CTF is coming & VM is recruiting

It may be a couple months away but Vulnerable Minds is getting read for one of the best parts of the year. No, not Christmas, Defcon. Say what you want about the Rivera, but Defcon is definitely one of the biggest events in the hacking community. Last year Vulnerable Minds competed for the first time in the Defcon qualifier, hoping to earn a spot to play CTF in Vegas.

Vulnerable Minds put in a good effort and did well for our first attempt. Out of 170 teams participating we ended up placing 30th, besting a number of very talented teams.

So now it's time to turn our thoughts towards this years competition. Vulnerable Minds is looking to build off last years strong showing and do even better this year. To that end we are looking for talented hackers interested in playing CTF, qualifying, and going to DefCon to play. Reversers, sploit coders, forensics gurus, even defensive specialists. DC area is preferred.

Not sure if this is your cup of tea? Check out information about qualification and CTF from the past two years from the L@stplace team (Winners the past two years at Defcon).

Interested? Fill out this handy contact form and we'll get in touch with you.

Since Defcon...

Sorry for the complete lack of updates from me since Defcon. I've had plenty to write up, share, and rant about (as is my want), but I'm in somewhat of a tenuious circumstance regarding my blogging, so I figure better safe than sorry, and thus I'm keeping my comments to a minimum. Hopefully some of the other Minds will pick up the slack. We shall see.

At least we're learning

I've spent the past few days taking the SANS 504 course: Hacking Techniques, Exploits, and Incident Handling. I was lucky enough to have the course creator, Ed Skoudis, as my course instructor. I don't know if I know anyone who seems to have Ed's combination of breadth and depth in the information security field. I guess that's how you become one of the senior handlers at the SANS Internet Storm Center.

I plan on doing a write up of my class and what the Vulnerable Minds have been up to for the past few weeks. A short update:

• I've been in training, busy at work, and abusing Yahoo Pipes, something I'll write more about later.
  
• Bacchus has stopped reading anything but Snort alerts, which made Bacon a bit anxious so I think he's trying to make up some new encrypted communication channel. I may help with that a bit.
  
• ev3 has been reversing everything she gets her hands on including, I'm pretty sure, her reversing tools.
  
• No one's really sure what Narc, GPmidi, Norris, or LogicX have been doing, but thats prolly a good thing.
  
• Saijak seems to have forgotten how to use a computer, though with good reason.

Regardless we're all all getting stoaked for Defcon and various Minds will be making it out there Thursday and Friday. We'll be in the Riveria and around various places. More about our plans to come.

By the way check out Ed's incident handler challenges, fun stuff.

And the answers please...

Over at Nopsr.us the Underminers (aka 1@stPlace, winners of last years Defcon CTF) have put up a follow up to last years CTF quals writeup, which you can find here.

@tlas and his gang do a fantastic job walking through each of the challenges, and a lot can be learned from just taking a look. Even better, they managed to pry the challenge source code out of Kenshoto's hands (a feat they managed to pull off before I did) and have it posted, so that nearly the entire scenario can be recreated for ownage pleasure in your very own home. So go give it a look, you'll learn a bunch.

For those who are curious, Vulnerable Minds did play this year and were quite pleased with our 30 out of 160 finish. In what is the largest Defcon qualification year ever we were stoaked to come the top fifth and had an awesome time. ev3, Narc, LogicX, Bacon, Gpmidi, Bacchus, and myself spent most of the weekend at Akolyte and Saijak's apt, chugging Red Bull, watching Jurassic Park on repeat (seriously Pwnage100 was crap), and hacking to our hearts content. It was a great weekend, the challenges were excellent, tough but enjoyable, and it was one of the most fun and interesting events I've been a part of.

So props to the Kenshoto guys for an fantastic quals round, to the NopsR.Us/Underminers/1@stplace guys for the fantastic writeups, and to the Minds who dedicated their weekend to playing a fantastic game.

And watch out next year because Vulnerable Minds is coming to break all of your plates!

Love of the game.

So! The qualifying round of DefCon's infamous Capture the Flag competition is this weekend. I'm excited, and not just because this would be my first CtF experience. The synergy (more or less) of people coming together with different experiences, knowledge, and ways of looking at problems could prove to be a great way to delve deeper into the field of code and code manipulation. (Let's be honest here, when it comes down to it, this is less about offense or defense and more about mental technique.)

This weekend, a group of us will be sharing one apartment, eating each other's food, hacking to the point of exhaustion... I can't think of a better way to spend a random summer weekend, but that could just be me. ;)

In preparation, I've been looking over last year's quals, helpfully posted by last year's team 1@stPlace. I think one of the things that blew me away was the wide range of topics presented, and the variety of exploitable things. XSS? Bitstream analysis? Reverse engineering protocols? Stealing entangled qbits? OK, just kidding about that last one, but it goes to show what an awesome, diverse field infosec can be. And as much as this is about hacking and having fun, I can only wonder what future DefCon CTFs may hold, especially with the dominance of mobile computing...

But the future can wait. This weekend, let teh funz beg!n.