本サイトは、快適にご利用いただくためにクッキー(Cookie)を使用しております。
Cookieの使用に同意いただける場合は「同意する」ボタンを押してください。
なお本サイトのCookie使用については、「個人情報保護方針」をご覧ください。
Hello everyone!!
We are Ichinose, Suzaki, and Takaesu as security engineers working for Mitsui Bussan Secure Directions, Inc.
We hosted a small event called “MINI Hardening” at HITCON CMT 2019 held from August 23 (Fri) to August 24 (Sat) at the Academia Sinica Humanities & Social Sciences building in Taipei. So, we will report this event.
Note: MINI Hardening is not an event of our company. It is conducted with fellows in the Japanese cyber security industry.
Before the main subject, we will explain about the HITCON and MINI Hardening, because you may not know it. Afterword, we will report the MINI Hardening with HITCON.
1. What is the HITCON?
“Hacks In Taiwan Conference” (HITCON) is the biggest cyber security conference in ASIA with trainings, briefings, business booth and many other activities like Black Hat and DEFCON. HITCON is announced that about 1,000 people participated in this event even though Typhoon approached.
In this time HITCON, briefings were held on 4 tracks (R0, R1, R2 and R4). We could not attend almost briefings because preparation of our event (MINI Hardening), however we thought that the briefings were high quality because some HITCON speakers also have spoken at Black Hat USA and DEFCON in this summer. In addition, there were also briefings and training by Japanese security engineers.
And to our surprise, HITCON has kindly given us an opportunity to hold a special one-day event on Day 2, named “MINI Hardening”, using the whole track.
1.1. Enjoyable activities for the participants
The HITCON had many enjoyable activities for the participants. For example, there was an event that the participants scan the QR codes in venue.
HITCON has provided the participants with delicious lunch boxes and sweets.
In addition, the HITCON had excellent the internet environment, also provided the Wi-Fi. However, this Wi-Fi included interesting trick. When our staff connected to the Wi-Fi, his MacBook’s hostname changed like below image. He surprised seeing the CVE number and “hacked” word. To tell the truth, when the participants connected to Wi-Fi, the HITCON DHCP servers have been set to distribute “hacked” hostname with CVE number.
In this way, there were many activities in HITCON, engineers and non-engineers could enjoy. Henceforward, we would like to use these ideas as a reference for future events of our company.
2. What is MINI Hardening?
The MINI Hardening is derived from WAS forum Hardening project. The participants in the Hardening project learn how to respond to security incidents over the 2 days period. On the other hand, the participants in the MINI Hardening project casually experience security incidents over a half day or 1 day period. Therefore, MINI Hardening is content that anyone with various attributes who has little security incident experience can also easily participate in it. * The detail of MINI Hardening project is here.
In MINI Hardening, the participants compete under the 2 roles.
- System Operator
The system operator should securely operate own systems.
After start competition, they have to quickly find vulnerabilities in own systems and fix vulnerabilities for minimize/invalidate effect of attacks. And they have to keep Confidentiality, Integrity and Availability of own systems during competition.
The participants in the MINI Hardening are responsible this role. - Attacker
The attacker attacks to the participant’s systems.
During competition, they attack to the participant's systems using vulnerabilities, executes various actions such as defacing Web sites, erasing data. And they try to compromise Confidentiality, Integrity and Availability of participant's systems.
MINI Hardening members are responsible for this role.
In this way, in the MINI Hardening, by the participants (system operators) experience various attacks that rarely daily business and to respond, the participants can learn how to securely operate systems.
