Register for RPE-012: The Finches Across the Islands

Register for RPE-012: The Finches Across the Islands.

A valid first name is required.
A valid last name is required.
A valid company or organization is required.
A valid website is required.
A valid email is required.
A valid phone is required.
A valid reason is required.
The CyberWire

RPE-012: The Finches Across the Islands

This competition pits two sides of the 'room' against each other on offense versus defense. We are looking for both attackers and defenders to answer the following questions:

  • Can an attacker start with an existing sample and modify it, so the two variants are not considered alike by an IDS rule when communicating across the network?
  • If so, how quickly?
  • Can they modify a binary sample or source code with an automated process?
  • If so, how quickly and what languages do they support?
  • Can a defender write an IDS rule for a sample (Zeke, Suricata or Snort) based on network capture of an infected host (and a copy of the original sample)?
  • If so, how quickly?
  • Can the defense-written IDS rule catch modifications of the original infection if they know more are coming?
  • Can they modify their rule to catch multiple samples (given copies of the modified and original)?
  • If so, how quickly?
  • Can a defender modify their network analysis tool with new rules, settings or features and avoid writing an anomaly detection rule entirely?