Hacking-Lab @ CodeMash 2017

What is CodeMash?

CodeMash is a conference for software developers and IT security professionals. It takes place every year in Sandusky, Ohio, in the U.S.

The event consists of two parts: two days of training sessions (called “PreCompiler”), followed by two days of conference with sessions. It attracts about 3’000 visitors and takes place in the Kalahari resort, which hosts, besides a huge conference center, the largest indoor water park in the U.S.

What the heck did Hacking-Lab do there?

Hacking-Lab was asked to run a Capture-The-Flag tournament at the conference. Ivano and myself took this chance and decided to visit the conference as a sponsor.

Booth

We had a sponsor booth during the conference part. Many people showed up, and we had a lot of interesting discussions! We also gave a lot of “swag” (stickers, USB chargers, etc.).

Capture-The-Flag Tournament

As mentioned above, we were running the official Capture-The-Flag (CTF) tournament of the conference. Even though it was running in parallel with all the interesting sessions at the conference, 100 participants signed up and did a great job! There was quite a neck-and-neck race between the top three, jslagle, CodingWithSpike and fire.eagle!

Win-a-shirt Challenge

Besides the CTF, we also ran a “Win-a-shirt” challenge. It was necessary to solve a small puzzle (simple cipher written in JavaScript), in order to grab a Hacking-Lab t-shirt at our booth. 110 conference visitors did so, and are happy owners of a cool t-shirt now!

    

Training Session

In the “PreCompiler” part, we had a successful, four-hour training sessions. 80 showed up and took the chance to learn about Hacking-Lab. We assisted them in getting ready for the CTF, and they could solve some “Step-By-Step” challenges in Hacking-Lab.

Talk and Sessions

I gave a sponsor talk with the title “Capture-The-Flag Done Right: Attack/Defense System”. I explained our attack/defense system (which we used at the European Cyber Security Challenge), and made some live-demos. Besides that, we also had an “after dark” session, and a couple of “open space” sessions, where we supported CTF players.

       

Conclusion

The CodeMash conference is simply amazing! We were really impressed. Great atmosphere, friendly people, and well organized. The location is great, too. Hacking-Lab will be definitely back next year! There are already plans to run a second competition next year, in addition to the CTF. It should be more like a scavenger hunt, with puzzles and riddles. Perhaps, pretty much like our Hacky Easter events.

Come’n’Hack Day 2015

Being a security analyst at Compass Security is an interesting thing, no doubt. Besides interesting projects, there is plenty of know-how transfer and interactions between the employees. For example, each year, all security analysts come together for an event called Come’n’Hack Day. During this year’s event, they had the pleasure to perform an attack/defense hacking contest against each other.

IMG_1447

Hacking-Lab‘s new Capture The Flag (CTF) system was used for this purpose. It was only the second time this system was used for an event, after the premiere at the European Cyber Security Challenge final last October in Lucerne.

IMG_6058

The participants were spread on three teams: Proxy Foxes, Lucky Bucks and Chunky Monkeys. Each team owned servers with running applications, and had different tasks to perform in order to get points:

  • ATTACK – Attack the other team’s applications, and steal a gold nugget.
  • DEFENSE – Protect its own applications.
  • CODE-PATCHING – Find and patch vulnerabilities in its own applications.
  • AVAILABILITY – Keep the own applications up and running.
  • JEOPARDY – Solve hacking challenges (cryptography, networking, etc.).
  • POWNED – Try to exploit the other teams’ servers.

After a hard fight, the Chunky Monkeys grabbed the first place, closely followed by the Lucky Bucks:

scoring

Almost one hundred gold nuggets were stolen during the day:gold_nuggets

All attendees enjoyed the highly eventful day. With six different ways to score points, each participant could contribute to its team’s success. This makes such a CTF occasion not only a great social event idea for security analysts but potentially for any organization having technical skilled employees (IT security officers, sysadmins and/or developers)!