Forwarded from: sk00t <sk00t (at) cipherpunx.org> [ New contest for those attending Defcon 15 - WK ] http://ownthebox.cipherpunx.org https://forum.defcon.org/forumdisplay.php?f=337 # Øwn the box? Own the box! Are you a defensive ninja? Are your services unbreakable, your builds airtight? Do your countermeasures have countermeasures for counter-countermeasures? So prove it, bucko... Bet your box on it, on the most hostile network in the world. Bring your laptop/server/desktop, hardened to the nines, running exactly two (2) visible services, to our specs, and we'll offer you up for the slaughter. The first person to compromise you walks away with your gear. When you're øwned, you're owned. It's that simple. The last box(en) standing, unowned, wins, and the winner(s) can take his/her precious back home, safe in the knowledge that if it survived at DC, it can survive anywhere. Plus, get cool prizes and mucho street cred. For the other side of the fence, the reward is clear... Pick your target, Øwn the box, and own the box. A shopping spree for the elite. # CFB: Call for Boxen Vendors, hardening projects and security-centric distros? Random people with Crays in their basement? Bring your gear, plug it in, and prove your worth. Earn cool prizes (we don't know what yet, but they'll be cool, we promise) and earn mucho street cred. If we don't see at least two boxes from the OpenBSD folks, and Adamantix, Hardened Gentoo and others, we can only assume you're nancy-boys. Here's a chance to put your money, and your gear, where your mouth is. But what about Vista? OSX? Quick Bill, tear the BlueHat boys away from their X-Boxes and get to work! Steve, bring the OSX security team (you have one, right?) back from the Ashram and tell them they have a chance to redeem their Karmic energy from the last few 0day embarassments! And how about the freaky stuff? Amigas running Cern httpd on Plan 9? Pocket calculators with IP stacks? Bring it on. We have at least one C64 coming that we know of, but we want more. For our part, we'll make sure the scenarios are real, and everyone gets a fighting chance. We're putting some of our own gear up for grabs as well. To sign up, post on the DC forums, or send a mail to ownthebox {at} cipherpunx {dot} org. # Whiskey Tango Foxtrot? This is all started with Dragos Ruiu's "pwn to own" contest this year at CanSec West with two Macbooks up for grabs, so much love and respect for the idea. Seriously, thanks, man. (Hey, the dude has a sword...) But it got us thinking, why not extend the concept a bit and ask the entire DC community to pitch in? We also thought the idea of something more casual, extending on the attackers / defenders scenario, would be fun... CTF and aCTF are awesome, but they're a lifestyle choice. Competing means giving up the B&W Ball, talks, and all else that is DC. The goal of this contest is to give attackers and defenders a chance to prove their worth, without giving up the rest of con, with some obvious real-world stakes. # Rules, Regs, Reqs Defenders: You will need to bring a machine running two visible services, that actually work, and do stuff, something beyond just a vanilla install of WhizzBangOS 9.0 with the latest patches. Be prepared for handling local / authenticated users as well. We're going to be a bit intentionally vague until closer to the con. Mail the address in the Call For Boxen for more detail. You will be placing a file somewhere on the box with a large random value, which can only be known to someone who successfully compromises the box. Expect this to not be easy, but expect it to be fair as well. Once you bring the box in, and cable it up, you will walk away until the end of the contest. You do not get to watch it, monitor it, or give it hugs and kisses. Imagine you're a sysadmin taking the weekend off in Vegas. Oh, wait... Attackers: Anyone can play, and everyone at con is a potential attacker. As long as you have an ethernet port, you will have access to the targets, on a local LAN. They may even end up on the DC Wifi, we're not sure yet. We'll provide the IP ranges and a scoreboard of what's available. If you can supply us with the random value placed on the filesystem of the box, you get the box. Stupid things like DOSing will be kind of pointless, but if you do them we will make sure Bad Things happen to you, okay? _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 14 2007 - 23:51:12 PDT