CONFidence 2009 - gg plz re :) - gynvael.coldwind//vx.log

Return to dashboard ⇪

Sections

lang: |
RSS: |
About me
Tools
→ YT YouTube (EN)
→ D Discord
→ M Mastodon
→ T Twitter
→ GH GitHub

My company's website

27-28 May 2024
Kraków (Poland)

Paged Out! zine

Dragon Sector CTF Team

Links / Blogs

Posts

// copyright © Gynvael Coldwind
// design & art by Xa
// logo font (birdman regular) by utopiafonts / Dale Harris

/* the author and owner of this blog hereby allows anyone to test the security of this blog (on HTTP level only, the server is not mine, so let's leave it alone ;>), and try to break in (including successful breaks) without any consequences of any kind (DoS attacks are an exception here) ... I'll add that I planted in some places funny photos of some kittens, there are 7 of them right now, so have fun looking for them ;> let me know if You find them all, I'll add some congratz message or sth ;> */

Vulns found in blog:
* XSS (pers, user-inter) by ged_
* XSS (non-pers) by Anno & Tracerout
* XSS (pers) by Anno & Tracerout
* Blind SQLI by Sławomir Błażek
* XSS (pers) by Sławomir Błażek

2009-05-26:

CONFidence 2009 - gg plz re :)

confidence:blog

Time to update the English side of my mirror! As I've written before, I had the opportunity to be present at this years edition of the CONFidence conference, and, starting with a spoiler, I think it was the best conference I had attended so far :)

The organizers took care of everything including the details:
- there were two rented hostels for the participants (named Hacker Squad 1 and 2 - the interesting thing is that even the original hostel logo was changed to Hacker Squad logo during the conference ;>)
- there was Internet connection in the hostel! (true, it was not available in my room due to thick walls or sth, but one just had to go to the common room and place oneself on a comfortable sofa to get connected)
- if someone arrived a day earlier, a before party took place - a couple of hacker movies were displayed in an underground (keyword) pub, including Wargames!

And after that, the real conference begun!
- the conference took place in a rented out cinema+pub+cafe+something else, and in each place there were some interesting things to do/see/eat
- there were up to 3 lectures at the same time
- the main conference room was a huge movie theater
- snacks were available all the time (mainly hi-octane cakes/cookies - this was imho a bullseye [see the next point])
- 3 different competitions (during which one could see how the gears in peoples head spin burning the previously ate hi-octane snacks with smoke coming out of their ears ;D)
- you could do some origami ;)
- or play with lego mindstorm :)
- and the most important - meet a whole bunch of interesting people!

As for the lectures, I admit that because of the competitions I've missed a couple (as always). Here I'll note ones that I liked the most (I won't talk about them too much since afair they will be available later for downloading):
- Bruce Schneier "Reconceptualizing Security" (keynote) - a great lecture about the difference between the feel of security, the model of security and the reality, and the need to work on all of these elements
- Joanna Rutkowska "Thoughts about Trusted Computing" (keynote) - Joanna as always gave an interesting speech, what can I say more... :)
- Eddie Schwartz "Understanding Social Networking Threats Using Live Threat Intelligence" - Eddie really gives great/entertaining lectures :)
* Here is where the ESET Crackme competition started, so I took my laptop and went to find a power source / table. I got back after a few hours...
- Walter Belgers "Lockpicking 101" - real life security :)
- Michał Sajdak "Remote Rootshell on a SOHO Router" - I really liked this lecture - Michał showed a case-study of a few home routers, and he demonstrated that in most cases there is no need to go to the level of hardware to do "something".
* Then the afterparty (which, as the name says, is in the middle of the conference) took place
* And then the second conference day began:
* Until 2PM the Capture The Flag competition took place, so I got back to the lectures after 2PM ;p
- Alessio L.R. Pennasilico "Bakeca.it DDoS: How Evil Forces Have Been Defeated" - a great great true story about an Italian company that had trouble with a changing DDoS attack
- Raul Chiesa "Corporate Security and Intelligence: the dark links" - a very good lecture about some event from southern Europe :)

Now something about the competitions (which I am a fan of)! There were three this time:

1) ESET Crackme - it started at 12:35 of the first day; one got a binary (PE executable) that wanted one to enter some password, and one had to reverse the application, find the password, and send it to the judges - I'll write more on this later (in another post), because I find the binary really interesting (it was similar to something I've described in a Polish security magazine Xploit 3/2008, but the crackme author went another way with it)

2) Capture the Flag - it started the first day morning, and ended the second day 2PM; in short: 15 break-me-style tasks from Web/Networking/Forensics categories, scored from 300 to 750 points each; one had to find a magic-token in each task to gain the points, and the winner was the team that had the most points when the clock strikes 2PM :)

3) Try to break F5 Security - one had to break into some F5 app or something, but I don't know the details (I totally forgot about this competition) :(

I've played with the crackme from the beginning, and I solved it very fast. At least I thought so - as I realized, there was more too it. So I solved it the second time. And then I realized that no, not yet. So I broke the app the third time, and around 4:13 PM I've send the obtained password to the judges. And as I later found out, I was the first to solve it :)

At the time I played with the Crackme, j00ru was fighting with the CTF, keeping the score level around 2-4 place all the time (the score board was displayed real time). Finally in the evening of the first day I've joined j00ru in breaking the CTF tasks. The break through came the second day, when in a couple of hours we managed to go from the 5th place to the 1st, just to fall to the 2nd place am hours before the end, and to get back to the 1st place 7 minutes before 2PM, and keep it until the clock stroke 2PM winning the CTF in the process :). The score difference between the first three places was minimal, and the fight on places 1-6 was really epic, especially when some team entered solutions for like 10 tasks, jumping from nowhere to the fourth place. In the end we solved 12 of the 15 tasks, gaining 6000 points. The second team had 5700 point, and the third 5400 points. (I'm sorry, but I don't remember the names or the people from the second and third place, but I hope that they will be listed on the confidence page soon - good game guys :).

As for the third competition, I know that rezos won it, proving that he is the True Ninja! Gratz! :)

But the conference also had it (minor!) downfalls. Well, only three of those anyway:
- there were not enough power sources in the movie theater :(
- the lunch was... hmm.. strange... I mean.. looking at it's prize, it was a littly inadequate imo ;p
- the music during the after party was TOO LOUD! - after trying to exchange 10 words with my neighbor I gave up and wend to the Hacker Squad...

So, to sum it up, CONFidence 2009 was great! I meet a lot of my friends and met a few new ones (hi!), played (and won ;p) in two competitions (repeating the result from CONFidence 2008 where our team (in a little different peopleset) also won two competitions) and listened to interesting and inspiring lectures! And I know that I'll attend at the CONFidence 2k10 for sure :)

Good game! Plz re :)

Nick:
URL (optional):
Math captcha: 10 ∗ 7 ＋ 6 =

Sections

Links / Blogs

Posts

CONFidence 2009 - gg plz re :)

Add a comment: