Bloggorama for breaking things
to a (RSS) feed of this weblog.
Dude, lastplace got sk3wl3d this weekend at defcon. For those newcomers who are lost, I'm referring to defcon capture the flag contest held each year in vegas. ctf has a history of drawing the best of the best from all corners of the world, and this year was even moreso. wowhackers and taekwon-v from Korea came on strong, overcoming the language barrier and doing very well indeed. Up until the last five minutes of the game, taekwon-v had lastplace relegated to fourth place! Thankfully, the lastplace superpowers blasted one last break-through just in the nick of time to finish a solid third-place (indeed, kenshoto even changed our name on the score-board to 3@stplace ;)
Sexy Pandas were sexier than ever this year, taking command of the game very early on. Unfortunately, as they did last year, the pPandas seemed to lose their Gambas around the middle of Saturday. I don't know what's up with them, but I'm guessing they need to learn to cope with more sleep-deprivation :) They were amazing while they lasted though (remember, they drew first-blood last year).
Shellphish was back again after "taking a year sebatical", having not qualified last year. While it was good to see Giovanni Vigna and his team again, I was surprised that they didn't do as well as expected. As I can say the same about our team this year, I totally understand.
IGuardMiLan (sorry, I don't remember their real name), an Italian team from Milan, seemed to be doing very poorly (and unfortuantely I didn't get a chance to get to know them much)... but on Saturday night kenshoto gave out a challenge and ominously indicated it was worth "a couple hundred points" and both Shellphish and these guys nailed it! I'm not sure what it is about these Italians ;) but the challenge turned out to be worth 300 points, which they both got! Rock on! Unfortunately for the Pandas, this placed both of these teams above them. The challenge was this: kenshoto provided a text file with all of shakespeare's works. our job was to find the longest run of bytes which convert to x86 opcodes which don't touch memory. Very cool challenge, I spent a little time on it, and actually found the answer with the tool I wrote. However, without my emulation code in place I also turned up many false-answers, based on conditional-jumps so I dropped it. Bummer too. I wish I would have submitted it.
The Routards were back from last year, and came out of nowhere on Saturday to overtake us as second place, where they remained for the rest of the game. A French/Suisse team, they were really smokin!
And then (sound the Emperial March) came the Sk3wl 0f r00t. Lead by Jon Boss ("BossMan") and driven by Chris Eagle ("sk3wlmast3r"), these guys *completely* rocked our world. For the last two years lastplace has been stealing victory right out of this team's clutches using creativity, game-play, and a slight touch of evi1. This year, Sk3wl returned all we had given them and more. Probably most evi1 was when we used some technical prowess to keep Sk3wl from getting credit for many points last year, for several periods of several hours. This year, Sk3wl multiplied both the evi1 as well as the technical awe of our attack from last year, instead, denying any of our teams the ability to score. How they did this, I can't say specifically, but let's just say they pwned the services themselves and made their own version of a "service-r00tkit", modifying information to either prevent us from gaining shell on the box or changing the contents of keys so we received bogus keys and our overwrites were dorked as well.
I gotta admit, if we couldn't win, I'm ok with Sk3wl winning. Not only did they *totally* deserve it this year, but they're a great bunch of guys. I have a lot of respect for sk3wlmast3r and Bossman and the team they fielded this year was truly outstanding. Their game-place was flawless, their technical leetness was untouched, and they have real character. At the end of the game, they set-up their own projector on the wall over their team and played Guitar Hero... lol... but before they did, Bossman came over and said to me "I know this is going to seem arrogant, but this was not our idea... and I just wanted to let you know." That was pretty cool of them. They had every right to rub it in, but chose not to. rock on guys.
