Announcement

Collapse
No announcement yet.

Office Scenario Contest

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Office Scenario Contest

    So here's the spiel. The competition will be based on game like scenario where almost every bit of intelligence counts. A max occupancy will be either 8 individuals or 8 teams. That's up for those who want to participate to decide.

    The competition will provide you with everything needed other then the computer to complete your tasks of course.

    Alright, down to the goodies, this is just a test phase to see what you the community think, but I believe it should take off nicely.

    You, an operative from a Spy agency, is given a task to go work another company; lets say Microsoft. The spy agency has a lead that there is soemthing being developed behind the scenes and would liek to know about it. Since we gave Microsoft for an example lets say, Windows XP Secured Edition. Your task is to get a job at the victim corporation and steal the schematics for such and such project.

    To start off you will be given an analog phone which will connect to an IVR to provide details on the victim company. You will also be given a office like situation inside of the company. For example, user logins to the intranet which will allow you to use your VoIP phone (we're providing cisco 7940's), and other specific things a typical office will have. We'll also give you a network drop for your laptop. Teams wil have to provide a switch / hub of some sort to split the connection among teammates.

    Our hope is to create a live like scenario which will throw almost all aspects of security and intelligence at you.

    From here, we'll simulate a majority of the traffic going on. There will be simulated calls which will provide details of who has the project's files, what's being developed, and other critical aspects. It's your job to record these calls and use the information to hack the computer holding the schematics for the project. Once you obtain these files your the winner.

    Other then calls, there will be such aspects as emails and instant messages. As most companies have now-a-days.

    Scoring will consist of how much information you obtain. If you can only get a specific amount of information and are unable to continue, then you will be given a certain amount of points. So far prizes are being calculated. It will be hardware with value between 200-400$. If lucky enough we may let you walk with the 7940 :-).

    That's basically the jist of what we're aiming at. It'll require both voice and data knowledge to compete. But overall I believe it's a good chance for those phreakers to get their hands wet. Depending on the feedback given, I'll decide whether or not to post an official rules set / scenario of game play.
    FLeiXiuS
    Member
    Last edited by FLeiXiuS; December 15, 2005, 17:17.
    Linux is not the answer, its the question; the answer is yes!

  • #2
    Originally posted by FLeiXiuS
    other then
    lets say
    soemthing
    liek
    JeffK? Is that you?

    Windows XP Secured Edition
    Not familiar with this in the Microsoft product lineup; got a link to it?

    Your task is to get a job at the victim corporation and steal the schematics for such and such project.
    Issues with the word 'schematics' aside - you're basically proposing CTF.

    To start off you will be given an analog phone which will connect to an IVR to provide details on the victim company. You will also be given a office like situation inside of the company. For example, user logins to the intranet which will allow you to use your VoIP phone (we're providing cisco 7940's), and other specific things a typical office will have. We'll also give you a network drop for your laptop. Teams wil have to provide a switch / hub of some sort to split the connection among teammates.
    Let's see if I've got this straight: you'll dial in to a 'company' and attempt to steal their 'schematics'. However, both the player and the adversaries are aware that this is not a real-world situation.

    Since both sides know they're basically faking it, how the hell is anyone meant to actually progress through the game?

    Our hope is to create a live like scenario which will throw almost all aspects of security and intelligence at you.
    Uhh... No. Not in this case.

    From here, we'll simulate a majority of the traffic going on. There will be simulated calls which will provide details of who has the project's files, what's being developed, and other critical aspects. It's your job to record these calls and use the information to hack the computer holding the schematics for the project. Once you obtain these files your the winner.
    You've never worked in a development environment before, have you?

    Scoring will consist of how much information you obtain. If you can only get a specific amount of information and are unable to continue, then you will be given a certain amount of points. So far prizes are being calculated. It will be hardware with value between 200-400$. If lucky enough we may let you walk with the 7940 :-).
    You should probably make it a cash prize. Cisco 7940s are losing value by the hour, and are largely worthless outside of a Unity environment - particularly when someone can have Vonage send them a free VoIP TA and connect a regular analogue phone to it.

    That's basically the jist of what we're aiming at. It'll require both voice and data knowledge to compete. But overall I believe it's a good chance for those phreakers to get their hands wet. Depending on the feedback given, I'll decide whether or not to post an official rules set / scenario of game play.
    Go ahead and post it; don't let my comments dissuade you - but from the way you've described it, this contest has a number of fundamental flaws you may want to consider before moving forward.

