Hackeire 2011 who is going?

endz

Just wondering if there are and boards members going this year?

Also would love to know what the challenges were last year...
Does anyone have any info on this?

PeterHughes

Might just go and have a look if that's possible, think I am to much of an amateur to take part.

Would love to see the first challenge they released but I think you have to enter to get a copy of it.

BaconZombie

I'm not taking part in the CTF but should make it to the main IRISSCERT conference.

markofu

There are no 'formal' solutions as such for last year because I was knackered after the event and stuff just got in the way so I never documented the solutions the way I did the first year. The solutions for 2009 are available on the www.iriss.ie website to all Iriss members (it's free). The first challenge is a reverse-engineering challenge involving de-obfuscation, debugging etc. It's actually really cool and should be good fun for the next few weeks for those competing in HackEire. I wouldn't worry about lack of perceived skills at the event, it's all about learning in an open environment, having fun and meeting/making new friends. You won't be embarrassed and I'd encourage everyone to give it a go and even HD Moore had to start somewhere (though not as low as most of us) ;-) More information is available at http://hackeire.blogspot.com, @hackeire or hackeire gmail com Hope that helps!

h57xiucj2z946q

Anyone got that binary for that first challenge?

endz

Nope, still have not received anything either... (but only sent email 2 days ago)

h57xiucj2z946q

Actually as im not participating, markofu said he will send me on the challenge material after the event is over.

The Outside Agency

So what were the results of this year? Who won?
Did you receive the binaries, Damo?

h57xiucj2z946q

nivekd wrote: »

Did you receive the binaries, Damo?

no :-(

ExIrl

Team "Bitbucket" (I think) won the event having completed 50% of all total objectives.

markofu

Damo received the binary last week and is hopefully now thoroughly frustrated

The Outside Agency

Just curious but who solved the binary challenge and can anyone get a copy of it? if not, why not?

markofu

"Why not?" - seriously?

The Outside Agency

"Why not?" - seriously?

Yes, is that an unreasonable question?

markofu

So despite running a CTF for free for three years, putting hundreds of hours into it, as well as a substantial amount of my money, made solutions available and blogged about it, I'm being unreasonable because I won't post the challenges to Boards?

colin300

Just like to say that I participated in the event as part of the CSDF-LYIT group.

Was the best experience you could imagine and for that I have decided to set up a society in college that will prepare a group to go to next year’s Hackeire. Which I think is a true credit to Mark and the team for what they have achieved and done.

For the pure amount of effort that was put in to it all I just have to say that I personally don't believe the challenges should be posted for one simple reason which is only 50% was achieved by the winners. If all the challenges are posted a whole new CTF would need to be designed and I don’t even know how the challenges would have any relevance unless the images used on each machine were released as well.

No matter how much I would love them to be!!!!

All I would ask though is that the since you know the challenges that were completed that you release them so I can have a good idea what to teach people in this society!!!

Just remember if you want to take part in DEF-CON or Blackhat or any of the other CTF's you have to pay.

Congrats Mark on an amazing event and one of the nicest guys around. A true testament to someone who has a passion for Computer Security!!!

900913

nivekd wrote: »

Yes, is that an unreasonable question?

markofu wrote: »

So despite running a CTF for free for three years, putting hundreds of hours into it, as well as a substantial amount of my money, made solutions available and blogged about it, I'm being unreasonable because I won't post the challenges to Boards?

nivekd never said you where being unreasonable, he asked was it an unreasonable question.

The Outside Agency

markofu wrote:

So despite running a CTF for free for three years, putting hundreds of hours into it, as well as a substantial amount of my money, made solutions available and blogged about it, I'm being unreasonable because I won't post the challenges to Boards?

*shakes head*

As 900913 already mentioned, I never accused you of being unreasonable.

The question of why nobody else could acquire the challenge seemed unreasonable to you because your response was "seriously?" as if surprised.

I don't know your reasons for not releasing the challenge, maybe you explained them at the conference, but I wasn't there.

Since the competition is now over, I didn't think it was a problem to release the challenge but if you don't want to, no problem.

I just wanted to try solve it, that's all.

ifah

markofu wrote: »

So despite running a CTF for free for three years, putting hundreds of hours into it, as well as a substantial amount of my money, made solutions available and blogged about it, I'm being unreasonable because I won't post the challenges to Boards?

Hi Mark,

do you plan on using this setup again or will it ever be available (even on a subscription based model) outside of HackEire ?

ta.

markofu

Ok, I mis-understood.

I didn't write this particular challenge but I won't be releasing it or any of the others outside of HackEire. I know that's going to piss people off and for that I'm sorry, but I spent too much time, money and effort on it. The complexity of the set-up rose dramatically this year and going forward, it's going to be difficult to manage such a set-up for free in my spare time. The infrastructure/set-up/applications need to evolve and change to reflect the security environment.

I gave the challenge to Damo based on a conversation before HackEire and after he showed evidence of the substantial amount of challenges that he has donated himself. I've probably given folk a bat to beat me with but hey.

Regarding the solutions, I did them for 2009 but for 2010, I didn't have time (job, family etc takes priority). I'll try to do some stuff for this year on the HackEire blog after Christmas.

Regarding online access or future challenges, it's something I've thought about and I'm trying to come up with a solution for online but talking with folk that can provide the access for me to build such an infrastructure is challenging (on many facets). The other thing I'd worry about, is would there be interest? If I built HackEire online, would people pay for it to cover my time, support, development, infrastructure costs, administration etc - I'm not sure, especially given the current economic climate in Ireland. I can't afford to do a "Build it and they will come" though I would love to but I'd fear an empty class and big monthly bill from the colo company.

Just wondering, why do people not come on the day? Is it that they don't have a team? They don't want to try it in public, i.e. would rather do it in their own privacy? They can't get a day off? Did people find out about it too late? Just not interested?

ifah

Hi Mark,

Thanks for the response - all makes sense.

As for my non-attendance - I guess it's a mixture or being self-employed so it's an expensive day off for me, I'm working supporting some fairly critical systems so getting time away from them is harder too.
Also I wouldn't have a team and would prob like to have a measure of myself and capabilities before trying this type of thing. Hacking Websites are probably my speciality as opposed to rooting servers / firewalls etc.

GismoBaby

On side with mark on this one! any guy who manages to put together a show like he did and manages to keep all his hair in the process deserves the right to keep his work and not have it broadcast on a public forum!

h57xiucj2z946q

markofu wrote: »

Damo received the binary last week and is hopefully now thoroughly frustrated

Way too heavy for me! not a chance I will crack this.

The Outside Agency

markofu wrote:

Just wondering, why do people not come on the day? Is it that they don't have a team? They don't want to try it in public, i.e. would rather do it in their own privacy? They can't get a day off? Did people find out about it too late? Just not interested?

I attended the first one and actually spoke with you during one of the breaks, had to take couple of days off work and just couldn't do that the last 2 years.

As for taking part, I've little to no knowledge of hacking web servers anymore so I wouldn't do well in most of the challenges.

The RE/forensic challenges do interest me though.

h57xiucj2z946q

markofu, nivekd is really good at this sort of stuff, maybe he would find this challenge interesting. As for me, I don't think I will be able to solve it.

[-0-]

I would have went but I moved to the states.