DEF CON 8.0

DefCon 8 was my first DefCon, so I thought I'd do the quasi-requisite review. There were about 6,000 people there, so I'm sure there are at least 2,000 reviews online by now, but maybe something good will come of adding mine to the bunch. Also, mine is the only one that has a link to Shiva, my Red Hat system that withstood CTF.

I was nervous about going; afraid that I'd feel out of place or outmatched. Having survived, I can say my only complaint (aside from the heat) was that it was too damn crowded! Everyone was great, and it was a very pleasant atmosphere. I didn't encounter any hostility - with the possible exception of that OpenBSD fanatic, but he just couldn't handle the fact that my Red Hat configuring skills might be the match of his OpenBSD install skills. ;)

SpaceKiddie and I arrived at the Tropicana on the 27th. The Tropicana had overbooked the Paradise Tower, and had put me in the Island Tower without bothering to let me know. Space and I wandered around the Paradise Tower trying to find our room for a while. I was very disappointed with the Tropicana this trip, my previous stay there had been outstanding.

We toured the south end of the strip a bit, and I impressed SpaceKiddie with the cheapness of cigarettes in Nevada. We crashed much earlier than usual in preparation for awaking at that ungodly hour for CTF registration.

Friday, July 28 - Day 1

I had spent most of Friday morning trying to get set up for CTF, then collapsing back at my hotel to wait for some friends to arrive. Space pointed out an attractive slot machine for me, and I won $120. At the CTF setup a guy with an OpenBSD shirt had inquired what I was running. I told him I was running Red Hat 6.1, to which he replied "That's rootable." He asked if I was running wu-ftpd. I gave him this big shit-eating grin and said "yup!" He suggested I look into OpenFTP.

/* Begin Rant

Now, I have issue with the idea of sticking a default secure OS like Open into CTF. It really doesn't take a lot of skill to secure an OpenBSD box. You pretty much just install it. Taking a system which has issues, patching them, building a functional server out of it, and putting that up for attack takes a whole lot more guts, in my mind. Running OpenBSD during CTF is practically cheating.

There are exceptions to this, though... Mythrandir gave a lecture on Penetrating B1 Trusted OS's, and to demonstrate them he put a box running a Trusted OS in CTF. The goal wasn't to prove his admin skill, it was to demonstrate the OS. Likewise, if the guys at OpenBSD decided to put an official server in the CTF competition to prove the OS, that would be very cool. But to use such an OS and then claim that you have what it takes to be a good security admin... well I don't think that quite cuts it. You may be secure, but do you understand why?

End Rant */

xinc and lskd called us at about 7:30pm Friday. They had ended up registered at the wrong Embassy Suites, but were still happy with the room. j_thadius wasn't with them, having decided at the last minute to attend Darkwell War, an SCA event in California; he did, however, send his laptop along with xinc so that I could use it to admin Shiva.

Space, xinc, lskd and I started the evening with some drinking at the Tropicana, then made our way toward the Mirage for a little more drinking, and finally made it over to the Alexis Park in time to catch half of the first round of Hacker Jeopardy. Space, xinc and I all got hugs from kewpie.

I was about ready to start my own jeopardy team after quietly answering most of the questions I heard during the first round, but was somewhat happy that I hadn't after being largely shut-out during the second round. We checked out the DJ, then headed home for more unnaturally early sleep.

Saturday, July 29 - Day 2

Space and I listened to Robert Graham from the hallway outside his conference room. He was one of the speakers I really wanted to hear, and I was not alone. We hooked up with xinc and lskd who had managed to get seats, and sat in awe as Jon Erickson derived the encryption algorithm for RSA on stage, then broke it in two easy steps.

I spent a couple hours failing to get littleblue (j_thadius' laptop) working on the CTF network so I could create shell accounts for people on Shiva. A guy in the hallway tried to help me get littleblue on the network; he later turned out to be a Fed. I also talked to a guy in the CTF area who had scanned Shiva with ISS the day before. Shiva had kicked back three informational items, which were largely caused by the fact that I was running qmail and ISS was pointing out something that might have been an issue with sendmail (I had seen this before with my own Nessus scans).

It turned out there was only a limited area where I could actually hook into the CTF network, and not an empty seat or port was to be found. Luckily, no one had yet notified the CTF goons about any successful rootings, so I figured Shiva was doing all right on his own. I missed seeing the cDc, but from what I heard, so did a lot of people. I hear the Alexis is looking at expanding by next year. They'll need to, if DefCon is going to be back. It was just too damn crowded.