    Comment


    • #3
      Yeah, interesting idea, but I'd like to hear how playtesting with your friends goes before trying it at defcon. If you run it like an RPG then it may work, but those take an incredible amount of work to build from scratch...
      --- The fuck? Have you ever BEEN to Defcon?

      Comment


      • #4
        Skroo there are a few points I would like to revise due to your comments.

        Originally posted by skroo
        JeffK? Is that you?
        Umm, nope!


        Originally posted by skroo
        Not familiar with this in the Microsoft product lineup; got a link to it?
        That was sleezy microsoft joke.

        Originally posted by skroo
        Issues with the word 'schematics' aside - you're basically proposing CTF.
        This actually brings up a good point of view. You could call it CTF, with a twist. You'll have to complete an amount of other tasks before you can actually obtain the company plans, the flag. You will be given clues along the way to aid your search for the plans/schematics.

        Originally posted by skroo
        Let's see if I've got this straight: you'll dial in to a 'company' and attempt to steal their 'schematics'.
        No not at all in this case. The phones are in place incase you would want to route VoIP traffic to your extension. We may have another use, as for now we're just gathering idea's and building a story line. Things are still a work in progress. I turned to the community for comments and feedback regarding idea's and concerns.

        Originally posted by skroo
        Since both sides know they're basically faking it, how the hell is anyone meant to actually progress through the game?
        Obtain as much valuable information over the network as you possbly can. The more information you collect, the more points you will receive. Of course you can win by either having the most amount of points or hijacking the target files.

        Originally posted by skroo
        Uhh... No. Not in this case.
        Allow me to correct my self please. Of course we could go about implementing security infrastructure to the fullest extent, it's possible of course; but a shit load more work. We're finalizing a story line to release and until then it's really unclear what we are proposing. You could call it an RPG CTF brawl.

        Originally posted by skroo
        You've never worked in a development environment before, have you?
        I'm not to sure why this comment was brought up, the simulation aspect has already been thought out and tested. If thats what you were reffering to, not too sure...

        Originally posted by skroo
        You should probably make it a cash prize. Cisco 7940s are losing value by the hour, and are largely worthless outside of a Unity environment - particularly when someone can have Vonage send them a free VoIP TA and connect a regular analogue phone to it.
        This is still debatable. I was contemplating the ability to choose, hardware/cash. Or a mix of both. This is still under argument among my team.

        Originally posted by skroo
        Go ahead and post it; don't let my comments dissuade you - but from the way you've described it, this contest has a number of fundamental flaws you may want to consider before moving forward.
        I appreciate all of your feedback, it has helped us decide leading obligations we were having. Thanks!

        Originally posted by kallahar
        Yeah, interesting idea, but I'd like to hear how playtesting with your friends goes before trying it at defcon. If you run it like an RPG then it may work, but those take an incredible amount of work to build from scratch...
        We've got weeks of work ahead of us.
        Linux is not the answer, its the question; the answer is yes!

        Comment


        • #5

          .. ok .. so networking support started in 3.1 .. you find me a better screenshot :p
          if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

          Comment


          • #6
            Originally posted by FLeiXiuS
            I appreciate all of your feedback, it has helped us decide leading obligations we were having. Thanks!
            Glad it helped, but I still don't understand exactly what it is you're trying to accomplish here.

            The issues raised above aside, your first post made it sound like this was more of a social engineering contest - but from the second one, it sounds more like traditional network-based CTF. It's not very clear as to where the telephony aspect of this relates to the networking aspect - in all honesty, I'm not even sure how this contest is meant to operate.

            Originally posted by converge
            .. ok .. so networking support started in 3.1 .. you find me a better screenshot :p
            Pah - IPX had been running on top of DOS for *years* before Windows 3.x was even thought of! :)

            Comment


            • #7
              i think this contest sounds like a great idea, the only problem is i think you would need an entire office room to make it happen. i mean the contest concept is great but for this contest to be more "life like" it would be nessisary to use things that would happen outside the computer. getting whole cubicals however seems quite inpractical for each team.

              good luck with hammering out the details though, sounds like fun if you get it to work :P

              Comment


              • #8
                That image..."laughs" :-)

                Theres a bit more to be explained, as I said I'm just trying to get the idea accross the community for feedback. I'll later respond hopefully with a full proposal / story line.
                FLeiXiuS
                Member
                Last edited by FLeiXiuS; December 16, 2005, 15:51.
                Linux is not the answer, its the question; the answer is yes!

