Hacking-Lab Trainer

Tel +41 55-214 41 60

Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
www.hacking-lab.com
Become a Hacking-Lab Trainer
Created: 16.4.2010
What is this presentation about?
Hacking-Lab Remote provides a professional IT security lab
infrastructure to universities and companies.
This presentation is designed for Hacking-Lab Teachers to learn
and understand the provided lab infrastructure, wargame cases,
procedures, tools, requirements for certain cases and solutions.
Compass Security AG
Slide 2 www.csnc.ch
Agenda
Hacking-Lab Overview
Hacking-Lab Teacher Tasks
Self-Registration
Client Requirements
Compass Security AG
Slide 3 www.csnc.ch
Client Requirements
Hacking-Lab Overview
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Hacking-Lab Architecture
Compass Security AG
Slide 5 www.csnc.ch
PORTAL: Hacking-Lab Terminology
Item Description
Hacking-Lab Event The Hacking-Lab event has the following properties:
Start Date/Time
End Date/Time
Max number of participants
Users that are attached to the event (hacking-lab userID)
Modules that are attached to the event
Payment instructions (free, paypal, third party, other)
Hacking-Lab Case The Hacking-Lab case has the following properties:
Compass Security AG
Slide 6 www.csnc.ch
Hacking-Lab Case The Hacking-Lab case has the following properties:
Title
Abstract
Category (web, network, forensic, )
Hacking-Lab Module The Hacking-Lab module has the following properties:
Duration
HTML case exercise description
Level
Maxscore
Mapping to a Hacking-Lab case
PUBLIC PORTAL::Core Features
www.hacking-lab.com is the Public Portal
Compass Security AG
Slide 7 www.csnc.ch
Core Features of the Public Portal
Event Management (start time, end time, participants, costs)
Wargame Case Management (case descriptions & solutions)
User Management (self-registration, password reset, profile update)
PUBLIC PORTAL::Additional Services
Additional Features of the Public Portal
Chat Service
Nina Knowledge System
Forum
Vulnerability Monitoring Application
Global Ranking Page
Per Event Ranking Page
Compass Security AG
Slide 8 www.csnc.ch
Hacking-Lab Roles
Anonymous
Hacking-Lab User
Hacking-Lab Teacher
Hacking-Lab Admin
PUBLIC PORTAL::Roles and Privileges
Hacking-Lab Admin
Enterprise Admin of Hacking-Lab
Sofware Development / Updates
Event, Module, Case Management
Hacking-Lab Teacher
Read wargame cases
Compass Security AG
Slide 9 www.csnc.ch
Read wargame solutions
Add / delete users of the event
Solved solution application (give point to the participants)
E-Mail form to contact all users of the own event
Hacking-Lab User
Read wargame cases
Use the send solution form
Hacking-Lab Remote::OpenVPN
The user/participant of Hacking-Lab Remote requires a valid
OpenVPN setup and client certificates to access the lab
environment
Users can use the Hacking-Lab LiveCD as a standardized client
platform, or use their own, private computer. The OpenVPN
connection is mandatory. Once the client certificates get
Compass Security AG
Slide 10 www.csnc.ch
connection is mandatory. Once the client certificates get
expired, the openvpn connection will dropped.
Hacking-Lab Remote::Limitations
Please note, some lab cases cannot be solved from remote.
Hacking-Lab provides a Linux-based Virtual-PC that runs as
VMWare Image within the Hacking-Lab Remote broadcast
domain to address this limitation.
Compass Security AG
Slide 11 www.csnc.ch
Lab Limitatations
Layer 2 Attacks
ARP Spoofing
Hacking-Lab Teacher Tasks
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Case Introductions
The Hacking-Lab Teacher has the following skills:
Understanding lab cases and solutions
Giving points for solved wargames
Adding or deleting users from the own Hacking-Lab event
E-Mailing to all participants of the own event
First level support
OpenVPN questions / Connectivity
Lab Cases
Compass Security AG
Slide 13 www.csnc.ch
Lab Cases
Giving Points to Participants
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Hacking-Lab Teacher Functionality
Giving Points Step 1
Compass Security AG
Slide 15 www.csnc.ch
Giving Points Step 2
Compass Security AG
Slide 16 www.csnc.ch
Giving Points Step 3
Max Score
This is the maximum score that is defined for this case
Give full points if the participants solved it alone / independent
Reduce score if the participant required special help
Delete Points
Compass Security AG
Slide 17 www.csnc.ch
Delete points if Hacking-Lab teacher added points on mistake and enter the
correct value afterwards
Ranking
Giving points changes the global ranking, per event ranking and the personal
skill level
Giving Points Step 4
Personal Skill Level
Depends on what cases were solved
Depends on how many points were received
Skill Level per User (if authenticated in Hacking-Lab)
Example: CryptTom
Compass Security AG
Slide 18 www.csnc.ch
Compass Security AG
Slide 19 www.csnc.ch
Mail to Participants
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Hacking-Lab Teacher Functionality
<missing: howto mail to event participants>
Compass Security AG
Slide 21 www.csnc.ch
View Solution
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Hacking-Lab Teacher Functionality
<missing: howto get the solution per case>
Compass Security AG
Slide 23 www.csnc.ch
Add Users to Event
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Hacking-Lab Teacher Functionality
Adding Users to an Event
Automatic Registration: Mapping User to the event
Hacking-Lab Admin generates a special crafted registration URL
User presses the special crafted registration URL
Manual Registration: Mapping User to the event
Hacking-Lab teacher maps the user manually
Recommended Adding
Compass Security AG
Slide 25 www.csnc.ch
Recommended Adding
Adding (existing or new hacking-lab) users can be done by sending the special
crafted Sign-Up and Registration URL to the participants.
