Defend the Castle

You know them by name:  Ghost, Heartbleed, ShellShock, ImageTragick, StageFright. Vulnerabilities so big that even your boss is worried about them. Most of us are likely passingly familiar with these big-name vulnerabilities and how they work.

But have you ever actually seen exploits for these vulnerabilities? Do you know what they look like as they traverse our networks? Could you detect such an attack?
For those that think they could detect such an attack, could you block all the various forms an exploit could take?

Welcome to Defend the Castle – a contest for BlueTeamers

Contestants create their own signatures for network-based attacks against some of the most well-known, publicly-documented vulnerabilities (or exploit kits) of the recent past.

Contestant signatures will be tested against increasingly difficult-to-properly-detect attack traffic (exploit list below). But there’s a catch: You can’t be too aggressive—you’ll get penalized for blocking legitimate traffic (just like in the real world).

Be sure to pre-register for Defend the Castle to reserve your spot and make the most of it! Just use the Registration button to your right and fill in the details.

Goal of the Competition

/ Contestants will upload signatures to Intrusion Prevention System (IPS) of their choice (available devices below)

/ After network connectivity is verified, legitimate traffic must be allowed

/ no port- or protocol-based signatures

/ Signatures will then be tested against a multitude of exploit variants

/ Additional points available for specifically detecting threat

/ Signatures will then be tested against FalsePositive versions of the exploits (traffic that may be non-standard, but doesn’t actually exploit the vulnerability).

/ FalsePositives will lower your score

Can you protect the keys to your kingdom? Suitable prizes awarded for those who can.

/ Contestants are encouraged to research and create signatures ahead of time.
/ For those new to custom signature-development, signature templates will be available at the contest desk.

Rules of Engagement

/ 3 entry per person (1 file containing all signatures; format will vary based on IPS)

/ No port- or protocol-based signatures

/ Blocked/Allowed will be determined by testing device (not IPS)

/ Signatures must be intellectual property of contestant

/ Winning signatures must be available to the public after the close of the contest

/ Signature-based detection only; other IPS features will be disabled​

Scoring

/ Points will be awarded based on the number of attacks blocked, with a multiplier based on difficulty.

/ Points will be subtracted based on the number of FalsePositives blocked, using the same multiplier.

/ In the event of a tie—at the discretion of the judges—additional points may be awarded based on style. Or they will be randomly selected.

PRIZES

Contestants submitting the 3 best-performing signatures will receive a prize.
Prizes are:

/ Proxmark3 RDV4

/ Pandwa RF

/ Hydra NFC

Contact

Adrian Hada – Principal Security Researcher – defcamp@keysight.com 

OTHER INFO

List of exploits (with point multiplier; participants can attempt them in any order):

  • CVE-2019-10392 – Jenkins
  • SCM RCE – 10 points
  • CVE-2019-11779 – Eclipse Mosquito Subscribe Buffer Overflow – 10 points
  • CVE-2019-15107 – Webmin Password Change RCE – 10 points
  • CVE-2019-11707 – Firefox Spidermonkey Type Confusion – 20 points
  • CVE-2018-20250 – Winrar ACE RCE – 20 points
  • CVE-2018-19274 – PHPBB ImageMagick File Exists RCE – 20 points
  • CVE-2019-0547 – Windows DHCP Client Heap Overflow RCE – 30 points

List of IPS devices available

  • Suricata
SPONSORED BY
HACKING VILLAGE

Other Competitions

IoT Village

IOT Village is designed to have a practical approach towards device hacking allowing the participants to win ..

WiFI PWNED Board

You can’t really know what is lurking around in the air. Are you on a secure connection? Don’t worry, we ..

DefCamp Capture the Flag (D-CTF) 2019

DefCamp Capture The Flag ( D-CTF) is the most shattering and rebellious security CTF competition in the ..
0
SPEAKERS
0
COUNTRIES
0
ATTENDEES
0
HACKING
COMPETITIONS
0
COMPANIES

Sponsors & Partners

They help us make this conference possible.

POWERED BY

Orange „brings you closer to what matters to you”.

This is our brand promise: to bring our clients closer to what’s essential to them and to keep them always connected and in touch with the latest technologies, by offering them the best and safest communication experience.

WWW.ORANGE.RO

PLATINUM PARTNERS

Ixia provides testing, visibility, security solutions, network testing tools and virtual network security solutions to strengthen applications across physical and virtual networks.

WWW.IXIACOM.COM

Secureworks provides threat intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

WWW.SECUREWORKS.COM

GOLD PARTNERS
SILVER PARTNERS
GAMING PARTNER
VIP & SPEAKERS LOUNGE PARTNER
BRONZE PARTNERS
COMMUNITY & MEDIA PARTNERS