Hacking-Lab Remote Security Lab 15. April 2010

Transcription

1 Compass Security AG Glärnischstrasse 7 CH-8640 Rapperswil T F Hacking-Lab Remote Security Lab 15. April 2010 Name des Dokumentes: EN_Hacking_Lab_V5.0.doc Version: v5.1 Autor: Ivan Bütler, Compass Security AG Lieferungsdatum: 15. April 2010 Klassifikation:

2 Inhaltsverzeichnis 1 HACKING-LAB REMOTE SECURITY LABOR Intoduction Who uses Hacking-Lab? Your Remote Security Lab Advantage of Hacking-Lab Hacking-Lab Management Portal On-Site Wargame HACKING-LAB REFERENCES Wargame Germany: HdM Stuttgart (2008) Wargame at the FH Furtwangen, Germany (2008) Cebit Swiss Cyber Storm II (2009) Attack & Defense (2009) IT Underground Warsaw (2009) Speakers at Hacking-Lab Events SWISS CYBER STORM III SCSIII im Mai Seite: 2

3 1 Hacking-Lab Remote Security Labor 1.1 Intoduction Hacking-Lab is an advanced E-Learning and E-Lab infrastructure for the education of IT specialists. The target group includes security engineers, forensic investigators, software developers and IT operation staff. According the knowledge rating system from Bloom, the knowhow gains a higher level if training modules include hands-on labs. This is exactly what Hacking-Lab provides in-depth lab cases from al large variety of wargame and Hack&Learn cases. 1.2 Who uses Hacking-Lab? Universities o o o o they teach IT security subjects in their modules they teach theory and labs they want to provide leading-edge modules Hacking-Lab provides theory and lab cases to your University Software Companies o they want to educate their staff for the OWASP security guidelines o they want to make their code more robust against web hacking techniques o Hacking-Lab delivers web security cases, code snippets and Web Wargames Security Conferences o They have good talks and tracks o they want to give an added-value to their participants o Hacking-Lab delivers a complete wargame infrastructure that is testet with more than 150 concurrent participants o Hacking-Lab delivers the global ranking page, solutions and everything you need for your IT Sec conference. Fun Weekends in IT Companies o some have some sort of offsite-weekends o they have a knowledge part and some fun activities o Hacking-Lab provides the fun hacking part for your IT engineers, hacking challenges, Hacking for Fun Seite: 3

4 1.3 Your Remote Security Lab Do you feel like using Hacking-Lab all over the year? Please order the yearly fee to have unlimited access to all Hacking-Lab cases. 1.4 Advantage of Hacking-Lab Hacking-Lab is a remote security lab. It' is already there and you save the money of building your own educational lab for your it staff. Hacking-Lab consists of the event/learning management page ( and a remote security lab (OpenVPN access). The portal pages gives you the lab case exercises, where the infrastructure provides the "vulnerable" systems to attack. What are your interests? Interest Live Hacking Demo Description Do you feel like a live hacking demonstration? Do you want to give your talk a special added value? Use Hacking-Lab cases to make your talk more understandable. IT Security Talks Live Hacking Talks Security Demonstrations Security Week Use Hacking-Lab for a whole week during your offsite meeting or internal IT security awareness campaign. Team event within your company Security weeks Security conferences / wargames Security Lessons Use Hacking-Lab in your all-year education programm, including theory and lab cases. IT Security lessons for your needs Universities Seite: 4

5 1.5 Hacking-Lab Management Portal The portal page provides the lab exercises, theory and control patterns. Define your own event out of a large variety of lab cases to your personal education program. Have fun with the educational cases and the ranking page high score. Die portal page provides the following funcationality: Defininition of events Linking modules to the events Linking user accounts to the event Global ranking page Per event ranking page The picture below shows a simplified network topology of the remote security lab infrastructure. Seite: 5

6 1.6 On-Site Wargame Do you want to give your it security conference an added-value? Ask for the Hacking-Lab wargame infrastructure that can be installed on-site in your local area network. Please contact Ivan Bütler for further assistance. Example: Discuss&Discover Germany 2009 Seite: 6

7 2 Hacking-Lab References Hacking-Lab is a very robust IT infrastructure that has been used in events with more than 150 concurrent participants. Here some examples: 2.1 Wargame Germany: HdM Stuttgart (2008) The HdM (Hochschule der Medien) organized a Onsite Wargame in 2008 with about 50 participants. They were challenged to solve the provided security puzzles. Seite: 7

8 2.2 Wargame at the FH Furtwangen, Germany (2008) Onsite Hack&Learn Event on November 7th and 8th 2008 with about 150 concurrent participants. The event was very positive. See this german blog entry. Seite: 8

9 Hacking-Lab was additionally used for their IT Security Awareness Campaing. Seite: 9

10 Seite: 10

11 2.3 Cebit 2009 Cebit 2009 as part of Mittelstands-WIKI. Fun game between Germany and Switzerland Seite: 11

12 2.4 Swiss Cyber Storm II (2009) Hacking-Lab organizes the Swiss Cyber Storm Challenge in 2007 and The next SCS will be performed in April/May Lock Picking Exercise Seite: 12

13 Miss Cyber Storm best hacker out of the crowd Final countdown after 2 day's of fun at SCSII Seite: 13

14 2.5 Attack & Defense (2009) In 2009, Hacking-Lab supported the Attack & Defense event as part of Discuss & Discover with their IT security wargame cases. The participants could choose their favorite topics out of 18 available cases, including attack schemes and defense strategies. 2.6 IT Underground Warsaw (2009) Hacking-Lab at the IT Underground Conference in Warsaw from November 16th to November 18th Seite: 14

15 2.7 Speakers at Hacking-Lab Events Phil Zimmermann (PGP) was a speaker at a Hacking-Lab Event. Seite: 15

16 Candid Wüest, Symantec Threat Team joined our Hacking-Lab Event Seite: 16

17 Alexander Kornbrust, Hacking-Lab Wargame contributor and speaker at the Swiss Cyber Storm II wargame. Seite: 17

18 3 Swiss Cyber Storm III 3.1 SCSIII im Mai 2011 The 2011 Swiss Cyber Storm III Conference on Information Security, Hacking, Wargames and Capture the Flag challenges will be held during of May 2011 in Rapperswil (Zürich) Switzerland. SCSIII is an important event in the areas of information security, hacking and security challenges. Swiss Cyber Storm includes: Hacking-Lab Briefings 12./13. Mai 2011 Hacking-Lab Wargames & Capture the Flag (CTF) 14./15. Mai 2011 Seite: 18