 10.10.10.3
C:\> ping –
n
1 10.10.10.2
$ ping –
c
1 10.10.10.3
$ ping –
t
1 10.10.10.2Slide30
Practical Question - #24
How long should a client resolver cache the IP address associated with the name “
blog.pseudovision.net
”?
1 Hour
15,180 milliseconds
64 minutes
86,400 secondsSlide31
Practical Question - #25
According to the Sender Policy Framework, which IP address is allowed to send e-mail on behalf of the “
target.tgt
” domain?
10.10.10.40
10.10.10.1
10.10.10.20
10.10.10.8Slide32
Practical Question - #26
Which web browser is the user at 10.10.10.3 using?
Safari
Internet Explorer
Google Chrome
FirefoxSlide33
Practical Question - #27
Which operating system is running on 10.10.10.3?
Fedora Linux
Windows 7
Windows XP
CentOS
LinuxSlide34
Practical Question - #28
Which version of the web server software is running on 10.10.10.2?
2.0.52
2.2.17
1.3.42
2.0.63Slide35
Practical Question - #29
Which computer used an ARP probe to make sure that the IP address was not already in use?
10.10.10.1
10.10.10.3
10.10.10.2
10.10.10.4Slide36
Practical Question - #30
What is the hostname of the system running on 10.10.10.3?
BUYMORE
AWESOME
ORION
JEFFSTERSlide37
Outcomes
~800 Took the exam
Top 300* Went to Cyber Camp
Some with scores as low as 25 attended**
Ages 18-50’s
Students and Professionals
Various backgrounds
Pen Testers
Incident Handlers
Forensic Investigators
Network/Firewall
Admins
*: Some chose not to attend, so slots were then offered to others
**: Based upon my personal conversations with participantsSlide38
The Gap Between Education and Employment
Educational Institutions
Industry
Personal Endeavors
4 Years
2-5 Years
6 Months – 10 YearsSlide39
Working Models
Try Outs/Competitions
Development Programs
Training For Service
Internship RecruitmentSlide40
Possible Solutions
Educational Institutions
Industry
Development Programs
Training For Service
Try Outs
3 Years
1-3 Years
0-2 Years
Internships
3 Years
1Slide41
Other Conclusions
I am not a $ cruncher
Nurture vs. Nature
Don’t rely upon educational institutes
Don’t rely upon other companies or certifications to develop your professional
Quality of professional will save you $ in the long runSlide42
Questions?