Texas Cyber Summit II

START: 11:00AM OCTOBER 10th, 2019
END: 1PM OCTOBER 12th, 2019
Rules:

• register; https://texascyber.ctf.bi.zone
• tasks will be available at the link; https://texascyber.ctf.bi.zone
• those who earn more points wins the CTF
• in case of equal points, the winner will be the one who earned them first.

It's forbidden to:

• attack the organnizers infrastructure;
• generate large amounts of traffic (DDoS);
• attack computers of the jury or other participants;
• share flags with other participants.

The amount of points that every team gets for each task depends on how many times this task was solved by all teams.
Submit this flag to solve the welcome task: flag{4760227a29364a3b7eca0491457e77e2}
Each task is marked as easy, medium or hard. This difficulty level doesn’t affect scoring formula of the task, which only depends on the amount of teams that has submitted the flag.
Default flag format: flag{[a-f0-9]{32}}
The organizers reserve the right to disqualify participants for violating the rules.
Located on the 4th Floor: Seguin A

The open-source release of the NSA's Ghidra disassembler gives software reverse engineers a free option for high-capability interactive analysis of binary code. Many software reverse engineering (SRE) practitioners have been spending time since the release learning about Ghidra and bringing it into their workflow. It also gives those new to SRE a toolset to learn with that is not restricted by commercial license costs or "demo" limitations.


The goal of this session is to expose attendees with no prior reverse engineering experience to the Ghidra disassembler. Ghidra will be used as an environment in which the basics of reading, navigating, and analyzing executable code will be demonstrated. Dr. McGrew will demonstrate how to install and configure Ghidra, and then load a series of sample programs that he will use to illustrate:
Strategies for analyzing unknown programsLinking and loading in WindowsData typesC code constructs in assembly
All of these concepts will be discussed in the context of the iterative process of reverse engineering unknown code--using what we know about the program based on its API calls and overtly documented information to deduce the types and purposes of undocumented variables and functions.


Attendees who wish to follow along should bring a laptop with Ghidra installed (http://ghidra-sre.org). A link will be provided in-class to samples that will be used. Following along is not required! Attendees who simply observe and ask questions will still gain a useful exposure to reverse engineering and Ghidra. Resources for continuing to learn reverse engineering will be recommended.

Passive DNS in Depth
Passive DNS (pDNS) data is a treasure trove of information for security teams, intelligence teams, network operations teams, and security research teams alike. By keeping an historical record of DNS results of time this data empowers many different teams to enrich and produce intelligence information for a variety of purpose. Merger and acquisition teams can look for internet facing, and sometimes internal, IT resources that may not have been declared. Blue teams can monitor for mis-configuration of DNS, research malware, develop threat signatures, and in many cases monitor for shadow IT. Red teams can use this information to exploit DNS misconfigurations, find additional assets, and pattern match target IT infrastructure. Security researchers are limited only by their imagination and time.
Passive BGP (pBGP) data can enable network operations teams to quickly spot problems. pBGP data is also useful to help determine if problems were a result of a simple misconfiguration or a part of a more nefarious operation.
Understanding the architecture and methodology of pDNS and pBGP is critical to end users of this data. By having a deeper understanding of the architecture (collection, storage, and query methodologies), individuals and teams will be more able to fully capitalize on the enrichment and context building capabilities of the data. As well as architecture, this course will cover a variety of scenarios for organizations of all sizes and maturity to help enable the use and integration of pDNS and pBGP data as a part of security and network operations.

IPv6 Hacking Tools, IPv6 basics then some of the hacking/testing tools specifically designed for IPv6.

This session is part one of a hands-on workshop presented across two separate sessions. The training provides a foundation for investigating packet captures (pcaps) of malicious network traffic from hosts running Microsoft Windows. Participants will review basic investigation concepts, set up Wireshark, and identify hosts and users in network traffic. The training provides several examples of infection traffic that focuses on mass-distribution commodity malware commonly seen from malicious spam. Pcaps for this workshop will be available online. For the best hands-on experience, participants should have a relatively current version of Wireshark (version 2.6 or better), preferably in a non-Windows environment.

• You will be required to bring your own laptop, please install a virtual machine (VM) running Linux is recommended for participants using a Windows-based laptop.

Workshop description:
New to CTFS? Always wanted to try but felt you were to "new"? Join us for Prevade's Cyber Wargame where you can experience the CTF with support and guidance of a community of mentors.Prevade's patent-pending cyber wargaming platform is comprised of ten subject domains, ten levels of difficulty, and more than fifty modules hosted in an on-demand, web-accessible, and dedicated tenancy cloud environment. Accessible from any device with a web browser and Internet connection, Metaform™ provides a unique, immersive, and hands-on experience using innovative gamification concepts and interfaces.