TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... At the 2007 Black Hat Briefings in Las Vegas, TippingPoint DVLabs had five speakers presenting on a variety of topics.

Ekoparty 2009

TippingPoint DVLabs is proud to be the diamond sponsor of the 5th edition of the Ekoparty security conference being held in Buenos Aires next week. We'll be giving away t-shirts, delivering a talk and hosting a fun contest. My entire group (Aaron, Ali, Cameron, Cody and Kate) is excited to be in attendance and looking forward to catching some great talks and re-uniting with our South American friends.

I will be delivering a talk titled "Mostrame la guita! Adventures in buying vulnerabilities" which will provide some transparency into the world of vulnerability purchasing programs. What price ranges are offered on the white, grey and black markets? How do various software vendors compare to one another on response? The talk will share insights, statistics and amusing anecdotes drawn from my experiences, research and history of the TippingPoint Zero Day Initiative vulnerability buying program.

We will also be hosting a fun software auditing contest and offering (alcoholic) drink tickets as prizes. The intentionally vulnerable software will be made available on the first day of the conference and rewards for discoveries can be used on either day. Entries will be accepted through our Zero Day Initiative web portal to give contestants a feel for the ZDI vulnerability life cycle. You compete only with yourself, so no worries on overlapping discoveries. At the end of the second day whoever has found the most bugs in the shortest amount of time will receive a blog shout out, small trophy and a bottle of champagne.

Read on for our humorous contest flier and see you next week.

-pedram

:::::::-.  :::      .::.:::      :::.     :::::::.   .::::::. 
 ;;,   `';,';;,   ,;;;' ;;;      ;;`;;     ;;;'';;' ;;;`    ` 
 `[[     [[ \[[  .[[/   [[[     ,[[ '[[,   [[[__[[\.'[==/[[[[,
  $$,    $$  Y$c.$$"    $$'    c$$$cc$$$c  $$""""Y$$  '''    $
  888_,o8P'   Y88P     o88oo,.__888   888,_88o,,od8P 88b    dP
  MMMMP"`      MP      """"YUMMMYMM   ""` ""YUMMMP"   "YMmMY" 

::::::::::::::::PRESENTS::::::::::::::::::::::::::::::::::::::
TippingPoint's DVLabs is proud to announce the DVLabs Really Improved Network Collection (DRINC). Utilizing our 104.37 combined years of development experience we are confident we have developed a turn-key solution capable of solving every problem faced by a computer user ever. DRINC will also solve every latency issue you may ever experience, increase your telecommuting synergies and redefine the throughput of your business to business paradigms simply by installing these applications.

DRINC includes:
  • A webserver: Streamlined code to guarantee your pages, blogs and torrent distribution websites stream information faster that you can see. (not valid where prohibited by law)
  • The DVLabs Ultimate Security Log Analyzer: If you have analyzed security logs in the past, it may have been a tedious experience. With the DUSLA, you don't just generate reports, you generate ULTIMATE reports.
  • Our new DVLabs Enhanced Video codec: Guaranteed to make your videos brighter and more alive. This includes our recent addition of 4D technology to make you feel as if you are actually there. Or were there. Or will be there. It takes your videos through time.
  • Browser based enhancements using the latest in ActiveX technologies to interact with your social networking experiences. MySpace, faster. Facebook, faster. Orkut, faster. Even Twitter will be so fast it will seem like only 14 characters.
  • Remote Procedure interfaces to ApplicationX: This app is so top secret that the engineers are not even allowed outside or to speak to their loved ones until launch.
Also bolstered by our expertise, we are confident that this suite lives up to our new TotallyUnhackableByAnyone(tm) guarantee. If you can find a security issue in any of the applications, you can have a DRINC on us! But you can't. Because it's TotallyUnhackableByAnyone(tm)!
                88888888888 888            8888888b.  8888888b.  
                    888     888            888  "Y88b 888   Y88b 
                    888     888            888    888 888    888 
================    888     888       888  888    888 888   d88P ================    
================    888     888       888  888    888 8888888P"  ================    
================    888     888            888    888 888 T88b   ================    
                    888     888       d8b  888  .d88P 888  T88b  
                    888     88888888  88P  8888888P"  888   T88b 
                                      8P                        
                                      "
TL;DR: Come join us at the TippingPoint booth at Ekoparty. If you can find a security hole in our setup, we will buy you a drink. Find as many as you want and we'll keep buying. The vulnerable software will be made available on the first day of the conference and rewards for discoveries can be used on either day. Entries will be accepted through our Zero Day Initiative web portal to give contestants a feel for the ZDI vulnerability life cycle. You compete only with yourself, so no worries on overlapping discoveries. At the end of the second day whoever found the most bugs in the shortest amount of time will receive a blog shout out, small trophy and a bottle of champagne.
Tags:
Published On: 2009-09-08 17:42:43

Comments post a comment

  1. Pedram Amini commented on 2009-09-08 @ 17:50

    Almost forgot to mention, there will be at least 15 bugs present in the contest. So plenty of opportunities to over indulge yourself on our dime ;-)

  2. Anonymous commented on 2009-09-09 @ 03:44

    hi, will you provide a copy for us non-ekoparty going people to have fun with? I know I won't get the drinks, but it might be fun anyway.

  3. Pedram Amini commented on 2009-09-09 @ 14:57

    @Anonymous: Good question. I think we will probably post it on this site when we start the contest or perhaps after the conference is finished. We intend on hosting this contest again but it will be easy enough for us to shuffle the bugs around.

  4. Gabriel commented on 2009-09-17 @ 22:18

    Pedram, it was an excellent presentation today at EkoPart. ¿Could you please post the contents, or at least let me have it in my email? Thanx a lot and keep going, what you´re doing is awesome!

  5. Esteban G. commented on 2009-09-19 @ 19:09

    The DRINC contest was great! Unfortunately it seemed that not many people participated...
    Together with some friends we found only 3 vuln, but we are going to keep playing with this at home.
    Looking forward to see some solutions later. Is there any way we can keep submitting bugs to you? (I'm not expecting you to keep buying us drinks hehe).
    Hope you enjoyed your stay in Argentina and please come back next year!

  6. Pedram Amini commented on 2009-09-19 @ 20:32

    @Gabriel: I will be posting the slides and a follow-up on the talk, the contest and the conference as a whole probably by tomorrow on this blog.

    @Esteban: The interest was actually quite high, we had over 40 people enter! We will post the winners, solutions and the binaries within the week on this blog.

    Thank you both for the kind words. We definitely intend on being regulars at Ekoparty.

  7. Facuman commented on 2009-09-19 @ 20:40

    I'm still fighting with the codec XD I'll get there eventually. Hope to see you guys again next year.

  8. Perk commented on 2009-09-20 @ 10:34

    Excelent contest. Can you post the final standing positions? i missed that, i had to leave before :(

  9. Pedram Amini commented on 2009-09-21 @ 16:29

    Contest standings, conference pictures and the DRINC contest download is all available now at:

    http://dvlabs.tippingpoint.com/blog/2009/09/21/ekoparty-wrap-up


Trackback