 Well, hello and welcome everyone. You know, I hope that you had a really good Defcon and you enjoy all the activities in the red team village that we actually had at Defcon with me I have the red team village core team and Without any further ado, I'm actually gonna pass it right to west to go over an overview You know of the CTF and we're actually took place in Vegas and virtually not only in Vegas Thank you Amar for the intro there for the quals I'm actually gonna turn over to Barry let him kind of talk a little bit through of you know Some of the amazing work that our team did on the on the quals and then I'll jump into the finals a little bit later You know me I just want to thank the team that put it together There was a lot of work that we put into it There's over a dozen folks that that helped contribute to the qualifiers as well as the the final scenario Last year was full remote so we put together a Fairly immersive scenario based around an old movie called office space and then this year We had two networks for every single team in finals and the two the two themes there was Silicon Valley and the office And so this year we knew we had to run a hybrid event And so we knew the assets were gonna be up in the cloud But we had a lot of logistics in terms of having an area there on the contest floor We would interact with with players We knew that a lot of our players were international and weren't able to travel because of those restrictions So we want to make sure that that it was accessible to everybody across the board This year we had a qualifying event that started the the Friday of DEF CON and then rolled into into Saturday The the break that we had in the middle there we you probably wouldn't do that in the future just because it was a little bit of a It was it was hard Schedule wise, but we had a lot of players play that I felt like our infrastructure was good We had all pretty much all new challenges except I know that we used these older Beginner challenges that we've done. They're not really worth the whole lot of points But we like to have a have something for everybody on the qualifier We took those top 20 teams we announced who was progressing forward into finals We took a one-hour break which may have not been enough time for everyone to recoup and then we went right into finals And we had 20 teams advance. So we actually deployed 40 networks out to out into AWS We we really loved the feedback we got from the players in the DEF CON discord channel It was great to actually meet some of the players that were there in Vegas I know that there's a couple folks from From different teams and finals that we've only talked virtually and so it was great to put a face to To a name or to a handle and so that was that was awesome. And then and then we left that network open overnight You know different teams were we're fighting their way through the two different networks in the end though ai generated Came out ahead. They they secured a lead in the front. They were able to get past that initial fish Take Execute the supply chain attack the software supply chat Software supply chain attack that then took them down into the other network And for anybody who wasn't able to get eyes on those networks We're actually going to show the network map and i'm going to hand it over to west now And he's going to talk through the scenario what we built and and why Thanks very so yeah, definitely, you know as as very was discussing a lot of similarities to Last year in regards of you know, the finals round You know in a few repeat teams. So that was really nice, you know having that familiarity Of those teams kind of coming back to us and understanding what that challenge is So with that, you know with the finals You know depending on You know, what perspective you had and how your team divvied up, you know, you probably saw a few different things So what i'm going to show here is actually like the network map and to kind of give you an idea of how we kind of Design this so this isn't the final map, but this is pretty close to What we came up with and then went into Actual, you know, diving this out and building this out and some kind of tweaks on here. So, you know, some of some of the Names, you know, like the final challenge or whatever, you know We obviously figured that out. So we'll go through here at the beginning, you know, there's a lot of issues on the You know getting your payloads to land and execute and not getting caught by defender. So that was uh, you know I think a learning event for everyone and then with that Once, you know, if you're able to get actual foothold and get going with the actual payloads We disabled defender on that But once you got that initial foothold then you're kind of in that network and then you're able Start poking around. So we had quite a few different things on there. We tried to You know litter the box with kind of clues as you go along through the scenario Try to understand some of the different pieces as you kind of move through that human resources You know, there's a few little side quests as far as picking up some additional information Going off You know, there's emails different traffic like that to kind of get some of the clues on where you actually, you know Whether it's credentials to be able to log into the boxes a little later on But with that you eventually moved from that, uh, you know human resources department kind of over into the developer section That's where we actually ended up having a couple like a