HackFest Security EVENT - Call for Submissions

Lisa Kachold lisakachold at obnosis.com
Sun Feb 14 13:41:17 MST 2010 

We are tentatively planning a two day (registration only)
Participation Open Hackfest in Mid March/early April.

This is not a monthly presentation.  It is a complete open
encroachment competitive event with a certain number of engineered
weaknesses on a controlled network with flags that are service based
that are similar to real world scenarios.  In this event, others are
considered fair game and will count as a pwnd target, although with
very low points.  Larger flags will have large points, and we will
have some small prizes in addition to each target:

Best Forensics
Best "real world" Flag (submitted)
Greatest Flags

We are building a complete network for the event therefore we will
need some resources, volunteers, and flags.

For the Spring Event, we want:

1) Networking Equipment - switches/cabling
2) Volunteers during the event to note flags and verify each.
3) Servers or targets of whatever type.  Physical access encroachment
is not going to be allowed.  This is a network event.

NOTE: If you submit a Flag, you cannot compete to take it, nor can you
use your Flag in any of your attacks or information gathering.

We will be setting up our own DNS and other services through a
tethered EDVO/CDMA network, bridged to a local switched network, so we
can access external resources during the two day event, and using
Wireless as a resource, however we will not be hacking wireless.

Any server setup that you have that you could like to bring in and
setup as a flag would be fun - even Media Servers, TIVO, OpenWRT,
whatever you have that you can see a known flag for access, and verify
it's proof, once taken.

Challenges should include a good deal of OSI Layer Up (outside of
simple arp cache poisoning) UPNP, fuzzing, side jacking, brute
forcing, decryption exploits, in addition to some web systems/mail
systems.

This HackFest will be a "mock-up" of a standard web provider, internal
business network and include Microsoft targets and services,
CIFS/SAMBA, DNS and linux targets.  Solaris might be included also.
We will mostly use Linux based security distros as our encroachment
tools during the fest, however if you use a CPM Kaypro for instance,
we are not going to quiver, just as long as you can prove your flags.

We therefore would love any submissions you want to bring to setup on
the network.

We will be tentatively using UAT for this event because we can have
access to secure our old equipment in one of their security guarded
rooms over the two days without tearing down equipment.

Interested?  Watch for the registration site announcement in the next two weeks!

Each person will be required to sign a waiver to verify that they
understand that their equipment will be under threat on our HackFest
network.

We need focus for forensics, IDS, discovery, monitoring if you would
like to show up and just watch network packet traffic.  The second
half of the event will include heavy forensics.

You can come and go over two days of the event.

Prices and flags are announced and promoted to your name only if you
agree, so you can show up, take over everything and leave anonymously.

Sound fun?





-- 
Skype: (623)239-3392
AT&T: (503)754-4452
http://obnosis.110mb.com/nuke/index.php
http://uncyclopedia.wikia.com/wiki/Arizona

More information about the PLUG-discuss mailing list