Re: OTB @ DC16: Pwning for Dollars

Oh, yeah, since it's pledge week on my local NPR station, I'll shamelessly steal from that one guy on the morning show and sweeten the pot, though I may regret it... I'll match dollar-for-dollar whatever comes in. Sound fair?

Re: OTB @ DC16: Pwning for Dollars

I'm down as a defender, but I need the parameters of the contest / service list so's I can get creative and I also need to know what I have to do to officially register?

Has any of this been determined yet?

-H0m3sl1ce

Re: OTB @ DC16: Pwning for Dollars

Hm, this might be a bit out of scope, but here it goes...

DefCon 16 will be first DefCon. I'm a guy from Germany working on his own operating system, which just got TCP/IP and a HTTP/ICMP/DNS/mDNS server recently. I would like to bring my laptop to DefCon and let people try to hack into it.

However, since I'll bring my actual laptop and not some old hardware (baggage allowance on planes and things), there is ABSOLUTELY NO WAY people I will give my laptop to anyone who breaks it. I've planned to bring some price money (like $100 for 1st place, $50 for 2nd, $25 for 3rd), in terms of who makes ot how far on my machine.

So, in short, YES, I'm all for an entry fee.

Re: OTB @ DC16: Pwning for Dollars

I really liked the first idea, you win you get the box. If there were a problem with unclaimed prizes well first off i didnt know it, as I would have helped with that situation. And Im sure that someone that is local to vegas could take the unwanted/unclaimed hardware and donate it to a school in the area or something.

Re: OTB @ DC16: Pwning for Dollars

The own the box idea is great for those who are using old platforms and creative tweaking, but in my case there is a huge investment in parts and R&D, the machine is unique in the world and frankly dangerous. I'll be more than happy to throw in funds for prizes, but can't release the tech in the box to the public.

My take on it is that if you want to attract new and unique / creative defenses, the cost involved is far too great for the defender if all his work walks out the door. I mean, really what is the loss to a guy who shows up with a Amiga and gets pwned vs. the guy who designs a completely new system? Honestly, my goal is to test my design against the best in the world, not come home with 20 year old piece of computing history.

-H

Re: OTB @ DC16: Pwning for Dollars

Skoot, I agree with Homeslice. It's more fun to deploy a little advanced tech and give the masses a challenge, but that takes a few bucks ('14 quattloos for the newcomer!!') ....

So count our team in, Racer-X says the 5 Benjamin challenge to the roc-heads still stands, and can be upped it folks are really up for it.

We do need the rules / regs / outline in order to get ready.

Best, HAL

Re: OTB @ DC16: Pwning for Dollars



Sounds like it'll be hella fun, lookin forward to it.

-H

Re: OTB @ DC16: Pwning for Dollars

Yup, looking forward to posting banner pages of 'Bad Kitty, that's my pot pie!' and hoping boxes get treated better than average outing of young Master Kenneth each episode.... actually, the 'denied entry' sign from his heavenly journey might be more appropriate as a response to each 'contestant' .......

So time for each little shinobu to try to get into the jinja... - Best, KS

Re: OTB @ DC16: Pwning for Dollars

Is Skoot comming back or what? I need answers to some issues before I spend anymore money.

Can we attach the box via wifi? (I know some of you just started salivating)

Can I get some certainty on the conditions of pwnage... is there a key file that the attacker must get to prove access or what?

Which services must be lit up?

Any other restrictions?

-H

Re: OTB @ DC16: Pwning for Dollars

Skoot's Last Activity: 04-24-2008 10:53 PM

It is likely that skoot is coming back. If the activity of Skoot's account doesn't show activity 7 days after this post-date/time, send me a PM reminding me about this, and I'll send him an email using the email address he used when he registered with the forums.

Since the forums can't reach the mail server used to pass email to the real world, people's thread-subscriptions no longer let them know when someone replied to a thread they chose to monitor. It is possible that he is expecting an email, to know that someone has a question in a thread he would otherwise be monitoring. DT knows about the mail server problems, and is looking in to it, but is very busy with other things right now.

Re: OTB @ DC16: Pwning for Dollars

All,

Here's a few starter questions that I would like to discuss and get resolution on before implementation. Please add, refine, define, enumerate, elucidate, obfuscate, rotate, gyrate, pirate, and of course, ruminate....

1.) Each participant should get an IP range assigned to them to use as they wish.
2.) IPv4 vs. IPv6 or both?
3.) What 'services' will the infrastructure (DC) have, and what level of service
(i.e., ntp, dns, uddi, authorization servers, etc. - and will those be considered 'out of bounds' for active operators?)
4.) WiFi - will jammers or any active denial operations be permitted/out of bounds?
5.) Is there any maximum number of machines allowed?
6.) Any restrictions on virtualized or dynamic hosting or networking
7.) Any restrictions on actively engaging the contestant opponents on the network (i.e. 'hackback' or 'reverse payload injection' techniques, either destructive or non-destructive)?
8.) - - well, how about just getting a sign up sheet of IP ranges for the defenders put out for the moment?

- Not to be a pain, but we really should nail it down by end of month to give defense two solid to prep. Some of us have day jobs and deliverables to other people ; >

Best, HAL

"2501 is not a number, more a *state of mind*...... "

Re: OTB @ DC16: Pwning for Dollars

Two problems with VM:
1) If a person "hacks" a VM, do they get the hardware that ran the VM? What happens when there are multiple people and multiple VM? Does the hardware go to the person that hacked the most? Do they get the VM licenses too?
2) If the VMis commercial, it should include a legal/valid license and key.
(I think this was an issue at a long past CTF (before KenShoto), when it is possible that someone might have allegedly used what might have possibly been illegal licenses, or licenses illegally.)

These items came up late year with the discussion of machines in [forum=337]OTB DC 15[/forum] forum.

Re: OTB @ DC16: Pwning for Dollars

I can't speak for everyone, but as there is (possibly) a hotel network, defcon wireless network, and various wireless contests and sessions, I would strongly urge against any jamming of wireless. In addition to those concerns, it is against the law.

Re: OTB @ DC16: Pwning for Dollars

Not to mention that incorporating wireless into this game would also just be really fucking stupid.

There are already loads of games for you at DefCon if 802.11 radio traffic makes you hot and horny.

This game is (or at least initially was) about compromising services and such running on a remote machine. Accessing the TCP/IP connection to send packets out to the target box was just a given.

If you're a h4x0r named "Xv_Dark_Lord_vX" and you're going to pwnzor a televangelist's web site, it would likely happen across the intertubes... you wouldn't sit in Joel Osteen's parking lot with a cantenna.