I received a sponsorship from 3 Gimbals to attend DEF CON this year and experienced the strangest hacker spectacle for four days. Rather than try to pay attention to 45 talks I chose to spend my time drifting between villages and participating in the Red Team Village CTF.
Our CTF team, comprised of 3 Gimbals employees and fellow Clemson students placed 27th (top 10% of all teams) in the competition comprised of some of the best hackers. Of all the challenges, I focused mostly on the reverse engineering as I have more luck with them. The 3 Gimbals employees cracked most of the data analysis challenges, as it is their specialty. I was satisfied by our first year performance but will be sharpening my skills for next year and completing the challenges I couldn’t solve.
The majority of my time in the villages was spent in the Packet Hacking Village. I participated in a guided configured of a virtual network with 6 machines on different VLANs, one switch, two routers and an ISP. This exercise solidified much of what I had learned building the Cyber Lab and taught me additional protocols and some of the internals of switches and routers.
Additionally, the Packet Hacking Village hosts the Wall of Sheep, which catches and reports insecure authentications occurring over the network. My goal was to get myself listed on the wall. I configured one of my web servers to accept HTTP and require basic authentication to view the webpage. I then booted up an arch ISO and connected to DefCon-Open (the conference’s insecure wireless network meant for all kinds of shenanigans). From there I connected and authenticated to the website via cURL and waited for one of the listeners to catch me. It didn’t take long and soon my bogus login attempt was listen on the wall. In future years I plan to design a more realistic service to better fool the wall.
In totality, I much enjoyed my experience at DEF CON, I will be returning next year and spend more time exploring (maybe even go to the third floor) and networking. I am thankful for 3 Gimbals sponsoring my trip and I hope they can sponsor more Clemson students next year due to this trip’s success.