windows box and a mac box and with that with those two we just wanted you to kind of see part of the The source code, you know, some teams obviously saw it and then I think that you know Definitely gave it a leg up as they moved on to the next box But there's quite a few teams who just kind of burned through Especially on the back box kind of missing some of that source code So they had a lot of troubles as they're like interacting with that cicd pipeline You know try to figure out what to actually kind of enter what's changed kind of live on there and That was definitely a challenge for some folks We saw you know some teams kind of brick the service that was doing some of the deployments So it was definitely super interesting to kind of watch the teams as they kind of moved through what decisions they made what kind of You know Kind of payloads they put in there and what they had going So once you're kind of successful and you're able you know to get a cicd actually deploy and go through With that you'd landed that dunder method network In that regard, you know, you can kind of see some of our support boxes for smb window shares things like that But again, you know kind of moving that through we had some internal kind of web services With that like creed thoughts going through there Some internal blogs things like that And with that you could be able to actually get a back door get into the like the shipping department kind of warehouse area Um And from there, you know each step, you know, we're laying the kind of groundwork a lot of the clues kind of laying you through Over like where to go what's next Uh trying to litter it through so uh, I think this is where some of the larger teams struggled and definitely where we had a lot of the You know kind of clues and hints and points of You know, hey, we just don't not sure like how to do this next thing or you know, we're obviously missing a piece We think there probably should be credentials to this but we can't find them and a lot of it is just you know Going back kind of communicating with the team Understanding what they found where and where they found it So with that, uh, they were able to kind of move it along Go in through the sales department. There's you know, a vulnerable internal kind of sales website. They're able to kind of move along And then definitely another couple internal websites The final piece though is when they got into accounting There there is a website where you'd uh, essentially do some privileged escalation Uh get you know remote code execution on the website. So as a local user once you're there, there's We had a binary, uh where you could get, you know, your actual privilege escalation there and get the final flags Uh, definitely, you know some great feedback from some of the teams out there of how they kind of saw that last challenge, you know Maybe not our most intended one Uh So with all that though, like I know not every team was kind of successful Uh getting through this but number of teams at least, you know, they got that foothold They kind of enumerated that first network, you know, uh a decent portion of them kind of made in that second network So that's why we just kind of wanted to talk a little bit at that high level kind of see, you know Here is I would say most of the boxes and to include support boxes that we kind of needed to build To kind of make this scenario happen so With all of that, you know Please we love the write-ups. We love seeing the feedback. We love seeing how you saw this You know, definitely lesson learned, you know, there's there's a prevest we missed That we thought we were patched on and uh, we weren't so we were a little disappointed that, you know We kind of missed out on one piece there, but uh, it was definitely fun Our team definitely had fun watching all the players go through and uh, you know You know kind of seeing that different perspective of how the players looked at it and kind of the troubleshooting things that we went through So with all that i'm going to turn it over to savannah. She's going to kind of go through A lot of kind of like the stats and numbers of everything that we did Yeah, so hi everyone. So for the quals we had 600 Over 600 teams and over 2000 players that played the quals and then 20 teams for the actual finals Itself and we actually have a few of the players from the finals team So we have the ept team and then we also have people from hack tree boys that are going to be joining us on the stream today Uh, so oma if you want to add them in and we can kind of introduce them. So There they are they're all coming in Uh, yeah, so do you guys want to introduce yourself on the stream? Either one anyone can go first. It's up to you We can start with high tail Right. Um, hi. I'm high tail. Um, I'm one of the founders of hack tree boys and we're hailing from the philippines um With me is ian, uh, who is one of our Kind of the red team members So just a quick background of hack tree boys. We are formed by uh professional members Um, and we kind of separate ourselves into the blue team and the red team. So this uh, red team ctf was kind of a um Kind of a guide for for the blue teamers Made by the red teamers in order to guide us Uh into how how to solve like red team ctf problems and everything so Awesome. I'll pass it back to you. Uh HSB ian so HSB Hi, thank you. Omar. So, um, I'm ian. Uh, I'm one of the members of hack tree boys. Uh, we particularly, um Play capture the flag events and try to uh enhance our skills through these