Announcement

Collapse
No announcement yet.

OTB @ DC16: Pwning for Dollars

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • HAL999
    replied
    Re: OTB @ DC16: Pwning for Dollars

    All,

    Here's a few starter questions that I would like to discuss and get resolution on before implementation. Please add, refine, define, enumerate, elucidate, obfuscate, rotate, gyrate, pirate, and of course, ruminate....

    1.) Each participant should get an IP range assigned to them to use as they wish.
    2.) IPv4 vs. IPv6 or both?
    3.) What 'services' will the infrastructure (DC) have, and what level of service
    (i.e., ntp, dns, uddi, authorization servers, etc. - and will those be considered 'out of bounds' for active operators?)
    4.) WiFi - will jammers or any active denial operations be permitted/out of bounds?
    5.) Is there any maximum number of machines allowed?
    6.) Any restrictions on virtualized or dynamic hosting or networking
    7.) Any restrictions on actively engaging the contestant opponents on the network (i.e. 'hackback' or 'reverse payload injection' techniques, either destructive or non-destructive)?
    8.) - - well, how about just getting a sign up sheet of IP ranges for the defenders put out for the moment?

    - Not to be a pain, but we really should nail it down by end of month to give defense two solid to prep. Some of us have day jobs and deliverables to other people ; >

    Best, HAL

    "2501 is not a number, more a *state of mind*...... "

    Leave a comment:


  • TheCotMan
    replied
    Re: OTB @ DC16: Pwning for Dollars

    Originally posted by Homeslice (tm) View Post
    Is Skoot comming back or what?
    Skoot's Last Activity: 04-24-2008 10:53 PM

    It is likely that skoot is coming back. If the activity of Skoot's account doesn't show activity 7 days after this post-date/time, send me a PM reminding me about this, and I'll send him an email using the email address he used when he registered with the forums.

    Since the forums can't reach the mail server used to pass email to the real world, people's thread-subscriptions no longer let them know when someone replied to a thread they chose to monitor. It is possible that he is expecting an email, to know that someone has a question in a thread he would otherwise be monitoring. DT knows about the mail server problems, and is looking in to it, but is very busy with other things right now.

    Leave a comment:


  • Homeslice (tm)
    replied
    Re: OTB @ DC16: Pwning for Dollars

    Is Skoot comming back or what? I need answers to some issues before I spend anymore money.

    Can we attach the box via wifi? (I know some of you just started salivating)

    Can I get some certainty on the conditions of pwnage... is there a key file that the attacker must get to prove access or what?

    Which services must be lit up?

    Any other restrictions?

    -H

    Leave a comment:


  • HAL999
    replied
    Re: OTB @ DC16: Pwning for Dollars

    Yup, looking forward to posting banner pages of 'Bad Kitty, that's my pot pie!' and hoping boxes get treated better than average outing of young Master Kenneth each episode.... actually, the 'denied entry' sign from his heavenly journey might be more appropriate as a response to each 'contestant' .......

    So time for each little shinobu to try to get into the jinja... - Best, KS

    Leave a comment:


  • Homeslice (tm)
    replied
    Re: OTB @ DC16: Pwning for Dollars

    Originally posted by HAL999 View Post
    Skoot, I agree with Homeslice. It's more fun to deploy a little advanced tech and give the masses a challenge, but that takes a few bucks ('14 quattloos for the newcomer!!') ....

    So count our team in, Racer-X says the 5 Benjamin challenge to the roc-heads still stands, and can be upped it folks are really up for it.

    We do need the rules / regs / outline in order to get ready.

    Best, HAL


    Sounds like it'll be hella fun, lookin forward to it.

    -H

    Leave a comment:


  • HAL999
    replied
    Re: OTB @ DC16: Pwning for Dollars

    Skoot, I agree with Homeslice. It's more fun to deploy a little advanced tech and give the masses a challenge, but that takes a few bucks ('14 quattloos for the newcomer!!') ....

    So count our team in, Racer-X says the 5 Benjamin challenge to the roc-heads still stands, and can be upped it folks are really up for it.

    We do need the rules / regs / outline in order to get ready.

