Our first meeting for the 2012-2013 school year will be on Monday, August 27th. 7:00pm in STEAL 1. We will be going over what we have planned for this semester, including which CTFs we plan on participating in as well as some topics to look forward to. I hope to see everyone there.
From the Blog
Hello Everyone!
Coming up this weekend is the Plaid CTF hosted by Carnegie Mellon University. The competition is 48 hours long, starting at 4:00 on April 27, 2012 and ending at 4:00pm on April 29, 2012. We will be competing from STEAL 1 (PKI 350) the entire time. Please come and provide any help you can! It is a challenge based competition, so there will likely be something for everyone to be able to help with.
-JR
This year, we participated in the IFSF CTF, a 36 hour challenge-based CTF that started at 5am on Saturday February 11th. The team met in STEAL-1 (PKI 350). This was the first event that NULLify competed in this year. As a team, we are still learning and growing and the new members are really starting to see how CTF events work. Overall, we placed 21st of 90 scoring teams and 4th for teams based out of the United States. Group members should expect explanations of solved challenges in the next meeting.
Thank You for all those who participated
-JR
Hack Night will be on Monday nights at 7pm starting Janurary 23, 2012.
Hack Night will be every Tuesday at 7 pm in Steal 1 of PKI next semester.
If this time doesn’t work for you please leave a comment.
If you don’t have an account please comment in the Facebook page. Then ask for an account.
The 2011 ICTF is officially over. The scoreboard can be found here.
NULLify placed 48th out of 87 teams. Although some people may have left the event disappointed it is a great reminder that there is a ton of information out there waiting to be learned. We shall continue to move forward and improve.
I would like to thank UCSB for all the work they spent putting the competition together and managing it. The competition went smooth and the challenges had plenty of variety and depth.
Finally, I would like thank everyone that showed up to help out and support UNO in the competition. The turnout was beyond impressive.
The UCSB ICTF competition takes place in two days on Friday Dec. 2, 2011. The competition starts at 10 am CST and goes until ~7 pm CST. Anyone with an affliation to UNO is welcome to come help out. Diverse skillsets are a necessity
Below I have written up a summary of the official summary located here.
Rounds
Rounds are 2 minutes long.
New flags are put into each service.
Information sent to each team:
Challenges
Solving challenges makes dirty money that gets deposited in the team’s Sw1ss bank account.
Each challenge can only be solved once so there is limited amount of money a team can earn.
Dirty money is turned into points by being laundered.
Money Laundering
- Exploit a vulnerability on one of the other team’s services to get a service flag.
- Submit the service flag to the Laundering Server to attempt to launder money from your Sw1ss bank account. The exploited team will recieve a cut of the money. Laundering has a risk of failing which causes the money to be confiscated. If successful the money will be turned into points based on this formula.
OR
Submit the service flag to the Secret Service Anonymous Tip Hotline to flag the other teams service as compromised for the round.
Winning
The team with the most points wins.
Money leftover in the Sw1ss bank account is discarded. It will not hurt to have extra money in the account based on the updated description.
Definitions
Launderer / Mule: A team whose service you exploit.
Cut: The percentage of money that a launderer takes.
Transaction Risk:
The probability of being caught laundering money.
A number is computed based on the laundering transaction. If that number is lower than the risk then the transaction fails.
The money in a failed transaction is lost. Except the cut that went to the mule.
Transaction risk = risk_function(R, M, N, Q) = To Be Announced
- R = The risk associated with the service.
- M = The amount of money being laundered.
- N = The total amount of money that has been laundered through the particular team you are exploiting.
- Q = The overall amount of money that has been laundered through the particular service you are exploiting (across all teams).
Payoff: Percentage of money that can be turned into points from a service. Given at the beginning of each round.
Point Conversion: Points = Money * Payoff * Defense
Defense: “if you don’t provide
good service to the community, you will incur fees from the money
laundering community for their service. No one likes a leech! The
percentage you will lose is equal to the average number of active and
uncompromised services that you had in the past, which is called your
defense level, D.” This is very ambiguous, is it better to have high defense or low defense?
Over this past fall, Justin and Tory compiled some reverse engineering tools for the Linux environment for the Internation Cyber Defense Workshop that was held the week of November 6th. Tory gave an hour long presentation over the research to ~100 IT professionals over a live internet stream. The presentation was focused on reverse engineering Linux executables. It covers the basics and common tools needed to reverse engineer windows and linux applications. Additionally, they built a hands-on technical lab that could be completed by their viewers using the knowledge contained in the presentation.