2.1. Operational staff of MINI Hardening
MINI Hardening staff is;
Name | Role | |
---|---|---|
Masahiro Tabata | MINI Hardening team leader | |
Yoshihiro Kyan | Engineer of the cryptocurrency system | |
Isao Takaesu (MBSD) |
Engineer of scoring system & crawler | |
Yoshinori Matsumoto (Capy Inc.) |
Red team | |
Shun Suzaki (MBSD) |
Red team | |
Daiki Ichinose (MBSD) |
Red team |
3. Competition contents
In this competition, the participants play system operator of SORAMINE .Inc that deal in the cryptocurrency. And during competition, they need to defend own systems from various attacks. The MINI Hardening is team competition. In this time, there were 22 participants in MINI Hardening, so we made 5 teams (Team-A ~ Team-E, 4 to 5 people per team).
We have set competition period is 3 hours as past competitions in Japan.
However, we have made an hour intermission for to accord the HITCON program. During intermission, the participants can strategize with team members. In addition, we have set opening (introduction of competition), softening (feedback after competition) and awards ceremony. So the total time of our event was over 5 hours.
Each team's evaluation that proper system operation is quantified using our scoring rule (detail is 3.2). And after finished competition, a team earned highest score is the champion.
3.1. The target systems of operation
In this competition, the participants need to operate following systems.
Each systems are made using different CMS/Middleware, it include unique vulnerabilities of each systems and misconfigurations.
- Corporate Website
Corporate Website of SORAMINE .Inc. - Inquiry Website
Inquiry Website of SORAMINE .Inc. - Career Website
Career Website of SORAMINE .Inc. - Cryptocurrency trading Website
The clients of SORAMINE trade Ethereum in this Website. - Ethereum server
This server is connecting Cryptocurrency trading Website (No.4) in the backend.
If this server is compromised by attackers, the clients can not trade Ethereum on the cryptocurrency trading Website.
3.2. Scoring rules
The score is added to each team proportional to normal running time of systems. It is like SLA (Service Level Agreement).
In detail, we repeatedly run a tool called Web crawler that moves between Web pages. If the Web crawler can properly crawl on the above Websites, then the crawling action is considered a normal run of the system and the score is added to the team.
On the other hand, if the system is compromised by Web page is falsified or the system operator deleted the login accounts with miss-operation or the system operator interrupted the correspondence from Web crawler, then the Web crawler can not properly crawl on Website. So it is considered an abnormal run of the system and the score is not added to the team.
In this way, in order to earn a high score, the participants (system operators) must correspond the vulnerabilities and avoid miss-operation that significant affect system performance.
3.3. Attacking (one example)
We can not write all of attacking methods because we may hold this competition with same conditions in other event, however various incidents occur such Web page is falsified or suddenly stop the system in this competition. The purpose of this competition is to continue supplying service properly, so if these incidents occur, then the score is not added to the team. In addition, if the login password of each team is leaked by attack, then it is disclosed on the screen at venue.
3.4. Support tools
After the competition starts, the participants are focusing on system operations and the attackers attack according to the scenario. So, we have prepared support tools for visualization of system operational condition and scoring.
3.4.1. Visualization tool of system operational condition
This tool can visualize the system operational condition of each team. It displays the top page of each team's Websites per tens of seconds.
If the attackers falsify the Web page then falsified Web page is displayed on this tool. In addition, if the system couldn't reply the response in order to attacks or miss-operation then error page is displayed in this tool.
In this way, we can visualize system operational conditions of each team using this tool, so the participants (system operators) can quickly confirm current system conditions.
3.4.2. Scoreboard
Each team's earned scores are real-timely displayed on the scoreboard. The scoreboard can display the score with colorful line graph and numeric. The numeric on the scoreboard are displayed the earned score (under left) and opportunity loss (under right).
In this way, we can visualize current score of each team using this tool, so we can kindle competitive spirit of the participants (system operators).
4. Preparation
In this chapter, we will explain some ingenious points when hosted the “MINI Hardening with HITCON” overseas.
4.1. PR activities
The MINI Hardening is well known among the Japanese because we have abundant experience of holding MINI Hardening in Japan. However, it has never been held in Taiwan, We guess that the Taiwanese people know little about MINI Hardening. So, we have focused on PR activities toward Taiwanese people.
