Microsoft Security Seminars

Mike_Hunt · 18-05-2005 9:19am #1

Has anybody been to the Microsoft Seminars in Sandyford run by Ward solutions. They are pretty interesting. Theres been 2 so far with 2 more to come. They have set up a network with a few servers accessible over a wireless access point. If anyone can hack a Win2k3 box and grab a file off the root of C called willywonka.txt they win the prize contained therein.

I bet its something like an all expenses paid trip to TechEd or something like that.

Heres te URL for the next one if anyone is interested
http://msevents-eu.microsoft.com/CUI/EventDetail.aspx?EventID=118756000&Culture=en-IE

They also give away 3 xboxes on the day.

Jaysus i sound like im advertising it - i just wanted to know if anyones got near the file yet.

Martyr · 18-05-2005 12:41pm

So you can only access the win2k3 box over wireless connection?
Would the box be up to date with patches...etc?
How much is admission to the seminar?

Mike_Hunt · 18-05-2005 12:45pm

Admission to the seminars is free. Theres an ISA server sitting in front of the Win2k3 box. The longer the competition goes on they are going to open up more vulnerabilities on the server. I imagine its not too far away from being hacked.

And yep the only way to get onto this network they have set up is via wireless access point.

Martyr · 19-05-2005 6:14pm

I probably won't go, due to distance where i live, but it would be interesting, no doubt.
I don't have wireless equipment, and never used any, but i guess that would be the first approach to gaining access?

What i mean is, the wireless protocol would have some vulnerability..seeing
as that is how it is setup in the first place.

hmmm · 19-05-2005 6:26pm

Let me get this straight - they are hosting a security conference, and as part of that they are encouraging people to hack a box? Madness.

I went to one (not hosted by Ward) recently. Had some eejit behind me tapping away on his laptop all day, drove me mad (probably blogging to his 4 readers). The presenter was entertaining for an hour or two, then spent the afternoon talking about theoretical cryptography attacks, as if that was ever a problem for most security people.

Mike_Hunt · 20-05-2005 8:20am

Well yeah i know hacking a box to demonstrate security sounds strange but it works really well. It lets you into the mindset of the hacker and teaches you what he looks for and then how you can secure those vulnerabilities.

On the first day the guy did a demo and within a few minutes he almost had access to a certain government website which will remain nameless. He didnt proceed for fear that he would actually show that the site could be hacked!
There were two people from that office there and they were mortified.

Capt'n Midnight · 20-05-2005 12:31pm

Mike_Hunt wrote:

Admission to the seminars is free. Theres an ISA server sitting in front of the Win2k3 box.

Of course you could just do a DoS on the ISA server by port flooding (unless it's no longer possible to get a windows machine to keel over by firing junk at random ports)

Be interesting all right to see what the Access Point itself is blocking/natting or if it is fully open..

hmmm · 20-05-2005 5:45pm

Mike_Hunt wrote:

On the first day the guy did a demo and within a few minutes he almost had access to a certain government website which will remain nameless. He didnt proceed for fear that he would actually show that the site could be hacked!
There were two people from that office there and they were mortified.

Mortified? I'd be talking to my legal department. Was this recorded like a lot of Microsoft seminars?

ecksor · 20-05-2005 10:19pm

What exactly would you hope to achieve by getting onto the legal department?

Mike_Hunt · 23-05-2005 9:25am

No the seminars are not recorded. And before he started on their site he asked explicitly if they wanted him to proceed and try a couple of hacks on the site.

KroG · 23-05-2005 1:45pm

Even though i'm only 16 i'm sure i could have a go i have a very good idea with security and i can cheat by ringing a mate of mine who is a contractor for microsoft and deals with all the securitys isues with microsofts servers.

And that lad who said about the geting onto the legal department that would just be being a **** he got permission deal with it this sorta thing goes on every where and there is a few groups in colleges who are actually full on with hacking/cracking into servers.

I'm not one of these people before you say, saying that i'm the b's and e's of hacking i'm far from.

Microsoft Security Seminars

Comments