ZeroNights 2014: hack and get


    ZeroNights is perhaps the only security conference in Russia with which any visitor can return not only with a wealth of useful knowledge that is applicable in practice, but also with a solid cash prize;) This year, the gambling component of the event goes through the roof. The conference program can be found here:

    For details of our activities, see below.

    QIWI convenes a tournament

    This year at the ZeroNights conference, the QIWI Group's special competition section kicks off, which will host a CTF competition in the Jeopardy format.

    Especially for the tournament, the winner of international competitions, the More Smoked Leet Chicken team, prepared a number of tasks in the categories Reverse / PWN / Web / Crypto / Misc. The tasks can be solved in any order, the cost of the solution depends on the complexity of the task.

    We invite everyone to take part in the tournament at noon on November 13th. The winners of the competition will be the participants who scored the most points according to the results of completing tasks (with the same number of points, the result recorded earlier is considered priority). The prize fund for 1-3 places will be 60, 30 and 15 thousand rubles.
    Hack it if you can

    In addition, anyone can participate in the search for vulnerabilities on QIWI payment terminals. Two fully operational terminals will be available throughout the conference.

    • carry out destructive actions with the terminal, which can lead to physical damage
    • conduct attacks on bill acceptors (fake bills, "fishing")

    • use master keys for physical access to terminal equipment
    • connect additional equipment to the terminal

    Of interest are vulnerabilities that lead to access to the Windows shell and fake payments using data received from the terminal. Depending on the criticality of the detected software errors, the reward can be up to 150 thousand rubles and will be paid as part of the current bug bounty program.

    Competition from Protectimus

    Competitions will be held during the event, anyone can participate in them, except for the jury. The goal, tasks, search area, time frame and other details of the competition will be announced on the opening day of ZeroNights 2014.

    Prize fund:
    • 1st place - $ 8000 + $ 1000 for balance in Protectimus
    • 2nd place - $ 5000 + $ 500 for balance in Protectimus
    • 3rd place - $ 2000 + $ 350 for balance in Protectimus

    For those who like harder

    Lovers of glands and hacking devices will not be left unattended again: this year ZeroNights will again have an open platform Hardware Village. As part of the HWV, anyone can touch, poyuzat, test any favorite piece of iron and get advice on the nuances of using this or that equipment. There will be workshops on the security of embedded systems and wireless networks.

    For DIY lovers, we will review modern solutions for creating their devices based on the following platforms:
    • Teensy 2.0, 3.1
    • Dragino v2
    • mbed LPC1786
    • Spark code
    • Arduino different versions
    • Radxa Rock Pro
    • Raspberry Pi (B +)

    Hams, SDR users, and wireless hackers will be able to practice using these devices:
    • Hackrf
    • Bladeade rf
    • Ubertooth
    • Proxmark3

    For reversers of embedded platforms and just interested, we will conduct a demonstration and teach you how to work with the following hacker devices:
    • Facedancer
    • Die datenkrake
    • Bus Pirate, Bus Blaster
    • Jtagulator
    • Papillio Pro FGPA
    • USB IR Toy
    • Open workbench logic sniffer

    In mini format

    If you can not only break down systems and devices in two or three steps, but you are also ready to collect an interesting device and tell the hacker community about it, do not pass Hardware Village! This year, enthusiasts of this section have planned three competitions for fans of hacker devices:

    1) Hacking embedded systems.

    This competition will continue throughout the conference. The first one to crack the hacker device made by the organizers will receive it as a gift. There will be several unique devices.

    2) Stand up and Hack, mini-report contest

    Thanks to this contest, any budding reseller will be able to speak in public without any formalities. On a special board during the whole time of the conference everyone can leave a request - the topic of the report. After the appearance of every third topic, a break will be announced in the work of HW Village, during which mini-reports will sound. We promise to award the best performances.

    3) HackDev - development and presentation of their hacker device

    This competition gives an opportunity for people spending nights soldering / assembling their hacker devices to reveal their invention to the world and make its presentation. Authors of the best devices will receive valuable prizes.

    Python Arsenal Contest

    This is a competition of tools for solving complex problems in the Reverse Engineering process. We believe that it will benefit the entire community of security professionals, as plugins will be available to everyone and there will be an exchange of experience. To take part in it, it is not necessary to participate in the conference - you can do it remotely.

    • The project / script / plugin / extension should use the library from .
    • A new tool (not previously published) or a major update to an already known project / library / plugin with new interesting features.
    • Requires a description, requirements, installation manual.
    • Email your development to .
    • Results will be announced at the ZeroNights conference (November 14, 2014).

    Prizes: a unique hacker T-shirt and souvenir (personal steel badge), placement in the hall of fame, stickers. Prizes will be awarded in various categories.

    • The best tool / plugin / library for exploiting bugs
    • The best tool / plugin / library for incident investigation
    • The best tool / plugin / library for reversing
    • The best tool / plugin / fuzzing library
    • The best tool / plugin / library for malware analysis

    • Aaron Tailor (Exodus Intelligence)
    • Alexander Matrosov (Intel)
    • Dmitry 'D1g1' Evdokimov (Digital Security)
    • Halvar Flake (Google Inc.)
    • Justin Hare (Immunity Inc.)

    In general, there are so many competitions this year that we even made a special section on the site, where we talk about each of them in the most detail:

    See you at the conference!

    Also popular now: