ZeroNights: announcement of workshops and contests

    image

    Handwork - cool workshops and contests at ZeroNights!


    Friends, the ZeroNights conference is a territory for information security practitioners. At the same time, we have zones in which you can not only get acquainted with the latest research results, learn about unusual hacker finds, but also learn something “on the fly”, work not only with your head, but also with your hands. Firstly, traditional hardcore workshops will be held within the framework of ZN. Especially for those who are not afraid to move from words to deeds and try their hand at practice under the guidance of famous specialists with cool topics. Secondly, we invite you to take part in the coolest competitions. For those who are not afraid of anything

    Workshops at ZeroNights


    Maxim Moroz (a member of the Google Chrome security group, founder of the CTF-team BalalaikaCr3w) will present his workshop entitled “Modern fuzzing of C / C ++ projects”. The goal of the workshop is to teach participants the effective fuzzing of C / C ++ projects using modern tools. By participating in the workshop, you will understand the basic principles of fuzzing; write several fuzzers based on the libFuzzer library for different projects; discover Heartbleed and other known bugs yourself; learn to analyze and improve your fuzzers; or maybe even find a couple of 0-day vulnerabilities.

    » 2016.zeronights.ru/program/workshops/#ws1

    Mikhail Yakshin (chief Linux developer of the Swiss company Whitebox Labs), participates in the conference with his workshop “Reverse development of binary files using Kaitai Struct”. The master class will be devoted to clean-room reverse engineering of unknown file formats. For a few examples (going from simple to complex), we will consider the use of Kaitai Struct tools to quickly build and test hypotheses about the file format. We will go from installing software to writing ready-made utilities that work with file formats in C ++, C #, Java, JavaScript, Perl, PHP, Python, Ruby and consider container formats, file systems, firmware formats, bytecode and much more.

    » 2016.zeronights.ru/program/workshops/#ws2

    Boris Savkov (VMK Moscow State University, participant of DC4919, BalalaikaCr3w, Evil Dwarfs) will present a workshop entitled “Search for vulnerabilities of automated process control systems during blackbox analysis in a short time”. As part of the workshop, the process of searching for vulnerabilities in ICS components will be considered when nothing is known about SCADA and / or PLC firmware. Vulnerability search demonstration will take place on the layout of ICS. Participants will be given the opportunity to find vulnerabilities in a specially developed “accessible SCADA” platform, which contains typical workstation vulnerabilities at industrial facilities.

    » 2016.zeronights.ru/program/workshops/#ws3

    Competitions for the skilled on ZN


    Within the framework of the ZeroNights 2016 conference, the QIWI group and the system integrator Informzashita will hold one of the largest CTF competitions in Russia in the Jeopardy format and will play 250 thousand rubles. Assignments prepared by a professional team of CTF experts SRTeam.
    Registration is available at the link - qiwictf.ru .

    Competitions will begin at 10:00 Moscow time on November 17.
    The prize fund for 1-3 places will be ₽150 thousand, ₽75 thousand and ₽25 thousand

    To win the tournament you need to score the maximum number of points by completing tasks in the Reverse / PWN / Web / Crypto / Misc categories. Allowed to solve tasks in an arbitrary order, the cost of the solution depends on the complexity of the task. Priority - by runtime. Remote access to the game network is possible, however, some tasks are implemented offline and will require the presence of participants in the QIWI zone at the ZeroNights site.

    During the competition it is allowed:

    • solve tasks provided by the organizers;
    • use tools that do not violate the laws of the Russian Federation to search for vulnerabilities on game servers;

    During the competition it is forbidden:

    • attack computers of other competitors;
    • attack the infrastructure of the organizers;
    • make DDOS attacks on the gaming infrastructure;
    • conduct attacks on game servers and the jury system;
    • interfere in all possible ways with obtaining the flag by other teams;

    Also at the CTF on the site ZeroNights invites BI.ZONE. Competitions are designed for individual participation and will be held in the Jeopardy format. The guys will start at 00:01 11/17/2016 with the simplest tasks for warming up, and the continuation of the competition will be held as part of the ZN in the Jupiter Hall. 

    Cash prizes for the first 5 places:

    • 1st place - 150,000 rubles
    • 2nd place - 75 000 rubles
    • 3rd place - 25,000 rubles
    • 4th place - 15,000 rubles
    • 5th place - 10,000 rubles

    In addition to monetary rewards, valuable prizes for individual achievements during the competition will also be raffled between the participants. The rewards will be given to the first 10 participants who visited CTF in person and scored the most points.

    General provisions:

    - to participate, you must register;
    - tasks will be available here ;
    - winners are selected by the maximum number of points scored;
    - if the points are equal, the winner is the one who scored the maximum number of points first.
    View the rules and register here: ctf.bi.zone .

