Candidate RPE Topics


Candidate RPE Topics

The Capulets and the Montagues

Romeo and Juliet (the play, not the movie) was believed to have been written between 1591 and 1595. In the play, the House of Capulet is sworn enemy to the House of Montague. In Act 1 Scene 1 taunts between the two opposing families end in an armed confrontation between Benvolio and Tybalt while in Act 3 Scene 1, Tybalt and Mercutio fight to an unfortunate end. For those of you whose job it is to defend networks, you know that there aren't two major events between your opponents, there are unfortunately hundreds or thousands.

For those of you who conduct operations designed to gain access to a customer or opponent's network (e.g. penetration test, capture the flag, etc.) you know sometimes only 1 victory is all that is necessary. Do you plan your approach to a target? What is involved in a cyber operation like penetration test? Ok most people don't consider a penetration test an offensive cyber operation but DreamPort does. We aren't talking about a tabletop exercise were people theorize on what vulnerabilities exist but actual developers and operators using offensive cyber operational tools (OCO) to gain remote access to a target (with permission of course). In this RPE, we want to bring multiple teams together to help answer questions such as: What are the steps required to plan and execute a campaign of operations to gain access to a network or target? What tools should be used? Can you repurpose a previously used or harvested sample? In what order should you use your tools? How do you ensure persistence on your target when your opposition has more than 2 decades of experience in both attacking and defending networks?

Read More

The Rotten Apple in the Bushel

Although we commonly phrase like "a few bad apples" in every day English, one of the earliest occurrences of the phrase we can find is from Benjamin Franklin's Poor Richard's Almanack in 1736. In this pamphlet Ben Franklin wrote "The rotten Apple spoils his Companion". This describes the risk that a single compromised host or user poses to an entire network. The network is our bushel and the assets online are the apples. DreamPort plans to execute an RPE where we identify or enhance existing solutions or participants develop a new prototype solution designed to monitor a network for the purposes of identifying a compromised account or host from network forensic artifacts and configuration details.

We want to find a product or team willing to demonstrate, build or enhance their offering so that it can detect compromised accounts from network packet capture (PCAP) only and without external stimulus such as a security alert or human observation. We also want to identify a solution that can analyze hosts for intrusion without any Internet connection to a cloud computing service.

Read More

The Mark of the Con

Wikipedia claims that William Thompson was a confidence man or 'con man' or con woman in antebellum New York. In 1840's they claim, he would "approach an upper-class mark, pretending they knew each other, and begin a brief conversation. After initially gaining the mark's trust, Thompson would ask whether he had the confidence to lend Thompson his watch. Upon taking the watch, Thompson would depart, never returning the watch". What led Thompson to choose his mark? How did he know which citizen to single out for his con?

New World Encyclopedia suggests that a con man or con woman will prey on human desires greed, or the drive to help others in order to achieve their goal. While this may be true, we do not believe, as they mention, the old adage 'you can't cheat an honest man'. You absolutely can and attackers do. By their very nature, humans can be too trusting, and this is a fact that an attacker will exploit. Attackers that utilize phishing emails are engaging in a con but how do they choose their mark? Sometimes they don't choose specifically instead they target everyone at a company or multiple free webmail accounts. These types of phish attempts can be easy to spot. Is it possible to be more selective? Phishing attempts that exploit our desire to win free money or gifts, our natural reaction to a warning or threat, or our assumption of a continued conversation are more selective, but sending these messages is more labor intensive.

Read More

The rIoT in the Factory

Bastille Day is nationally recognized holiday in France celebrated each year on July 14th. As Time Magazine tells us, its origins trace back to the storming of the Bastille prison in 1789 which was widely believed to be one of the first defining moments of French revolution. What many do not realize though is there were influential events that occurred even before July 14th, 1789. farther. Rachel Jank wrote in 2011 that the Réveillon Riots only recently has been cited as an influential event precipitating the French Revolution and occurred before the storming of the Bastille. These riots took place in between April 23rd and 28th 1789. Never heard of the Réveillon Riots? That's ok, how about the Boston Massacre? The history channel tells us that the Boston Massacre occurred on 5 March 1770. As they write, 'The conflict energized anti-Britain sentiment and paved the way for the American Revolution.' What happens during a riot? We can only imagine, confusion, panic, danger and worry. What do you do if you find yourself in a riot? How do you protect yourself? What dangers do you face first?

The Internet of Things and companion operational technology present a new swath of challenges to tackle for network defenders. How do we ensure a device in our Information Technology (IT) networks including those with wireless radios (Zigbee/ZWave, WIFI, and Bluetooth) and those in our operational technology (OT) networks are not vulnerable to exploitation or misuse?

Read More

The Projectile in the Hoist

Contained within the 5-inch/54 caliber (Mk 45) lightweight gun is the hoist tube responsible for moving ammunition between the loading station and loader drum. As cyberwarfare develops, we will need systems and solutions for moving a cyber projectile from development into test and finally into operational use. Organizations need the ability to identify weaknesses, countermeasures and overt protections against cyber tools. As the protections and countermeasures evolve, they are released in hours not weeks and months.

If an organization can measure how their cyber projectiles measure up against protections they will encounter on the battlefield, they may be able to prevent the loss of a projectile before it's used in an operation. This must become a 24x7 fully automated event not performed when a tool is released.

Read More

The Turing Test

In honor of Alan Turing, DreamPort plans to put on their own 'Turing Test'. In 1950, Alan Turing conceived of the idea to identify in a conversation between two entities, which entity was a robot, and which was human. Our DreamPort Turing Test will be an RPE competition where participants implement an automated process to interact with a Microsoft Windows machine just as a human user may do with the goal being to fool a human judge who is monitoring target computers via Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) into thinking a normal user is interacting with that machine and not an automated program or process. This RPE will use the DreamPort HQ network which will include both virtual and physical endpoints, servers and common services including connectivity to the Internet.

Participants should plan on using a fully patched Microsoft Windows 7 Ultimate as the target environment and will have substantial time to interact with the target for setup or instrumentation. There are no restrictions on the type of implementation (e.g. script, program, etc.) that a participant may use, and they can assume their program, script or service will have system level access to the target machine. The judges will not be allowed to browse the hard drive(s) of the target machine(s) or view the System Manager (process listing) of the target(s). They may only watch the desktop, but this means they can view the system tray if they choose.

Read More

The Gaps in the Armor

Wikipedia claims the word 'armor' is dated from 1297 and is described as "mail, defensive covering worn in combat". The concept of armor has evolved for more than seven hundred years into systems like our soldiers use today such as the United States Army Interceptor Body Armor and the Plate Carrier Generation III. Any wearable technology which keeps a soldier safe while weighing less than current armor carriers is an exciting proposition. These platforms carry small arms protective inserts (SAPI) ballistic plates to stop a variety of projectiles but it is impossible to cover the entire body leaving gaps that place the wearer at risk.

One of the interest areas of the team here at DreamPort is the application of low-power, lightweight mobile computing platforms to solve today's and tomorrow's problems especially those that can empower our warfighters. What kinds of armor are available for a mobile device when it is deployed? In this RPE, we will be looking for complete solutions to host a series of software packages or solutions to 'harden' a software product on a mobile computing platform. DreamPort will provide the software that must run (e.g. website, database, etc.) while the participants must choose the execution platform, hardware configuration (aside from battery power, solution must run on battery) and then they must take every possible step to harden their solution against attackers both physical and electronic (e.g. offensive cyber exploitation).

Read More

The Broken Gear in the Watch

Depending on the brand, there can be 17 or more parts in an automatic wristwatch. While we may sometimes prefer a tablet or laptop here at DreamPort, these watches definitely can catch the eye, sometimes all it takes is for you see the sticker price. SOHO and midrange routers and switches are more our speed. While they also seem to be slowing climbing in price, their firmware images can consist of hundreds of files and executables.

When a gear malfunctions in a wristwatch it can be replaced. What about a vulnerable file in a firmware image? A firmware image can be upgraded, but it requires authors to cross-compile executables and build and compress (and maybe encrypt) the new image. Sometimes the original author may choose not to address vulnerabilities that have been discovered. What are we the user left to do? What if our mission(s) or business depend on that device? What's even worse is that as more and more products are available for same-day delivery, who tests these devices for vulnerabilities during the rush to market?

Read More

We Want Your Input!

We have a list of RPE ideas and we'd love your input. Check out the list here, and register for the event(s) that you think is/are most interesting. There is no limit on how many you can register for.