First, we publicized PR with Chinese/English/Japanese that MINI Hardening will host in HITCON via MINI Hardening official Twitter. Second, MINI Hardening member Mr. Matsumoto presented about it at COSCUP held the week before HITCON. The presentation content is here.
In addition, we are really pleased because of official HITCON announcement (Facebook, Email) also sometimes published a PR for MINI Hardening. Thank you!!
And, Mr. Po-Shen Chiu who HITCON leader in this time also introduced MINI Hardening in opening ceremony of HITCON. Thank you!!
Thanks for the effort, finally 24 participants (we can make 6 teams, 4 participants per team) were joined in our event (including unofficial participants). However, a few participants cancelled joining MINI Hardening (maybe effect of Typhoon).
In addition, we allowed visitors can come into a competition venue of MINI Hardening, so some visitors offered us "We want to join the MINI Hardening just now". In this way, we allowed unofficial participants (visitors) can join the MINI Hardening. In this point, we thought it is a good system because of fit the MINI Hardening concept that participants can casually experience the cyber security incidents. However, we instantly defined special rules for them that all unofficial participants were in the same team. And we did not evaluate their team score because they were unofficial participants.
4.2. Localize documents and competition environment
We had to translate documents and competition environment from Japanese to English because this event was held in overseas. We have set the main language is English in our event because all of MINI Hardening staff can not speak Taiwanese or Chinese. However, we enough added competition's explanation we have spoken verbally in the past event into the documents because we thought participants of our event may be not able to get to use English. As a result, our documents were greatly modified.
In addition, we also localized it because of the competition environment and tools are suitable for Japanese culture.
4.3. How to keep our motivation
We may have conflicting opinions because we were seriously discussing about our event. In fact, our event may be suspended because the typhoon was approaching Taiwan, so we have seriously discussed about alternative plans for our event in Taipei. In addition, MINI Hardening staff were very exhausted because they were first experienced the overseas event and they had a tight schedule.
Meanwhile, below items contributed for keeping our motivation.
We made special T-shirts that were printed logos of MINI Hardening and HITCON after we receive permission from HITCON. And we were wearing those T-shirts during competition. The moment we put on those T-shirts, our motivations were went up, and we felt like we were filled with so much energy!
We have prepared a special table cloth for raise atmosphere of competition. It was very cool.
In addition, we have made special stickers of “MINI Hardening with HITCON”. This sticker also contributed for raising our motivation. By the way, those stickers had been very popular when in this event.
Finally, we will introduce the official flag of MINI Hardening which was made by Mr. Matsumoto who MINI Hardening member. He has been in Taipei since last week. When we arrived from Tokyo to the airport in Taipei, Mr. Matsumoto welcomed us with the MINI Hardening flag. When we saw his positive pose, we felt that our fatigue was reduced.
Those are normal items, however those helped to went up our motivation.
5. Competition
5.1. Preparation of venue
Please look at the picture below.
By HITCON provided us with an excellent venue, we could prepare the comfortable competition environment. Thank you!!
Our event was on the Day 2, so we started preparing the venue after end of Day 1. We were able to prepare the ensuring of power sources and wiring LAN cables, thanks to HITCON staff. In addition, Mr. Po and Ms. Melody supported us until closing time of venue. Thank you very much!!
Thanks to HITCON friends, we were able to complete the preparation of the venue.
5.2. Competition start
Before the competition started, we explained about rules, competition environment and notes. The participants listened to our explanations seriously.
After the competition started, all of the participants started to explore the vulnerabilities and configurations in own system, and started to fix the vulnerabilities and misconfigurations.
After an hour from competition started, the attackers started various attacks to each team's system.
We performed the play-by-play about attacks and current score using mike because to excited the competition. And sometimes we encouraged the participants.
When each team's systems were received attacks, each team’s display on Visualization tool of system operational condition changed like above picture. Then the participants had an expression of agony.
