Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

HackEire

  • 10-07-2010 12:24am
    #1
    Registered Users, Registered Users 2 Posts: 1,190 ✭✭✭


    Since there don't seem to be many links to security events/groups in and not just links (other than 2600), Here's one: http://www.iriss.ie/iriss/hackeire.htm
    HackEire is Ireland's premier Cyber Security Challenge and is part of the IRISS annual Conference on Cybercrime to identify Ireland's top cyber security experts. HackEire sees teams compete against each other in a controlled environment to determine which one will be the first to exploit weaknesses in a number of systems and declare victory. The purpose the HackEire competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network.

    Also defcon is coming up in a few weeks. Time to start saving for next year


Comments

  • Registered Users, Registered Users 2 Posts: 576 ✭✭✭ifah


    Good link - I couldn't find results of last years challenge - any links to that ?


  • Registered Users, Registered Users 2 Posts: 1,190 ✭✭✭wolfric


    http://www.iriss.ie/iriss/hackeire_2009.htm There's the link to the 2009 one.

    Not too sure on the results.


  • Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie



    We will be blogging again this week! Stay tuned for a post on how get the first flag from last year's HackEire. #IrissCon

    http://twitter.com/HackEire


  • Registered Users, Registered Users 2 Posts: 1,190 ✭✭✭wolfric


    Hope you don't mind bacon, from your twitter page.

    http://hackeire.blogspot.com/



  • Closed Accounts Posts: 24 markofu


    Hi Folks,

    Sorry, I'm the primary organiser for HackEire. Apologies for the lack of updates on the blog - I haven't had much free time recently.

    The 2010 contest is on in Dublin, November 18th, in the Berkley Court (same as last year).

    Entries should be opening up next week (check out the www.iriss.ie website and obviously via Twitter).

    I will be posting the remaining solutions to last year's contest over the next month (including photos). The solutions will be hosted on the IRISS website, which requires registration but this is free.

    HackEire 2010 will be free (like last year) and there it should hopefully be fun for everyone with challenges to varying in difficulty.

    Thanks for your interest in the event and if you've any questions, let me know.

    Cheers, Mark


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    wolfric wrote: »

    Ha! I'm in that video :P

    I'm the big eejit chewing my fingernails and trying to get my Macbook Pro to be a hacker's toolkit. Sorry about the dodgy 'tache ... it was Movember.

    As for results, I think the winners were from Trinity ... they were definitely students. They're the team on the right-most table near the doors, as you look at the video.

    My team is on the left-most table near the doors ... we came a respectable 4th.

    Really good conference, and excellent CTF competition ... well run, very challenging and really inventive. I'll definitely be putting a team in again this year.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I would love to take part in that!


  • Closed Accounts Posts: 24 markofu


    Folks, FYI - http://www.iriss.ie/iriss/iriss_conference_2010.htm http://www.iriss.ie/iriss/hackeire_2010.htm For HackEire, we will also need team members and team name! Cheers, Mark


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Would it be possible to compete remotely? For example VPN into the network?


  • Closed Accounts Posts: 24 markofu


    Unfortunately not, it's something we've discussed but we don't have the capability to offer this facility this year, sorry! We're a completely volunteer organisation so it's slightly more difficult for us.


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I'll have a think about it and decide whether to make the trip. Ill also ask a few of my work colleagues and see if they are interested.


  • Closed Accounts Posts: 4,584 ✭✭✭digme


    Sounds like a piece of piss.


  • Moderators, Home & Garden Moderators, Technology & Internet Moderators Posts: 24,789 Mod ✭✭✭✭KoolKid


    digme wrote: »
    Sounds like a piece of piss.
    Care to follow that up ith some reason?


  • Closed Accounts Posts: 4,584 ✭✭✭digme


    HackEire is Ireland's premier Cyber Security Challenge
    security tools+ready made public exploits is on par with script kiddies


  • Moderators, Home & Garden Moderators, Technology & Internet Moderators Posts: 24,789 Mod ✭✭✭✭KoolKid


    Different levels for different people.


