<iframe src="//www.googletagmanager.com/ns.html?id=GTM-HR96"height="0" width="0" style="display:none;visibility:hidden"></iframe> CyberOlympics 2015 | Study IT in Estonia
Updated at: Feb 09, 2016



OWASP, SQLi, XSS, CSRF, DOS, WAF, mod_security,
rootkit, IDS, Suricata, SNORT, Bro, OSSEC, nmap,
KALI, Linux, ssh, DNS, IP, Cookies, SSL, shellshock.

Sounds familiar?
In that case we invite You to take part in


CyberOlympics for students


on the 14th of February 2015

starting at 9:00
at Estonian Information Technology College, Raja 4C

Your skills and toughness will be tested on the Estonian Defence Cyber Training Platform. All students from bachelor's, applied science and master's level are welcomed to apply

FIRST PRIZE:
BLACKHAT EUROPE in Amsterdam

Sounds interesting and You would like to know more,
but You're not quite ready to jump on board this time?
No worries! Come join us still on the event day, because

at 12:00 we open a CyberCafe

where You can (no previous registration needed):
  • watch the whole competition live in action
  • take part in sumorobot workshop
  • compete in hands-on hacking competition
  • and listen to short presentations on life in the cyberworld, possible field related studying and working possibilities.

Cyber talks are brought to You by:
Estonian Information Technology College, Tallinn University of Technology, Vequrity, Cisco, ByteLife, Defence CyberLab




The scenario


As a student, you are offered an internship in the Kingdom of Banania as a sysadmin of Bananian e-Government. Your tasks include administration and maintenance of various government websites and e-services, e.g. www.banaania.ban and www.e-banaan.ban.

Soon you will discover that the websites are riddled with various well-known vulnerabilities which are already being actively exploited for different pranks and web defacement. You are tasked to restore the websites and patch the vulnerabilities.

During the repairs you discover that the website of the largest newspaper of Banania, www.bandeemia.ban, displays ever more nonsensical news stories. The journalists ensure that they have never seen those (and some hint a possible political diversion by the neighbouring Empire of Pineapplia).

After several desperate (and unsuccessful) attempts by various counselors of various importance, King Bananius XII Magnus appoints you as a promising hacker to clean up the mess. If successful, you are promised a lifetime supply of bananas from the Royal Banana Garden. Should you fail, your fate will instead be a lifetime of hard labour at the Banana Curvature Measurement Tool Calibration Office.

Your defense includes restoration of disrupted systems and patching various security holes (every participant will have a small private network that will be constantly under attack during the competition; see Appendix 1 for details).


Assessment


The CyberOlympics will assess:
  1. unhindered functioning of the systems (users can access the sites during the defensive activities);
  2. attack-proofing of the systems (known vulnerabilities are patched);
  3. recovery after incidents (the systems must return online after dealing with a successful attack);
  4. finding vulnerabilities in the organization's information systems;
  5. identification of attackers (IP addresses, log records pointing at the perpetrators).


Reccomended reading for participants


These materials are recommended for study before the competition.

Concepts and acronyms:
OWASP, SQLi, XSS, CSRF, DOS, WAF (näiteks mod_security), rootkit avastamine, IDS (Network based, like Suricata, SNORT, Bro, or host based like OSSEC), nmap, KALI, Linux, ssh, DNS, IP, võrgu jälgimine, Cookies (HttpOnly, Secure), SSL nõrkused, shellshock.

Knowledge of Kali Linux and Ubuntu GNU/Linux is strongly recommended.

Other materials:
http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
https://www.owasp.org/index.php/OWASP_Application_Security_FAQ
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
https://www.owasp.org/index.php/Authentication_Cheat_Sheet
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
https://www.owasp.org/index.php/Cheat_Sheets
https://www.youtube.com/playlist?list=PL2t5AgeuWynfE6uC4SNTCTvcYsn_gXH4H