    Best, HAL

    Leave a comment:


  • Homeslice (tm)
    replied
    Re: OTB @ DC16: Pwning for Dollars

    Originally posted by mage2 View Post
    I really liked the first idea, you win you get the box. If there were a problem with unclaimed prizes well first off i didnt know it, as I would have helped with that situation. And Im sure that someone that is local to vegas could take the unwanted/unclaimed hardware and donate it to a school in the area or something.
    The own the box idea is great for those who are using old platforms and creative tweaking, but in my case there is a huge investment in parts and R&D, the machine is unique in the world and frankly dangerous. I'll be more than happy to throw in funds for prizes, but can't release the tech in the box to the public.

    My take on it is that if you want to attract new and unique / creative defenses, the cost involved is far too great for the defender if all his work walks out the door. I mean, really what is the loss to a guy who shows up with a Amiga and gets pwned vs. the guy who designs a completely new system? Honestly, my goal is to test my design against the best in the world, not come home with 20 year old piece of computing history.

    -H

    Leave a comment:


  • mage2
    replied
    Re: OTB @ DC16: Pwning for Dollars

    I really liked the first idea, you win you get the box. If there were a problem with unclaimed prizes well first off i didnt know it, as I would have helped with that situation. And Im sure that someone that is local to vegas could take the unwanted/unclaimed hardware and donate it to a school in the area or something.

    Leave a comment:


  • konstantinkoll
    replied
    Re: OTB @ DC16: Pwning for Dollars

    Hm, this might be a bit out of scope, but here it goes...

    DefCon 16 will be first DefCon. I'm a guy from Germany working on his own operating system, which just got TCP/IP and a HTTP/ICMP/DNS/mDNS server recently. I would like to bring my laptop to DefCon and let people try to hack into it.

    However, since I'll bring my actual laptop and not some old hardware (baggage allowance on planes and things), there is ABSOLUTELY NO WAY people I will give my laptop to anyone who breaks it. I've planned to bring some price money (like $100 for 1st place, $50 for 2nd, $25 for 3rd), in terms of who makes ot how far on my machine.

    So, in short, YES, I'm all for an entry fee.

    Leave a comment:


  • Homeslice (tm)
    replied
    Re: OTB @ DC16: Pwning for Dollars

    I'm down as a defender, but I need the parameters of the contest / service list so's I can get creative and I also need to know what I have to do to officially register?

    Has any of this been determined yet?

    -H0m3sl1ce

    Leave a comment:


  • sk00t
    replied
    Re: OTB @ DC16: Pwning for Dollars

    Oh, yeah, since it's pledge week on my local NPR station, I'll shamelessly steal from that one guy on the morning show and sweeten the pot, though I may regret it... I'll match dollar-for-dollar whatever comes in. Sound fair?

    Leave a comment:


  • sk00t
    started a poll OTB @ DC16: Pwning for Dollars

    OTB @ DC16: Pwning for Dollars

    11
    Sounds retarded.
    9.09%
    1
    I would enter as a defender, and I would pay < $20
    54.55%
    6
    I would play as an attacker, and I would pay < $20
    18.18%
    2
    Hey, can I have a t-shirt?
    18.18%
    2
    So what was fun last year with OTB?

    To me, it was a ton of people showing up and banging on stuff, a ton of people bringing boxes, and the instant community that cropped up around the event.

    What didn't work?

    Um, well, boxes. Even for stuff that was pretty likely (and in one case obviously) owned, nobody claimed any hardware.

    On paper, it made sense, but the truth is all of us have a ton of gear and no one really wanted to lug crap home on the plane. Hell, some of us were giving stuff away, and I know at least one machine was still sitting on the table when the con closed.

    So, here's what I'm chewing on, in the interest of still keeping the point of defenders and attackers having something at stake, but making things a bit more portable.

    Cash money. Dinero. Scratch. Greenbacks.

    I talked this over with The Powers That Be, and even though Vegas is Vegas, we can't actually do something that looks like wagering without hotel sanction. But what we can do is spend money at the hotel.

    So, now what?

    Here's what I'm proposing for this year: "Pwning for Dollars". You keep your hardware, but defenders (and possibly attackers) pay a nominal entry fee. The winner, attacker or defender (and to do this right we have to have one, and only one) takes the pot, as a tab at the Splash bar Saturday night.

    So, what do you think?
Working...
X