BSides on System Overlord

BSidesSF 2017

david@systemoverlord.com (David Tomaschik) — Wed, 15 Feb 2017 00:00:00 +0000

BSidesSF 2017 was, by far, the best yet. I’ve been to the last 5 or so, and had a blast at almost every one. This year, I was super busy – gave a talk, ran a workshop, and I was one of the organizers for the BSidesSF CTF. I’ve posted the summary and slides for my talk and I’ll update the video link once it gets posted.

I think it’s important to thank the BSidesSF organizers – they did a phenomenal job with an even bigger venue and I think everyone loved it. It was clearly a success, and I can only imagine how much work it takes to plan something like this.

HSC Part 2: Pros versus Joes CTF

david@systemoverlord.com (David Tomaschik) — Wed, 10 Aug 2016 00:00:00 +0000

Continuing my Hacker Summer Camp Series, I’m going to talk about one of my Hacker Summer Camp traditions. That’s right, it’s the Pros versus Joes CTF at BSidesLV. I’ve written about my experiences and even a player’s guide before, but this was my first year as a Pro, captaining a blue team (The SYNdicate).

It’s important to me to start by congratulating all of the Joes – this is an intense two days, and your pushing through it is a feat in and of itself. In past years, we had players burn out early, but I’m proud to say that nearly all of the Joes (from every team) worked hard until the final scorched earth. Every one of the players on my team was outstanding and worked their ass off for this CTF, and it paid off, as The SYNdicate was declared the victors of the 2016 BSides LV Pros versus Joes.

BSides Seattle

david@systemoverlord.com (David Tomaschik) — Sat, 20 Feb 2016 00:00:00 +0000

These are just (essentially) my raw notes dumped from the talks I attended at BSides Seattle (2015-ish). Unfortunate I developed a migraine so I only caught the morning talks.

Active Directory

Use scripts to dump AD
Use scripts to sync with 3rd party providers
Lots of story, not much technical depth

Red Team

Presenter: Sean Malone, FusionX
Types of Security Assessment
- Vulnerability Assessment
  - Find vulnerability
  - Limited Scope
  - Broad & Shallow
  - Cooperates with SecOps
- Pentesting
  - Achieve Technical Compromise/Domain Admin
  - Moderate Depth
  - Techniques include Network, Application Assessment
- Red Team
  - Narrow Scope
  - Whole Enterprise is In Scope
  - Techniques include Social, Physical, Technical
  - RT Objectives
    - Simulate Sophisticated Adversary
    - Achieve “Nightmare Scenario” without detection
  - Client Objectives
    - Understand resiliency
    - Risk reduction, not just vulnerability count
Effective Red Teams

Blue Team Player's Guide for Pros vs Joes CTF

david@systemoverlord.com (David Tomaschik) — Sat, 15 Aug 2015 19:15:36 +0000

I’ve played in Dichotomy’s Pros v Joes CTF for the past 3 years – which, I’m told, makes me the only player to have done so. It’s an incredible CTF and dramatically different from any other that I’ve ever played. Dichotomy and I were having lunch at DEF CON when he said “You know what would be cool? A blue team player’s guide.” So, I give to you, the blue team player’s guide to the Pros v Joes CTF.

Hacker Summer Camp 2015: BSides LV & Pros vs Joes CTF

david@systemoverlord.com (David Tomaschik) — Wed, 12 Aug 2015 00:13:58 +0000

I’ve just returned from Las Vegas for the annual “hacker summer camp”, and am going to be putting up a series of blog posts covering the week. Tuesday and Wednesday were BSides Las Vegas. For the uninitiated, BSides was founded as the “flip side” to Black Hat, and has spawned into a series of community organized and oriented conferences around the globe. Entrance to BSides LV was free, but you could guarantee a spot by donating in advance if you were so inclined. (I was.)