Space and I each spotted a Fed at Greg Hoglund's lecture on Advanced Buffer Overflow Techniques, but were unable to claim victory. I over-heard Space's Fed admit to being a Fed, but he later told Priest that he wasn't one. I never called out my Fed, but the regulation flip-flops, shorts, Hawaiian shirt, sunglasses with earpiece hanger thingies (for hanging your sunglasses around your neck), bald head, and two days worth of stubble gave it away. As did his observe without being observed seat selection. Space and I are considering making an "I spotted the Fed but the Fed lied about being a Fed" shirt.

Space spotted the OpenBSD guy using my monitor in the CTF NOC, where I had left it the day before with some assurance it should be safe. I was fairly pissed that someone would be using my equipment without my permission, especially since the CTF rules say if you touch your system after it goes live you are disqualified. I arrived at the NOC to find my monitor's power cable had vanished into the ether. I retrieved my monitor from the NOC and took it back to the Tropicana. I think I may have been a bit too upset about someone using it, but my previous experience with the guy was dictating my reaction, and my missing power cable lends justification, I think. (No, I don't know that he was the one that took it, or whether it was intentional or not)

We all returned to our hotels to prepare for the Black & White Ball, and I got fairly liquored up. Ran into two women in the hall outside our room who were also attending DefCon. They asked if we were going to the B&W, and commented that they should check it out. Space became infatuated with one of them who was wearing a fascinating pink dress. I was more interested in her clear plastic choker. She became known between us as "Pink Dress Girl".

The group once again got together at the Alexis and I proceeded to sober up on a Red Bull and Vodka and a Petron Margarita, both of which were amazingly watered down. Its no wonder DefCon managed to spend more on booze than the RAF, you have to in order to get drunk... Maybe the RAF knew well enough to get their own alcohol.

lskd picked up some glowsticks for the group, and we all pretended to dance while Jackalope was rocking up on stage. I found out the next day that Jackalope was the woman I'd seen roaming around DefCon on Saturday in a red and blue cheerleader/anime outfit. Very cool. We stumbled over to Hacker Jeopardy for another great evening of "Andy Rooney", "Quicken", and "256" (You had to be there).

The classic moment for the evening was this -

Winn: This star of News Radio was found running naked down the streets of LA, high on crack...

Generic audience noise... crowd grows completely silent as:

SpaceKiddie: Who is MY DAD?!

xinc and I watched over lskd and Space for a while, as they had become completely blitzed on Red Bull and Vodka. lskd broke open a glowstick and sprinkled glowing liquid all over his shirt (which he later realized was the one xinc had bought earlier that day). xinc and I put them in a cab to their room at Embassy Suites, and headed off to the Luxor (on foot!) for some dinner and a little gambling. I made it back to my room about 5am. Space crashed at xinc's room after falling asleep watching The Green Mile (It was apparently either that or porn).

Sunday, July 30 - Day 3

Woke up sick (not hung over) and in a lot of pain (I need knee surgery) after my late night of walking and dancing. I decided to make a late showing at DefCon, and pound down 3 Advil. I ran into Pink Dress Girl (no longer wearing the pink dress) a couple times near the elevators, but we didn't say much. I was in too much pain, and too nearsighted, to notice her the first time. The second time we were going opposite directions.

Space got back from xinc's hotel, and we watched "Reindeer Games" in our hotel. It was getting to be time to check out the CTF awards, so I pounded another 5 Advil (don't try this at home, kids) and Space and I headed over to the Alexis. CTF was already shut down and the awards had been distributed. I found Shiva powered down, disconnected from the network, and my cat5 was rolled up in a pile of cable under the table. I retrieved Shiva without ever showing my claim check.

I heard that only about 3 systems had been cracked, and I felt pretty safe. The results had disappeared, though, so the best answer I could get about whether Shiva had been 0wned or not was "when you get home, if you find something in your root directory...". If I still had my power cable for my monitor, it would have been real easy to check... /* grumble grumble */

I parted company with xinc, lskd and Space (who was riding home with them that evening). I returned to the Tropicana for a nice quiet evening to myself. I never ran into Pink Dress Girl again (damn), but I made it home in one piece and so did Shiva (well, sorta). I also managed to survive my first CTF unscathed, which I am feeling pretty happy about. I've been studying Linux, networking, and security for less than a year now, and this was a nice confirmation that I really am learning something. We'll see how I do next year. ;)

-- Golden_Eternity