  • Closed Accounts Posts: 4,584 ✭✭✭digme


    no sh!t


  • Moderators, Home & Garden Moderators, Technology & Internet Moderators Posts: 24,789 Mod ✭✭✭✭KoolKid


    If you feel you are too advanced for this then that's fine. Do not post in this thread again unless you have something sensible to contribute.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    To be fair to the OP, and the competition, having a number of systems with that have been hardened to a high level, not vulnerable to any public exploits, so contestants have to find new vulnerabilities, and write their own exploit code, would be a nightmare to manage. For a start you have no idea how long the contest could or will last. It could take a week for someone to "win" the contest.

    Instead, having a capture the flag type event where the emphasis is not just on gaining access but maintaining access, requires skills in a number of fields well beyond your average script kiddie.

    Also, the main goal of the event(I assume) is to demonstrate to people(many of them not hackers) just how easy it is to exploit and compromise an unpatched or mis-configured server is.


  • Closed Accounts Posts: 4,584 ✭✭✭digme


    I was pissed the other night but i suppose i said what i felt.
    Why not write a few programs like a simple echo daemon and have a hole in that?Atlease then you know they know more than just point and click hacking.....


  • Registered Users, Registered Users 2 Posts: 218 ✭✭Screaming Monkey


    I get the feeling you don't know a whole lot about the HACKEire competition, from talking with the lads last year and watching it, point-n-click will only get you so far and a number of people failed with all in the tools at their disposal.. There was such a wide variety of linked challenges across a number of OS/applications, its not a simple point-n-click/public exploit job.

    As for "simple echo daemon" why would they write that, when an off-the-shelf application mis-configured would do the same and is a better learning example.

    anyway if you think its "piece of piss" head along to it and show them your l33t skills.

    SM


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    This was just mentioned on Mooney.

    I wish I could go :(


  • Closed Accounts Posts: 24 markofu


    I guess I should watch this board more closely to dispell rumours ;-)

    <rant>

    @digme you're hilarious, making statements when you have no actual knowledge of the people who build the HackEire infrastructure, their experience, skills, the vulnerabilities that they ensure are exploitable on the system or the actual solutions to last year's competition. If you think that simply rocking up with Nessus, a distro like BT4 or Knoppix or repeatedly doing some sh!t with Metasploit such as using the 08-67 exploit and simply setting LHOST and RHOST then you're in for a shock.

    There was guy (who didn't turn up for the competition either) making similiar statements last year about how we should write our own binaries. We're a bunch of volunteers with multiple years of experience in the IT industry who do this in our free time and the purpose of the challenge is to show those who make the decisions that systems can be exploitable, mistakes are easily made in administering/configuring systems while also enabling folk to practice their h4xor skills or learn in a friendly, risk-free environment. I don't see anyone-else in Ireland setting up anything similar? If there are, let me know!

    If you're as sh!t-hot as you make out, then I'd love to see you enter and if you can hack the network that we've built by 'pointing and clicking', then we'll buy you drinks after the contest is over but I doubt you'll turn up!!!

    We are trying to educate people in Ireland at both management and technical levels.

    Finally, if you do turn up (and this goes to all competitors) then give us your feedback because we want to improve the competition, we want to make it better, however, until you turn up and compete, the feedback on 'boards' isn't much use to us.

    </rant>

    Last year the contest last for five hours roughly and no one completed the challenge. There were six teams and one got close but not quite.

    We have a few slots left open and we're pretty excited at some of the teams that will be coming this year. We have some prizes lined up also and entry is free - yep, that's right, a point-and-click hacking competition for free with prizes!!

    This year's contest will be more multi-faceted than last year's with some easier challenges but also some harder ones. Check out the latest post at http://hackeire.blogspot.com for some information on recommended tools (please note that this is just a hint and I've only posted this because folk were asking - as I said earlier you need to understand what you're actually doing with the tools).

    The first element of HackEire 2010 will be posted on October 29th so if you want to enter please email info at iriss.ie.

    As I said earlier, if you have constructive feedback on how the competition can be improved then please let us know.