                Comment


                • #9
                  Originally posted by skroo
                  Pah - IPX had been running on top of DOS for *years* before Windows 3.x was even thought of! :)
                  ... yeah, thats why its a DOS box silly :p .. but the only one I could find was 3.2. I tried to change the sticker to look like a 0 because wasn't it in 3.1 that they started down the path of networking support?
                  if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                  Comment


                  • #10
                    You know, I wonder why that box is so huge since all it contains is what? 2 floppies and a manual?
                    -Ridirich

                    "When you're called upon to do anything, and you're not ready to do it, then you've failed."

                    Commander W.H. Hamilton

                    Comment


                    • #11
                      Originally posted by FLeiXiuS
                      The phones are in place incase you would want to route VoIP traffic to your extension.
                      This is probably not necessary unless you are actually attempting to divert calls for two-way communication. Network monitoring tools (Cain & Abel immediately springs to mind) are starting to include the ability to easily listen to captured traffic on your PC.

                      Originally posted by Ridirich
                      You know, I wonder why that box is so huge since all it contains is what? 2 floppies and a manual?
                      It has been a while, but I believe that the manuals that came in the box were monsters (unlike the manuals of today); this was partly due to the inclusion of the BASIC manual (which was spiral-bound). There was also a lot of advertisements taking up space.

                      However, as I said, it has been a very long time and I was very young so correct me if I am wrong.

                      Originally posted by skroo
                      Pah - IPX had been running on top of DOS for *years* before Windows 3.x was even thought of! :)
                      converge already covered it, but I was quite amused that skroo automatically associated 3.1 with Microsoft Windows. Let's just hope nobody rounds pi off to one decimal place...

                      (Of course, skroo could be browsing the forum without images, in which case he would merely have seen the filename of winxpsecured.jpg.)

                      Comment


                      • #12
                        Originally posted by converge
                        ... yeah, thats why its a DOS box silly :p .. but the only one I could find was 3.2. I tried to change the sticker to look like a 0 because wasn't it in 3.1 that they started down the path of networking support?
                        Actually, it was Win 3.11 aka "Windows for Workgroups" that had network support out of the box. DOS 6.x had LAN Manager support built in to it also. In fact with a bit of tweaking you can still get a DOS box to talk to an Windows domain. (Only gawd knows why you'd want to...)

                        The retail box for DOS actually had about three 3.5" floppies, but as Voltage Spike said, there were real manuals in there. They had 5x8" pages, with a 1.5" three-rig binder.
                        Thorn
                        "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                        Comment


                        • #13
                          Originally posted by Thorn
                          DOS 6.x had LAN Manager support built in to it also.
                          Not that you are wrong, but this page indicates that Microsoft added support for "Microsoft networks" in 3.1 (as skroo said).

                          Originally posted by Thorn
                          The retail box for DOS actually had about three 3.5" floppies
                          From the same page, if it had been a 3.1 box it couldn't have contained 3.5" floppies. (Microsoft didn't add support for that hardware until 3.2).

                          Comment


                          • #14
                            Originally posted by Voltage Spike
                            Not that you are wrong, but this page indicates that Microsoft added support for "Microsoft networks" in 3.1 (as skroo said).
                            <shrug> Could be, although the linked page also has Win 3.1, Win3.11 and "WfWG 3.1" as different products, and I could swear it was only 3.1 and 3.11/WfWG. I can't back up my what I recall, as I cleaned out the last of my old Win3.1 era disks and books serveral months back.

                            Originally posted by Voltage Spike
                            From the same page, if it had been a 3.1 box it couldn't have contained 3.5" floppies. (Microsoft didn't add support for that hardware until 3.2).
                            You've got me there. I don't think I ever used DOS 3.0. I used DOS 2.1 on 5.25" floppies up until 3.2 or 3.3 came out, and I made the switch to the smaller floppies.
                            Thorn
                            "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                            Comment


                            • #15
                              heh.. good times

                              Originally posted by site
                              1993 March Microsoft introduces the MS-DOS 6.0 Upgrade, including DoubleSpace disk compression.
                              Which many immediately thought was a great idea to make better use of their limited drive capacity...

                              Originally posted by site
                              1994 February Microsoft releases MS-DOS 6.21, removing DoubleSpace disk compression
                              ... until users discovered that Microsoft coders were not on enough crack to properly write the compression utility .. the buggy utility corrupting many a data set made some folks a little unhappy with it. .. good thing this didn't turn out to be a pattern for Microsoft products.

                              Originally posted by site
                              1994 June Microsoft releases MS-DOS 6.22, bringing back disk compression under the name DriveSpace.
                              Woohoo! it works .. at least it only took 4 months to make it work as intended ...
                              if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

                              Comment

                              Working...
                              X