ZeroNights 2014: hack and get

ZeroNights is perhaps the only security conference in Russia with which any visitor can return not only with a heap of useful knowledge that is applicable in practice, but also with a solid cash prize;) This year, the gambling component of the event rolls over. The conference program can be found here: 2014.zeronights.ru/assets/files/schedule_rus_fin.pdf

Details of our activities, see below.

QIWI convenes tournament

This year, at the ZeroNights conference, a special competition section of the QIWI Group will start, within which the CTF competition will be held in the Jeopardy format.
')
Especially for the tournament, the winner of international competitions, the team More Smoked Leet Chicken, has prepared a number of tasks in the categories Reverse / PWN / Web / Crypto / Misc. Tasks can be solved in any order, the cost of the solution depends on the complexity of the problem.

We invite everyone to take part in the tournament at noon on November 13. The winners of the competition will be the participants who scored the highest number of points according to the results of passing the tasks (with the same number of points, the result recorded earlier is considered the priority). The prize fund for 1-3 places will be 60, 30 and 15 thousand rubles.
Hack it if you can

In addition, anyone can take part in the search for vulnerabilities in the payment terminals QIWI. Two fully working terminals will be available throughout the conference.

Prohibited:

• carry out destructive actions with the terminal, which can lead to its physical damage
• carry out attacks on the bill acceptor’s sensors (fake banknotes, “fishing”)

Permitted:

• use master keys for physical access to terminal equipment
• connect additional equipment to the terminal

Of interest are vulnerabilities that lead to the release of the shell of Windows and making fake payments using data received from the terminal. Depending on the criticality of the detected program errors, the reward can be up to 150 thousand rubles and will be paid in the framework of the existing bug bounty program.

Protectimus competition

Competitions will be held during the event, anyone can participate in them, except for the jury members. The purpose, tasks, search area, time frame and other details of the competition will be announced on the opening day of ZeroNights 2014.

Prize pool:

• 1st place - $ 8000 + $ 1000 for Protectimus balance
• 2nd place - $ 5000 + $ 500 to Protectimus balance
• 3rd place - $ 2000 + $ 350 to Protectimus balance

For those who love heavier

Fans of hardware and hacker devices will not be left without attention again: this year, the open area of ​​the Hardware Village will work again at ZeroNights. As part of the HWV, anyone can touch, poyuzat, potest any favorite piece of iron and get advice on the nuances of the use of a particular equipment. There will be workshops on the security of embedded systems and wireless networks.

For DIY lovers, we will review modern solutions for creating their devices based on the following platforms:

• Teensy 2.0, 3.1
• Dragino v2
• mbed LPC1786
• Spark code
• Arduino different versions
• Radxa Rock Pro
• Raspberry Pi (B +)

Hams, SDR users and hackers of wireless networks will be able to practice using such devices:

• Hackrf
• BladeRF
• Ubertooth
• Proxmark3

For reversers of embedded platforms and those who are simply interested, we will conduct a demonstration and train them to work with the following hacker devices:

• Facedancer
• Die datenkeke
• Bus Pirate, Bus Blaster
• JTAGulator
• Papillio Pro FGPA
• USB IR Toy
• Open Workbench LogicSniffer

In mini format

If you can not only break systems and devices in two or three steps, but are also ready to assemble an interesting device and tell the hacker community about it, do not pass by the Hardware Village! This year, enthusiasts of this section have planned three competitions for lovers of hacker devices:

1) Hacking embedded systems

This competition will continue throughout the conference. The first to crack the hacker device made by the organizers will receive it as a gift. There will be several unique devices.

2) Stand up and Hack, competition of mini-reports

Thanks to this competition, any beginner publisher will be able to speak in public without any particular formalities. On the special board, during the entire conference time, everyone can leave a request - the topic of the report. After the appearance of every third topic, a break will be announced at HW Village, during which mini-reports will be heard. We promise to award the best performances.

3) HackDev - development and presentation of your hacker device

This contest allows people who spend nights soldering / assembling their hacker devices to present their invention to the world and hold its presentation. The authors of the best devices will receive valuable prizes.

Python Arsenal Contest

This is a competition of tools for solving complex problems in the Reverse Engineering process. We believe that it will benefit the entire security community, as the plugins will be available to everyone, and experience will be shared. To take part in it, it is not necessary to participate in the conference - you can do it remotely.

rules

• The project / script / plugin / extension should use the library from pythonarsenal.erpscan.com .
• A new tool (not previously published) or a major update to the already known project / library / plugin with new interesting features.
• A description, requirements, installation manual is required.
• Send your submissions to pythonarsenal@zeronights.org .
• Results will be announced at the ZeroNights conference (November 14, 2014).

Prizes: unique hacker t-shirt and souvenir (personal steel badge), placement in the hall of fame, stickers. Prizes will be awarded in various categories.

Nominations

• The best tool / plugin / library for exploiting bugs
• The best tool / plugin / library for incident investigation
• The best tool / plugin / library for reversing
• The best tool / plugin / library for fuzzing
• The best tool / plugin / library for malware analysis

Committee

• Aaron Tailor (Exodus Intelligence)
• Alexander Matrosov (Intel)
• Dmitry 'D1g1' Evdokimov (Digital Security)
• Halvar Flake (Google Inc.)
• Justin Hare (Immunity Inc.)

In general, there are so many competitions this year that we even made a special section on the site, where we tell about each of them in as much detail as possible: 2014.zeronights.ru

See you at the conference!