OWASP - User contributions [en]

Front Range OWASP Conference 2013/CTF

2013-03-28T15:33:20Z

Karen Blakemore:

==Capture the Flag Overview==
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.

Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.



==Rules==
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

===Format===
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:
* A virtual machine player that supports .vmdk files, such as [http://www.vmware.com/products/player/ VMware Player], [https://www.virtualbox.org/wiki/Downloads VirtualBox], or [http://www.parallels.com/ Parallels].
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], [[OWASP_Mantra_OS|Mantra OS]], and [[ZAP|OWASP ZAP]] will fit in well).

===Acceptable behavior===
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
* No attacking the [[SnowFROC2013_CTF_Scoreboard| scoreboard]]. Misuse will result in punitive action.
* No targeting the VM. Do not mount the VM and harvest flags from within.
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
* No collusion. Work only within your own team.

===Prizes===
Small prizes will be awarded to winners. Anyone who worked on the project or who has access to project-related repositories is ineligible to win prizes.

Both team and individual prizes will be awarded based on merit and other achievements.


==Getting Started==
===Content acquisition===

This information will be released closer to the day of the event.

===Installation and configuration instructions===

* Add the following entries to your hosts file:
10.50.65.12 training.theagency.owasp, theagency.owasp
10.56.65.87 theagency.owasp, Im.theagency.owasp
10.50.65.26 www.pla.owasp, secretlogin.pla.owasp, download.pla.owasp
10.50.65.187 shadowcorp.owasp
* Configure a host-only network on your VM with IP address 10.50.65.254/24
* Load the .vmdk files
* Make sure you are using a browser other than Internet Explorer which for security reasons is not supported by the scoreboard.

===Registration instructions===

Coming soon.

===Gameplay instructions===

Front Range OWASP Conference 2013/CTF

2013-03-27T04:38:17Z

Karen Blakemore: added hostnames

==Capture the Flag Overview==
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.

Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.



==Rules==
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

===Format===
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:
* A virtual machine player that supports .vmdk files, such as [http://www.vmware.com/products/player/ VMware Player], [https://www.virtualbox.org/wiki/Downloads VirtualBox], or [http://www.parallels.com/ Parallels].
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], [[OWASP_Mantra_OS|Mantra OS]], and [[ZAP|OWASP ZAP]] will fit in well).

===Acceptable behavior===
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
* No attacking the [[SnowFROC2013_CTF_Scoreboard| scoreboard]]. Misuse will result in punitive action.
* No targeting the VM. Do not mount the VM and harvest flags from within.
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
* No collusion. Work only within your own team.

===Prizes===
Small prizes will be awarded to winners. Anyone who worked on the project or who has access to project-related repositories is ineligible to win prizes.

Both team and individual prizes will be awarded based on merit and other achievements.


==Getting Started==
===Content acquisition===

This information will be released closer to the day of the event.

===Installation and configuration instructions===

* Add the following entries to your hosts file:
10.50.65.12 training.theagency.owasp, admin.theagency.owasp
10.56.65.87 theagency.owasp, Im.theagency.owasp
10.50.65.26 www.pla.owasp, secretlogin.pla.owasp, download.pla.owasp
10.50.65.187 shadowcorp.owasp
* Configure a host-only network on your VM with IP address 10.50.65.254/24
* Load the .vmdk files
* Make sure you are using a browser other than Internet Explorer which for security reasons is not supported by the scoreboard.

===Registration instructions===

Coming soon.

===Gameplay instructions===

Front Range OWASP Conference 2013/CTF

2013-03-26T00:52:27Z

Karen Blakemore:

==Capture the Flag Overview==
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.

Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.



==Rules==
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

===Format===
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:
* A virtual machine player that supports .vmdk files, such as [http://www.vmware.com/products/player/ VMware Player], [https://www.virtualbox.org/wiki/Downloads VirtualBox], or [http://www.parallels.com/ Parallels].
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], [[OWASP_Mantra_OS|Mantra OS]], and [[ZAP|OWASP ZAP]] will fit in well).

===Acceptable behavior===
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
* No attacking the [[SnowFROC2013_CTF_Scoreboard| scoreboard]]. Misuse will result in punitive action.
* No targeting the VM. Do not mount the VM and harvest flags from within.
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
* No collusion. Work only within your own team.