    Prohibited:

    • attack the infrastructure of the organizers;
    • generate a large amount of traffic (DDoS);
    • conduct attacks on computers of the jury and other participants;
    • exchange flags with other participants.

    The organizers reserve the right to disqualify participants for violating the rules. A separate room will be equipped for CTF participants, where they can:

    • Get wired internet access
    • conveniently located;
    • immerse yourself in the atmosphere of Space Quest.

    The countdown to the launch of hardcore tasks has already begun!

    Hack hardware - be hardcore!


    The Hardware Village team invites you to their booth to the Lounge Community area, where a series of workshops, seminars and hardcore tricks will take place. The material shown does not require specialized education and is aimed primarily at practice, therefore it is suitable for those who wanted to start, but did not know where and how. The main desire! Those who want hardcore will have the opportunity to assemble a hacker device right on the spot! And of course, you will be given the opportunity to test your device in practice. Also at the HWV stand will be a special competition for hacking a wireless network. Those wishing to participate should be preoccupied with the presence of an SDR receiver.

    Automotive Village


    At ZeroNights, the CarPWN team will be the first to present the Automotive Village section, where you can familiarize yourself with basic automotive technology safety issues. We don’t forget that our conference is practical, and therefore, in addition to theory, there will be practice - at Automotive Village we will present stands with “real electronic interiors” of cars (the authors actually turned out the electronic stuffing of the car and prepared “compact” stands).

    Everyone here will be able to see how the electronic filling of the car is arranged and what IT technologies are used there, and, of course, try to “dig into” the car network on their own.

    Due to the fact that the section will work for two days of the conference, you can always find time to visit Automotive Village stands and discuss various car safety issues there, including self-driving car, connected-car, as well as talk about reverse engineering ECU difficulties and safety QNX. There will also be a practical competition on real hardware, with prizes! But this is not all: besides the stands, a modern car will be waiting for you, which can also be "felt with your hands."

    The section will be represented not only by hardware, but also by reports with practical workshops: we will talk about car safety, share personal experience in this area, and tell how we assembled stands with the help of friends from the Trust-m laboratory. We will also pay special attention to how the communication inside the car is arranged (between the ECU and other components), in addition, various “working” research topics will be analyzed in detail - finding the necessary wires and ECUs, connecting to the network without a break, ways to organize a MitM attack , using the CANToolz framework and more.

    We hope that this section will help to better understand modern automotive technology and its safety. Come, chat and - as the CarPWN Team is an open community - join in!



    Contest from Mail.Ru Group at ZeroNights 2016!


    image

    Mail.Ru Group will invite members of ZeroNights to try their hand at hacking the Internet of things. The task was developed with the direct participation of the DIY community. You will learn all the details right at the stand (or else prepare in advance, and it will not be interesting). Two winners will take home sets of IoT equipment. Go for it! You can also participate in a quiz on Internet security, for the victory in which we will give gyro scooters. Just in case, we remind that Mail.Ru Group information security analyst Alexander Leonov makes a presentation on Enterprise Vulnerability Management together with the leading specialist of the QIWI information security department Ekaterina Pukhareva in the Defensive Track section.



    HackQuest ZeroNights Summary


    We have summed up our HackQuest, which ended on November 7th. Competitors were asked to solve tasks related to different areas of practical security (reverse / binary pwn / web hacking / etc) and receive a reward. We give winners invites and an eternal place in Hall Of Fame, as well as pleasant bonuses (already at the conference).

    HackQuest was pretty unusual this year. Four assignments out of seven were prepared by communities - R0 Crew (2 assignments), School CTF (SiBears, 1 assignment) and RuCTFE (1 assignment). It is worth noting that this year the HackQuest website was visited from ~ 3000 unique IP addresses (only for a week of tasks)! We are already collecting Vratapa and will soon publish it.

    Results with names (nicknames) of winners:

    • 1 day “ZeroCrypt” (assignment from R0 Crew) - sysenter
    • Day 2 “Golden Rabbit” (assignment from School CTF) - smalukav
    • 3 day “ETHERIUM BOT” (task from RuCTFE) - ilyaluk
    • Day 4 “BAD ASSISTANT” - beched
    • Day 5 “StrongBox” (assignment from R0 Crew) - Stanislav Povolotsky
    • Day 6 “Packer” - erbolsyn
    • 7 day “I wanna be better!” - black2fan

    Thanks to everyone who participated and prepared the assignments! See you at ZeroNights!
    More results can be seen here: hackquest.zeronights.org/#winners .

    Also popular now: