DEFCON'20 / DEFCON'20 CTF. Materials overview

image

On July 26-29 in Las Vegas (Nevada) held one of the largest hacking (literally his words) in the conference for the DEFCON, which also took place the CTF competition. This year they participated, 4 teams from Russia — Leet More + Smoked Chicken, SiBears and HackerDom.

table of Contents


the
    the
  • overview
    • the
  • Badge from Parallax
    • the
  • Capture The Flag
    • the
  • Content

    • Afterword



Warning: Traffic volume post

overview


Every year, at the Rio Hotel (Las Vegas) is DEFCON. Reports different types of events (CTF, LockPicking, hardware contest s some competitions for children, etc.), performances of famous bands, shops with different stuff (tools opening locks, t-shirts, caps, porn 30 TB screws, rainbow tables, etc.), wall of sheep and much, much more.

image
Wall Of Sheep — nutnfancy logins/passwords of users connected to an open Wi-Fi

image
something from the store

image
Hardware contest. Modding badges

Of the groups this year was The Crystal Method and Infected Mushroom. The first person I somehow missed, but on the second hit almost from the beginning.




I think this part can be finished according to the review, he quite correctly reflect the real essence of the event. Including hardcore reverse through mc -.-

02:19 you can see two bottles of vodka "Stolichnaya" on our table, brought in two guys from the States, under the pretext that he wanted us to play CTF. It is true, then somewhere they lost. By the way, both bottles were successfully brought to Russia

Badge from Parallax


Each participant was distributed a very difficult badge

image

And 2 ps/2 ports, vga port, and 6 AA batteries (badge is powered by three).

The "heart" of the badge — part no p8x32a 32-bit OCTA-core microprocessor. Discussed on Habre here (thanks for the tip TolTol)
At the end of the conference they could buy for $ 40. Now on ebay they cost about $ 60.

The theme on the Parallax forums
Schema name badge (pdf)


Here is a "working" badge

Capture The Flag


The main purpose of our trip is participation in CTF. last year, Russia was attended by only one team IV, the team of the 4 teams. This year each team was able to arrive "separately". However we have participated only 3 people (4 on the first day), visa Embassy of the United States rejected almost my entire team who could go (including financial) in the USA. The maximum for a table could sit 8 people. In fact some teams in person was attended by ~20 (?) people who had varied + 60 "overboard". It seems like it was "Samurai", which took first place this year.

Invitation to participate

This year, as in the past, the CTF has organized DDTEKand (this is their last year). An invitation to participate in the finals of DEFCON'20 it was possible to get through qualifying for the DEFCON'a (quals's) or (innovation) won prizes in other CTF'Ah (as one place was sold on Ebay for ~ $4k + Champions last Defcon)

The teams for each participant (if necessary) were sent an official invitation + 2 rooms (2 double bed + sofa). The rooms had no complaints :) just the numbers were issued key-cards are not conventional design of the hotel and defcon-style.
About the CTF


the Plaque for the hall of game CTF

CTF was 2.5 days — 27,28 and until 2 on the 29th day number (the same as last year). 2 hours before the end CTF'a scoreboard is disabled, the exact results we did not know. From Russia nobody in the 5ku has not got (at the close was read only the first 5ku). However, MSLC, like, 6 place :)

The technical side:
the
    the
  • FreeBSD 9.0 Jail
    • the
  • Ipv6
    • the
  • Reverse and Reverse again

Actually, as it was. Seated all 20 teams in a dedicated area, which could go to anyone. Each table came with 2 pairs of twisted — access to the gaming network (similar to your server) and cable traffic to your server. So was the printer which had a RFID tag. For the first time, nothing more. Tried to "pothat" the printer did print a test page etc.) It is to start the game was not needed. In General it is not clear why it was needed, the next day he was gone.


Skorbord

Who cares, rules CTF'a system (SLA, s first blood etc) — page 1, page 2

To begin with it was necessary so: read RFID tag (which we re-recorded the team Hates Irony, yet we digress), it was the key phrase. To decrypt the first file (it gave 2 files binary content) with this key, to passwords, configs, README, etc. things, including the password from the second file. It files jailbreaking. After to cling on ssh to your server, try to correctly raise their services in parallel to look for vulnerabilities and exploit them to rule, and in parallel to write sploit under vulnerabilities. All services had 18.


