 from the public before we go on to the the recap and in all questions we can do a recap first so first we have this viz we wanted to show you I think it is super exciting because I didn't have to write it let me switch over to it and try to share it they're gonna try and share your screen yeah but I already fucked up I mean watching watch an expert hacker use learn how to use discord man this is for gamers dude you cut your teeth writing like muds and stuff so I think there's a clear line for you from yeah that's where Defconn should have gone all right hold on I managed this one sec is it not on any you share the screen oh that's not the problem I have all of the information on the screen yeah we didn't think about this we didn't think this through all the way but I'm almost there so I guess I can talk a little bit do people is anybody out here have no idea what CTF is or how CTF works or you all CTFers who are trying to look for hints well probably if they are here and don't know that they probably don't want to speak up and say hey I'm a noob although you're all noobs especially Adam yeah that's definitely true so welcome everyone we're the order of the overflow we are run Defconn CTF there's a lot of CTFs at at Defconn but this one is ours so we basically the idea is we have qualification events in usually in the May timeframe and so last year I think we had 1,700 teams from around the world that competed in our qualification event and the top 16 teams were invited usually invited to come to Las Vegas to compete head-to-head in a CTF and so there's basically two different types of capture the flag events so the qualification event we run in May is an attack is a Jeopardy style CTF which you can check out one of our scoreboards let me actually oh I don't even think I can share man I'm trying to vamp for you but so I will drop this in CTF discussion text so this is a link to our scoreboard from 2020 so that game ran straight for 48 hours and we started with no challenge opened and opened up challenges kind of slowly over time and so then from there the top teams you can check out the scoreboard I mean it's crazy how good these teams are and how many challenges they solve so the top 16 teams here along with some pre-qualification events we have they were invited to compete in the final event and so Jeopardy style CTFs just kind of have challenges and the idea is everyone's attacking the same service so a challenge will have some intentional vulnerability maybe it's a website maybe it's a custom binary service but the idea is that as organizers we write something that has one vulnerability and that's maybe a super cool way of exploiting something and then the team and players have to identify that vulnerability and exploit it in order to steal a flag so that's where the whole notion of capture the flag comes from and this is different from attack defense CTFs which what John's going to talk about in a second where basically the idea is we're trying to all the teams are essentially running you can think of virtual machines that are identical and they're each running the same vulnerable services that we wrote so it's not like a these are again custom services it's not like we took a version an old version of a bind or something that has a vulnerability and you can just run end map and metasploit against it I mean these are custom pieces of software that the teams have to analyze identify for vulnerabilities and then launch exploits at all the other teams to steal their flag and then they give the flag to the flag to us and then we give them points so that's kind of the rundown at the high level exactly there's actually two types of challenges we have in our game one is this type where you steal flags from each other the other is called king of the hill it was invented sometime in the mid 2010s in Japan and has been adopted in other competitions including ours the idea is that competitors try to beat each other in terms of the optimality of their approach this makes sense from an algorithmic perspective right if you want to write a faster sword algorithm you can imagine a sword algorithm competition was the same with hacking right now we have a king of the hill challenge running we'll talk about that is Las Vegas blackjack casino with a crazy twist so I mentioned this is what I'm streaming right now is the the quals board it's a little chaotic and a whole bunch of challenges that the teams really attacked the scoreboard really drives this home basically this is the qualifying round so the top and teams of this along with one ugly emojis what is this Linux yeah man this is what you should do what happens when you live in in the Linux life yeah exactly you see how good good Apple emojis man yeah anyways Linux hating aside all hackers run Linux by the way it's true the top team here saw like I don't know I can't even count this with my level of sleep deprivation but a lot of challenges right and these are our trick if you had have had challenges in the past that teams have burned real like zero-day vulnerabilities worth real deal money to kind of shortcut right so it's it's pretty cool stuff this is what our game looks like right now so let me refresh this and we'll just kind of go from the beginning oh thank god that's where we're still up alright so we started to take one of course at about 4 a.m. 5 a.m. this morning Vegas time nothing happened for a while and then casino life started getting solutions casino life is a blackjack simulator written using a computer environment a computing environment developed in Conway's game of life it is a really crazy thing we can't talk too much in depth because the challenge