challenges Awesome And uh ept I think you're a mute And once again actually, uh for those of you watching I'm part of the ept team and we are Not a mute now you have enough I can hear you now No, we can hear you. Ah, thank you. Well, uh, uh, yeah, i'm one of the team and one of the members of the ept team We are uh We can hear your okay And uh, while we you know solve the technical issues there First first of all is actually thank you guys. Um Some of you is extremely early in the morning and some of you is extremely late at night Or even in them into almost the morning. So thank you for for making the timing here Well, i'm gonna pass it back again to you and one more try ept All right, so There's another player that actually just joined and i'm going only by your handle here, right? So Side max 73 Yeah, uh Hello, there you go. Uh Yeah, my handle is like hard to pronounce. I know Uh, i'm simon Shea max size max from marriage generated Very very cool You're norway right as well, right? Uh, no, uh, we are like from all over the world, uh some from germany some component and Some i think canada in uk Excellent And can you tell us a little bit, you know, how big was your team? There were your strategy We were originally 10 people uh Ended up with nine because one had to Uh go play the main death comes to you Nice And and you guys won last year. You were first place last year So this makes two. Yeah. Yeah, we yeah, we did although. I wasn't there for the win. Uh, I only joined this year There's a lot of fun playing with with everyone. Uh I got up to finals last year too. Uh, this year's network was also a lot of fun playing The world some oversights with with some unintended which Uh kind of allowed us to uh speed through some of the boxes But overall it was uh a nice design network and we really enjoyed it Nice, I love hearing that If I would ask a question to all of you, you know, what was the The favorite part of the CTF for you and like the favorite challenge or the most challenging one or Anybody And when everybody goes on wants I want to start picking on people so I'll say my key question Yeah, uh at least for me, uh, the whole supply chain attack part with the CI CT box was very interesting and We spent a while on it, uh partially because of the broken bot on the other network which, uh Yeah, there was a lot of debugging on on the box. We That we had to do To figure out what was wrong, but It ended up working after all so it was a Very nice part part of the stf Very cool. How about you? I tell um The supply chain attack as well. Uh, it was a very interesting for us And coming from a blue team background, it it's actually my first time to actually, um experience it like first hand um, and So so we ended up with like, uh, blue team skills to in order to debug why it was working and why it wasn't working So we we we relied heavily on tcp.com In order to check if if the binaries were getting uh, downloaded or not Um, so yeah, yeah, uh, it was really really fulfilling and um challenging for us Very cool yen Yeah, same for me. Um, we had particularly challenges when uh, we were doing the ci cd Supply chain attack. So just to mention that we enjoyed it a lot Those struggles and obstacles. Uh, we learned a lot and one of our teammates hop curry Actually created a write up on the supply chain attack Because we enjoyed it a lot, uh, and it was quite a struggle to answer it, but it's quite interesting How the infrastructure was set up and uh, it's really a unique experience Oh, very cool. And i'm gonna try one more time ept. Let's see if your audio is coming through now Yeah, we can try one more time. Do you hear me better now? We can hear you knows at least for two seconds One of the members of the team of colleagues in one and yeah one company in our way And as the other had said we had a lot of fun doing this. So we We ended up, uh Hiring a cabin so everybody joined in the same Ben was quite fun and we had a lot of fun with the challengers So and and we had the same kind of big challenge with the the supply chain attack And so that's gonna that was really nice I think we went there big Detour in in owning and rooting the box We were root on it The build server before we And as a matter of fact, I'm showing the picture of that cabin, right? Yeah, that's the picture of one of the Yeah, that's the cabin that was the conference room between the two cabins that were built together like one big Cabin, so we had yeah, it was quite fun That's very cool. I'm jealous We definitely uh, took some inspiration from you you all Last year because we saw the cabin and we were doing it all remote and realized You know, we need to come together and do this all together and not spread out next time So, uh, we're super excited. We got that air b&b kind of off the strip and kind of two two full purposes All the streaming that we did is uh, well, I was kind of have all the team together It's kind of take a cue out of your playbook And do all the logistics and everything, you know build some carotery there. So thanks for the idea Yeah, I can really Command it. It's super fun. It makes it like twice as fun Remotely separately If you're right, you can just do it Very very true And once again, thank you for participating So Savan, I'm gonna pass it back to you for some of the statistics Oh, uh, so The flares uh, we have a 2000 flares Oh, we're good. We're good. I think it's over to me now. I think uh, maybe uh I just had I had one comment Um, we really love the fact that everyone liked that supply