Sheep, which periodically flew in players from the organizers

If some of the teams did First Blood, appeared on the screen of her banner and a sound played to the whole room of the Unreal — "First bloood!"

First Blood!

Writeapi on analysis of the services going on ctftime the link.

Materials


Services with our war machine — services_trololololoooo.zip (3 MB)

Also at the conference was given two disks, one with a specially recorded tracks (audio-cd) and the second dvd-ROM with presentations, videos, software for a badge, and many others (4 GB).



DEF CON XX MUSIC COMPILATION in mp3 DEF CON XX MUSIC.zip (320 kbit/s — 120 MB)
Only Speaker Presentations from DEF CON XX CONFERENCE DVD Speaker Presentations.zip (328мб)

upd: dvd image:
https://media.defcon.org/dc-20/defcon-20-dvd-original.rar

PostScript


If States are to put your phone for charging directly from the adapter (usb) that the machine is charging, but the touch screen does not work. Through the charging and the adapter.

But in General, it was fucking awesome, experience, Dating, fun, different staff and more! Visited Outback Steak House, HardRock Cafe with its Museum, singing fountains in front of Bellagio and fire show "Volcano", an incredible amount of shops and of course well played slots and casino... and much, much more. In General I advise you to visit Las Vegas if possible :)
Bothe majority of CTF participants from Russia were to travel to the United States. How come — I think too I will unsubscribe.
Article based on information from habrahabr.ru

Комментарии

Отправить комментарий

Популярные сообщения из этого блога

Templates ESKD and GOST 7.32 for Lyx 1.6.x

Изображение
for more than six months I use a word processor Lyx. Built-in templates is more than enough to write lecture notes, prepare for seminars and to do simple reports for laboratory work. But last semester I had to make two course of the project in accordance with the requirements ESKD. I have begun work in Lyx, but without special templates of documents, my reports in the editor looked like this: A little work, a little reading of the document "Customizing LyX: Features for the Advanced User" and it turned out where the beam: You can use immediately. If you have experience of working in Lyx, problems will not arise. Just in case the attached sample documents. Description of how to make such templates are not yet doing. Someone will ask — will tell. ESKD Screenshot menu select unit type: Group "sections and subsections" appeared due to the fact that the document can be sections with sections without subsections — for their handling of para...
Далее...

Monitoring PostgreSQL + php-fpm + nginx + disk using Zabbix

Изображение
a Lot of information in the network according to Zabbix, and a lot of bespoke templates, I want to introduce to the audience his modification. Zabbix is a very convenient and flexible monitoring tool. Want a hundred monitor, I want a thousand stations, and do not want to — watch a single server, take the cream in all sections. I would not mind to give to github, if anyone collects similar. It so happened that we decided to put on the hosting database wrapper php-fpm+nginx. As the database is postgres. Thoughts to collect data on the machine was before the purchase of hosting is needed, this is useful! Magic kick up the backside to the implementation of the system gave the brakes a hard drive on our VDS stations at the beginning of the script every minute, put the time and measured by the speed in the file, and then build graphs in Excel to compare to as it was/became, take quantitative statistics. And this is just one option! And suddenly the fault is not VDS, and our a...
Далее...

Custom table in MODx Revolution

Изображение
In this article we will examine the following questions: the Creating custom tables for MODx Revolution. the Generation of XML schema and php files classes for xPDO. the Work with custom tables. One of the biggest difficulties in migrating from Evolution to Revolution — an xPDO IMHO. After all, as was previously just got into the muscle via phpMyAdmin, created a sign, and work with it, sending pure SQL queries through $modx->db. Now any changes to the database do not much bother $modx except full drop tables, etc. As linked xPDO and MODx (or rather $modx), I wrote here . Consider the difficulties in working with custom tables in MODx Revolution — a considerable obstacle for many programmers. But really, it's not so difficult. All of the following, the algorithm in three words: the via phpMyAdmin (or other convenient tool to use) to create the needed tables the Using the attached code is generated for the necessary work xPDO files the Using the $...
Далее...