DEFCON'20 / DEFCON'20 CTF. Materials overview

On July 26-29 in Las Vegas (Nevada) held one of the largest hacking (literally his words) in the conference for the DEFCON, which also took place the CTF competition. This year they participated, 4 teams from Russia — Leet More + Smoked Chicken, SiBears and HackerDom.
table of Contents
the
-
the
- overview the
- Badge from Parallax the
- Capture The Flag the
- Content
Afterword
Warning: Traffic volume post
overview
Every year, at the Rio Hotel (Las Vegas) is DEFCON. Reports different types of events (CTF, LockPicking, hardware contest s some competitions for children, etc.), performances of famous bands, shops with different stuff (tools opening locks, t-shirts, caps, porn 30 TB screws, rainbow tables, etc.), wall of sheep and much, much more.

Wall Of Sheep — nutnfancy logins/passwords of users connected to an open Wi-Fi

something from the store

Hardware contest. Modding badges
Of the groups this year was The Crystal Method and Infected Mushroom. The first person I somehow missed, but on the second hit almost from the beginning.
I think this part can be finished according to the review, he quite correctly reflect the real essence of the event. Including hardcore reverse through mc -.-
02:19 you can see two bottles of vodka "Stolichnaya" on our table, brought in two guys from the States, under the pretext that he wanted us to play CTF. It is true, then somewhere they lost. By the way, both bottles were successfully brought to Russia
Badge from Parallax
Each participant was distributed a very difficult badge

And 2 ps/2 ports, vga port, and 6 AA batteries (badge is powered by three).
The "heart" of the badge — part no p8x32a 32-bit OCTA-core microprocessor. Discussed on Habre here (thanks for the tip TolTol)
At the end of the conference they could buy for $ 40. Now on ebay they cost about $ 60.
The theme on the Parallax forums
Schema name badge (pdf)

Here is a "working" badge
Capture The Flag
The main purpose of our trip is participation in CTF. last year, Russia was attended by only one team IV, the team of the 4 teams. This year each team was able to arrive "separately". However we have participated only 3 people (4 on the first day), visa Embassy of the United States rejected almost my entire team who could go (including financial) in the USA. The maximum for a table could sit 8 people. In fact some teams in person was attended by ~20 (?) people who had varied + 60 "overboard". It seems like it was "Samurai", which took first place this year.
Invitation to participate
This year, as in the past, the CTF has organized DDTEKand (this is their last year). An invitation to participate in the finals of DEFCON'20 it was possible to get through qualifying for the DEFCON'a (quals's) or (innovation) won prizes in other CTF'Ah (as one place was sold on Ebay for ~ $4k + Champions last Defcon)
The teams for each participant (if necessary) were sent an official invitation + 2 rooms (2 double bed + sofa). The rooms had no complaints :) just the numbers were issued key-cards are not conventional design of the hotel and defcon-style.
About the CTF

the Plaque for the hall of game CTF
CTF was 2.5 days — 27,28 and until 2 on the 29th day number (the same as last year). 2 hours before the end CTF'a scoreboard is disabled, the exact results we did not know. From Russia nobody in the 5ku has not got (at the close was read only the first 5ku). However, MSLC, like, 6 place :)
The technical side:
the
-
the
- FreeBSD 9.0 Jail the
- Ipv6 the
- Reverse and Reverse again
Actually, as it was. Seated all 20 teams in a dedicated area, which could go to anyone. Each table came with 2 pairs of twisted — access to the gaming network (similar to your server) and cable traffic to your server. So was the printer which had a RFID tag. For the first time, nothing more. Tried to "pothat" the printer did print a test page etc.) It is to start the game was not needed. In General it is not clear why it was needed, the next day he was gone.

Skorbord
Who cares, rules CTF'a system (SLA, s first blood etc) — page 1, page 2
To begin with it was necessary so: read RFID tag (which we re-recorded the team Hates Irony, yet we digress), it was the key phrase. To decrypt the first file (it gave 2 files binary content) with this key, to passwords, configs, README, etc. things, including the password from the second file. It files jailbreaking. After to cling on ssh to your server, try to correctly raise their services in parallel to look for vulnerabilities and exploit them to rule, and in parallel to write sploit under vulnerabilities. All services had 18.

Sheep, which periodically flew in players from the organizers
If some of the teams did First Blood, appeared on the screen of her banner and a sound played to the whole room of the Unreal — "First bloood!"

First Blood!
Writeapi on analysis of the services going on ctftime the link.
Materials
Services with our war machine — services_trololololoooo.zip (3 MB)
Also at the conference was given two disks, one with a specially recorded tracks (audio-cd) and the second dvd-ROM with presentations, videos, software for a badge, and many others (4 GB).

DEF CON XX MUSIC COMPILATION in mp3 DEF CON XX MUSIC.zip (320 kbit/s — 120 MB)
Only Speaker Presentations from DEF CON XX CONFERENCE DVD Speaker Presentations.zip (328мб)
upd: dvd image:
https://media.defcon.org/dc-20/defcon-20-dvd-original.rar
PostScript
If States are to put your phone for charging directly from the adapter (usb) that the machine is charging, but the touch screen does not work. Through the charging and the adapter.
But in General, it was fucking awesome, experience, Dating, fun, different staff and more! Visited Outback Steak House, HardRock Cafe with its Museum, singing fountains in front of Bellagio and fire show "Volcano", an incredible amount of shops and of course well played slots and casino... and much, much more. In General I advise you to visit Las Vegas if possible :)
Bothe majority of CTF participants from Russia were to travel to the United States. How come — I think too I will unsubscribe.
Комментарии
Отправить комментарий