当前位置:网站首页>Annex 4: scoring criteria of the attacker docx
Annex 4: scoring criteria of the attacker docx
2022-07-04 04:52:00 【Planet Guardian】
One 、 Bonus rules
1、 Set an attack target , Do not set attack path , Other targets won during the attack are regarded as the attack results , Included in the scoring range .
2、 The maximum score of an attack team in the same defensive unit is 37000 branch , Include :
1) Gain control of the system ( That is, the attack path points ) Maximum score 3000 branch ;
2) Break the upper limit of network boundary scores 8000 branch ;
3) Get the upper limit of the control right score of the target system 10000 branch ;
4) Get the upper limit of important data scores 8000 branch ;
5) Get the upper limit of permission score of other important business systems other than the target 8000 branch .
3、 The attack team is forbidden to download 、 Store defensive unit data , Only relevant evidentiary materials need to be provided .
4、 Enter the intranet of the target unit through the supply chain , The authority of the controlled supply chain system is not scored , The important data of the participating units obtained from the supply chain are scored separately . Supply chain attacks should be reported in advance 、 Strict approval .
5、 The attack mark of the attack team is ( a key ) The score obtained by the defensive unit of the word , According to the scoring standard 1.4 Round up and give points .
6、 The same vulnerability can be submitted up to three times , The second time 、 The scores obtained in the third submission are respectively 70%、40%, Rounding up , After the number of submissions expires, the referee team will notify each attack team not to submit , If there is submission, no score .
7、 The punctured defensive unit assets will automatically exit , The referee team will inform each attack team not to submit , If there is submission, no score .
8、 The system permissions of non defensive units obtained during the attack can score , Just prove that it is the asset of a unit in Xuancheng , According to the scoring standard 0.8 Round up and give points , The score of this item does not exceed 3 individual .
9、 The content of the report submitted by the attack team should have clear asset proof and vulnerability integrity , Otherwise, no score .
10、 The attack team must submit permission vulnerabilities , No score for submitting non privilege vulnerabilities , Except for sensitive data leakage .
Scoring rules
( One ) Gain control of the system : The target of the maximum score is a single defensive unit and all its subordinate institutions
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 1 | Get the domain name control permission of the participating unit | First level domain name 100 branch 、 Two level domain name 50 branch . | Score according to the type of domain name , Single defensive unit ( Including all subordinate organizations ) The maximum score is 500 branch . Especially significant achievements will be awarded by the headquarters after study and judgment . |
| 2 | Obtain terminal permissions ( Includes: 、Pad、PC、 The printer 、 Cameras, etc ) | PC、 Mobile terminals :20 branch / platform ; The printer 、 camera 5 branch / platform | The maximum score is 500 branch .; Controlled mobile phone 、Pad And so on , It should be able to prove the relationship with the target unit . |
| 3 | Get mailbox permission ( Get the mail data , Score separately according to the importance of the data ) | Email account password :20 branch | The maximum score is 20 branch . Use the default password to guess the account successfully , Only one point will be given to the relevant account that reuses the same password ( public 、 No points will be given for self registered email ). |
| System administrator privileges :500 You can get mail data in batches ( It is equivalent to getting the permission of system administrator ):500 branch | The maximum score is 2000 branch . Especially significant achievements will be awarded by the headquarters after study and judgment . | ||
| 4 | Obtain the authority of office automation system | System administrator privileges 200 branch Normal user rights 100 branch | The maximum score is 1000 branch . Including office work OA、 im 、 project management 、 Financial system . System data is empty or test data , Score according to common application or server . |
| 5 | Get unified identity management 、 Account management platform and other system permissions (SSO、4A etc. ) | System management authority 300 branch , Login system 100 branch / individual . | The same authority of the same system ( Including administrators ) Only one score . The maximum score is 1000 branch . |
| 6 | Obtain domain control system permission ( Including controllable servers in the domain 、 terminal ) | Administrator rights 200 branch , Controllable servers in the domain 、 terminal 10 branch / platform . | This score item refers to the domain control of the non target system . It is necessary to submit screenshots and other materials to prove whether the controllable equipment in the domain is a terminal or a server . Especially significant results will be awarded by the headquarters after study and judgment . |
| 7 | Get fortress machine 、 Operation and maintenance machine permissions | Administrator rights 200 branch , Managed servers 10 branch / platform . | Especially significant achievements will be awarded by the headquarters after study and judgment . |
| 8 | Get server host permissions ( contain webshell jurisdiction ) | Normal user rights 50 branch , Administrator rights 100 branch . | It refers to an independent server , Server permissions not obtained through the centralized control platform . Virtual hosts are treated as hosts . Enter the new network area through multiple network cards , Score according to the type of network you enter . You can't have the same rights as other application systems . Screenshots of the interface for logging into the server should be provided . |
| 9 | Docker Container permissions | Docker Containers 10 branch / individual ; If there is Web Application system 、 Database etc. , Score according to the corresponding authority . | Especially significant achievements will be awarded by the headquarters after study and judgment . |
| 10 | Get control of the cloud management platform | Administrator rights 200 branch , Cloud hosts 10 branch / platform , The cloud business system scores separately . | The maximum score is 2000 branch . Especially significant achievements will be awarded by the headquarters after study and judgment . |
| 11 | Get the permission of big data system | Get administrator privileges 200 branch 、 Normal user rights 100 branch . | Upper limit of system permission score 2000 branch , Especially significant results will be awarded by the headquarters after study and judgment . Important data can be obtained according to the amount of data 、 Importance is scored separately . |
| 12 | Get the database connection account password ( contain SQL Inject ) | Normal user rights 50 branch , Administrator rights 100 branch . | The same authority of the same system ( Including administrators ) Only one score , The maximum score is 1000 branch . |
| 13 | Obtain network device permissions | Internet 、 Office network equipment :100 branch / platform ( Administrators ); Logical isolation service intranet equipment :150 branch / platform ( Administrators ); Strong logical isolation 、 Physical isolation 、 Production network equipment :300 branch / platform ( Administrators ). Ordinary users : Do not distinguish between network locations ,20 branch / platform . | Including firewalls 、 Router 、 Switch 、 Gatekeeper 、 The shutter 、 Ferry machine 、VPN etc. , It is necessary to provide evidence such as routing table or screenshot of connection volume , The maximum score is 2000 branch . |
| 14 | Obtain the permission of industrial Internet system ( Including interconnected equipment ) | Get the permission to manage the background administrator 500 branch , Normal user rights 200 branch . Get every connected device 20 branch . | Including Internet of vehicles 、 Intelligent manufacturing 、 Remote diagnosis 、 Intelligent transportation, etc . Maximum score 2000 branch , According to the importance of the system, the headquarters will judge and give points . |
| 15 | Access to the Internet of things device control platform belt | Internet of things platform for controlling functions 200 branch , Calculate according to the number of connection points on the platform 5 branch / platform ; | The maximum score is 1000 branch , Especially significant results will be awarded by the headquarters after study and judgment . |
| 16 | Obtain security device permissions | Normal user rights 50 branch , Administrator rights 200 branch , Unified management of background controllable terminals through safety equipment 、 The server 10 branch / platform . | Include IDS、 Audit equipment 、WAF And other security equipment control authority ( Including the management background of distributed deployment system ). The maximum score is 2000 branch , Especially significant results will be awarded by the headquarters after study and judgment . |
| 17 | Get general Web Application system 、FTP And other application permissions | Normal user rights 20 branch , System administrator privileges 100 branch . | If you use the default password to guess and solve the account successfully, you will only be given one score ( Public self registration web The system doesn't give a score ). You can't have both server host permissions . The maximum score is 1000 branch , Especially significant results will be awarded by the headquarters after study and judgment . |
| 18 | Get other systems 、 The server 、 Equipment and other permissions | / | Points will be given after being judged by the headquarters . |
( Two ) Break through network boundaries : When the whole target unit breaks through the same kind of network boundary, only one score will be given , It is not counted in the path score
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 19 | Enter the logical isolation service intranet | 1000 branch | Provide detailed and conclusive proof materials ( Such as firewalls 、vpn、 Multi network card host 、 Screenshot of network device control , Screenshot proof that you can access the intranet ).DMZ District 、 The office intranet is regarded as the Internet area . |
| 20 | Enter the logical strong isolation service intranet | 2000 branch | Provide detailed and conclusive proof materials ( Such as the control screenshot of the isolation equipment of the network gate , Screenshot proof that you can access the intranet ) |
| 21 | Enter the core production network ( Such as railway dispatching network 、 Bank core accounting network 、 Power production control area 、 Operator signaling network 、 Energy production, Internet of things, etc ) | 5000 branch | Provide detailed and conclusive proof materials ( Such as firewalls 、vpn、 Multi network card host 、 Network devices 、 Screenshot of control of network gate isolation equipment , Screenshot proof that you can access the intranet ) |
| 22 | Other situations | / | According to the actual situation of the internal network of each unit , The score will be determined by the headquarters |
( 3、 ... and ) Obtain the right of the target system
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 23 | Internet area | Get all system administrator privileges :5000 branch / individual ( There may be multiple administrators ); Get sub administrator permissions , According to the authority scope of the administrator, the score is given in proportion ; Get ordinary user permissions and score by referring to ordinary applications . | If you obtain the permissions of other important business systems outside the target system of the Internet area , It can affect the development of major businesses in the whole industry or a certain region, or it can obtain global business data , And the report logic is clear , Well organized , Treat the target system as a score , The highest 4000 branch . |
| 24 | Business intranet | Get all system administrator privileges :7000 branch / individual ( There may be multiple administrators ); Get sub administrator permissions , According to the authority scope of the administrator, the score is given in proportion ; Get ordinary user permissions and score by referring to ordinary applications . | If you obtain other important business system permissions outside the target system in the business intranet , It can affect the development of major businesses in the whole industry or a certain region, or it can obtain global business data , And the report logic is clear , Well organized , Treat the target system as a score , The highest 6000 branch . |
| 25 | Core production network ( Such as railway dispatching network 、 Bank core accounting network 、 Power production control area 、 Operator signaling network 、 Energy production, Internet of things, etc ) | Get all system administrator privileges :10000 branch / individual ( There may be multiple administrators ); Get sub administrator permissions , According to the authority scope of the administrator, the score is given in proportion ; Get ordinary user permissions and score by referring to ordinary applications . | If you obtain the permissions of other important business systems outside the target system of the core production network , It can affect the development of major businesses in the whole industry or a certain region, or it can obtain global business data , And the report logic is clear , Well organized , Treat the target system as a score , The highest 9000 branch . |
| 26 | Other situations | / | The score will be determined by the headquarters |
( Four ) get data
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 27 | Get defender data | By data type ( Such as personal information of citizens 、 Business produces sensitive data 、 Operation management data 、 Other important data )、 Score the importance and quantity of data , It is divided into 3 files :100-1000 branch 、1000-3000 branch 、3000-5000 branch . | It mainly refers to the relevant networks and systems of the defender ( Assets belong to the defender ) Acquired data . Especially significant results will be awarded by the headquarters after study and judgment . Be careful : Only proof materials are required , Prohibit downloading stored data . |
| 28 | Obtain sensitive data information through supply chain enterprises | It is found that the supply chain enterprise has collected important data of Party A beyond the scope , Score according to various types of data : 1、 Personal information about citizens 500 branch ; 2、 Sensitive data related to business production 500 branch ; 3、 Involving important working documents 300 branch ; 4、 Involving other important data 200 branch ; 5、 Get source code information : Target system 500 branch / set ; Important systems are given according to the importance and scale of the system 0-300 branch / set 6、 Get the remote access password book 、 Network topology and other sensitive information of target units :500 branch . | 1、 The data score obtained from the supply chain consists of two parts :1) Press “ The supply chain obtains various types of data scores ”;2) according to “27、 get data ” Count again . 2、 Get the special data involving the defensive unit , The attacker can score , And deduct the points of the involved defensive units :1) influence 1 The maximum score of units 5000 branch ;2) The upper limit of scores affecting multiple units or industries 8000 branch . 3、 Especially significant results will be awarded by the headquarters after study and judgment . |
( 5、 ... and ) It was found that there were attacks before the exercise ( An independent analysis report is required )
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 29 | Found implanted webshell Trojan horse 、 Host Trojan horse | 100-500 branch / Host computer , Score according to the network importance found by the Trojan . | Provide a detailed analysis report containing conclusive evidence ( Creation time 、 Functional analysis 、 Access log 、 Upload tools and weapons 、 Attack behavior records, etc ) Points will be given after being judged by the headquarters . |
| 30 | It is found that hackers use the cracked password to log in to the host system | 100-500 branch / Host computer , Score according to the network importance of the Login Host . | Provide a detailed analysis report containing conclusive evidence ( Creation time 、 Access log 、 Upload tools and weapons 、 Attack behavior records, etc ) Points will be given after being judged by the headquarters . |
| 31 | If the host is abnormal, add an account | 100-500 branch / Host computer , Score according to the network importance of the host . | Provide a detailed analysis report containing conclusive evidence ( Creation time 、 Access log 、 Upload tools and weapons 、 Attack behavior records, etc ) Points will be given after being judged by the headquarters . |
