Updated at: Feb 09, 2016
OWASP, SQLi, XSS, CSRF, DOS, WAF, mod_security,
rootkit, IDS, Suricata, SNORT, Bro, OSSEC, nmap,
KALI, Linux, ssh, DNS, IP, Cookies, SSL, shellshock.
In that case we invite You to take part in
CyberOlympics for students
on the 14th of February 2015
starting at 9:00
at Estonian Information Technology College, Raja 4C
Your skills and toughness will be tested on the Estonian Defence Cyber Training Platform. All students from bachelor's, applied science and master's level are welcomed to apply
BLACKHAT EUROPE in Amsterdam
Sounds interesting and You would like to know more,
but You're not quite ready to jump on board this time?
No worries! Come join us still on the event day, because
at 12:00 we open a CyberCafe
where You can (no previous registration needed):
Cyber talks are brought to You by:
- watch the whole competition live in action
- take part in sumorobot workshop
- compete in hands-on hacking competition
- and listen to short presentations on life in the cyberworld, possible field related studying and working possibilities.
Estonian Information Technology College, Tallinn University of Technology, Vequrity, Cisco, ByteLife, Defence CyberLab
As a student, you are offered an internship in the Kingdom of Banania as a sysadmin of Bananian e-Government. Your tasks include administration and maintenance of various government websites and e-services, e.g. www.banaania.ban and www.e-banaan.ban.
Soon you will discover that the websites are riddled with various well-known vulnerabilities which are already being actively exploited for different pranks and web defacement. You are tasked to restore the websites and patch the vulnerabilities.
During the repairs you discover that the website of the largest newspaper of Banania, www.bandeemia.ban, displays ever more nonsensical news stories. The journalists ensure that they have never seen those (and some hint a possible political diversion by the neighbouring Empire of Pineapplia).
After several desperate (and unsuccessful) attempts by various counselors of various importance, King Bananius XII Magnus appoints you as a promising hacker to clean up the mess. If successful, you are promised a lifetime supply of bananas from the Royal Banana Garden. Should you fail, your fate will instead be a lifetime of hard labour at the Banana Curvature Measurement Tool Calibration Office.
Your defense includes restoration of disrupted systems and patching various security holes (every participant will have a small private network that will be constantly under attack during the competition; see Appendix 1 for details).
The CyberOlympics will assess:
- unhindered functioning of the systems (users can access the sites during the defensive activities);
- attack-proofing of the systems (known vulnerabilities are patched);
- recovery after incidents (the systems must return online after dealing with a successful attack);
- finding vulnerabilities in the organization's information systems;
- identification of attackers (IP addresses, log records pointing at the perpetrators).
Reccomended reading for participants
These materials are recommended for study before the competition.Concepts and acronyms:
OWASP, SQLi, XSS, CSRF, DOS, WAF (näiteks mod_security), rootkit avastamine, IDS (Network based, like Suricata, SNORT, Bro, or host based like OSSEC), nmap, KALI, Linux, ssh, DNS, IP, võrgu jälgimine, Cookies (HttpOnly, Secure), SSL nõrkused, shellshock.
Knowledge of Kali Linux and Ubuntu GNU/Linux is strongly recommended.Other materials:http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptxhttps://www.owasp.org/index.php/Category:OWASP_Top_Ten_Projecthttps://www.owasp.org/index.php/Session_Management_Cheat_Sheethttps://www.owasp.org/index.php/OWASP_Application_Security_FAQhttps://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheethttps://www.owasp.org/index.php/Authentication_Cheat_Sheethttps://www.owasp.org/index.php/Category:OWASP_Top_Ten_Projecthttps://www.owasp.org/index.php/Cheat_Sheetshttps://www.youtube.com/playlist?list=PL2t5AgeuWynfE6uC4SNTCTvcYsn_gXH4H