is still going it's still active you'll talk about it when it goes down in the next public week after that but you can see teams started kind of pulling away from each other in game of life so you you you see people that are really good at the casino people are bad at the casino and then you just saw what is basically PPP a very famous heavy-hitting team in the scene pull ahead temporarily because they started exploiting a different challenge on that we released called Rorschach Rorschach is a machine learning challenge none of the endpoints are accessible right now are them not with my setup all right Adam do you want to oh you can't share your screen right it is not working I know I haven't enabled it yet I have to give it you know as security people we always say the best thing you should just do is give an application all of the permissions that it requests of you so I mean my man password and give you know an application like discord the permission to record my screen which there's absolutely no way that that could ever go wrong but I do need to quit discord and reboot it to get back so actually Adam do you see my screen yes I can see I can see the browser window so I can see yeah Antonio is a massive noob it's okay the twitch stream can't see it but you know what this court where it's at this is where Defconn's happening so this is where Defconn is happening all right so um three challenges I'll talk about two of them because they've been you know solved to a to a point where at least I can talk about them at a high level because you know I already mentioned blackjack game and game what the other one is Rorschach it's a machine learning challenge so in recent years the field of machine learning security has skyrocketed in importance one of the things that I personally wanted to accomplish in our tenure as the host of Defconn CTF is the creation of a real category of machine learning challenges in capture the flag I started this out on our first qualifiers I had two machine learning challenges one called Adam tune where players had to create impersonations of Adam who just left to restart discord and then the other challenge was flexifier where players had to perform what is called a training set inference attack they were given a trained model and they were needed to recover the types of images that were used to train the model so the model would recognize in this case images of letters then they would figure it out hey nice the next year last year at finals I created a child called AI Han Solo where which was an attack defense version of this training set inference attack where teams had to tweak their models to make them unattackable this year I created Rorschach which is a slightly different twist on I'm all challenge will I'll talk about it when it is and artificial brain it turns out is extremely foolable and has been a lot of several years of research now showing just how fucked we are as a society relying on these things right so you have examples so where people can have a sticker on something and on the stop sign and it'll get misclassified as you know not a stop sign can y'all see my screen so I can talk about casino life I just pulled it up oh brilliant I yeah I can see it cool awesome so yeah so this is a challenge created by one of the overflow members casino life and obviously this isn't the challenge itself this is a visualization of the game so one of the cool things we can go back to an earlier round like round 13 and it will play and so the interesting thing as you're seeing this you can see that there's a number of players at this table and wow you can see that there's a lot of people who even if you don't know blackjack they're very bad at blackjack so lost lost lost lost lost push lost right all these people did really really poorly at blackjack and so if you wonder well why are they so bad at blackjack we can actually see there's a nice link in here to the dealer's brain so let's go look at the dealer's brain can y'all see this can I get a thumbs up yon or something okay I can't see okay cool so this is now so what we're looking at here this is actually we started this and I don't want to give I'm not gonna give too much away so I'm not gonna go into this but this should be very familiar with people who played our qualification events because there was a challenge where teams got access to something that looks very similar to this and what they discovered was this was people had it have implemented a CPU entirely in Conway's game of life so if you're not familiar with the game of life it's a how would you describe it actually I don't I'm I can make something up but I don't know if that's the most accurate way so the game of life was this exercise basically in the most interesting physical simulation you could create with the minimum amount of rules the game of life basically has two rules one is when a square dies and the other one is when a square is born and from that just by iterating through you can create complex concepts the idea right now I'm I'm going through yon and I'm showing kind of some examples from the Google search of oh there we go there's a gift nice you can see kind of things moving and it has this appearance of life like complex behaviors emerge from very simple patterns exactly and then kind of to add some history to this challenge direct history a couple years ago there was a stack overflow challenge and the code golf stack overflow to create Tetris in the game of life so people have implemented some cool stuff in game of life they've implemented you know these little like glider things which are like little guys that that just fly forward self-propagating