SPEAKERS
0
COUNTRIES
0
ATTENDEES
0
HACKING
COMPETITIONS
COMPETITIONS
0
COMPANIES
0
You know them by name: Ghost, Heartbleed, ShellShock, ImageTragick, StageFright. Vulnerabilities so big that even your boss is worried about them. Most of us are likely passingly familiar with these big-name vulnerabilities and how they work.
But have you ever actually seen exploits for these vulnerabilities? Do you know what they look like as they traverse our networks? Could you detect such an attack?
For those that think they could detect such an attack, could you block all the various forms an exploit could take?
Welcome to Defend the Castle – a contest for BlueTeamers
Contestants create their own signatures for network-based attacks against some of the most well-known, publicly-documented vulnerabilities (or exploit kits) of the recent past.
Contestant signatures will be tested against increasingly difficult-to-properly-detect attack traffic (exploit list below). But there’s a catch: You can’t be too aggressive—you’ll get penalized for blocking legitimate traffic (just like in the real world).
Be sure to pre-register for Defend the Castle to reserve your spot and make the most of it! Just use the Registration button to your right and fill in the details.
Goal
Goal of the Competition
/ Contestants will upload signatures to Intrusion Prevention System (IPS) of their choice (available devices below)
/ After network connectivity is verified, legitimate traffic must be allowed
/ no port- or protocol-based signatures
/ Signatures will then be tested against a multitude of exploit variants
/ Additional points available for specifically detecting threat
/ Signatures will then be tested against False Positive versions of the exploits (traffic that may be non-standard, but doesn’t actually exploit the vulnerability).
/ False Positives will lower your score
Can you protect the keys to your kingdom? Suitable prizes awarded for those who can.
/ Contestants are encouraged to research and create signatures ahead of time.
/ For those new to custom signature-development, signature templates will be available at the contest desk.
Rules
Rules of Engagement
/ 3 entry per person (1 file containing all signatures; format will vary based on IPS)
/ No port- or protocol-based signatures
/ Blocked/Allowed will be determined by testing device (not IPS)
/ Signatures must be intellectual property of contestant
/ Winning signatures must be available to the public after the close of the contest
/ Signature-based detection only; other IPS features will be disabled
Scoring
/ Points will be awarded based on the number of attacks blocked, with a multiplier based on difficulty.
/ Points will be subtracted based on the number of FalsePositives blocked, using the same multiplier.
/ In the event of a tie—at the discretion of the judges—additional points may be awarded based on style. Or they will be randomly selected.
PRIZES
Contestants submitting the 3 best-performing signatures will receive a prize.
Prizes are:
/ Amazon Kindle
/ Zeblaze Vibe 5
/ Redragon – S101-BA
Contact
Mihai Vasilescu – Principal Security Researcher – [email protected]
OTHER INFO
List of exploits (with point multiplier; participants can attempt them in any order):
- CVE-2021-5902 – F5 Big-IP multiple vulnerabilities – 10 points
- CVE-2021-25646 – Apache Druid RCE – 10 points
- CVE-2021-26084 – Confluence RCE – 20 points
- CVE-2020=16846 – SaltStack Salt API command injection – 20 points
- CVE-2020-1472 – Zerologon authentication bypass (over SMB) – 30 points
- CVE-2021-34527 Microsoft Windows Print Spooler code execution (PrintNightmare) – 30 points
List of IPS devices available
- Suricata
HACKING VILLAGE
Other Competitions
Decode and Conquer: Forensics CTF Challenge
Overview Back to Contests Decode and Conquer: Forensics CTF Challenge Put your forensic and reverse ..
Memory Leak
Overview Back to Contests Memory Leak Get ready to unravel the PCB enigma in “Memory Leak” at ..
Target John
Target John is a competition where participants receive several details about a real target and they have to ..
Sponsors & Partners
They help us make this conference possible.
POWERED BY
Orange Romania is part of the Orange Group, one of the largest global telecommunications operators that connects hundreds of millions of customers worldwide. With over 11 million local customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions for both individual and corporate customers, from basic connectivity services to complete mobile, fixed internet, TV packages, and complex IT&C solutions through Orange Business.
Orange Romania is the number 1 operator in terms of network performance, and also holds nine consecutive Top Employer certifications, which confirm that Orange Romania, in addition to the remarkable products and services it offers, pays special attention to its employees and working environment. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance.
In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.
PLATINUM PARTNERS
GOLD PARTNERS
SILVER PARTNERS
BRONZE PARTNERS
HACKING VILLAGE PARTNERS
EXHIBITORS
VIP LOUNGE POWERED BY
COMMUNITY & MEDIA PARTNERS
