lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 16 Jul 2008 00:25:31 -0500
From: OTB <ownthebox@...herpunx.org>
To: ownthebox@...herpunx.org
Subject: OwnTheBox @ DC16: Pwning for dollars

OwnTheBox, now in year 0x01, continues its hallowed tradition of 
creating temporary autonomous zones comprised of random people asking to 
be haxored to test their defensive Kung Fu. We're a defender contest, of 
sorts, which means the following:

* Contestants bring a server, running some hardened services
* We invite all DefCon attendees to attack these services
* ????
* PROFIT


# NEW YEAR, NEW RULES

This year, we made some changes to the format: Instead of asking 
defenders to offer up their hardware to successful attackers, we're 
glomming on to the Vegas spirit and making this a contest of cold, hard 
cash.

Defenders pay a nominal entry fee, matched by contest organizers, the 
Cosa Nostra, and Dan Kaminsky's grandma. The winning entry, based on 
services uptime and our patented PwnOMeter(tm), gets the  cash, as a tab 
at the Splash bar, on Sunday afternoon.

We're also partnered up with the good folks of OCTF, so entries will be 
targets in their event, and given varying point levels in OCTF 
throughout con, guaranteeing a dedicated pool of attackers to bring the 
love.


# OFFICIAL CALL FOR BOXEN:

If you've followed the DC forums, you know the drill. Services this year 
will need to do $SOMETHING. Specifically, our scorebot will be sending 
you a Base64, token every five minutes, to check your service is 
functioning. We can get the token to you just about any way you like, 
though HTTP(s), SMTP, (s)FTP, TFTP, etc, just give us fair warning what 
you have in mind.

You'll also receive tokens to install locally for each service, and one 
readable by root / admin / sysopr / etc.

Obviously, providing the token to contest organizers = an own. Succesful 
attackers get a beer or two.

Beyond that, show up, buy us beer, and come have fun. Mail ownthebox 
[at] cipherpunx [dot] org with signups, questions, comments, ridicule, 
derision, and pics of your Mom.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