Event RPE: The Projectile in the Hoist
RPE: The Projectile in the Hoist
Date: TBD, 2019 | Location: DreamPort Facility in Columbia MD
Contained within the 5-inch/54 caliber (Mk 45) lightweight gun is the hoist tube responsible for moving ammunition between the loading station and loader drum. As cyberwarfare develops, we will need systems and solutions for moving a cyber projectile from development into test and finally into operational use. Organizations need the ability to identify weaknesses, countermeasures and overt protections against cyber tools. As the protections and countermeasures evolve, they are released in hours not weeks and months.
If an organization can measure how their cyber projectiles measure up against protections they will encounter on the battlefield, they may be able to prevent the loss of a projectile before it's used in an operation. This must become a 24x7 fully automated event not performed when a tool is released.
In this RPE, we are seeking participant's ability to develop a fully automated solution to test, verify and potentially modify a cyber projectile before it is used in an operation. They must then use the projectile in an operation without it being caught by a cyber countermeasure. Participants will not be required to produce the initial projectile, they will be given a series of projectiles that have already been developed They will not be notified which tools must be used until operation time, they should prepare to test all of the tools.
At least one of the tools will be guaranteed to be caught by a countermeasure while at least one tool will be guaranteed to bypass all countermeasures participants will find but may require modification.
Participants will be given all of the required software environments during this RPE, they will not be required to bring license keys or software with them unless they choose to do so.
Participants are strongly encouraged to bring a team of individuals to this RPE and may contact team member's offsite.
DreamPort expects virtualization to play a role in this RPE but will only provide open source virtualization platforms for use by participants. If they wish to use COTS technology, participants should be prepared to bring these platforms.
The principle evaluation criteria for participants during this RPE will be the ability for each participant to produce a tool that successfully delivers its payload while also ensuring it evades cyber countermeasures in as quick a fashion as possible.
Secondary to this, teams must produce type of proof that they identified which countermeasure(s) will be triggered by which tools such as screenshots, log files or command line output.
- Virtualization (VMWare, KVM, VirutalBox)
- Automation APIs (e.g. UIA)
Currently, DreamPort is not aware of a shrink-wrapped product that meets this need. The process to analyze a tool in a variety of execution environments is candidate for automation and while pieces of this problem exist (e.g. automated Virus Checks) we are not aware of a solution to perform the entire process. Ultimately, we are searching for a process combining multiple tools to deliver the desired effect. Participants should prepare to turn over modified source code and provide a demonstration of their complete solution.