IRISS CERT

Ireland's first CERT (Computer Emergency Response Team)

IRISSCON

Registration for IRISSCON Cyber Security Challenge 2017 is open! (please note there may be a waiting list)

 

As part of IRISSCERT's annual Conference on Cybercrime we run Ireland's premier Cyber Security Challenge. This year's challenge is being run for us by IBM.

 

It can take organisations months to discover that their systems have been compromised with nothing stopping sensitive data being exfiltrated the entire time. With this in mind IBM have developed a Capture The Flag (CTF) focused on the dangers of Advanced Persistent Threat. Participants are challenged to hack into purpose built vulnerable systems and run our custom made "malware" that will syphon points for every minute the system is compromised.

 

Competition Details

Here is an overview of one of our previous Cyber Security Challenges

 

 

 

 

Entry

If you would like to compete please register here. Entry to IRISSCERT's Cyber Security Challenge is part of the overall entry to IRISSCERT's annual Conference on Cybercrime. Places for the competition will be allocated on a first-come, first-serve basis. 

This year there will be individual and team challenges. Teams will be made up of a maximum of 4 players per team.  If your team does not have 4 players we can arrange to allocate individuals to your team if you so wish.

If you are entering a team please email the details of your team including the team name and those who are on your team to info@iriss.ie.

 

Go to Top>>

 

Rules of Engagement

Violation of these rules will lead to immediate expulsion from the exercise.

  • You can exploit any vulnerability you find on the servers, however, you shall not run any penetration test via the Internet.

     

  • Internet Access is not permitted to access the testing network.

     

  • No denial of service attacks.

     

  • Do not try to bring the servers down.

     

  • No arp spoofing of the connection to the target network.

     

  • Be conscious of hogging the system – remember you should treat these systems as if they are in ‘production’.

     

  • You can create new user accounts but do NOT change the passwords of existing accounts.

     

  • Only attack the target subnet as detailed in the scope provided on the day. The following are out-of-scope:
    • Fellow competitors.
    • VMware hosting software.
    • Routers.
    • Switches.
  • If you want to install software on the target servers, that is fine as long as it does not break the existing application or require a reboot.

     

  • Play nicely with team-mates and fellow competitors. Some people will move faster than others – that’s ok.

     

  • You can use any tool you have (for commercial tools, you must have a license).

     

  • If you need to download a new tool, please disconnect from the test network and do so through your own wireless/3G set-up.

     

  • During the challenges DO NOT:
    • attack the hotel network.
    • connect our target networks to the Internet.

Anyone adjudged to be breaking any of the above rules will be dealt with severely, ranging from your access to being restricted for a period of time to being eliminated from the competition.  The decisions of the judges will be final.

 

Go to Top>>

 

Challenge Sponsor

We would like to thank our sponsor for supporting this year's IRISSCON Challenge event.

 

Go to Top>>

 

ISI TI-Accredited WARP