Monday, April 04, 2011

I had the chance to participate at the HackUS 2011. This was my first time at the HackUS and let me tell you it worth it a lot! There was a lot of challenges (too much for my level of experience). See here for detail of the event. One thing I learn is that preparation make all the difference. Before attending the competition I make sure that the following was in a working condition
  • My MacBookPro
  • Windows VM with ollyGDB and IDA Pro
  • Backtrack VM
  • Webscarab OS X Installation
  • Spare laptop with VMware player
  • Cisco 2950 Switch
  • Alfa Network b/g USB Adapter
  • (Power bar network cable etc..)
I take I bit of time to learn new tools before going to the competition.
  • Start Reading Hacking : The Art of Exploitation 2nd Edition 
  • Webscarab youtube video
  • Playing a bit with GDB
  • Load a Small binary in IDA Pro to see what it look like
With those tools and that new knowledge, I drove my car for 2 hours in light snow to the HackUS event. My goal was to learn have fun and capture some flags ;-)

I had no team so I was match with other people. Our team was called « The Others ». I met nice and skilled people.  I was the only one with little experience in the team (2 other competition).

The challenge I enjoy the most was the forensics, Hack the Human and the BGP Network Challenge. I also like the Firewall challenge but it was release at the end of the competition so I did not had a lot of time to play with it.

What I learn:
  • Invest time in protecting your environment.
  • Make sure that all your team member know what they have to do went time is very short on a challenge
  • Follow the IRC channel for hints and challenge update (Use SSL)
  • Have a share for the team so all info can be centralized and shared quickly
  • If you are sure you have the good answer for your challenge and the solution is not working, try with other tool. There was a bug in Webscarab. (Lost 30 minutes)
  • Bring a manageable switch that can do « span port » ;-)
  • Don’t be afraid to ask question to challenge designers.
  • When doing social engineering don’t spend too much time looking at the same place. Look around as much as you can. Don’t take thing for granted ie: check if doors are locks, verify trash carefully; ask other if they got technology in their pockets etc…
  • At least 4 hours of sleep per day. 
  • Beer in reasonable quantities (A team of three take 21 in 30 minutes or so)

What I plan to do in preparation for the next competition (Hackfest 2011)
  1. Read at least half of The Art of Exploitation 2nd Edition (40 hours)
  2. Spend at least 20 hour playing with scapy (Spoof source IP and more)
  3. Learn enough snort-fu to be able to send rst packet when some signature are hit (Drop stuff that can hurt your environment) (5 hours)
  4. Build a system that can crack password (laptop or desktop) 10 hours + $$$
  5. Dedicate 2 hours a month for hacking (Work on Hackfest 2010 challenge/solution)
  6. Learn as much as I can
Extra hardware to bring
  • Third PC to capture network traffic and pasword cracking tools
  • Big external drive for network capture and data sharing (500 gig+)
  • Bring an external monitor for the IRC feed.
  • Good Wireless antenna
  • Good books that can help during the competition

The next planned competition is Hackfest 2011 in the beginning of November. I would like to take the opportunity to thanks my girlfriend and my kids to let me attend this competition.

Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)