Announcement

Collapse
No announcement yet.

Info about Counterfeit Badge Contest at DEF CON 24

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Info about Counterfeit Badge Contest at DEF CON 24

    I am not affiliated with this event and nothing I write is authoritative for it.

    Originally posted by details
    It's a race against time and competitors to create the most precise counterfeit badge and use it to deceive, infiltrate, and persist! This contest combines counterfeiting skills with social engineering talents. Entrants will construct a fake badge and perform social engineering tasks of varying difficulty faster than other competitors to gain points. You can play this game solo or with teammates. The winning team will win a black badge from Arrakis himself! See http://badgecontest.info for details and rules.
    Site: http://badgecontest.info/

    Description changed: July 4, 2016.
    Last edited by TheCotMan; July 4, 2016, 11:05.

  • #2
    BUMP FOR GREATNESS!
    take a long walk backward....into the now.

    Comment


    • #3
      can we get any official clarification from con staff that this will indeed be allowed to run within the Tamper Village and that folk won't come storming in and take away all the supplies and everyone's creations this time? :-/

      if the red shirts can agree to that, i'm willing to bet that the Tamper staff can agree to making sure that no one is displaying only their fake badges around the rest of the con and that they give people a little speech about not getting into the NOC etc
      "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
      - Trent Reznor

      Comment


      • #4
        Can we also ensure that these counterfeit badges are kept in the Tamper Village, and not allowed out on the conference floor? Additionally, who is going to take the heat when someone uses a badge to gain access to somewhere, and they get hurt, or they hurt or harm someone else?

        Where is the liability on the part of the organizers?
        --- If you're a snowflake, you're gonna have a bad time.
        Have you ever BEEN to Defcon?

        Comment


        • #5
          Originally posted by dc0de View Post
          Can we also ensure that these counterfeit badges are kept in the Tamper Village, and not allowed out on the conference floor? Additionally, who is going to take the heat when someone uses a badge to gain access to somewhere, and they get hurt, or they hurt or harm someone else?

          Where is the liability on the part of the organizers?

          DT is cool with this contest and the rules that CEV communicated to them, otherwise it wouldn't have been approved. If they need further clarity on their contest limitations, Pandero & Grifter are the CEV Contest leads in charge so they will tell them what is and isn't allowed.

          It's up to the attendee to be responsible for their actions, they will be warned by the contest organizers as to what isn't allowed as part of the contest. DT didn't have a problem with this so long as they stick to replicating human badges and don't try to break any actual con rules. They won't attempt back of house access or else, and if they are caught using the fakes and don't have a real badge they should be treated as anyone else trying to sneak in. If this becomes a problem, then CEV will work with the organizers to put an end to the problem issue and or revoke their contest.

          There's no need to create more rules on where they can be at con or what they can do, I don't see a need for the negative speculating on things that haven't happened. I thought all you people were full blown libertarians and shit? Didn't you "retire" anyway? ;-P

          /em shoulder shrugs



          "Haters, gonna hate"

          Comment


          • #6
            We are working on an updated description from the organizers. Sorry for the confusion.

            Comment


            • #7
              Originally posted by panadero View Post
              We are working on an updated description from the organizers. Sorry for the confusion.
              FYI: As per panadero the description for this event has been changed to "[redacted]" until a revised description it provided.

              Comment


              • #8
                Originally posted by dc0de View Post
                who is going to take the heat when someone uses a badge to gain access to somewhere, and they get hurt, or they hurt or harm someone else?
                you know i dig you, Dec0de, but i will have to push back on this one and ask the simple question: when has this ever happened in the history of DEF CON?

                yes, some folk (hilariously, i might add) pretended to be red shirt goons last year and possibly before. yes, they were able to walk places they shouldn't. no one got hurt (save for maybe butthurt) and no one was harmed.

                i'm with Kita on this one, 100% ... what happened to the hacker mindset?? sneaking around and being where you're not supposed to be (but causing no harm or damage) is what we used to BE ABOUT.

                now everyone get off my lawn meet me on a hotel roof with my Geritol, because i sound like an urban exploring old man. :-)
                "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
                - Trent Reznor

                Comment


                • #9
                  Originally posted by Deviant Ollam View Post
                  you know i dig you, Dec0de, but i will have to push back on this one and ask the simple question: when has this ever happened in the history of DEF CON?
                  Wasn't it 2 or 3 years ago? A non-goon was wearing a red shirt and accused of sexism by a human from DEF CON goons because the assumed offending person was a "goon" even though they were not. That was quite public as was the discussion in social media. It was eventually discovered that the person assumed to be a goon was not a goon, and the offended person accepted it was not a volunteer at DEF CON. This did not alter their feelings about being hurt, but it seemed to alter the direction of their unhappiness. Sure, it is easy to blame the person complaining for being ignorant, but volunteers suffer damage to reputation until the truth is revealed, assuming it is revealed.

                  yes, some folk (hilariously, i might add) pretended to be red shirt goons last year and possibly before. yes, they were able to walk places they shouldn't. no one got hurt (save for maybe butthurt) and no one was harmed.
                  I have no personal knowledge of a person crafting a fake goon badge to do harm, but we have seen people craft goon badges to gain access to goon spaces, and this was before any official contest. In fact, this helped spawn the idea for a contest, which DT supported especially with some of his ideas on the Tamper Evident Contest. (I think that was when we were at the RIv.)

