Paul Ziegler (tatsumori) sent me a very interesting e-mail explaining how he used OSSEC to protect his box at the Defcon’s 15 “Øwn the box” competition.
During Defcon15 there was a new kind of contest called the “Øwn the box” competition where anyone who 0wned a box got to take it home. I was over there as a speaker so I thought it might be fun to try defending a box. My box was based on Gentoo-Linux and hardened using various techniques…
So the results were recently published on the DC-Homepage (http://defcon.org/) – and if you look closely there is this line saying “Most evil entry: Tatsumori (Gentoo Hardened with arp poisoning evilness)” The arp-foo was actually done using scapy, but I scripted it as an active response for OSSEC 1.2. So part of my success to survive there (and really make people curse out while hacking) is OSSEC.
It’s great modularity and easy extensibility makes creating kick-ass crazy dedicated solutions so much easier then it was ever before.
He also posted some information at his blog. Very cool stuff Paul!