Contests and Events

Contest and events are a huge part of SAINTCON every year. It's a chance to not only test your skills but learn new skills in the process. We promise to challenge you, make you think, and help you leave with new skills and knowledge that will assist you in the IT Security industry. For some, our contests and events are the sole draw to the conference. Many come to SAINTCON just to play our Hacker's Challenge Game that will test your skills in everything from Trivia, to Systems Administration, and Pen-testing; against your peers at the conference.



Hacker's Challenge

Brought to you by the UtahSAINT Organization with Gamemaster zevlag

The Gameboard Server is located at:
(SECRET LOCATION TO BE REVEALED)
and is available at the start of the conference.

The Hacker's Challenge competition is an event held during the SAINTCON conference to challenge your skills as a Security Professional.

Roughly defined, it is a Jeopardy-like progressive game where players are presented with puzzles which require various security and technical skills to solve. Individuals work on these puzzles and submit keys from solving them in order to earn points. The person with the highest points wins a Black Badge. (the coveted badge that allows them to attend SAINTCON free of charge for life.)

GAMEPLAY

Points in the competition are awarded for successfully solving the challenges provided during the game.

The Hacker's Challenge competition is based loosely on the classic Jeopardy gameshow. The game board is progressive, meaning that you need to solve a challenge in order for another one to open. The game board is also global, meaning that if someone solves a puzzle, the next puzzle is open for everyone playing the game, regardless if they have solved the previous challenge or not.

The competition is available globally as well. You should be able to access the website from almost anywhere. Only those attending the conference are eligible to win.

GAME SERVER

The Gameboard Server is located at (SECRET LOCATION TO BE REVEALED) and is available at the start of the conference.

The Gameboard Server is out of scope. Do not attack the Gameboard Server. Doing so will result in disqualification

REGISTRATION

In order to play, you will need to register for a Hacker's Challenge Account. The ONLY legitimate piece of information you must supply is a valid email address. Vulgar or offending handles will be disqualified and all points will be forfeit. Your account will be your identity while playing the game. YOU are responsible for the security of your authentication credentials. You will receive a password and API key via email. You CANNOT change your password, but a new one can be re-issued if necessary.

SCORING

Each challenge will provide you with a “KEY”. A key is roughly defined as a string of alphanumeric characters less than 255 characters in length. They will usually be found wrapped in “flag{ }” brackets. When they are not, they should be obvious that you have completed a puzzle and must submit the final answer as the key. Although this is the standard, keys can vary and may be something you do not expect. To score points for the challenge, you will need to submit the key to the game server while you are logged in.

The first person to solve the challenge gets extra points. They will also continue to accrue bonus points each hour until someone new has solved the challenge. This gives an advantage of being first to solve, and also discourages them from sharing keys with others.

API INSTRUCTIONS

You may build a script or other interface using the game API. The API URL is: https://(SECRET SERVER NAME)/play/api/{API KEY}/{Flag Being Submitted}

This should make scripting submissions to the game easier. Remember, brute force guessing of flags is not allowed.

SUPPORT

If you need help completing a challenge, you can visit the Hacker's Challenge Village or ask for assistance on the #HackersChallenge channel in Slack. The HCV is a great place to hang out and work collaboratively on the game.

Hints may be given for some challenges during the course of the game, and only if we feel that a hint is needed or justified. Hints will appear on the individual challenge screen for all to see. Most hints will also be announced via the Twitter Feed.

The game also features an Incident Reporting System. In the event you suspect that a challenge is not functioning properly, you can alert the game administrators directly in the game. We will respond quickly, verify it, and confirm it is working or not. This will allow all to know if they are working on a broken challenge.

TWITTER FEED

Live updates about the game can be monitored by following the @SAINTCONHC twitter feed. All major changes in the game, and progress will be updated automatically using this feed. Following this feed will help you in keeping up with the game.