chain attack when we started coming up with the scenario it was right when the solar winds uh came out and uh And right around that time those maybe four or five pretty big Uh supply chain attacks that happened and so we're like, oh, this is great We'll do this theme and we thought when we started then that that would still be the hot topic by the time We got the def con little did we know that there was going to be massive ransomware attacks that you know Took over the news before we got to def con But uh, but yeah, we were we were hoping that uh that that was enjoyable that uh, you know Just just how easy it is to to uh do that supply chain uh interdiction Especially when it's software driven and it's uh, and it's really hard to uh, hard to detect And so for anybody out there who didn't see it The way we had it set up was there was a c-i-c-d pipeline That would uh generate uh an installer for this this fake software And then in the other network we had a uh at a script that just acted like a bot it would go and it would check periodically for any updated software and then if it got that software if it saw that there was an update because It was doing a hash match then it would download and uh and execute it So great to hear the feedback Um, and have any other uh questions for for the players Uh, really do appreciate everyone dialing in kind of telling us firsthand. Uh, how you like the uh event Yeah, thank you so much and thank you for participating and always Supporting the red team village. I know that it's not the first time for a lot of you And as a matter of fact, not the first time winning either so uh kudos and thank you for your support Hope to see you in the next one. All right. So with that, uh, we just want to kind of thank everyone that kind of participated in our prize giveaway Kind of filled out our forms everything else. So, uh, you know big shout out to sector seven Uh, they're able to kind of offer up a number of 50 off for their malware essentials courses Uh, you know, I've taken this myself. It's an amazing course a lot of good information Uh, you know in sector seven kind of always came comes through with us. They both offered, you know Kind of prizes for our finalists everything as well. So uh, huge huge shout out to them. So with that Big thanks for everyone that took the time to fill out the form and on the screen here. You can see Uh, these are the winners. Uh All right, we're trying to pronounce them earlier. I'm not going to attempt to read them now But big thanks. Uh, if your name's on here, uh You won, uh, one of the 50 off coupons for malware essentials from sector seven And with that, uh, we'll also reach out directly to you and let you know, uh that you won So again, big thanks to sector seven I just want to remind everyone, uh, you'll get email from 45 with the prizes So they'll be coming out from uh 45 and I'll go ahead and switch it back to Omar to go ahead and go through That that's awesome from now on From this stream onwards We're gonna pronounce pony AP as pony pie It's dyslexic. Uh, so it's nothing personal. Just this dyslexia. Just it's pony pie. So he just he spells it wrong That's that's the reason that we're laughing, you know behind the scenes So but thank you again sector seven and as a matter of fact, thank you to all our sponsors Without you, none of these will actually would be happening um Not only the impact to the to the retinverge, but the impact to the community as a whole, right? So our goal is to always have You know an industry-wide International, you know opportunity for people to learn And that's actually our mission, you know, it's actually to bring Learning environments that you can actually practice your skills in a safe environment learn from each other collaborate a network So, um, I'm gonna share real quick, you know, all our sponsors A lot of them in here, right from sector seven to bishop fox to hack the box to optif to specter ops And the list goes on on right? So thank you. Thank you. Thank you And um with that, I think that is everything That we have for today any quick round table if I miss anything If not, um, thank you again Yeah, I've got one real real quick. Uh, if if you're not on the discord you join the discord There's a lot of good conversation there. We've got some events coming up We're participating in activity con with with hacker one. Uh, that's going to be uh in a little less than a month now So we had that cfp open if you've got you've got to talk Also for the different events that we get involved with, you know, it's all just volunteers jumping in So if you've got something you want to talk about maybe you want to run a workshop or uh, or help with the ctf You know, please, uh, you know, please reach out on On discord and uh, and we can always use the help You you remind me of the biggest thing in there, of course our next event and let me actually share that in the screen real quick As a punny ip mentioned, you know, please please, please, uh, you know participate in this event and it's uh It's a conference even though it's hosted by hacker one is actually built by the community for the community We're gonna have tons of speakers multiple villages. We're not the only ones there as well and The cfp as he mentioned is actually open and if you also click on the little icon in the screen It will take you to this page and it's september 18th And again, it's an international conference and it's free So with that, thank you again for all your time and i'll see you on the next one Bye