No announcement yet.

OTB @ DC16: Frequently Answered Questions

  • Filter
  • Time
  • Show
Clear All
new posts

  • OTB @ DC16: Frequently Answered Questions

    "Oh, but wait! UID 0 is 0wnage. WTF is all this silly shit about stealing hashes?"

    Wrong. The reality is that root / admin is pointless in a lot of compromises. It's the data, stupid. If I have 10,000 CCNs through SQLI, or a misconfigured proxy, or because someone left their RSA token in the men's room, are you somehow less owned?

    "But wait a minute... Can't I just DoS all the other defenders and keep my box up to win?"

    No. That would be wrong. And if it happens I don't want to hear about it.

    "I was really hoping to bring my NeXT box again this year. I also have this old VAX and a PDP-11 I was going to drive in on a flatbed truck."

    Fine. Just implement an HTTP(s), SMTP/TLS, or SFTP listener to the specs.

    "Are you doing anything about sniffed traffic? Couldn't someone intercept transactions that way?"


    "I am Theo. Can I bring a box?"

    Dude, I loved watching you rock out on Guitar Hero last year. Don't you have off-by-ones to grep for?

    "I don't have $20. But my sister's pretty cute and I borrowed my dad's Amex. Can you drive me to the liquor store?"

    We'll work something out.
    "Raise a toast to ... I think he might have been our only decent ."