Hi,
I was thinking it might be interesting to use one of the Redbrick VMs to
make some simple exploit challenges. I've had a few ideas and was told I
should drop an email to admin-discuss for comments. So basically we run
an OS with a number of services with unpatched vulnerabilities,
vulnerable webpages and set a few simple set of challenges on a
weekly/monthly basis. Services and OS could be swapped out/patched every
few weeks/months.
If possible we make a mailing list for people interested in getting some
exploit practice and advertise what OS we're currently hosting, what
services are currently running, what patches are applied and then
encourage people to read up about vulns for the specific os/services etc.
In addition to learning about different types of exploits anyone who's
interested in using the service will also get some knowledge about common
exploits in the wild. There are a number of CTF style games that are run
at hacking conferences, including one at HackEire over the next few days,
that use a model similar to this and the best teams can make, some, money
from them. :)
There's clearly a lot of scope for people to just grab premade exploits
for the vuln but the idea would be to encourage anyone who was interested
to research the vuln and come up with their own exploits/payloads, using
the exploits available ITW as a template.
That's the basic idea, if we get the go ahead we would start simple and
hopefully work up to something similar to the model above.
So I'm not sure if this would be possible given CSD's/school of
computing's network policy and there's a few other details I haven't gone
into, but that should hopefully be enough information to let me know if
it's a runner or not.
Any comments or feedback would be appreciated. :)
Kind Regards,
nemo
