[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] OwnTheBox @ DC16: Pwning for dollars

To: ownthebox@xxxxxxxxxxxxxx
Subject: [Full-disclosure] OwnTheBox @ DC16: Pwning for dollars
From: OTB <ownthebox@xxxxxxxxxxxxxx>
Date: Wed, 16 Jul 2008 00:25:31 -0500

OwnTheBox, now in year 0x01, continues its hallowed tradition of 
creating temporary autonomous zones comprised of random people asking to 
be haxored to test their defensive Kung Fu. We're a defender contest, of 
sorts, which means the following:

* Contestants bring a server, running some hardened services
* We invite all DefCon attendees to attack these services
* ????
* PROFIT


# NEW YEAR, NEW RULES

This year, we made some changes to the format: Instead of asking 
defenders to offer up their hardware to successful attackers, we're 
glomming on to the Vegas spirit and making this a contest of cold, hard 
cash.

Defenders pay a nominal entry fee, matched by contest organizers, the 
Cosa Nostra, and Dan Kaminsky's grandma. The winning entry, based on 
services uptime and our patented PwnOMeter(tm), gets the  cash, as a tab 
at the Splash bar, on Sunday afternoon.

We're also partnered up with the good folks of OCTF, so entries will be 
targets in their event, and given varying point levels in OCTF 
throughout con, guaranteeing a dedicated pool of attackers to bring the 
love.


# OFFICIAL CALL FOR BOXEN:

If you've followed the DC forums, you know the drill. Services this year 
will need to do $SOMETHING. Specifically, our scorebot will be sending 
you a Base64, token every five minutes, to check your service is 
functioning. We can get the token to you just about any way you like, 
though HTTP(s), SMTP, (s)FTP, TFTP, etc, just give us fair warning what 
you have in mind.

You'll also receive tokens to install locally for each service, and one 
readable by root / admin / sysopr / etc.

Obviously, providing the token to contest organizers = an own. Succesful 
attackers get a beer or two.

Beyond that, show up, buy us beer, and come have fun. Mail ownthebox 
[at] cipherpunx [dot] org with signups, questions, comments, ridicule, 
derision, and pics of your Mom.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] everything
Next by Date: [Full-disclosure] [ MDVSA-2008:147 ] - Updated pcre packages fix vulnerability
Previous by thread: [Full-disclosure] [ MDVSA-2008:146 ] - Updated poppler packages fix arbitrary code execution vulnerability
Next by thread: [Full-disclosure] [ MDVSA-2008:147 ] - Updated pcre packages fix vulnerability
Index(es):
- Date
- Thread