Monday, March 26, 2012

Mid Atlantic CCDC 2012

Two weeks ago I had the honor to play on red cell for MA CCDC 2012. It was a pleasure to see some old friends, and make some new ones. It rally was an honor to be among such a bunch of smart, driven, and talented individuals.

I didn't really participate in the initial festivities over the VPN this year. I did start to pre-plan a few days prior to going down to Maryland.

My focus was web applications. I also got involved with physical security/locks. Just to keep things interesting did some scanning/exploitatation, rootkit deployment etc. I had a lot of fun with the new windows DOS exploit. It worked practically like a hardware switch.

There were openmedkits involved filled with drugs (candy). Really wish I had an opportunity to get involved with the arduino hacking and scanner hacking a bit more. Warezjoe did an awesome job analyzing the code, finding vulnerabilities and finding the barcodes to put the scanner into programming mode, reprogramming and taking it out of programming mode.


Next year I plan to do more recon during the pre-qualifiers so I am doing more exploitation and less recon during the 2 days on site.

Also have to thank Booz Allen Hamilton (http://www.boozallen.com/) for having not 1 but 2 crates of redbull onsite for participants :) .


Well Secured Drug Locker
Yes, he knows whats coming.


(Stolen from http://www.jhuapl.edu/proofs/2012ccdc/)

(Stolen from http://www.jhuapl.edu/proofs/2012ccdc/)

(Stolen from http://www.jhuapl.edu/proofs/2012ccdc/)


(Stolen from http://www.jhuapl.edu/proofs/2012ccdc/)


The blue teams seems to have had some fun with mass arrests. Yes I was arrested on the 2nd day. There is an even funnier story as to how I almost got arrested for real (damn you John Hopkins, can you get some faking bacons that have a few neurons to rub together?). I hope the blue cell enjoyed our search warrants, mass thefts, removed hasps on locks and the addition of S&G high security locks to your cage. The BIOS passwords were a good touch but I'll probably refrain from making a knot out of power cables next year.

More Pictures taken by me: https://picasaweb.google.com/117579214675083620364/MACCDC12

Writeups by others
http://www.digitaloffensive.com/2012/03/maccdc12-barcode-scanner-hack/

Owned firewalls video https://www.youtube.com/watch?v=orMLszhM6VY&context=C4b3e31dADvjVQa1PpcFM8mQl4a7TWkEDXWVZryR9NN2UZbs1o6cw=
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)