    If you have doubts about the technical capabilities of those setting up the network, then come have a chat with us on the day.

    m


  • Closed Accounts Posts: 24 markofu


    Folks,

    If you are entered in HackEire 2010, your team lead should have received the first challenge. If not please let us know via twitter (@hackeire) or email (info@iriss.ie).

    Further details can be found here - http://hackeire.blogspot.com/.

    Cheers....m


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    This should be on this thursday.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    I think it's a great project myself, and if anything - allows like-minded people to come together and learn from each other. Surely that's positive.

    Best of luck with the event.


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    'twas a good event. The hackeire section had a lot of buzz about it. Slightly fishy that AIBteam1 and AIBteam2 kept racking up the same percentages..... shenanigans? or did team1 hack team2 ? :D

    The conference itself was, if I have to be honest, a bit hit and miss. Possibly from trying to cater for a diverse audience without splitting into lecture paths. It was a real pity mr. Schmidt a: didnt make it over and b: sent that video instead.

    Overall though, a great event, well organised and much appreciated. I'll definitely be signing up for next year (I may even enter the hackeire challenge if I can find team-mates who just want me ot be a particularly fetching mascot :P ).


  • Closed Accounts Posts: 24 markofu


    twas a good event. The hackeire section had a lot of buzz about it. Slightly fishy that AIBteam1 and AIBteam2 kept racking up the same percentages..... shenanigans? or did team1 hack team2 ?

    >> There was only one team from AIB, though technically they weren't representing AIB but they didn't give us a team name. There were meant to be two teams but one team entered in the end. The same 'totals' were initially posted due to us just posting the same to each but be reassured there were no shenanigans ;-)

    The same guys that won last year won this year, though only by 1%.


    The conference itself was, if I have to be honest, a bit hit and miss. Possibly from trying to cater for a diverse audience without splitting into lecture paths. It was a real pity mr. Schmidt a: didnt make it over and b: sent that video instead.

    >> What bits were hit and miss? Regarding Schmidt, we were disappointed also but it's not easy to get someone of such 'high rank' and I think the video was still a good coup imho.

    We did discuss having two paths, however, we didn't feel that we could pull if off in our second year and, as a result, that's why you (I'm guessing you're a techie) may not have enjoyed every presentation but there is quite a diverse audience. This feedback is very useful because it'll help us in our planning for next year.


    Overall though, a great event, well organised and much appreciated. I'll definitely be signing up for next year (I may even enter the hackeire challenge if I can find team-mates who just want me ot be a particularly fetching mascot ).

    >> Thanks for the great feedback, did you fill in one of the forms? If not, could you email info@iriss.ie with your thoughts please? We genuinely want feedback because we want to improve it for 2011 so that both elements are bigger and better.

    HackEire is my baby and hopefully it came across how much hard work we put into it (the power failures didn't help :( ). I would love to see more people entry and I view it as an excellent learning opportunity for so many people but unfortunately many are afraid of being embarrassed whilst a lot of the so-called 'elite pen testers' in Ireland don't want to get the asses kicked ;-) If you're thinking about entering, please do and spread the word. If you need team-mates, put your name into the hat and we can hopefully create a team with others in a similar position.

    I'm hoping to keep the http://hackeire.blogspot.com blog going and like this year, HackEire will begin prior to the actual day with challenges published to competitors. There's nothing like this anywhere-else in the country and it takes months to set up but people need to learn these skills because I think IT (especially security) is one of the few areas that'll continue to do well in this country.

    It's good to see our hard work being appreciated and I think it's some achievement to put on both elements for 'no charge' in a country where most things a rip-off. It was great to see so many people there but also the fact that there was so much knowledge sharing, learning and a jobs fair (with genuine jobs).

    >> Can I ask if you'd still go to IrissCon or HackEire if you had to pay? If so, how much would you pay? I've paid for a few security conferences and I think IrissCon is much more worthwhile than several of them (but not all). I admit that I'm biased though!

    Just my 0.02c so hopefully it's useful.......




Advertisement