If the user has already an account in Hacking-Lab?
User clicks on the URL
User needs to login and is then added automatically
If the user has not signed-up a Hacking-Lab account yet
User clicks on the URL
User sign-ups a new Hacking-Lab account
Then, user is automatically mapped to the event
Self-Registration (User View)
Compass Security AG
Slide 26 www.csnc.ch
Adding Users to an Event::Teacher
<missing: how the teacher adds / deletes the user manually>
Compass Security AG
Slide 27 www.csnc.ch
Self-Registration
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Self-Service by Hacking-Lab Users
Self-Registration
Hacking-Lab Users sign-up a free Hacking-Lab account procedure
The creation of a Hacking-Lab account includes the following steps
1. User fills-out the registration form
2. User receives the confirmation mail with the verification link
Compass Security AG
Slide 29 www.csnc.ch
2. User receives the confirmation mail with the verification link
and the initial password
3. User must click on the verification link and authenticates with
the given initial password (First Authentication)
4. User must change the initial password
Step 1: Registration Form
Create a new account (Nickname is visible in the future)
Compass Security AG
Slide 30 www.csnc.ch
After Register Now! a confirmation mail is sent to the E-Mail.
Step 2: Confirmation Link
Compass Security AG
Slide 31 www.csnc.ch
Step 3: First Authentication
After the user has clicked on the URL in the confirmation mail
Compass Security AG
Slide 32 www.csnc.ch
Step 4: Change Password
Change Password Dialog after Registration
Compass Security AG
Slide 33 www.csnc.ch
Hacking-Lab Remote Client
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
LiveCD Project
Hacking-Lab Remote Clients
The Hacking-Lab Cases can be solved with your own computer or
with the Hacking-Lab LiveCD
The LiveCD is a good starting point
OpenVPN is installed and configured
Web Inspection Proxies installed and configured
Firefox Extensions installed and configured
Compass Security AG
Slide 35 www.csnc.ch
DokuWiki Help Page
The LiveCD is Debain Kubuntu based
KDE desktop
LiveCD: Screenshot
Download the ISO image & use a standardized client environment
Compass Security AG
Slide 36 www.csnc.ch
LiveCD: DokuWiki
LiveCD Wiki: How to use the CD Tools - Procedures
Compass Security AG
Slide 37 www.csnc.ch
Hacking-Lab for Participants
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Hacking-Lab Remote: User View
Once the User is authenticated and in case of a registered, running
event -> Click on Hacking-Lab Events if you want to go to the
Case Overview Page
Compass Security AG
Slide 39 www.csnc.ch
Hacking-Lab Remote: User View
My Running Security Events
Example: list of events the user super monster is registered/subscribed for
Compass Security AG
Slide 40 www.csnc.ch
Hacking-Lab Remote: User View
Case Overview Page for a specific Event
List of cases that are mapped to the specific event
Compass Security AG
Slide 41 www.csnc.ch
Hacking-Lab Remote: User View
Case Descriptions / Wargame Insttructions
Description about the exercise the goal - requirements
Compass Security AG
Slide 42 www.csnc.ch
Hacking-Lab Remote: User View
Send Solution
Compass Security AG
Slide 43 www.csnc.ch
Hacking-Lab Remote: User View
Send Solution (per case)
Submitting the form generates an e-mail to the Hacking-Lab teacher
Compass Security AG
Slide 44 www.csnc.ch
Hacking-Lab Remote: Teacher
Hacking-Lab Teacher receives the solution mail
Compass Security AG
Slide 45 www.csnc.ch
Thank you for Reading
Tel +41 55-214 41 60
Fax +41 55-214 41 61
[email protected]
www.csnc.ch
Compass Security AG
Glrnischstrasse 7
Postfach 1628
CH-8640 Rapperswil
Ivan Btler
[email protected]