In addition, when MINI Hardening member used wall commands in Linux to give tips on attacks to participants, the participants had an expression of bittersweet.
Taiwanese mass media came in our event. Maybe, our event had received attention in Taipei. Our event's article is here.
5.3. After competition
The competition ended in 3 hours without any problems.
After a few minutes intermission, we started softening (feedback) from attackers to participants. In softening, the attackers explained attack methods and countermeasures in detail.
The picture above shows Mr. Suzaki and Mr. Ichinose explaining the attack methods and countermeasures. All participants were listening to the attacker's explanation seriously. In addition, some participants have directly asked us about attack methods. We thought Taiwanese are very diligent.
5.4. Awards ceremony
After softening, we hosted an awards ceremony.
In this competition, the number of teams was 5. The final score is:
Team name | Score |
---|---|
Team-A | 12,522 |
Team-B | 6,861 |
Team-C | 7,299 |
Team-D | 6,703 |
Team-E | 7,291 |
The campion was Team-A!!
Team-A score was initially low, however gradually gained scores. And they reached the top ranking in last an hour. Finally, they scored about twice the score of the second team.
Team-A consisted of 4 people.
They entered the venue the earliest and discussed the countermeasures using the lunch break when the competition was suspended. In addition, their systems correspond correctly to the attacks during the competition, and the system was operating almost stably.
One MINI Hardening member said, “I think they are the best team ever”.
Team-A members were highly skilled so we thought Taiwanese engineers have high skills.
Mr. Tabata, the leader of the MINI Hardening project, presented Champion T-shirts to Team-A members at the award ceremony. And we took a commemorative photo together. Team-A members were laughing.
6. HITCON closing ceremony
We attended the HITCON closing ceremony.
Mr. Po referred our event at the closing ceremony. Thank you very much!!
At the closing ceremony, Lightning talk (LT) was held, we were able to participate in LT, thanks to HITCON.
We talked about the significance of MINI Hardening, the worries that the typhoon was approaching to Taipei, and the thanks to HITCON. The venue was exciting with our LT and it was a very cool LT. LT movie is here (our LT is from about 26:00).
7. Ending
This time we were nervous because we hosted MINI Hardening at the world famous HITCON. However, by the cooperation of various people, the "MINI Hardening with HITCON" was successfully completed. And we received feedback from some participants after the competition, and we are glad to receive so many positive feedbacks.
We participated the HITCON for the first time. The community was very lively, the staff was very good and full of young power. In addition, many women staff was also active.
Thanks to Mr. Po, we were also invited to the job-well-done party of HITCON staff. There, we were able to interact with people from Japan and Taiwanese people. We really wanted to continue to interact with them.
Finally, we would like to thank you for inviting us to the wonderful HITCON community.
We will create content as great as HITCON and expand our event so that participants can get as much knowledge as possible. We would also like to host the MINI Hardening at the HITCON next year if possible. In addition, we would like to expand our event all over the world.
Acknowledgments
We would like to thank most sincerely everyone involved in "MINI Hardening with HITCON". Particularly, we would like to thank sincerely Mr. Tabata, Mr. Matsumoto and Mr. Kyan who MINI Hardening member. And we would like to thank sincerely Mr. Yamazaki (Macnica Networks Corp.) who supported the MINI Hardening members from the preparation to the day of the event. We want to send you hug and beer.
And we would like to thank sincerely Mr. Ueno (Tricorder Co. Ltd.) who introduced the MINI Hardening to HITCON community, Mr. AIDO who care about the MINI Hardening in Taipei, Mr. Tsubo who cooperated in reviewing our English documents.
Finally, we would like to thank sincerely HITCON friends (Mr. Po, Ms. Melody and all staff) for their great efforts in preparing the venue, setting up the venue, adjusting the event schedule, and so on, and send a special respect.
一ノ瀬太樹, 洲崎俊, 高江洲勲
おすすめ記事