CATEGORIES

  • Binary L33tn355
  • Crypto Madness
  • Computer Forensics
  • Hack the Badge
  • Pursuits Trivial
  • Capture the Packet
  • Ridiculous REGEX
  • Potent Pwnables
  • Packet Monkey
  • Exe-Cute
  • Rabbit Hole


THE RULES

Play the game ethically
Do NOT share captured flags
You MAY work together as a team, But there can only be ONE winner
Do NOT brute force servers. Be certain to not introduce a Denial Of Service situation for other players.
Do NOT steal flags from other players

DISCLOSURES

The SAINTCON Hacker's Challenge admins reserve the right to disqualify and/or change scores for participants who violate the game rules or participates in unprofessional conduct. We reserve this right without right of dispute or for any other reason we feel is appropriate or prudent.

Also be warned: We have ways of monitoring cheating, sharing of flags, and other shenanigans that might go on. Get away with it... Good for you! Get caught, your score will suffer.



Password Cracking Competition

Brought to you by BashNinja @miketweaver

COMPETITION DETAILS

Competition Details: This is SAINTCON's second annual Password Cracking Competition! The password cracking competition is all about how epic of a rig you have to compete! Don't have a rig? Look into joining a friend who has one or even building your own in the cloud for a few bucks an hour! This competition will be all about how fast and how good you are at cracking password hashes. Are you crafty at making good word lists? Perhaps you can beat all the big systems by a more methodical approach and locking in your mangle and dictionary skills! We'd love to have as many are willing to play join us!

Participation: All SAINTCON participants are encouraged and invited to play. The competition times are below.

Password Cracking Event Starts - Tuesday Oct 10th === 10:00am
Password Cracking Event Ends - Thursday Oct 12th === 10:00pm

How to Play

  • Register your team at https://www.passwordctf.com after the competition has started.
  • Password Hashes will be posted on that website on Tuesday, October 10th morning around 10:00am.
  • There will be a LOT of passwords to crack.
  • We will provide an API so you can submit your cracked passwords. Details will be posted when the competition starts.


Register https://www.passwordctf.com
Crack the HASHES that are posted.
Submit the cracked hashes to the Competition Portal API

{
    "Team": "bashNinja",
    "Hashes": {
        "Goonies": "2d8f6dd54da3d63b7a238e43ace30c32fdbd2b1e",
        "StarWars": "f35a8bc970ea145dd5937d10649ab05f13d2bd7b",
        "saintcon": "ab39aa1fa61d154a2c46742179879c87408035d2"
    }
}

Scoring: Each hash will be worth 1 point.



Red vs. Blue

Brought to you by CompuNet

Have you ever detected an attack while it was happening? Have you ever been the attacker?

Red versus Blue is a two-hour hands-on workshop where participants experience security attacks from the perspective of an attacker and a defender. Prizes are awarded to both attackers and defenders.

As a Blue Team participant, you'll be monitoring a live environment looking for anomalous behaviors. It will be your job to identify the breach and make recommendations for remediation. Blue team players will get hands-on experience using firewalls and log collection tools for attack detection.

Red Team participants will receive a playbook with step-by-step instructions for a series of attacks against the Blue Team. All necessary Red Team tools are included with Kali Linux.

This event is designed for players of all ages and abilities. Prizes will be awarded for high scores, insightful discoveries and collaboration skills.

What to bring: A laptop capable of booting Kali Linux is required.

Schedule

Tuesday
1:00pm-3:00pm
3:30pm-5:30pm

Wednesday
10:00am-12:00pm
1:00pm-3:00pm
3:30pm-5:30pm

Thursday
10:00am-12:00pm
1:00pm-3:00pm
3:30pm-5:30pm

Friday
10:00am-12:00pm

Mini Mystery Challenge

Brought to you by 1o57 and the rest of the Curious.Codes Crew

Hack the Planet! 1o57 along with the rest of the Curious.Codes Crew will be conducing hacker mini games to challenge and entertain. Expect to have fun, all skill levels welcomed and encouraged. Come play in our world!

Bring your Own Malware Challenge

Brought to you by Bromium

Overview

You bring the worst, most destructive malware you can find and use it to target a Bromium-protected endpoint in front of a live audience. No gimmicks. No hiding. We’ll do this in plain view (we’ve done it before!).

And then, we encourage you to test other endpoint vendors in the same way.

Request to run malware variants on their systems. We believe security vendors must be held accountable for their unrealized marketing promises and for breaches they fail to prevent.

And if any malware escapes from the micro-VM, you will win $5,000 USD!

The Details & Sign Up

Visit Bromium's Website for more details