ZeroNights 2014: hack and get
ZeroNights is perhaps the only security conference in Russia with which any visitor can return not only with a wealth of useful knowledge that is applicable in practice, but also with a solid cash prize;) This year, the gambling component of the event goes through the roof. The conference program can be found here: 2014.zeronights.ru/assets/files/schedule_rus_fin.pdf
For details of our activities, see below.
QIWI convenes a tournament
This year at the ZeroNights conference, the QIWI Group's special competition section kicks off, which will host a CTF competition in the Jeopardy format.
Especially for the tournament, the winner of international competitions, the More Smoked Leet Chicken team, prepared a number of tasks in the categories Reverse / PWN / Web / Crypto / Misc. The tasks can be solved in any order, the cost of the solution depends on the complexity of the task.
We invite everyone to take part in the tournament at noon on November 13th. The winners of the competition will be the participants who scored the most points according to the results of completing tasks (with the same number of points, the result recorded earlier is considered priority). The prize fund for 1-3 places will be 60, 30 and 15 thousand rubles.
Hack it if you can
In addition, anyone can participate in the search for vulnerabilities on QIWI payment terminals. Two fully operational terminals will be available throughout the conference.
- carry out destructive actions with the terminal, which can lead to physical damage
- conduct attacks on bill acceptors (fake bills, "fishing")
- use master keys for physical access to terminal equipment
- connect additional equipment to the terminal
Of interest are vulnerabilities that lead to access to the Windows shell and fake payments using data received from the terminal. Depending on the criticality of the detected software errors, the reward can be up to 150 thousand rubles and will be paid as part of the current bug bounty program.
Competition from Protectimus
Competitions will be held during the event, anyone can participate in them, except for the jury. The goal, tasks, search area, time frame and other details of the competition will be announced on the opening day of ZeroNights 2014.
- 1st place - $ 8000 + $ 1000 for balance in Protectimus
- 2nd place - $ 5000 + $ 500 for balance in Protectimus
- 3rd place - $ 2000 + $ 350 for balance in Protectimus
For those who like harder
Lovers of glands and hacking devices will not be left unattended again: this year ZeroNights will again have an open platform Hardware Village. As part of the HWV, anyone can touch, poyuzat, test any favorite piece of iron and get advice on the nuances of using this or that equipment. There will be workshops on the security of embedded systems and wireless networks.
For DIY lovers, we will review modern solutions for creating their devices based on the following platforms:
- Teensy 2.0, 3.1
- Dragino v2
- mbed LPC1786
- Spark code
- Arduino different versions
- Radxa Rock Pro
- Raspberry Pi (B +)
Hams, SDR users, and wireless hackers will be able to practice using these devices:
- Bladeade rf
For reversers of embedded platforms and just interested, we will conduct a demonstration and teach you how to work with the following hacker devices:
- Die datenkrake
- Bus Pirate, Bus Blaster
- Papillio Pro FGPA
- USB IR Toy
- Open workbench logic sniffer
In mini format
If you can not only break down systems and devices in two or three steps, but you are also ready to collect an interesting device and tell the hacker community about it, do not pass Hardware Village! This year, enthusiasts of this section have planned three competitions for fans of hacker devices:
1) Hacking embedded systems.
This competition will continue throughout the conference. The first one to crack the hacker device made by the organizers will receive it as a gift. There will be several unique devices.
2) Stand up and Hack, mini-report contest
Thanks to this contest, any budding reseller will be able to speak in public without any formalities. On a special board during the whole time of the conference everyone can leave a request - the topic of the report. After the appearance of every third topic, a break will be announced in the work of HW Village, during which mini-reports will sound. We promise to award the best performances.
3) HackDev - development and presentation of their hacker device
This competition gives an opportunity for people spending nights soldering / assembling their hacker devices to reveal their invention to the world and make its presentation. Authors of the best devices will receive valuable prizes.
Python Arsenal Contest
This is a competition of tools for solving complex problems in the Reverse Engineering process. We believe that it will benefit the entire community of security professionals, as plugins will be available to everyone and there will be an exchange of experience. To take part in it, it is not necessary to participate in the conference - you can do it remotely.
- The project / script / plugin / extension should use the library from pythonarsenal.erpscan.com .
- A new tool (not previously published) or a major update to an already known project / library / plugin with new interesting features.
- Requires a description, requirements, installation manual.
- Email your development to email@example.com .
- Results will be announced at the ZeroNights conference (November 14, 2014).
Prizes: a unique hacker T-shirt and souvenir (personal steel badge), placement in the hall of fame, stickers. Prizes will be awarded in various categories.
- The best tool / plugin / library for exploiting bugs
- The best tool / plugin / library for incident investigation
- The best tool / plugin / library for reversing
- The best tool / plugin / fuzzing library
- The best tool / plugin / library for malware analysis
- Aaron Tailor (Exodus Intelligence)
- Alexander Matrosov (Intel)
- Dmitry 'D1g1' Evdokimov (Digital Security)
- Halvar Flake (Google Inc.)
- Justin Hare (Immunity Inc.)
In general, there are so many competitions this year that we even made a special section on the site, where we talk about each of them in the most detail: 2014.zeronights.ru
See you at the conference!