===Prizes===
Small prizes will be awarded to winners. Anyone who worked on the project or who has access to project-related repositories is ineligible to win prizes.

Both team and individual prizes will be awarded based on merit and other achievements.


==Getting Started==
===Content acquisition===

This information will be released closer to the day of the event.

===Installation and configuration instructions===

* Add the following entries to your hosts file:
10.50.65.12 training.theagency.owasp
10.56.65.87 theagency.owasp
10.50.65.26
10.50.65.187 shadowcorp.owasp
* Configure a host-only network on your VM with IP address 10.50.65.254/24
* Load the .vmdk files
* Make sure you are using a browser other than Internet Explorer which for security reasons is not supported by the scoreboard.

===Registration instructions===

Coming soon.

===Gameplay instructions===

Front Range OWASP Conference 2013/CTF

2013-03-24T23:43:33Z

Karen Blakemore: minor edits + installation and configuration information

==Capture the Flag Overview==
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.

Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.



==Rules==
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

===Format===
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:
* A virtual machine player that supports .vmdk files, such as [http://www.vmware.com/products/player/ VMware Player], [https://www.virtualbox.org/wiki/Downloads VirtualBox], or [http://www.parallels.com/ Parallels].
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], [[OWASP_Mantra_OS|Mantra OS]], and [[ZAP|OWASP ZAP]] will fit in well).

===Acceptable behavior===
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
* No attacking the scoreboard. Misuse will result in punitive action.
* No targeting the VM. Do not mount the VM and harvest flags from within.
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
* No collusion. Work only within your own team.

===Prizes===
Small prizes will be awarded to winners. Anyone who worked on the project or who has access to project-related repositories is ineligible to win prizes.

Both team and individual prizes will be awarded based on merit and other achievements.


==Getting Started==
===Content acquisition===

This information will be released closer to the day of the event.

===Installation and configuration instructions===

* Internet Explorer is not supported in the VM.
* Add the following entries to your hosts file.
* Configure a host-only network on your VM with IP address 10.50.65.254/24
* Load the .vmdk files
* Make sure you are using a browser other than Internet Explorer which for security reasons is not supported by the scoreboard.

===Registration instructions===

Coming soon.

===Gameplay instructions===

Front Range OWASP Conference 2013/Speakers/Ziring

2013-03-22T20:37:36Z

Karen Blakemore:

== Neal Ziring ==

{| style="width: 100%;"
|- valign="top"
| Mr. Neal Ziring is the Technical Director for the [http://www.nsa.gov National Security Agency]'s Information Assurance Directorate (IAD), serving as a technical advisor to the IAD Director, Deputy Director, and other senior leadership. Mr. Ziring is responsible for setting the technical direction across the Information Assurance mission space. Mr. Ziring tracks technical activities, promotes technical health of the staff, and acts as liaison to various industry, intelligence, academic, and government partners. As part of his role, he guides IAD’s academic outreach program, acting as a technical liaison to several universities that are participants in the National Centers for Academic Excellence - Research (CAD-R) program. His personal expertise areas include router security, IPv6, VM-based secure systems, cloud computing, cross-domain information exchange, and mobile code security.

Mr. Ziring received B.S. degrees in computer science and electrical engineering (1985), and an M.S. in computer science (1986), all from Washington University in St. Louis. Since then, he has also taken courses from Columbia University and University of Maryland Baltimore County.

Virtually Mr. Ziring’s entire government career has been based in the NSA Information Assurance Directorate. He joined NSA in late 1988, working on software tools and cryptosystem simulation. In the 1990s he began working in IA Evaluations and, except for brief tours, has been there ever since. From 2003 to 2005 he held the position of technical director for the IA Evaluations System and Network Attack Center (SNAC). Between 2006 and 2010 he was detailed to the NSA Mission Systems Development group as the security architect.

Mr. Ziring is maintains his Cisco Certified Security Professional (CCSP) certificates. Prior to joining NSA, Mr. Ziring was a member of technical staff at AT&T Bell Laboratories.
In addition to work, Neal enjoys martial arts, running, and playing classical guitar. He holds a 3rd degree black belt in Shorinji Kempo.
| style="width: 200px; |
| [[Image:SnowFROC2013_Ziring.png|160px|alt=Neal Ziring|right]]
|}