I had the opportunity last week to attend a “packet party” at NOVA-Labs.org, one of the newest local hackerspaces out in Reston. For those that aren’t familiar … a packet party is a challenge where you analyze pcaps and answer related questions. This is the third time I attended one of these events and my WireShark skills have drastically improved … well lots of improvement I guess from nothing to something.
For this particular event, I came across the US Cyber Challenge: Cyber Quest February 2012 post a few weeks ago and suggested the group work through that for part of the evening. From the website the challenge seemed more geared towards high school students so I thought it’d take the group 30 minutes and then we’d move onto something more difficult.
Well … let me just say that the game provided much more of a challenge than I anticipated. A group of about 13 supposedly “security professionals” (including myself) couldn’t even make it through all the questions in the three hours we worked on it. The results on the US Cyber Challenge site revealed several students with 100% scores, and one person completing it in under 7 minutes. They say we have a shortage of talented young people interested in infosec … given these scores I’d have to disagree.
via @evejou at NOVA-Labs.org
The packet parties have recommenced, and the showing was 13 people strong! Armed with wireshark tools, we went over five (out of six) pcaps from the USCC cyber quest challenge, mulling over logs of a (simulated) attack against HMI clients, and discussing the most effective techniques for finding target information.
How does one really differentiate between telnet and netcat? What’s the algorithm for breaking basic HTTP digest authentication? And more interestingly, high school kids answered these questions? (Just kidding, but not really.)
Much fun and stories (and drinks and cookies) were had, and lots of lesser-used Wireshark features explored. Thanks to Grecs for supplying this month’s packet captures, and to DeBuG for his code. ^^ DeBuG will be providing the next month’s slate of network adventures.
We are currently working on breaking out into group mailing lists, but sign up on our main mailing list if you would like to be notified about the next meetup.
If you would like to download the files, the zipped file of our packet party content is here as well as from the USCC cyber challenge website. Check back later for a link to more detailed explanation of the answers.
See the full post here.
Be sure to check out the full post with links to the pcaps. See ya! Today’s post pic is from NOVA-Labs.org.