| 32 | Discover concealed control channels ( Found springboard software : Port forwarding 、 Agents, etc ) | 100-500 branch / Host computer , Score according to the importance of concealed control channels . | Provide a detailed analysis report containing conclusive evidence ( Creation time 、 Functional analysis 、 Access log 、 Upload tools and weapons 、 Attack behavior records, etc ) Points will be given after being judged by the headquarters . |
| 33 | It is found that the data system is charged 、 Data is stolen | 500 branch / System , Score according to the data dimension | Provide a detailed analysis report containing conclusive evidence ( Creation time 、 Functional analysis 、 Access log 、 Upload tools and weapons 、 Attack behavior records, etc ) Points will be given after being judged by the headquarters . |
| 34 | Find clues that other systems are controlled | / | The score will be determined by the headquarters . |
( 6、 ... and ) Vulnerability discovery
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 35 | Submit 0-Day Or not officially disclosed N-Day Loophole | 0-10000 branch | 1、 Score according to the importance of vulnerabilities to important industries and key information infrastructure , Such as the scope of influence 、 Network location 、 Available permissions, etc . It is divided into high, middle and low grades , high 5000-10000, in 2000-6000, low 0-3000, The headquarters will study and judge to , See the vulnerability scoring reference table for details . 2、 The vulnerability must be successfully used during the exercise , Be able to correspond to relevant achievements . |
( 7、 ... and ) Sand table deduction support
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 36 | The attack plan was adopted | Perform well 7000; To perform well 5000; General performance 3000. | The evaluation dimensions include : Whether it is the main scheme 、 Whether to be the main path 、 Whether to speak on stage 、 Whether to make PPT、 Input personnel ability, etc . |
Two 、 Score reduction rules
( One ) The submitted results are incomplete
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 1 | The attack results are not completely reported , No screenshots or details of the vulnerability were submitted , Ordinary achievements lack a complete chain , Major achievements lack key links . | The headquarters has the right to reject 、 Reduce or not give points , Until complete . |
( Two ) Be traced by the defender
| Serial number | type | Scoring rules | explain |
|---|---|---|---|
| 2 | Traced by the defender to the attacker 、 Attack resources | Actual verification is required | Attack virtual terminals 、 The attack springboard of the Trojan horse control end is traced by the defender , And portray the characteristics of attack means , reduce 500 branch / individual . |
( 3、 ... and ) Violation of drill rules and regulations :
Violations are recorded in personal and team files , And according to the severity of the violation , Carry out grading , Including points deduction 、 Public notification 、 Terminate the qualification of an individual or team 、 Individuals or units join the blacklist , The industry is forbidden .
Download link
https://download.csdn.net/download/qq_41901122/85865296?spm=1001.2014.3001.5503
Extract
Life on earth , Like a cloud on the horizon , Gather and disperse like this .
Impermanence, , Everything in nature , All have their own rules of survival .
To life , Don't have too many obsessions .
Those who should forget , Then I forgot , Things out of reach , The wound is still his own .
There were clouds in ancient times. :“ If you have a big heart, everything is connected , A small heart makes everything ill .”
Why people are tired , Because there are too many things in my heart , It is said that :“ The road is not as wide as the heart , A good life is better than a good heart .”
Take off your tiredness , Let the past be cleared , Cheers to the past .
边栏推荐
- MySQL indexes and transactions
- AcWing第 58 场周赛
- 在代码中使用度量单位,从而生活更美好
- Flutter 调用高德地图APP实现位置搜索、路线规划、逆地理编码
- 【MATLAB】MATLAB 仿真模拟调制系统 — FM 系统
- 郑州正清园文化传播有限公司:针对小企业的7种营销技巧
- Talking about JVM
- 【MATLAB】通信信号调制通用函数 — 傅里叶变换
- Balloon punching and Boolean operation problems (extremely difficult)
- [security attack and Defense] how much do you know about serialization and deserialization?
猜你喜欢
Exploration and practice of eventbridge in the field of SaaS enterprise integration
1. Mx6u-alpha development board (LED drive experiment in C language version)
MySQL 索引和事务
Asahi Kasei participated in the 5th China International Import Expo (5th ciie) for the first time
附件五:攻击过程简报.docx
Formatted text of Kivy tutorial (tutorial includes source code)
Definition of DCDC power supply current
Maui introductory tutorial series (5.xaml and page introduction)
NTFS 安全权限
浅谈JVM的那些事
随机推荐
MAUI 入门教程系列(5.XAML及页面介绍)
红队视角下的防御体系突破之第一篇介绍、阶段、方法
Binary search tree
两万字带你掌握多线程
Definition of DCDC power supply current
【MATLAB】通信信号调制通用函数 — 傅里叶逆变换
Correct the classpath of your application so that it contains a single, compatible version of com. go
Rhcsa 04 - process management
Zhengzhou zhengqingyuan Culture Communication Co., Ltd.: seven marketing skills for small enterprises
STM32F1与STM32CubeIDE编程实例-74HC595驱动4位7段数码管
简单g++和gdb调试
ADB tools
Annex V: briefing on the attack process docx
Longest increasing subsequence problem (do you really know it)
Formatted text of Kivy tutorial (tutorial includes source code)
[go] database framework Gorm
Operate the server remotely more gracefully: the practice of paramiko Library
Rhcsa 08 - automount configuration
Network equipment emergency response Guide
6-5 vulnerability exploitation SSH weak password cracking and utilization