Sinister.ly CTF Dev group

Ok everybody. The time has come. I said I would post a recruitment thread on this. We need a team of individuals who know what they are doing to help with the CTF. We already have @Reiko and @Adorapuff working with us but we need more people. We would like to have a team of 5-10 people who know what they are doing and that would be able to help us out on this. We are looking people with web development skills, network skills, defensive capabilities, Offensive capabilities and that know how to make vulnerable software, Etc. We hope to make this CTF a lot of fun in the end.

Please reply to this thread with your skillset, experience level, Specialties, and what you do/what do you like to do. Tell us a little about yourself and your experience and keep it in a readable format (eg no bright fonts, no huge characters, etc.)

Name:
Expereince in years:
Skillset:
Hobbies:
What you would like to work on:

OER:

Tell us about yourself:

What do you like to do for fun:

Technical OER: (these are optional but a bonus if you can answer them. If it requires work to be shown, show your work. Do not google these if you can't answer them as this show's who knows their stuff.)

How many ip's are in a /25 and show your work:

write a description to a common XSS exploit:

How can you set up a sandboxed network that is still accessible from the outside?:

Write the commands you would use to install a web server from scratch on a Debian machine:

List any method of changing an ip address on a linux system:

I look forward to seeing your responses and applications. I will be checking this thread daily. Have fun and see you guys around.

(11-18-2014, 06:45 PM)Imprisoned By The Syndicate Wrote:

[To see links please register here]

We are playing capture the flag? lol

I've been in the process of making a tailor made CTF that would be playable here. It wont be web only bullshit. It's web and network shit.

(11-18-2014, 06:35 PM)Cressi Wrote:

[To see links please register here]

Good luck with finding people; can't wait for this to be up and live ^^

I'm a bit curious about the last question, though; how the heck would that be possible? *Waiting for applicants who know*

you can do it with some custom firewall rules and NATing I imagine.

I'm imaging a gateway with a public IP on one side, and then private network on the other (much like your home network)


Public IP----[GATEWAY]----Private IP space


The gateway would then filter outbound from a set of IP space probably

Internet----[GATEWAY]-!X---<--Private IP Space

And continue to allow inbound from the internetz

Internet-->---OK-[GATEWAY]----Private IP Space


This is basic theory though, not actual implementation. As far as implementing, I'd want detailed description of how the network should function, a more clear definition of "sandbox" (are we talking an isolated network of hardware devices or a lab running on a virtual parent? I'm betting this project will be utilizing the latter, in which case you could probably set separate IP space on the virtualized systems)


I'm just rambling to sound smart though, did it work? :p

---

@Null_Byte I'm not sure how much I can contribute, but I'd love to observe the build for this if you're ok with that

Good luck with finding people; can't wait for this to be up and live ^^

I'm a bit curious about the last question, though; how the heck would that be possible? *Waiting for applicants who know*

It was actually a trick question which is possible in theory but then it wouldnt be sandboxed.....it was meant to weed out people who didnt know what the hell they were talking about XD the theory is....you can allow inbound connections but not allow outbound connections however in that process it becomes not sandboxed anymore XP

(11-18-2014, 06:50 PM)roger_smith Wrote:

[To see links please register here]

<snip>
I'm just rambling to sound smart though, did it work? :p

That sounds reasonable ^^

It did indeed :tongue:

(11-18-2014, 06:53 PM)Null_Byte Wrote:

[To see links please register here]

It was actually a trick question which is possible in theory but then it wouldnt be sandboxed.....it was meant to weed out people who didnt know what the hell they were talking about XD the theory is....you can allow inbound connections but not allow outbound connections however in that process it becomes not sandboxed anymore XP

Oh, I see ^^

They have to put their reasoning behind the answers. Without that I really won't look at those. If they provide the reasoning behind it I will take the bonus ones into account. Now they know the answer to the trick question ;w;

We are playing capture the flag? lol