Announcement

Collapse
No announcement yet.

0wn the box? Own the box!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • 0wn the box? Own the box!

    http://ownthebox.cipherpunx.org

    0wn the box? Own the box!

    Are you a defensive ninja? Are your services unbreakable, your builds airtight? Do your countermeasures have countermeasures for counter-countermeasures?

    So prove it, bucko... Bet your box on it, on the most hostile network in the world.

    Bring your laptop/server/desktop, hardened to the nines, running exactly two (2) visible services, to our specs, and we'll offer you up for the slaughter.

    The first person to compromise you walks away with your gear. When you're 0wned, you're owned. It's that simple. The last box(en) standing, unowned, wins, and the winner(s) can take his/her precious back home, safe in the knowledge that if it survived at DC, it can survive anywhere.

    For the other side of the fence, the reward is clear... Pick your target, 0wn the box, and own the box. A shopping spree for the elite.
    This contest will be a great addition to the contest lineup. It will be on the DC site soon, the contest organizers will be holding a sign up on the forums, more info to come soon. Im really excited to read what you guys come up with for hardware too.
    "Haters, gonna hate"

  • #2
    Re: 0wn the box? Own the box!

    hmmm a great way to get rid of old equipment.

    Comment


    • #3
      Re: 0wn the box? Own the box!

      Hacker pinkslips
      Never drink anything larger than your head!





      Comment


      • #4
        Re: 0wn the box? Own the box!

        Originally posted by renderman View Post
        Hacker pinkslips
        You got it. I'm hoping we can get some folks to bring some interesting gear. I have one c64 with web server signed up now...

        Anyone who wants to sign up, please send me a PM for more details.

        How cool would it be to have a shirt that said "Nobody 0wned me at DC15!"?
        "Raise a toast to ... I think he might have been our only decent ."

        Comment


        • #5
          Re: 0wn the box? Own the box!

          If the services are simple then it shouldn't be too hard to write secure code. Just disable all the remote admin stuff, make sure your code doesn't have buffer overflows... It should be pretty easy to make an unbreakable box. What are the "two services"?
          --- The fuck? Have you ever BEEN to Defcon?

          Comment


          • #6
            Re: 0wn the box? Own the box!

            Originally posted by kallahar View Post
            If the services are simple then it shouldn't be too hard to write secure code. Just disable all the remote admin stuff, make sure your code doesn't have buffer overflows... It should be pretty easy to make an unbreakable box. What are the "two services"?
            Roger that, totally understood. I initially thought it best to be vague, but maybe I should get some more detail out there.

            The two services will need to actually be complex (a forum like this one, a CMS, a functioning mail server, etc), and not just sit there, be patched, and offer up a banner.

            There will also be two stages, the first day being remote only, the second day we'll up the stakes, requiring you to give out accounts or shells, so entrants will need to also think about authenticated users local to the box.

            Complexity breeds exposure, so an entrant should expect complexity.
            "Raise a toast to ... I think he might have been our only decent ."

            Comment


            • #7
              Re: 0wn the box? Own the box!

              heh.. I still have a bunch of reading to catch up on this new contest... but I have to comment, sk00t has .. bar none.. the best Uncle Ira avatar on the forums.
              if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

              Comment


              • #8
                Re: 0wn the box? Own the box!

                I think this is a cool contest, but the way it reads, if you lose, you lose your box, but if you win you get to keep your box. There must be additional prizes...otherwise the risk/reward ratio seems pretty weak if you are just trying to fend off others, not actually attack.

                Other than the joy of keeping your own equipment, are you offering anything up to the winner?
                perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                Comment


                • #9
                  Re: 0wn the box? Own the box!

                  Originally posted by Chris View Post
                  I think this is a cool contest, but the way it reads, if you lose, you lose your box, but if you win you get to keep your box. There must be additional prizes...otherwise the risk/reward ratio seems pretty weak if you are just trying to fend off others, not actually attack.

                  Other than the joy of keeping your own equipment, are you offering anything up to the winner?
                  Actually, you don't need to bring a box to participate, you can obviously be an attacker without bringing a box... Or maybe you should? "Upload ratios enforced"?

                  The idea was to make this something more casual, where it doesn't require someone to spend the whole con, like CTF / aCTF (which are very cool, don't get me wrong...). So, as an attacker, you can sort of pop in and out, as interested.

                  If you're a defender, and bring a box, yeah, you're right, what's the reward? At a minimum I am promising "Nobody 0wned me at DC 15" shirts, and we'll be part of the awards ceremony, but yeah, I dunno yet. What would entice someone to do this?

                  I'll think hard and see what I can come up with to encourage people.

                  For me, I thought it would be a fun way to unload some hardware. I'm also going to hassle as many security-centric projects as I can and see if I can get a bite or two... Updates as warranted.
                  Last edited by sk00t; June 12, 2007, 16:03. Reason: I am a tool.
                  "Raise a toast to ... I think he might have been our only decent ."

                  Comment


                  • #10
                    Re: 0wn the box? Own the box!

                    Originally posted by sk00t View Post
                    Actually, you don't need to bring a box to participate, you can obviously be an attacker without bringing a box... Or maybe you should? "Upload ratios enforced"?

                    The idea was to make this something more casual, where it doesn't require someone to spend the whole con, like CTF / aCTF (which are very cool, don't get me wrong...). So, as an attacker, you can sort of pop in and out, as interested.

                    If you're a defender, and bring a box, yeah, you're right, what's the reward? At a minimum I am promising "Nobody 0wned me at DC 15" shirts, and we'll be part of the awards ceremony, but yeah, I dunno yet. What would entice someone to do this?

                    I'll think hard and see what I can come up with to encourage people.

                    For me, I thought it would be a fun way to unload some hardware. I'm also going to hassle as many security-centric projects as I can and see if I can get a bite or two... Updates as warranted.
                    Like I said, I think this is a cool contest.

                    I am interested in participating, but basically from the standpoint of build it and drop it off (I have too much to do to actually sit there for any period of time) and see if my config/scripts/etc can withstand the attacks. That said, if all I get for my effort is my own computer that I already had, it seems like kind of a waste...although I do agree that the knowledge that you were able to fend off the attackers is pretty slick in and of itself, but I don't think that makes up for the risk of potentially losing the box.

                    As for what would entice folks..I don't know...but you'd think that the reward would need to be rather significant to even out the pot odds.
                    perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                    Comment


                    • #11
                      Re: 0wn the box? Own the box!

                      Originally posted by Chris View Post
                      Like I said, I think this is a cool contest.

                      I am interested in participating, but basically from the standpoint of build it and drop it off (I have too much to do to actually sit there for any period of time) and see if my config/scripts/etc can withstand the attacks. That said, if all I get for my effort is my own computer that I already had, it seems like kind of a waste...although I do agree that the knowledge that you were able to fend off the attackers is pretty slick in and of itself, but I don't think that makes up for the risk of potentially losing the box.

                      As for what would entice folks..I don't know...but you'd think that the reward would need to be rather significant to even out the pot odds.
                      Build and drop it off is exactly the intent. In addition to not having space to set up for the keyboards / monitors / etc, to me it would be kind of unfair to let people sit and babysit their boxes.

                      So yeah, you'd be expected to hand it over, and (hopefully) get it back at the end of con. I'm still puzzling on rewards. I will nag Kita / Russ and see what schwag they can come up with.

                      Of course, this is Vegas, and if someone's absolutely confident their stuff is unownable, no matter what, what's to lose? :)
                      Last edited by sk00t; June 12, 2007, 17:53. Reason: s:they\'re:their:
                      "Raise a toast to ... I think he might have been our only decent ."

                      Comment


                      • #12
                        Re: 0wn the box? Own the box!

                        Attackers could provide something in order to be assigned an IP address to use, and then the defenders get to keep the attacker's goodies when the attackers don't come in first, second or 3rd by # of boxed "owned".

                        Entrance fee? Booze? Money? Food? Something else?

                        Give the attackers something to lose as well. :-)
                        Last edited by TheCotMan; June 12, 2007, 19:57.

                        Comment


                        • #13
                          Re: 0wn the box? Own the box!

                          Originally posted by TheCotMan View Post
                          Attackers could provide something in order to be assigned an IP address to use, and then the defenders get to keep the attacker's goodies when the attackers don't come in first, second or 3rd by # of boxed "owned".

                          Entrance fee? Booze? Money? Food? Something else?

                          Give the attackers something to lose as well. :-)
                          There's always the possibility of vigilante justice if someone walks in with an 0day and grabs ten boxes in a swipe. We're not promising security after you walk away with the box and leave the con area.

                          This could get ugly...

                          BTW, one update, I got one offer of a low-serial number NeXT box. Right now my count is somewhere around 5, and I haven't started on my own stuff to bring yet.

                          Still working on the defenders prize side, I may have tracked down a patron.
                          "Raise a toast to ... I think he might have been our only decent ."

                          Comment


                          • #14
                            Re: 0wn the box? Own the box!

                            Originally posted by converge View Post
                            heh.. I still have a bunch of reading to catch up on this new contest... but I have to comment, sk00t has .. bar none.. the best Uncle Ira avatar on the forums.
                            It's actually Che Stallman, but yeah, sans glasses and Hackercrombie tee, you're right, the resemblance is pretty uncanny...
                            "Raise a toast to ... I think he might have been our only decent ."

                            Comment


                            • #15
                              Re: 0wn the box? Own the box!

                              Originally posted by sk00t View Post
                              Build and drop it off is exactly the intent. In addition to not having space to set up for the keyboards / monitors / etc, to me it would be kind of unfair to let people sit and babysit their boxes.

                              Just curious, how does this fit in with day 2? You mentioned that day 2 would require interaction, accounts, etc. How are we supposed to do that if we drop the box off on day one and walk away?
                              perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'

                              Comment

                              Working...
                              X