Welcome
Hello and welcome to the Control Plane Capture the Flag (CTF) event at KubeCon EU - Cloud Native Security Day 2021.
We're here to learn the best security practices. There are a number of ways of learning:
- Talks throughout the day presented by individuals leading the way
- Meeting and collaborating with your peers at the event
Our Capture the Flag event is here to bring a third option to the learning experience, by doing!
TL;DR
Attack
We have clusters spun up with vulnerabilities ready for you to attack and learn from, you are effectively taking the role of a Red Team after gaining access to a node on the cluster.
Warning
We're going to be doing a lot of things that can be crimes if done without permission. You have our permission to perform these attacks against your assigned cluster.
The lessons learned from these exercises are to help educate, please don't look to hurt people or get yourself in trouble.
Only perform security assessments against your own systems or with written permission from the owners!
For more information in regards to using KubeSim again, please message the Taskmaster.
Setup
To get started, DM the Taskmaster (CTF Taskmaster (from Control Plane)🚩) on the CNCF Slack Security Days Channel. The Taskmaster will provide you with SSH credentials to access the cluster. Please follow the guide in our Setup page for further information.
Goal
You have 60 minutes to find the flag! The Taskmaster can then confirm that you have the flag and will congratulate you with emojis. You then have the opportunity to share how this could be prevented, effectively what the Blue Team, with honourable mentions to recommendations at the presentation at the end of the day.
Objective
Flags are hidden away but clearly defined with the flag_ctf{}
prefix e.g. flag_ctf{lshdfksjdjfs8fwhsjdfsdf}
. A flag could be anything from a variable to a file. The flags would be deemed high value for an attacker, whether this would be linked to credentials to data to exhilarate, that's enough clues for now!
Assistance
This is your opportunity to learn, if you feel out of your depth you're in the right place. We have assistants from Control Plane and Trend Micro ready to help you out, but their first tip is:
TRY HARDER!
You have one hour to attempt to capture the flag! If you require assistance then you can DM the Taskmaster but this will incur points to your score as well as a 20 minute time out to request for further assistance. Everyone needs a break! =)