Announcement

Collapse
No announcement yet.

Network Forensics Puzzle Contest: Black Badge Event?!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Network Forensics Puzzle Contest: Black Badge Event?!

    Has anyone here participated in the Network Forensics Puzzle Contest (NFPC)? This bugger takes between 50-80 hours to complete and is only completed by a few teams each year. Not only is the challenge a fantastic learning tool, but the sucker requires out-of-the-box thinking, strong forensics skills, and a high tolerance for alcohol. That last bit may not be *absolutely* required, but when you spend 3 days straight on a contest... come on!

    Given the amount of time that goes into completing the challenge, not to mention the time it takes for the creators to come up with the stuff, I would love to see this become a black badge event.

    Anyone else?

  • #2
    Originally posted by 8bits0fbr@in View Post
    Has anyone here participated in the Network Forensics Puzzle Contest (NFPC)? This bugger takes between 50-80 hours to complete and is only completed by a few teams each year. Not only is the challenge a fantastic learning tool, but the sucker requires out-of-the-box thinking, strong forensics skills, and a high tolerance for alcohol. That last bit may not be *absolutely* required, but when you spend 3 days straight on a contest... come on!

    Given the amount of time that goes into completing the challenge, not to mention the time it takes for the creators to come up with the stuff, I would love to see this become a black badge event.

    Anyone else?
    What is selected as a black badge event is a complex system, which I am not part of. Some conclusions I have found by examining a history of events that become black badge events and probability for events in the future to be black badge events in the future:
    * The official "CTF" : the original CTF has been a main-stay of DEF CON for years, and is probably the longest running "always a black-badge / uber badge contest"
    * The "LoST[boy]" / 1057 / 1o57 "badge contest" has been a black badge contest a few times, and because he has designed the badges, might be more likely to be a black badge event.
    * The more that a contest includes demonstrations of things considered "hacking" the better than chance of being a black badge event: For several years in a row, the "Scavenger Hunt" was a black badge event. Winning teams usually had to demonstrate hacking to win, pushing beyond the comfort levels of ordinary humans to win, and with social engineering of judges, and people with items to help them bring items and get credit was a core component. Finding ways to get partial credit and "hack" the judges with items that were close, and skills to find hard-to-find items were core to the event.
    * The more popular a contest is the greater the chance for it to become a black badge event unless it is unrelated to hacking. (For example, no matter how popular "Guitar Hero" was at DEF CON as a contest, it was never going to be a black badge event.)
    * Other than the official CTF, a contest being a black badge contest last year does not guarantee black badge status the following year : Attendees will gravitate towards contests that are black badge contests causing an abundance of players and teams in black badge contests while leading to a starvation in other contests. Mixing up which contests are black badge and which are not helps to encourage people to compete in what they like and not just choose black badge contests.
    * From the last item, *usually* contests leaders were not told which are black-badge/Uber-badge events and which are not, and when they are told, they have historically been told to not announce this to the public: why? for the same reasons as in the last item. (The official CTF has been an exception.)
    * Usually, when a contest changes hands in organizers, if it was previously a black badge event, the chances of it being a black badge event under NEW leaders is very unlikely. It seems new runners need to prove they have what it takes to run the contest; they can't just ride the success of their predecessors. (Again, the official CTF has been an exception.)
    * NEW contest are almost NEVER uber/black-badge contests. Unproven contests have to really show they have what it takes. There is a history behind this. I've witnessed contests in OLD DEF CON which only had one two or sometimes three players as black badge events, and there was criticism for this.
    * Recently (like in the last 5 years?) Contest/Event/Village goons seem to have some ideas on which contests are candidates for Black Badges, but reserve final judgement on which contests will be selected based on many of the above items *while at DEF CON*.

    If you want to increase the chances for this event to be a black badge event, work to make it more popular, include more demonstrations of hacking, encourage more people to play or act as spectators, discuss the contest before, and after DEF CON, citing examples of the work. Take it to social media and try to get newbies to the game to join and if you have time, teach some of the things behind competing so people can join and compete against you and others. Popularity is not the only item for consideration, but a minimum level of popularity seems to be required. Once that is exceeded, chances seem to improve.

    All of the above is based on publicly disclosed information over many years, and observations. I am not a contest, event or village goon. nothing that I write here is binding or a guarantee for how things will run this year.

    HTH, and good luck!
    -Cot
    Last edited by TheCotMan; June 23, 2016, 00:04.

    Comment


    • #3
      Originally posted by TheCotMan View Post
      What is selected as a black badge event is a complex system...
      Thank you very much Cot! Very thorough response.

      I 100% agree with you regarding the CTF and 1o57 badge contests. Those are mainstays for sure. The diligence, technique, and skill required to complete those has been proven justly over the years.

      Originally posted by TheCotMan View Post
      The more that a contest includes demonstrations of things considered "hacking" the better than chance of being a black badge event...
      Yup yup. The NFPC requires a massive commitment, plenty of skill, blah blah. I have more details coming up in the next paragraph.

      Originally posted by TheCotMan View Post
      The more popular a contest is the greater the chance for it to become a black badge event...
      Yup! Totally agree with you. In that regard, I have been pushing hard to help LMG turn their NFPC into a black badge event. In fact, I checked my posting history and noticed that the only posts I have made have regarded the NFPC. Silly me singing the same 'ol tune! But seriously though, I have created two different workshops consisting of step-by-step instructions for completing the contest and have presented them at a few security conferences:

      2014 NFPC Workshop: https://github.com/BechtelCIRT/NFWorkshop
      2015 NFPC Workshop: https://github.com/BechtelCIRT/NFWorkshop16

      I've been working my booty off to represent those who love the contest in hopes of getting more competition.

      Originally posted by TheCotMan View Post
      Attendees will gravitate towards contests that are black badge contests causing an abundance of players and teams in black badge contests while leading to a starvation in other contests...
      I never thought of this prior to your statement. You make a very valid point here.

      Originally posted by TheCotMan View Post
      HTH, and good luck!
      -Cot
      Again, thank you very much for the thorough, thoughtful response. I've been doing my best to push the contest, and I will continue to do so. We're going to get this bad mutha on the charts, so to say :).

      Rock on CotMan. If I catch up with you at DefCon, I'll buy you a beer.

      Comment

      Working...
      X