they've created shooters which are guns the set of generators that create gliders they've created a bunch of different stuff and this code golf challenge challenge them to create Tetris and this was possible because some crazy people have creative logic gates in game of life and that's all we need as we've seen time and time again in crazy weird machines that come up in Magic the Gathering games in Minecraft all kinds of stuff you can build so kind of I mean I honestly don't know very little about this challenge because I did not design it but you can kind of see in the lower left region here a bunch of things of what looks essentially like memory right you have what looks like kind of that pattern that you would expect of like physical bits memory and essentially people figured out all the things that you need to represent things to mimic a digital circuit so you can see there's like buses through the system where bits can go from one place to the other just like they do on the actual physical chips of silicone that are running in your system you have memory units so they'll store either a one or a zero and again the crazy thing is remember I think it's something like I don't know if Eric's on this call but something like each dot in here that's like green or red or anything 2048 by 2048 pixels each pixel in this image yes exactly is 2000 by 2000 game of life thing and so they different things represent ones different things represent zeros different things can move in and out it's all a very cool way of representing this and really kind of thinking about computing at a very basic level and trying to understand a machine really from the ground up and so now that we know that that's what the dealer's brain is essentially then you can think what's happening here is the teams are not playing blackjack directly they're uploading some something to do with this game of life and that it is playing blackjack so let's then go so we just looked at the earlier rounds where we can really see that everyone's just doing terrible right like nobody none of these bots understand the rules of blackjack they don't understand they just keep hitting which is if you've ever played blackjack just don't hit all the time that's a very bad one one player got lucky player nine and got blackjack here but besides that they did not do very well so if we go towards one of the later rounds like just round 75 hopefully we'll see that the teams are actually doing better here so cards are coming out dealer has an 11 that's not great 14 dealer hits on stop 14 dealer oh man dealer got 21 so nothing we could do they all lost but the other interesting thing is we can see that all the players bet different amounts of money so that the players are actually writing bots in this game of life logic that understand this that understand blackjack and can essentially play it so that's kind of where we are with that challenge the game of life concept here of course at an abstract level and you know it's a game of blackjack but it is kind of the latest in this long line of genre of CTF challenges based on esoteric platforms the idea of these esoteric platforms is to try to distill the concept of what makes a you know let's say a reverse engineer at their core a good reverse engineer is it familiarity with a given architecture is it the fact that some reverse engineers that I know can look at x86 assembly and they're more comfortable with it than with the C code right or is it some deeper way that their mind works if you pull them out of x86 and you put them into game of life and suddenly there's a different computer to that to understand or different greater system because Adam pointed out this hardware right it's not just software it's a whole hardware machine that they must understand will those scales carry through the mission of DEF CON CTF is to identify the best fastest most adaptable etc hackers and this is one of these routes toward that potential identification for qualifiers we introduced the teams to this concept of a game of life as a computing platform with two challenges the second one I'll talk about was really crazy it was called life box adventure and let me pull it up on our archive where you can go and play I'll do that while you talk you on you can do I'll be awesome so look at the game console implemented in game of life so I mentioned the original challenge that led on the code golf stack overflow that led to the creation of this computer environment inside game of life was for Tetris this takes a kind of step further that's what I don't keep going this takes a little step further and implements a game console with controllers and with Adam your stream ended yep I know all right do you want me to stream archival I'm spawning a server real quick to see if that works just a second okay so the game console challenge from cause had a boot loader that did verification like a real game console on the cartridge and etc etc and would load a game and play it and in order to solve this challenge the top team or the no sorry the only team to solve this challenge they created in game of life a mott chip a hardware mott chip created in game of life to be able to load unsigned code into the the game of life game console it was absolutely insane and they did this in the course of just like 24 hour crazy straight sprint on that probably never having seen game of life as a computing platform before to creating hardware mott chips in it and so you know in continuing in that fashion now that having introduced teams to game of life we created this game of life challenge for finals other kind of esoteric machines that have been seen in finals there