                  It also happened at DEF CON 10: You remember those metal badges? How much effort was it to spray-paint one a similar color to a goon badge?

                  i'm with Kita on this one, 100% ... what happened to the hacker mindset?? sneaking around and being where you're not supposed to be (but causing no harm or damage) is what we used to BE ABOUT.
                  This question becomes a metaphor for real-world work. Defense vs. Offense. Blue team vs. Red team. When there are such contests with red teams vs. blue teams, are real explosives detonated to gain access to defeat the other teams "cyber defense" at hacker/security conventions like DEF CON? If not, then you accept that in games, there are some kinds of rules of engagement to avoid real harm and real damage to people and property.

                  If there really were no rules, how many illegal ways could you come up with to evacuate the CTF area so you could gain unrestricted physical access to all of the equipment?

                  Again, not meant to be real examples, but to demonstrate some expectation on rules of engagement.

                  If you accept there are rules of engagement, then I ask you, "what about the hacking mentality? Since when have hackers found not breaking laws as a reason to deny curiosity?"

                  If there are *any* rules of engagement for a *game*, then the discussion and argument is only over which rules should exist, yes?

                  now everyone get off my lawn meet me on a hotel roof with my Geritol, because i sound like an urban exploring old man. :-)
                  Thoughts on defense change when your assets and liability are at risk:

                  SSN , name and birthday are all information. Information only wants to be free. Should your information be free? :-)
                  Last edited by TheCotMan; June 23, 2016, 21:43.

                  Comment


                  • #10
                    Contrary to what has been stated in this thread, there have been no discussions with me regarding any changes to my contest rules. There were concerns during con due to the goons not being informed, which were debriefed with Rusty and completely quashed once we filtered for goon butthurt. The first mention of any rule changes were two days ago, so it sounds like someone dropped the ball. I'll see if we can rectify the situation but we are in the 9th inning.

                    I think it would be worth mentioning counterfeit badges are an ancient tradition of defcon. There will always be chicken-little goons, and there will always be counterfeiters. However the contest exists to give the counterfeiters an outlet and recognition while protecting the DefCon brand. If you change the rules, you sour the milk and then the counterfeiters will just do as they please.
                    Last edited by arrakis; June 23, 2016, 22:35.

                    Comment


                    • #11
                      When will the http://badgecontest.info/ site be in DNS and reachable?

                      Comment


                      • #12
                        This is a very interesting contest :) I hope it keeps happening with good taste and without interference

                        Comment


                        • #13
                          Originally posted by laplinker View Post
                          This is a very interesting contest :) I hope it keeps happening with good taste and without interference
                          I think that something on this subject, would make a good DEF CON 24 talk. Hmm, maybe discuss the difficulty in creating counterfeit badges, showing your multiple success and fails. I'd want to know all the methods used and the challenges involved in reversing them from scratch. Tell us how you managed to escalate your privileges into the worlds most elite air-walled hotel fortresses filled with day old farts and donuts. HECK you could possibly get 5 to 6 such individuals together to generate the content!

                          YOU COULD CALL IT: How to Make Your Own DEF CON Black Badge

                          but....that's none of my business.
                          (https://media4.giphy.com/media/k9XrZaAJuQyMU/200_s.gif)



                          "Haters, gonna hate"

                          Comment


                          • #14
                            Originally posted by Nikita View Post

                            I think that something on this subject, would make a good DEF CON 24 talk. Hmm, maybe discuss the difficulty in creating counterfeit badges, showing your multiple success and fails. I'd want to know all the methods used and the challenges involved in reversing them from scratch. Tell us how you managed to escalate your privileges into the worlds most elite air-walled hotel fortresses filled with day old farts and donuts. HECK you could possibly get 5 to 6 such individuals together to generate the content!

                            YOU COULD CALL IT: How to Make Your Own DEF CON Black Badge

                            but....that's none of my business.
                            (https://media4.giphy.com/media/k9XrZaAJuQyMU/200_s.gif)


                            We'll look into this for DC25, perhaps. We'd need guarantees that our wheelbarrows full of black badges won't be confiscated, though : /

                            dg
                            [mfp]

                            Comment


                            • #15
                              A new description from panadero has been included in the top post.

                              Comment

                              Working...
                              X