DEF CON 22 Recap

david@systemoverlord.com (David Tomaschik) — Wed, 13 Aug 2014 05:45:33 +0000

I’m back and recovering with typical post-con fatigue. This year, I made several mistakes, not the least of which was trying to do BSides, Black Hat, and DEF CON. Given the overlapping schedules and the events occurring outside the conferences, this left me really drained, not to mention spending more time transiting between the events than I’d like.

BSides Las Vegas

B-Sides was a blast, but I spent most of the time I was there playing in the Pros vs Joes CTF run by Dichotomy. This is a particularly nice Capture the Flag competition, since it’s based on defending (and attacking) “real world” networks, rather than the typical Jeopardy-style “crack this binary” competitions. Most of the problems seen in the real world aren’t, in fact, 0-day produced by talented hackers, but in fact configuration weaknesses, outdated software, and insecure practices exploited by script kiddies. PvJ forces you to consider how to harden a “corporate” environment while still providing the same services. You get a Cisco ASA as your firewall, and can reconfigure services as needed to establish your perimeter and secure your systems. On Day 2, you also get to see just how good you are at breaking in, and just how good (or bad) your opponents are at securing their network.

BSides SF CTF by MAD Security, Conclusion

david@systemoverlord.com (David Tomaschik) — Wed, 06 Mar 2013 05:51:21 +0000

This is the conclusion to my write-up of the awesome BSides SF CTF by MAD Security/The Hacker Academy. You can find the other parts here: Levels 1-2, Levels 3-4, Levels 5-7.

What I Learned

Don't overthink things -- work from the simplest case.
Internet access during a CTF may be spotty (or nonexistent) -- be prepared to work fully offline. (Download a copy of exploit-db, etc.)
Keep meticulous notes -- otherwise you'll find yourself revisiting avenues you've exhausted, forgetting things, etc.

What I Wish I'd Done

BSides SF CTF by MAD Security, Part 3

david@systemoverlord.com (David Tomaschik) — Sun, 03 Mar 2013 19:41:47 +0000

This is a continuation of my write-up of the BSides SF 2013 CTF.

Level 5: Phone Work
This level required that we find a phone number on the Absurdistani snoop's computer and gain access to the voicemail box associated with the number. Finding the number was straightforward -- there was an email draft that contained the signature of the snoop, and in that signature was his phone number and voice mail box number. (This also lets us know his name is Marco.) Calling the phone number and entering the VM box number, we're asked for the PIN of the voicemail box. After trying some obvious things (the VM box number, the last 4 digits of the phone number, 1234, 0000, etc.) I started looking through his machine for any clues, but his machine was very sparsely populated with files. So, off to the internet for a list of the most common pins. Yeah, humans are predictable... the top 20 PINs (20/10000 =~ 0.2% of pins) represent a whopping 27% of PINs in use. Turns out Marco was that predictable too. One of the top 10 and we're in! The voicemail tells Marco that his new secure key is available on the secure keyserver, which he can retrieve using the 15 digit project access code.

BSides SF CTF by MAD Security, Part 2

david@systemoverlord.com (David Tomaschik) — Sun, 03 Mar 2013 00:43:10 +0000

This is a continuation of my write-up of the BSides SF 2013 CTF.

Level 3: Disk Forensics
A professional cleaner who has done some work for Nick provides you with an image of a flash drive, and you're to find the most "interesting file" on the drive and provide its md5sum. The first thing I do is run file on the image to get an idea of what we're working with:

BSides SF CTF by MAD Security, Part 1

david@systemoverlord.com (David Tomaschik) — Sat, 02 Mar 2013 07:47:38 +0000

Last weekend I was at BSides SF and had the opportunity to participate in the Capture the Flag competition run by MAD Security/The Hacker Academy. I was able to clear 6 of the levels, and thought I'd write them up here to share my experience. Most of this is from my memory, so there might be a few inaccuracies, but the intent is to share the general concepts, not the specifics.