CORE Security created a really fun 3-level simulated hardware reverse engineering challenge via the Ruckingenur Editor. Immunity had their NOP certification test. TOOOL had a lock picking competition. There was a fun CTF where teams had to hack into faux bank websites and steal money from each others accounts. Finally, my team had the DRINC challenge (see the previous blog announcement) where we intentionally exposed 17 bugs across various components for contestants to discover in exchange for drink tickets and a grand prize.
We had over 40 entrants participate in our challenge and over the course of the 2-days we ran the contest a handful of them discovered almost all of the exposed issues. At the end of the competition we were pleased to announce Gera from CORE Security as the grand prize winner and recipient of a our TippingPoint "Kick-Ass" trophy, a Zero Day Initiative laptop messenger bag and a bottle of Dom Perignon champagne. Here he is accepting his reward with the TippingPoint team:
[full size]
The following is a list of the various DRINC components and the discoverers of each of the exposed bugs.
AwesomeX.ocx
DRINCryptionSuite.zip
- Gera CORE Security
- Gera CORE Security
- Esteban-Hernan, Costantino Leandro
- Costantino Leandro, Esteban-Hernan
- Charlie Miller, Victor from Hauttech Group
- Charlie Miller, Victor from Hauttech Group
- Esteban-Facundo, Agustin, Costantino Leandro, Gera CORE Security, Jean Sigwald
- Gera CORE Security
- Gera CORE Security
- No entries
- No entries
- Sergio Alvarez Recurity Labs
- Sergio Alvarez Recurity Labs
- Costantino Leandro, Jean Sigwald
- Gera CORE Security
- Gera CORE Security, Esteban (this bug was not part of the contest!)
The TippingPoint DRINC contest is now available for download as both a Windows MSI installer, which will properly install the various components, and a standalone archive. We are going to hold off on posting the solutions for now. However, if you want to see them simply drop one of us an e-mail and we'll shoot it over to you. If you e-mail us a find before we post the solutions we will add your name to the above list of discoverers. Here are some hints we shared with contestants that should help you get started:
- Don't bother fuzzing the AwesomeX ActiveX control, there is a mechanism to prevent it.
- On the LogAnalyzer the values 0x3 and 0x10 should save you some time.
- Be sure to look at the sample AVI provided when you are working on the video codec.
- Here is an IDAPython script for Web30Server that will add symbols to your IDB.
The DRINC contest grand prize:
[full size]
Zoom up on the "Kick-Ass" trophy
[full size]
The audience during my talk
[full size]
2nd place DRINC team (Facundo, Emiliano, Hernan, Esteban)
[full size]
Cody and Cameron working with Charlie Miller on the DRINC contest
[full size]
Gera and I catching up before my talk
[full size]
The WOPR (yes from War Games) from the speaker stage
[full size]
There was a professional photographer at the event as well, we look forward to seeing those pictures when they are released. All in all everyone from my team had a great time at Ekoparty and we look forward to attending again next year.
-pedram
![[full size]](/pub/pamini/ekoparty2009/the%20award%20ceremony.jpg){kind=link}
![[full size]](/pub/pamini/ekoparty2009/the%20prize.jpg){kind=link}
![[full size]](/pub/pamini/ekoparty2009/the%20trophy.jpg){kind=link}
![[full size]](/pub/pamini/ekoparty2009/the%20audience.jpg){kind=link}
![[full size]](/pub/pamini/ekoparty2009/the%20esteban%20team.jpg){kind=link}
![[full size]](/pub/pamini/ekoparty2009/the%20charlie.jpg){kind=link}
![[full size]](/pub/pamini/ekoparty2009/the%20gera.jpg){kind=link}
![[full size]](/pub/pamini/ekoparty2009/the%20wopr%20standalone.jpg){kind=link}