Geekly Articles each Day
📜 ⬆️ ⬇️

ZeroNights: announcements of workshops and competitions

image

Handmade - cool workshops and competitions on ZeroNights!


Friends, the ZeroNights conference is the territory of practitioners in the field of information security. At the same time, we have zones in which you can not only get acquainted with the results of the latest research, learn about unusual hacker finds, but also learn something “on the fly”, work not only with your head, but also with your hands. First, traditionally hardcore workshops will be held as part of the ZN. Especially for those who are not afraid to go from words to deeds and try their hand at practice under the guidance of well-known specialists with cool topics. Secondly, we invite you to take part in the coolest competitions. For those who are not afraid of anything at all

Workshops at ZeroNights


Maxim Moroz (member of Google Chrome security group, founder of the CTF team BalalaikaCr3w) will present his workshop called “Modern Buzzing C / C ++ Projects”. The goal of the workshop is to teach participants to effectively fuzz C / C ++ projects using modern tools. By participating in the workshop, you will understand the basic principles of fuzzing; write several fuzzers based on the libFuzzer library for different projects; find yourself Heartbleed and other known bugs; learn to analyze and improve your fuzzers; or maybe even find a couple of 0-day vulnerabilities.

» 2016.zeronights.ru/program/workshops/#ws1

Mikhail Yakshin, (the main Linux-developer of the Swiss company Whitebox Labs), participates in the conference with his workshop “Backward development of binary files using Kaitai Struct”. The master class will be devoted to clean-room reverse engineering unknown file formats. In a few examples (going from simple to complex), we will consider using the Kaitai Struct toolkit to quickly build and test hypotheses about the file format. We will go from installation of software to writing ready-made utilities that work with file formats in C ++, C #, Java, JavaScript, Perl, PHP, Python, Ruby and consider container formats, file systems, firmware formats, byte-code and much more.

» 2016.zeronights.ru/program/workshops/#ws2

Boris Savkov (VMK MSU, participant DC4919, BalalaikaCr3w, Evil Dwarfs) will present a workshop entitled “Searching for vulnerabilities in industrial control systems during blackbox analysis in a short time”. Within the workshop, the process of searching for vulnerabilities in the components of the process control system will be reviewed when nothing is known about SCADA and / or PLC firmware. Vulnerability search demonstration will be held on the layout of the process control system. Participants will be given the opportunity to find vulnerabilities in a specially designed “accessible SCADA” platform, which contains typical AWP vulnerabilities at industrial sites.
')
» 2016.zeronights.ru/program/workshops/#ws3

ZN Skill Contests


In the framework of the ZeroNights 2016 conference, the QIWI group and the system integrator Informzaschita will hold one of the largest CTF competitions in Russia in the Jeopardy format and raffle off 250 thousand rubles. Assignments prepared by a professional team of CTF experts SRTeam.
Registration is available under the link - qiwictf.ru .

Competitions will begin at 10:00 (Moscow time) on November 17.
The prize fund for 1-3 places will be $ 150 thousand, $ 75 thousand and $ 25 thousand.

To win a tournament, you must score the maximum number of points by completing tasks in the categories Reverse / PWN / Web / Crypto / Misc. Allowed to solve tasks in an arbitrary order, the cost of the solution depends on the complexity of the problem. Priority - in terms of execution. Remote access to the gaming network is possible, however, some tasks are implemented in offline format and will require the presence of participants in the QIWI zone on the ZeroNights site.

During the competition it is allowed:


During the competition is prohibited:


Also on the CTF site ZeroNights invites BI.ZONE. Competitions are designed for individual participation and will be held in a format Jeopardy. The guys start at 00:01 11/17/2016 with the most simple tasks for warming up, and the continuation of the competition will be held as part of the ZN in the hall "Jupiter".

Cash prizes for the first 5 places:


In addition to cash rewards, valuable prizes for individual achievements during the competition will also be raffled between the participants. The awards will be received by the first 10 participants who visited the CTF personally, and scored the most points.

