NSS Rules of Engagement
Primary Contact: flags@noshitsecurity.com
Secondary Contact: support@noshitsecurity.com
Target Organization Contact Information
Primary Contact: same
Secondary Contact: same
Briefings
“Daily Debriefing” Frequency: daily
“Daily Debriefing” Time/Location: #ctf-discussion, #genius
Start date
Start Date of Penetration Test: 09/16/2020 0001 CDT
End Date of Penetration Test: never
Testing Occurs at Following Times: always
Will test be announced to target personnel: no
Will target organization shun IP addresses of attack systems: no
Shunning
Does target organization’s network have automatic shunning capabilities that might disrupt access in unforeseen ways (i.e. create a denial-of-service condition), and if so, what steps will be taken to mitigate the risk:
backoff or strikeout; wait
Would the shunning of attack systems conclude the test: no
If not, what steps will be taken to continue if systems get shunned and what approval (if any) will be required:
Gather your resources
What can you do with what you have?
Move forward however you can
Target systems
https://www.noshitsecurity.com and the VMs located there only.
Is this a “black box” test: yes
What is the policy regarding viewing data (including potentially sensitive/confidential data) on compromised hosts:
Please do not publicly disclose techniques or the contents of keys
Please do not publicly disclose techniques or the contents of eggs
Please do not publicly disclose PGP private keys used in the CTFs
Will target personnel observe the testing team: yes
Signature of Primary Contact representing Target Organization
09-16-2020