Conference PaperPDF Available

Provisionamento automatizado de servidores para competições de segurança da informação

  • November 2017
  • Conference: Salão de Ferramentas - Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais
  • At: Brasília
Authors:
Lucas Magalhães at Universidade Federal de São Carlos
Lucas Magalhães
Antonio Carlos Falcão Petri at Universidade Federal de São Carlos
Antonio Carlos Falcão Petri
Gabriel de Souza Alves at Universidade Federal de São Carlos
Gabriel de Souza Alves
C. A. C. Marcondes at Instituto Tecnologico de Aeronautica
C. A. C. Marcondes
Show all 5 authorsHide
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

Promoting Capture-The-Flag (CTF) competitions requires large operational costs, due to the number of participants scale and problems computing requirements. In problems that involve server exploitation, it is important to provide guarantees that each participant solution do not interfere with others. Thus, to save resources, we propose an automated provisioner that allocates LXD containers to competitors that have achieved a minimum score, in addition we integrate the provisioner to the OpenStack API. Finally, the solution is fully operational at UFSCar Private Cloud and we plan to adopt it during the 2017 Pwn2Win International CTF.
Figures - uploaded by Paulo Matias
Author content
All figure content in this area was uploaded by Paulo Matias
Content may be subject to copyright.
Content uploaded by Paulo Matias
Author content
All content in this area was uploaded by Paulo Matias on Oct 26, 2017
Content may be subject to copyright.
A preview of the PDF is not available

Supplementary resources (2)

Provisionamento automatizado de servidores para competições de segurança da informação: Presentation
Data
November 2017
Lucas Magalhães · Antonio Carlos Falcão Petri · Gabriel de Souza Alves · C. A. C. Marcondes · Paulo Matias
Provisionamento automatizado de servidores para competições de segurança da informação: Poster
Data
November 2017
Lucas Magalhães · Antonio Carlos Falcão Petri · Gabriel de Souza Alves · C. A. C. Marcondes · Paulo Matias
... Como resposta a essa sugestão, a edição de 2017 provisionou ambientes isolados para cada equipe, acessíveis por VPN, para alguns dos desafios. Como não existiam recursos computacionais suficientes para fazer isso para todas as equipes inscritas, utilizou-se um provisionador automático [Magalhães et al. 2017] que construía os ambientes apenas para as equipes que resolvessem pelo menos 8 dos desafios que não eram isolados e, portanto, estavam disponíveis para todas as equipes desde o início da competição. ...
Casa de ferreiro, o espeto não é de pau: evoluindo uma plataforma segura para competições de segurança
Conference Paper
Full-text available
  • Oct 2021
Capture-The-Flag (CTF) are information security competitions. Even though they are organized by experts in the field, the platforms used to run the events are subject to vulnerabilities, just like any other software. Although literature has proposed the NIZKCTF (Non-Interactive Zero-Knowledge Capture the Flag) protocol, in which participants submit a zero-knowledge proof that they have the answers to competition challenges, the implementation of this protocol lacks usability requirements which have only been realized with its use over the years. This paper discusses lessons learned and the adaptations to NIZKCTF made by the organizers of the Pwn2Win CTF from 2017 to 2021.
NIZKCTF: A Non-Interactive Zero-Knowledge Capture the Flag Platform
Preprint
Full-text available
  • Mar 2018
Capture the Flag (CTF) competitions are increasingly important for the Brazilian cybersecurity community as education and professional tools. Unfortunately, CTF platforms may suffer from security issues, giving an unfair advantage to competitors. To mitigate this, we propose NIZKCTF, the first open-audit CTF platform based on non-interactive zero-knowledge proofs.
Containers and Cloud: From LXC to Docker to Kubernetes
Article
  • Sep 2014
This issue's "Cloud Tidbit" focuses on container technology and how it's emerging as an important part of the cloud computing infrastructure. It looks at Docker, an open source project that automates the faster deployment of Linux applications, and Kubernetes, an open source cluster manager for Docker containers.
Global cybersecurity index & cyberwellness profiles
  • Jan 2015
  • Abi Research
ABI Research (2015). Global cybersecurity index & cyberwellness profiles. Technical report, International Telecommunications Union, Geneva, CH.
Pwn2Win CTF 2016-Bastidores. https://ctf-br.org
  • Jan 2016
  • 2-2016
  • A Bertochi
Bertochi, A. (2016). Pwn2Win CTF 2016-Bastidores. https://ctf-br.org/2016/04/pwn2winctf-2016-bastidores.
Capturing all the flags in BSidesSF CTF by pwning our infrastructure
  • Jan 2017
  • B Eastes
Eastes, B. (2017). Capturing all the flags in BSidesSF CTF by pwning our infrastructure. https://hackernoon.com/capturing-all-the-flags-in-bsidessf-ctf-by-pwning-ourinfrastructure-3570b99b4dd0.
Understanding the container ecosystem: A taxonomy of building blocks for container lifecycle and cluster management
  • Jan 2016
  • D Ernst
  • D Bermbach
Ernst, D., Bermbach, D., and Tai, S. (2016). Understanding the container ecosystem: A taxonomy of building blocks for container lifecycle and cluster management. In IEEE Second International Workshop on Container Technologies and Container Clouds, Berlin, Germany. IEEE.
A human capital crisis in cybersecurity: Technical proficiency matters
  • Jan 2010
  • K Evans
  • F Reeder
Evans, K. and Reeder, F. (2010). A human capital crisis in cybersecurity: Technical proficiency matters. Technical report, Center for Strategic and International Studies, Washington, DC, USA.
Seadog GitHub repository
  • Jan 2016
  • 3-2016
  • J Yu
Yu, J. (2016). Seadog GitHub repository: RC3-CTF-2016-scoreboard.