Ah, my dear lastplace.... On a personal note, I think it was really good for us to lose this year (sorry team, it's what I think). We came in as two-time, back-to-back winners, and a third time would have already been difficult to remain humble about. We also had let ourselves get complacent. I'm sorry guys, this one falls completely on me. As the buck-stopper, and as your captain, I failed in many way, the chunks of which I will not spew here. Having succeeded from the very beginning, I knew I/we were doing the right things for success... but I didn't really remember what the right things were this year... so it was a growing experience. Having not been defeated, I personally felt the stress of continuing the winning streak, even as much as I struggled against it. And after three consecutive wins, I was heavily considering "retiring" at least for a year or two. Now? I'm not quite sure what's going to happen. I know some of the guys are happy to field a team again next year. I'm going to hit 'em up in a few months. ctf bears some strong similarities to child-birth . Gradually one forgets how much pain and agony and misery goes into ctf, and for some crazy reason the desire to play again returns :) On the positive side, we played a very good game, aside from a few failings of mine. Most impressive to me is how much our attack-team has improved as a whole. We still have a couple rock-stars, but each of our attack team were "in the game". psifertex, jrod, jesse, drb, and myself, we were all in the same playing-field. That doesn't mean I think we don't need to do some training soon. I've got some very specific things in mind and there are many others I'm sure. But I got to see some of the other, lesser-contributors last year really stepping up, and that encourages me that the team is doing what it's meant to do. I'm also looking forward to our feeling challenged to excel... instead of just being "good enough".
To show up to the game is to be a winner. Each of the eight teams has to qualify in order to play the game (the returning champions don't actually have to play the quals round, but by being champions they already "qualify"). This year, well over 400 teams showed up for quals, and actually answered at least one question. I think at least 150 teams answered two or three. This is pretty significant, considering. Each of the teams I got to chill with this weekend had significant skillz, and it was an honor to be among them.
Ok, here's the (teasing) rant part of this blog post. Each of the teams playing in ctf qualified for the game... except one. One additional Korean team qualified this year, but they dropped out and we ended up with the first runner-up... That wasn't so bad (in fact, I was happy at the time because I have friends on the team which got to come). However, little did I know that this "first-runner-up" team would go on to completely dominate the game, shutting down our ability to score, and run away with the competition. That's right, folks. Sk3wl 0f r00t *failed to qualify*! lol. Oh well. </rant> I'm still glad they came. However, this highlights the reason lastplace has taken part in quals each year even though we didn't have to: ctf and quals are two very significantly different games, each one being amazingly awesome and worth the time and effort. kenshoto continues to deliver top-notch entertainment for the subversively-minded binary-hacker.
Many thanks to kenshoto, and especially to my good friends visi and squires... who did bring a fully-automated nerf-gun into my talk at defcon and launched a massive assult on the stage... that was awesome. In an otherwise draining and sad day, that gave me a great boost. I warned the crowd they might have to wake me up in the middle of the talk. I had bounced all over throughout the country, flying, driving, not sleeping, etc... and was already exhausted when I showed up for the sleep-depriving all-weekend siege of ctf.
BTW - If visi doesn't see fit to keep vtrace/vdb available from http://www.kenshoto.com/vtrace I may be lead to post them here.
sk3wlmast3r rocks. Let me just say that. He's an awesome guy, and one of the most brilliant reversers I've ever met. The last two years when lastplace beat his team, he was exceedingly gracious, meeting me with a (albeit disciplined) smile and congratulations. There's no doubt about the fact that he currently dwarfs me in skillz... but I've always been impressed with the man behind the evi1 :) I got to go see his talk at defcon (after ctf) and it was pretty slick. Keep on, man.
disass-v4.0 didn't make it for ctf. Sadly I had to use a mixture of disass-v3.0 and IDA to work on the vulns. This will continue to consume me for some time, until I have a workable GUI or I give up the whole mess (and mebbe write a CLI). I'm currently considering opening up development to interested outsiders, as it's quickly growing beyond something I can/want-to maintain alone. I'm not a GUI programmer, and would prefer telling someone how I want the GUI to behave and then go write the cool methods the GUI calls to actually do the work. Just a heads-up.
I got to spend time with a smattering of great friends this weekend, too many to list, and way too short a time to spend with each. But I wanted to send a shout-out to my awesome team, drb, wrffr, psifertex, mezzy, plato, shiruken, jrod, apu, and a couple guys who hung with us a bit and helped out some with a couple bins, and all the ctf teams (you all rock). Greetz to sk0d0 and jmfb, Figueroas, Subverted Dave, j0hnny, Thor (even though you skipped out on me :) Travis Goodspeed, GMark, vangelis, kenshoto (inc goons and pj, nice dice), Moose and VirusX (now *with* the Moose! thx for the Braundo dude, it kept me up on Saturday!), and the dudes who came to my Q&A session,
R.I.P. E P I C. I missed you. If we'd won ctf I was going to say it from stage.
permanent link /