DEFCON'20 / DEFCON'20 CTF. Materials, overview

July 26-29 in Las Vegas (Nevada) was held one of the largest hacker (in the truest sense of the word) conferences - DEFCON , as part of which the CTF competitions were also held. This year 4 teams from Russia took part in them - Leet More + Smoked Chicken, SiBears and HackerDom.

Content

• general review
• Badge from Parallax
• Capture The Flag
• Materials
• Afterword

')
Warning: Traffic, bulk post

general review

Every year, in the Rio Hotel (Las Vegas) passes DEFCON . Reports, different types of competitions (CTF, LockPicking, hardware contests, some competitions for children, etc.), performances by well-known groups, shops with different stuff (locks, T-shirts, caps, porn with 30 TB screws) , rainbow tables, etc.), wall of sheep and much, much more.


Wall Of Sheep - Nasniffannyh usernames / passwords of users connected to an open Wi-Fi


Something from the store


Hardware contest. Badge Modding

Of the bands this year were The Crystal Method and Infected Mushroom. I personally somehow missed the first ones, but I got the second one almost from the very beginning.




I think this part can be completed with this review, it quite correctly reflects the real essence of the event. Including hardcore reverse via mc -.-

At 02:19 one can notice two bottles of Stolichnaya vodka on our table, which brought us two guys from the States, under the pretext that they would like to play CTF with us. True, then somewhere they disappeared. By the way, both bottles were successfully brought to Russia.

Badge from Parallax

Each participant of the conference was given a very difficult badge



As well as 2 ps / 2 ports, vga-port and 6 AA batteries (the badge is powered by three).

“Heart” of the badge - P8X32A 32-bit eight-core microprocessor. It was discussed on Habré here (thanks for the tip, thanks to TolTol )
At the end of the conference, they could be bought for $ 40. Now on ebay they cost about $ 60.

Topic on the Parallax forums
Badge scheme (pdf)


Here is the “working” badge

Capture The Flag

The main goal of our trip is to participate in CTF. Last year, only one team from Russia participated - IV, a team of 4 teams. This year, each team was able to come "separately." True, only 3 persons participated in us (4 on the first day), the US visa embassy refused almost all of our team who could go (financially including) to the USA. A maximum of 8 people could sit at the table. In fact, in some teams, ~ 20 (?) People participated in person, who changed + 60 "overboard". It seems like it was the "Samurai", who took first place this year.

Invitation to participate

This year, as in the past, CTF organized DDTEK 'and (this is their last year). An invitation to participate in the DEFCON'20 finals could be obtained through the qualifiers of the DEFCON itself (quals) or (innovation) taking prizes at other CTFs (just one seat was sold on Ebay for ~ $ 4k + past champions defcon)

The teams for each participant (if necessary) were sent an official invitation + 2 rooms in the hotel (2 double-beds + a sofa). There were no complaints to the numbers :) Also, the key-cards were issued not to the usual design of the hotel, but to defcon-style.

About CTF itself

Plate for CTF games

The CTF was 2.5 days long - 27.28 and until the 2nd day of the 29th (just like last year). 2 hours before the end of the CTF, the scoreboard is turned off, we still do not know the exact results. From Russia, no one got to 5k (only the first 5k was announced at the closing). True, MSLC, like, 6th place :)

Technical side:

• FreeBSD 9.0 Jail
• Ipv6
• Reverse and Reverse

Actually, as it were. Seated all 20 teams in a special room, where anyone could go. Each table was approached by 2 twisted pairs - access to the gaming network (also to its server) and a cable with traffic to its server. There was also a printer in which there was an RFID tag. For the first time, nothing more. Tried to “bother” the printer, made printouts of test pages, etc. :) He was not needed to start the game. In general, it is not clear why he was needed, the next day he was no longer there.


Scorbord

Who cares, the rules of CTF'a (SLA system, first blood, etc.) - page 1 , page 2

It was necessary to start this way: read the RFID tag (which the Hates Irony team rewrote to us while we were distracted), it contained the key phrase. Decrypt the first file (given 2 binary content files) with this key, get passwords, configs, readme, etc. things, including the password from the second file. It contains jail files. After clinging on ssh to your server, trying to correctly raise your services, at the same time look for vulnerabilities in them and edit, and also in parallel write layers for these vulnerabilities. There were 18 total services.


Sheep that periodically flew in players from the organizers

If one of the teams made First Blood, then its banner appeared on the screen and the sound was played to the whole hall from Unreal - “First bloood!”

First Blood!

Vrytapy on parsing services are going to ctftime on the link .

Materials

Services from our combat vehicle - services_trololololoooo.zip (3 mb)

Also at the conference were given two disks, one with specially recorded tracks (audio-cd) and a second dvd-disc with presentations, videos, software for the badge and many others (4 GB).



DEF CON XX MUSIC COMPILATION in mp3 - DEF CON XX MUSIC.zip (320 kbit / s - 120 MB)
Only Speaker Presentations from DEF CON XX CONFERENCE DVD - Speaker Presentations.zip (328mb)

upd : dvd disk image:
https://media.defcon.org/dc-20/defcon-20-dvd-original.rar

Afterword

If the states put the phone on charge directly from the adapter (usb) then the device is charging, but the touch screen does not work. Through charging and adapter - everything is ok.

But in general - everything was awesome, experience, acquaintances, fans, various staff and much more! Visited Outback Steak House, HardRock Cafe with its museum, singing fountains in front of the Bellagio, the Vulcan lights show, an incredible number of shops and of course played in the slot machines and casinos ... well, much, much more. In general - I advise you to visit Las Vegas if possible :)
Most of the CTF participants from Russia stayed around the United States. How come - I think, too, unsubscribe.