Skip to content

Latest commit

 

History

History
50 lines (38 loc) · 2.52 KB

Botney-trap.md

File metadata and controls

50 lines (38 loc) · 2.52 KB
Raw

The Botney-trap

Once upon a time, script were all clean and runny, configuration were swimming in yaml and ini files.

Then one day, the Basherbot arose.

What was once cute oneliners, strong ./startup scripts, fully-featured suite of toml became one giant self-aware all-encompassing intelligence, consuming each and every bash, sh, zsh, bourne, yaml, ini, conf, env and any other shells.

After seconds of digesting all open sessions and leaving tmux husk of ttys, Basherbot now has its eyes on the real meat: all the cloud infrastructure of the world.

As part of The Shellvengers, you will build and setup the Infinity Sources to capture this evil wrongdoer and teach him not to mess up with Turing-complete super-heroes.

To ensure the Basherbot can not infect our trap, only coding superpowers can be used. You can use any language you prefer (JS/TS, Python, Go, C#, ...) We have placed our botney-trap and the accompanying Dockerfile in this github folder.

The Infinity Sources powers:

  • Space: we can teletransport our trap from one Cloud provider to at least another
  • Mind: we have a playground environment, and a "live" environment and can spawn as many more as we want with a simple command
  • Reality: we can package and deploy our trap in a repeatable way including rollbacks
  • Power: we scale both in your chosen primary cloud provider but also "spill out" live in at least another one
  • Time: we have full traceability both of the packaging, deploy and validation process but also of the accessor of our botney-trap and our cloud infrastructure itself
  • Soul: we have full control of how our botney-trap can be accessed, and we can change the DNS name with one command (all botney-traps are protected by SSL)

Goals

  • demonstrate, using code and no configuration, at least 3 of the Infinity Sources Powers
  • explain how you would implement any Infinity Sources Powers that you weren't able to demonstrate using code
  • demonstrate or explain how you would test your code
  • explain where are the weakness in your approach and where you think the Basherbot would attack

Bonus/optional

  • explain or demonstrate how you would manage:
    • certificate management,
    • renewal of DNS and certificates if necessary,
    • policy enforcement at the cloud-user level,
    • policy enforcement at deploy time
    • DDoS attacks,
    • compromising of a non-cloud-privileged company user,
    • compromising of a cloud-privileged user
    • recovery from backups
  • describe what your "roadmap of improvement" would look like