No announcement yet.

Info about CMD+CTRL Hackathon at DEF CON 24

  • Filter
  • Time
  • Show
Clear All
new posts

  • Info about CMD+CTRL Hackathon at DEF CON 24

    I am not affiliated with this event and nothing I write is authoritative for it.

    Originally posted by details
    The Security Innovation CMD+CTRL Hackathon simulates real-world ecommerce, HR, and banking websites, where users are immersed in a “find the vulnerabilities” game where they quickly learn and apply hacking techniques in a safe environment.

    - Shred Skateboard and Graffiti Shop, HR Account All Website, and Shadow Bank include functionality like add items to your cart, make a purchase, transfer money, apply for a loan, view pay stubs, and request time off.

    - 160+ vulnerabilities that cover 15 classes of security defects including the OWASP Top Ten.

    - Challenges range from exploiting common vulnerabilities such as SQL Injection and Cross-Site Scripting (XSS) to more advanced cryptanalysis and cipher cracking tests.

    Encourages friendly competition with real-time scoring and reporting:

    - Each challenge/vulnerability has a title, point value (10 to 1000) and difficulty rating.

    - Discovered vulnerabilities are automatically updated on the scoreboard
    Individual report cards provide a summary of user activity

    Ideal for all skill levels:

    - Got a question? Security Innovation Ninjas are readily available to assist

    - Need help? Grab a cheat sheet to learn basic attacks or buy hints to overcome difficult challenges

    Interactive and fun:

    - As vulnerabilities are found, the Web site alerts the user with a popup message and a fun sound

    - “Easter Eggs” hidden throughout the sites keep participants enticed and engaged

  • #2
    Hey all, haxim here from the CMD+CTRL team.

    Here's some more information about the event.

    What is it?
    We've created two vulnerable websites that participants will be competing to find vulnerabilities in. All (most) of the vulnerabilities are automatically detected and award points when they're exploited. The sites contain over 100 vulnerabilities including XSS, SQLi, password cracking and more. We'll have easy vulns for beginners as well as more difficult challenges to stump experienced hackers.

    When and Where?
    The contest will run from 10 AM - 6 PM on Friday and Saturday. We will have a set of tables in the contest area. Stop by our table to get registered and started playing. This is a come and go contest, not a set event. Stop by anytime while it's running and play for as long as you'd like.

    What to bring to participate?
    You will need a laptop with a web browser, and any tools you wish to use. You will need internet access as well.

    You bet! More info to come.