Playing Capture The Flag with a team on location is something completely different than performing penetration tests, security assessments or even trying to solve CTF challenges over the Internet.

At Defcon 23 I joined a team of really knowledgeable, nice and friendly people for the OpenCTF competition. It was an exhilarating ride from setting up all equipment to the glorious finish. Playing Capture The Flag on Defcon was educational but foremost fun, fun and fun.

So why would you spend a good chunk of 48 hours sitting in a chair behind a screen while there is so much more to see and experience at Defcon ? In one word: The undescribable exciting atmosphere of playing during a conference, of competing against all these bright people from all over the world, desperately trying to solve the challenges.

Here are some of my personal notes on how to get the most out of competing in an OpenCTF competition with a team:

• Allow plenty of time before the competition to set up (and harden - don't be a fool like me) your machine. Make sure you have all necessary tools and notes.
• Make sure beforehand that all team members have one communication channel (eg. IRC …

Last month I held a number of presentations on the latest and greatest HTTP/2 protocol. It's an area where there's currently a lot of demand for knowledge and practical tips. Most people are surprised to find out that the're actually already using it on a daily base.

If you're interested you could check out an Ansible role which installs a number of client-side and server-side tools all HTTP/2 enabled:

• curl - A data transferring tool with HTTP/2 support
• h2load - A benchmarking tool for HTTP/2 and SPDY servers
• nghttp - A HTTP/2 client with SPDY support
• nghttpd - A HTTP/2 server with SPDY support
• nghttpx - A transparent HTTP/2 proxy with SPDY support
• openssl - A cryptographic library with ALPN support (1.0.2-chacha)

The following libraries will be installed:

• libcrypto - OpenSSL
• libcurl - CURL library
• libnghttp2 - A HTTP/2 and HPACK C library
• libspdylay - A SPDY library
• libssl - OpenSSL

You can find the role at https://github.com/PeterMosmans/ansible-role-http2

As you probably read somewhere else, and on another place, and another... on March 3rd 2015, another attack on SSL/TLS was published. Following the tradition of BEAST, CRIME, Heartbleed, LUCKY13 and POODLE this one also has a catchy name: FREAK (Factoring RSA Export Keys).

It's a man-in-the-middle attack where a man in the middle can decrypt a SSL/TLS connection between a client and a server.

Vulnerable *servers* are servers that accept export-grade ciphers (RSA-EXPORT). Checking whether a server is vulnerable can be done in many ways.

• Take for example analyze_hosts.py, a Python wrapper around several tools:

analyze_hosts --ssl HOST

If you see any EXPort ciphers, the server is vulnerable.

• Another way is by using cipherscan

cipherscan HOST:443

If you see any EXPort ciphers, the server is vulnerable.

• Yet another way is by using nmap:

nmap --script ssl-enum-ciphers -p433 HOST

If you see any EXPort ciphers, the server is vulnerable.

You get the idea...

Mitigate this vulnerability server-side by making sure that your server doesn't allow export ciphers in the OpenSSL configuration: add the following expression

!EXP

There are also vulnerable clients...

Clients using OpenSSL are not vulnerable if they were built after CVE-2015-0204 was published.

The …

If you're like me, you don't want to spend your precious memory on remembering awkward command line parameters. However, lots of tools require exactly that: awkward command line parameters.

Note that the latest version is the Python version - please use that one.

git clone https://github.com/PeterMosmans/security-scripts.git

usage: analyze_hosts.sh [OPTION]... [HOST]

Scanning options:
 -a, --all perform all basic scans
 --max perform all advanced scans (more thorough)
 -b, --basic …