Module B of the Network Security Project of the Third Guangdong Vocational Skills Competition

This file is: Questions for the Network Security Project of the Third Guangdong Vocational Skills Competition-Module B Sample Questions The duration of this competition is 4 hours .

to introduce

Competitions have fixed start and end times, and teams must decide how to allocate time efficiently. Please read the following guidelines carefully!

(1) When the competition is over, please do not turn off the phone when leaving;

( 2) All configurations should be valid after reboot ;

( 3 ) Please do not modify the configuration of the physical machine and the hardware settings of the virtual machine itself.

Equipment and Materials Required

All test items can be completed by competitors with the equipment and software specified in the infrastructure list.

Grading scheme

According to the standard specification of the skill competition in the current technical description, the module score of this test item is 35 points.

Description of projects

With the continuous development of the network and informatization level, network security incidents are also emerging one after another . Various network attacks such as network malicious code transmission, information theft, information tampering, remote control, etc. have seriously threatened the confidentiality of information systems. completeness and availability. Therefore, technical work such as combating network attacks, organizing emergency response to security incidents, and collecting electronic evidence is an important part of network security protection. Now, Group A has suffered an illegal malicious attack from an unknown organization. Your team needs to help Group A trace the source of this network attack, analyze the evidence clues of malicious attacks, and find out the loopholes or malicious attacks in the operating system and applications Code to help it consolidate its network security defenses.

The task is divided into the following parts:

● Response to network security incidents

● Digital forensics investigation

● Application Security

The test materials for each task in this part have been placed in the corresponding task directory of the contestant’s operating machine. After the contestant completes the task, please fill in the answer on the computer desktop in “The Third Guangdong Province Vocational Skills Competition Network Security Project-Module B Answer Sheet” middle.

The software required for the competition is already provided on the competitor

task

Part I Cyber Security Incident Response

Task 1: Emergency Response

The Web Server of Group A was hacked, the web application system of the server was uploaded with malware, and the system files were damaged by malware. Your team needs to help the company trace the source of this network attack and conduct comprehensive inspection on the server. , including log information, process information, system files, malicious files, etc., so as to analyze the hacker's attack behavior and the remaining key evidence information.

List of materials for this task: WebServer server virtual machine ( Linux or Windows operating system)

The attacked WebServer server has been packaged into a VMWare virtual machine, please start the virtual machine and enter the operating system for analysis.

Operating system login username/password: root/123456

Please complete the task of this part according to the requirements of the answer sheet.

Task 1 : Emergency Response
serial number	mission requirements	the answer
1	Please submit the IP address of the attacker
2	Please write down the operating system used by the attacker
3	Please submit the name of the Trojan file written by the attacker
4	......

Part II Digital Forensics Investigation

Task 2 : OS Forensics

A computer system of Group A was attacked and controlled by malicious persons. It is suspected that it has carried out sabotage operations and stolen sensitive information within the group. Please analyze the system image and memory image provided by Group A to find the malware in the system image and analyze it. Malware behavior.

Material list : memory image ( *.vmem) , storage image ( *.img, etc.)

Please complete the task of this part according to the requirements of the answer sheet.

Task 2 : OS Forensics
serial number	mission requirements	the answer
1	Please submit the last command executed by the attacker
2	Please write down the Flag information hidden in a file on the desktop , submit format : Flag {...}
3	Please indicate the PID of the malicious process in memory
4	......

Task 3: Network packet analysis and forensics

The network security monitoring system of Group A found that malicious attackers attacked the official website of the group and captured some suspicious traffic packets. Based on the captured traffic packets, please search for network attack clues and analyze the malicious behavior of hackers.

Material list for this task : captured network packet files ( *.pcapng , *.pcap, etc.)

Please complete the task of this part according to the requirements of the answer sheet.

Task 3 : Network packet analysis and forensics
serial number	mission requirements	the answer
1	Please submit the time when the attacker successfully attacked, format: ( YYYY - MM - DD HH : mm : SS . SSSSSS )
2	Please indicate the file name
3	Please decrypt the encrypted data content returned by the server
4	......

Task 4: Computer stand-alone forensics

Analyze a given forensic image file and search for evidence keywords (clue keywords are " evidence 1", " evidence 2", ..., "evidence 10", in text form or image form, case-insensitive), please Extract and fix the target evidence files required by the competition

accounted for no less than 15%. Forensic information may be hidden in normal, deleted or damaged files, and you may need to use transcoding techniques, encryption and decryption techniques , steganographic techniques, data recovery techniques, and familiarity with commonly used file formats (such as office documents, compressed documents, pictures, etc.).

List of materials for this task: Forensic image files ( *.e01 , *.img, etc.)

Please complete the task of this part according to the requirements of the answer sheet.

evidence number	Filenames in the forensic image	Hash code of the original file in the image ( MD 5 , case insensitive )
evidence1
evidence2
evidence3
evidence4
evidence5
evidence6
evidence7
evidence8
evidence9
evidence10

Note: Each piece of evidence must have both the file name and the Hash code correct to be scored.

Part III Application Security

Task 5 : Application Security Analysis

Group A found suspicious application samples during the network monitoring process. Your team needs to assist Group A to conduct reverse analysis of the suspicious application, conduct investigation and evidence collection of hacker attacks, and submit relevant information forensics analysis reports.

Material list for this task: application files ( ELF , *.exe , *.sys, etc.)

Please complete the task of this part according to the requirements of the answer sheet.

Task 5 : Application Security Analysis
serial number	mission requirements	the answer

1	Please write the name of the file written by the malicious program (without the path)
2	Please write the server domain name of the remote communication of the malicious program
3	Please point out the destructive behavior of the malicious program
4	......

Task 6: Code Audit

代码审计是指对源代码进行检查，寻找代码存在的脆弱性，这是一项需要多方面技能的技术。作为一项软件安全检查工作，代码安全审查是非常重要的一部分，因为大部分代码从语法和语义上来说是正确的，但存在着可能被利用的安全漏洞，你必须依赖你的知识和经验来完成这项工作。

本任务素材清单：源代码片段 (php 、c 、java)

请按答题卡的要求完成该部分的工作任务。

任务 6：代码审计
序号	任务要求	答案
1	请指出存在安全问题的代码行 (只写一行)
2	请写出该行代码存在什么漏洞或弱点
3	......

分值分配表

序号	描述	分值
B	网络安全事件响应、数字取证调查、应用程序安全	35
B1	应急响应	8
B2	操作系统取证	6
B3	网络数据包分析取证	6
B4	计算机单机取证	7
B5	应用程序安全分析	6
B6	代码审计	2

Module B of the Network Security Project of the Third Guangdong Vocational Skills Competition

Guess you like