Wednesday, September 26, 2012

DerbyCon Countdown!

Countdown... T-minus 1 day and counting...

Ok, it's Wednesday and I am in full DerbyCon mode. If this years convention is anything like last years, it's going to be an awesome time.

The speakers lined up for this year look pretty cool, which in itself creates a problem, but a good one... which talks to go to.

Anyway, between the talks and events, like the movie Reboot screening this year looks to surpass last years con.
 

Monday, September 24, 2012

Nashvilel InfoSec 2012 Capture The Flag

This past September 13th saw the culmination of all of our hard work pay off as my colleagues and I put on our (and Nashville InfoSec's) 2nd Capture the Flag challenge.

This years challenge differed from last years in that there were no servers to attack, but instead, a series of 13 challenges was developed for the attendees to tackle. Of the 13 challenges, 8 were downloadable (below in green) for the conference attendees to take with them so that they could attend other talks and still work on the them.

The challenges, which covered different types of hacking were:

Challenge 1 (Flag Ridden App)           Web Application / Database
Challenge 2 (ModifyMe)                      Reverse Engineering
Challenge 3 (DiabloMania)                  Network Forensics
Challenge 4 (User Reports)                  Web Application / Database
Challenge 5 (Jurassic Park)                  Obfuscation / Data Forensics
Challenge 6 (TheScrambler)                 Reverse Engineering
Challenge 7 (File Reader)                     Web Application
Challenge 8 (War of Information)        Obfuscation / Encryption Tools
Challenge 9 (Not Authorized)              Web Application / Encryption Tools
Challenge 10 (The View)                     Web Application
Challenge 11 (What's your status?)      Network Forensics
Challenge 12 (Thoreau)                        Obfuscation
Challenge 13 (Rick Roll)                      Obfuscation



Most of the participants in the challenge (including 2 teams sent by CHS) stayed in the CTF room throughout the conference, each team battling it out for the top spot.

At the end of the day, a team, TABC, which was made up of individuals without a team came in first place.

All in all, from all of the feedback that we received, this was a great day. Everyone had fun and seemed to really enjoy the CTF.

Thursday, September 6, 2012

Nashville InfoSec CTF 2012

This year marks the second year that a few colleagues and myself will be hosting a Capture the Flag (CTF) competition at this year's Nashville InfoSec.


WHAT: Capture The Flag

WHEN: Thursday, September 13, 2012 during InfoSec 2012 conference. You must be registered to attend the conference to participate in Capture the Flag.

TIME: Capture the Flag will begin after the Morning Keynote Speaker (aprox 10am) and will end at 4pm. You will be able to attend the evening Keynote speaker session. The lunch break will coincide with conference lunch time, however those who wish to keep working may work through lunch. Team members can come and go as they please, but the timer will run continuously.

TEAMS: 4 persons per team max. You can register as a team or as an individual who will be assigned to a team. There will be a total of 10 teams max.

ABOUT: The Nashville InfoSec Capture The Flag (CTF) competition is a contest designed to test a teams’ knowledge and skill in a variety of areas related to information security, including areas of web application security, cryptography, system exploitation, reverse engineering andnetwork analysis and forensics.

Throughout the game, ten teams of up to four members will probe, attack and solve offensive security challenges using skill, cunning and widely-available free tools. Points are awarded to teams based  upon the difficulty of the challenge that was needed to capture that particular flag. The winning team will be the one having the most points at the end of the competition.
Teams will be scored based upon a weighted point system. Points are awarded based upon the level of difficulty that was needed to capturing that particular flag.

PRIZES: First Place Trophy and prizes will be awarded during the reception/ prize drawing at the end of the conference.

Email chris.centore@tn.gov, steve.swann@tn.gov or george.romano@tn.gov with any questions concerning the event.