Re: 0wn the box? Own the box!
I think this is a cool contest, but the way it reads, if you lose, you lose your box, but if you win you get to keep your box. There must be additional prizes...otherwise the risk/reward ratio seems pretty weak if you are just trying to fend off others, not actually attack.
Other than the joy of keeping your own equipment, are you offering anything up to the winner?
-
Re: 0wn the box? Own the box!
heh.. I still have a bunch of reading to catch up on this new contest... but I have to comment, sk00t has .. bar none.. the best Uncle Ira avatar on the forums.Leave a comment:
-
Re: 0wn the box? Own the box!
Roger that, totally understood. I initially thought it best to be vague, but maybe I should get some more detail out there.
The two services will need to actually be complex (a forum like this one, a CMS, a functioning mail server, etc), and not just sit there, be patched, and offer up a banner.
There will also be two stages, the first day being remote only, the second day we'll up the stakes, requiring you to give out accounts or shells, so entrants will need to also think about authenticated users local to the box.
Complexity breeds exposure, so an entrant should expect complexity.Leave a comment:
-
Re: 0wn the box? Own the box!
If the services are simple then it shouldn't be too hard to write secure code. Just disable all the remote admin stuff, make sure your code doesn't have buffer overflows... It should be pretty easy to make an unbreakable box. What are the "two services"?Leave a comment:
-
Re: 0wn the box? Own the box!
You got it. I'm hoping we can get some folks to bring some interesting gear. I have one c64 with web server signed up now...
Anyone who wants to sign up, please send me a PM for more details.
How cool would it be to have a shirt that said "Nobody 0wned me at DC15!"?Leave a comment:
-
Re: 0wn the box? Own the box!
hmmm a great way to get rid of old equipment.Leave a comment:
-
0wn the box? Own the box!
http://ownthebox.cipherpunx.org
This contest will be a great addition to the contest lineup. It will be on the DC site soon, the contest organizers will be holding a sign up on the forums, more info to come soon. Im really excited to read what you guys come up with for hardware too.0wn the box? Own the box!
Are you a defensive ninja? Are your services unbreakable, your builds airtight? Do your countermeasures have countermeasures for counter-countermeasures?
So prove it, bucko... Bet your box on it, on the most hostile network in the world.
Bring your laptop/server/desktop, hardened to the nines, running exactly two (2) visible services, to our specs, and we'll offer you up for the slaughter.
The first person to compromise you walks away with your gear. When you're 0wned, you're owned. It's that simple. The last box(en) standing, unowned, wins, and the winner(s) can take his/her precious back home, safe in the knowledge that if it survived at DC, it can survive anywhere.
For the other side of the fence, the reward is clear... Pick your target, 0wn the box, and own the box. A shopping spree for the elite.
Leave a comment: