Cybersecurity Gherkin
Following it's a template for the *.feature file that you have to send for vbd-hacking solutions
## Version 1.0
## language: en
#Keep comments if they start with double sharp ##
#M: Mandatory
#O: Optional
#{} are template tags. A final feature should not contain any of these.
#<> are gherkin tags. They allow creating variables and are commonly used in
#tables (e.g: Background and Extraction scenarios.)
Feature: {code}-{category}-{site}
"""
This section is intended for the analyst
to provide general information about the site he is trying to analyze,
what his goal is and recommendations on
how to remediate the vulnerability.
"""
Code: #O
{code} #Code of the challenge if it exists
Site: #M
{site} #Site where the challenge can be found
Category: #O
{category} #Category of the challenge within the site e.g: decoding, BoF...
User: #M
{user} #Username used in the site when solving the challenge
Goal: #M
{goal} #Short description of your goal
Background:
"""
In this section the analyst has to provide a list containing
versions and names of the software
he used for capturing the flag (OS, Browser, etc).
Also, information about the machine where the challenge takes place like:
Relevant services with their versions,
OS and kernel with their versions, etc
has to be provided
"""
Anlayst's software:
| <Software name> | <Version> |
| {os} | {version 1} |
| {browser} | {version 2} |
| {name1} | {version 3} |
Scenario: Chronology of events
Description:
In this section, describe the chronology
to find all the events that affect the organization.
the organization.
And Investigator: [Name of investigator]
And Description: [Description of evidence identification]
And Resources Used: [Tools or resources used]
And Resources Used: [Tools or resources used]
And Resources Used: [Tools or resources used]
And Resources Used: [Tools or resources used]
And Evidence Identified: [List of evidence identified].
Scenario: Incident Impact
Description:
In this section, describe the analysis of a specific piece of digital evidence.
And Investigator: [Name of investigator]
And Description: [Description of the analysis of evidence]
And Resources Used: [Tools or resources used]
And Resources Used: [Tools or resources used]
And Resources Used: [Tools or resources used]
And Resources Used: [Tools or resources used]
And Evidence Analysed: [List of evidence analyzed]
And Results: [Analysis results]
And Results: [Results of analysis]
And Conclusions: [Conclusions of the analysis]
And Conclusions: [Conclusions of the analysis].
Scenario: Affected Assets (Not applicable if no assets are affected)
Description:
This section describes the creation of the final digital forensic analysis report.
Given Date and Time: [Date and time of the creation of the final report].
And Investigator: [Name of the investigator]
And Description: [Description of report creation].
And Resources Used: [Tools or resources used]
And Final Report: [Path to file]
And Final Report: [Path of the final report file].
Scenario: Conclusion of findings
Description:
In this section, describe the creation of the final report of the digital forensic analysis.
Given Date and Time: [Date and time of the creation of the final report].
And Investigator: [Name of investigator]
And Description: [Description of report creation].
And Resources Used: [Tools or resources used]
And Final Report: [Path to file]
And Final Report: [Path of the final report file].
"""
Evidences:
Presenting evidence of some kind of graphical output,
like websites,
might be difficult when using plain feature files.
How does this work?
- Any feature file {name}.feature can have a {name} evidences folder in the
Google drive directory.
- Evidence folders only accept PNG images
- Evidences are referenced in two different ways:
- Creating an <evidence> tag in a table
inside a Scenario Outline like shown
on the Extraction Scenario example
(useful for referencing multiple evidences).
- By using the following syntax: [evidence](image.png) like shown on the
Normal use case Scenario example.
(useful for referencing one or two evidences at most.)
"""💡
Folder of evidences should be named as the feature file, for example:
- cyb/letsdefend/cyb-challenge-name/username/evidence.png
Important to keep in mind: The review is done between 8am and 5pm Colombia Time - Monday to Friday. Note that these image evidence are not uploaded to the repository but to a folder in a Google Drive to which we will give you access once you enter the process, remember that the structure of the folder in the Drive is the same as the one you see in the repository. Is necessary to have a Google account to upload the images.