General provisions:

- to participate, you must register;
- tasks will be available under the link ;
- winners are selected by the maximum number of points;
- if points are equal, the winner is the one who scored the maximum number of points first.
View the rules and register here: ctf.bi.zone .

Prohibited:


The organizers reserve the right to disqualify participants for breaking the rules. For participants CTF will be equipped with a separate room where they can:


The countdown to the launch of hardcore tasks has already begun!

Hack hardware - be hardcore!


The Hardware Village team invites you to its booth at the lounge community area, where a series of workshops, seminars and hardware tricks will take place. The material shown does not require specialized education and is aimed primarily at practice, therefore it is suitable for those who wanted to start, but did not know what and how. The main desire! Those wishing hardcore will have the opportunity to assemble a hacker device on the spot! And of course, you will be given the opportunity to test your device in action. Also at the stand HWV will be a special competition on hacking a wireless network. Those who wish to participate should pre-attend to the presence of an SDR receiver.

Automotive village


For the first time, the CarPWN team will present the Automotive Village section at ZeroNights, where you can familiarize yourself with basic automotive technology safety issues. Do not forget that our conference is practical, which means that, apart from theory, there will be practice - at Automotive Village we will present stands with “real electronic interiors” of cars (the authors actually turned out the electronic stuffing of the car and prepared the “compact” stands).

Everyone who is willing to be able to see here how the electronic filling of the car is arranged and what IT technologies are used there, and, of course, try to “dig” in the automotive network on your own.

Due to the fact that the section will work for two days of the conference, you can always find time to visit the Automotive Village booths and discuss various car safety issues, including self-driving car, connected-car, and talk about the difficulties of reverse engineering ECU and safety QNX. There will also be a practical competition on real hardware, with prizes! But that's not all: except for the stands, you will have to wait for a modern car, which can also be “felt with your hands”.

The section will be represented not only by “hardware”, but also by reports from practical workshops: we will talk about car safety, share personal experience in this area, tell you how to assemble stands with the help of friends from the Trust-m laboratory. We will also pay special attention to how the communication inside the car (between the ECU and other components) is arranged, in addition, various “working” research topics will be analyzed in detail - finding the right wires and ECUs, network connectivity without breaking, ways to organize a MitM attack , using the CANToolz framework and much more.

We hope that this section will help to better understand modern automotive technologies and their safety. Come, chat and - since the CarPWN Team is an open community - join!


Competition from Mail.Ru Group at ZeroNights 2016!


image

Mail.Ru Group will offer ZeroNights participants to try their hand at hacking the Internet of things. The task was developed with the direct participation of the DIY-community. You will learn all the details right on the stand (otherwise you will have to prepare in advance, and it will not be interesting). Two winners will take home sets of IoT equipment. Dare! You will also be able to participate in a quiz on Internet security, for the victory in which we will give the hoverboard. Just in case, we remind you that Alexander Leonov, information security analyst at Mail.Ru Group, is giving a talk on Enterprise Vulnerability Management together with Ekaterina Puhareva, leading information security specialist at QIWI, in the Defensive Track section.


HackQuest ZeroNights totals


We have summed up our HackQuest, which ended on November 7th. Competitors were asked to solve tasks related to different areas of practical security (reverse / binary pwn / web hacking / etc) and receive an award. Winners give invites and an eternal place in the Hall Of Fame, as well as nice bonuses (already at the conference).

This year HackQuest was quite unusual. Four of the seven tasks were prepared by the community - R0 Crew (2 tasks), School CTF (SiBears, 1 task) and RuCTFE (1 task). It should be noted that this year HackQuest visited the site from ~ 3000 unique IP-addresses (only for a week of tasks)! Vrytapy already assemble and publish soon.

Results with names (nicknames) of winners:


Thanks to everyone who participated and prepared the tasks! See you at ZeroNights!
More results can be found here: hackquest.zeronights.org/#winners .

Source: https://habr.com/ru/post/314868/

More articles:


All Articles