Monday, August 21, 2006

Ethical Hacker Skillz Challenge - My Answer

I'm not sure how I happened across the Ethical Hacker site, but there was a "skillz" challenge that had recently been posted by Ed Skoudis and Mike Poor of Intelguardians--both are SANS instructors. The challenge is called "Hack Bill!" and was a fun little story about how O-ren Ishii hacked Bill's server and took over a large botnet. There were going to be two winners based on their submission, one technically correct and one creative while still being technically correct. I chose to write mine in an effort to win the creative portion. Unfortunately, I didn't win, but if you have time, take a look at my submission compared to the winners above and let me know what you think.

Monday, August 14, 2006

DefCon Recap - 1@stplace Won!

Most everyone has heard by now that 1@stplace won DefCon's Capture the Flag contest hosted by Kenshoto. Between the lack of sleep (from two small children) preceeding DefCon and then compounding that deficit while in Vegas, it has taken almost a week to get back in the groove.

So, how was the DefCon/CTF experience, check out this article in the Alligator student papoer and the Chronicle of Higher Education - Wire Campus had a nice writeup that made its way to the UF "CIO". His e-mail to us said, "Outstanding work – I hope this article does not invite people to try 8-)" Nice. ;-)

If you want to learn more, I think the overview by our teammate DocBrown is an excellent place to start. I'm very fortunate to have had the opportunity to participate with 1@stplace (@tlas, apu, drb, fury, plato, psifertex, wrffr). They are an outstanding group of guys. We all share a love of hacking (in some form) and now, we all have DefCon leather jackets and Black Badges!

Where to go from here? Well, I have several projects that I need to get out the door ASAP, there the PVR and file servers that I want to build at home and I'd like to rebuild the CTF as much as possible at home on virtual machines so that I can continue working on some ideas I had during the match and get my hands dirty with the reverse engineering parts.

Friday, August 04, 2006

Defcon 14 - Day 1

Note: I will probably just add to the end of this entry as the day goes through.

So, I woke up every two hours throughout the night and was out of bed before 6am. Weird. If you know me, I don't like getting up early. Maybe it was the excitement of being here and participating in CTF.

Fast forward...I am now sitting here with l@stplace waiting for things to begin. Due to some issue that the local fire marshall had, everything is beginning an hour late. The Kenshoto guys just told the team leaders that we have to have an external modem so all the teams are sending people out to find modems. That explains why each team has two RJ-45 and one RJ-11 running to their areas.

UPDATE 11:06am: The announcement was just made that everything is going to be pushed back another hour.

DefCon 14 - I made it!

After too many hours of scrunching my big shoulder in little airplane seats, I am finally about to crash in my hotel room at the Riviera. I'm not sure if I want to try and describe excitement and the energy around this place. It is by far one of the coolest experiences I've had.

I ran into @tlas and his CTF crew, 1@stPlace. After introductions, @tlas told me they were down a man and invited me to the join the team! How can I say no? I will be meeting them at 8:30 in the morning. Ugh.

Next, I ran into my friend, the British Bulldog, a former NYPD Computer Crimes guy and former Guidance Software trainer. We had a nice long chat about forensics and some upcoming plans at UF while enjoying 99cent Amberbock and foot long hot dogs.

So, after going through the trouble of putting all the talks I wanted to see into iCal and syncing it to my Treo, I might not be able to make it to most of them other than a couple of "must see"s. Here is my potential schedule for Day 1 and Day 2. They are graphics because I'm too tired to figure out how to export it in iCal for everyone to see. If I'm not in one of these talks, I'm at the CTF. ;-)