was a defcon CTF year where every challenge ran on this custom architecture created from scratch just for the CTF this was in the run by the organizers before us legitimate business syndicate and they basically from scratch created an entire type of CPU that had bytes that were nine bits long it stored data packed it in what was called mill ndn it was a crazy architecture that the teams had to learn from scratch from the night before the competition in it right so that kind of core concept of CTF reversing or otherwise is how fast can you go from not knowing something at all to knowing it so well that you can find specific tiny corner cases and tiny ways tiny strings you can pull to bend a program that wasn't intended to do something crazy to your will to make it do something crazy I often tell people that you take a program the essence of security right yon exactly the essence of security is you know it's a dance you take something that was designed to walk and you teach it to dance as a world class swing dancer that really means something thank you exactly so those are kind of the two challenges that we can discuss Rorschach and casino life the third challenge parallel AF Adam do you want to mention at a high level that you didn't expect that it was quite this hard no I don't want to say anything about it until it's over Adam's not gonna say anything about it today he wrote it the teams have so far hammered it for eight hours and it has remained completely undefeated so we're going to see what happens overnight so the way that DEF CON CTF for those that don't know that don't know usually works is you start the game usually at 10 a.m. on Friday morning all the teams arrive and teams arrive from all over the world you all over the world flying in from Taiwan from China from Japan from Santa Barbara you know California like when you're in far and they show up usually Wednesday Thursday try to get on jet lag show up on Friday to hack start Friday morning we hack all day start Saturday morning we hack all day or until the evening start Sunday morning we hack into the clothing ceremonies this year because of DEF CON safe mode with all the teams being spread out around the world we couldn't do that so we had to or we could have still done that but then there would have been a significant part portion of our teams that would have had nothing but night shifts for their hacking and that's not fair they would not have been able to perform at 100% so instead we created an insane system where we have shifts of eight hours hacking nine hours rest eight hours hacking nine hours rest and no one rests between the hacking they all I guarantee you right now these teams are hitting all of these challenges very hard trying to solve them overnight so that in the morning they can start or morning when the next shift starts they can start firing exploits against each other so a little made a little even worse by what's the normal time frame schedule like like how long do we normally go and do it 10 hours on Friday 10 hours on Saturday four hours on Sunday this 24 hours of total game time with total game time so and I have the and so if you want to check all this information so I'm streaming on it's all public so you can check all of the stuff out our schedule here so yeah next shift is at 9 p.m. Defcon time or the setups at 9 p.m. and then the game starts at 10 p.m. with a brutal 6 a.m. end time yeah so now the players can of course have usually the players are not very kind to their bodies as they play we've had people put themselves up so hard that they passed out at their table collapsed like you know I was walking back toward the organizer podium and I look over and there is a hacker that is you know hacking away hacking away and then suddenly this hackers head just like hits their keyboard oh this falls to the floor and because they were hacking so hard I forgot to eat drink sleep for you know way too long so probably the same thing will happen again but the twist now is if someone wants to catch the whole competition and doesn't want to you know stay up all night and so forth they don't really have a choice anymore which is very painful but you know will will soldiers through this year yeah so it's a it's a really a crazy scenario Adam did the server for like box successfully start oh yeah did you want me to you want to try talking to which upload a pattern so what was that was I just gonna say you can show this is archive that oh oh oh you can go there right now and play you know this this previous iteration of this and I think since we're wrapping up this goes into kind of both yon and ice philosophy we both you know yon literally started going to Defconn when he was 14 and somehow tricked his parents to letting him go to Defconn and he didn't even have a hotel room I believe the first time they went to Defconn I did but but Otto didn't and so you know wandering around CTF I would you call yourself a noob then I mean I know you cause of a noob now but you were definitely a noob then I was a massive noob yeah I back then the CTF had what was called a gray net so the capture the flag wasn't as well-defined as it is now this is Defconn nine right so it's almost 20 years ago you're old man yeah it's pretty bad news back then you could show up and plug into what is called the gray net and the gray net was like you know we have 16 teams this year the gray net would have been team 17 and it was like a free for all you got you had everyone plugging in script kitties super pros and etc and I plug in to try to tell my friend who's also now on order the overflow that hey I'm at Defconn so cool and so on and and my AOL is in messenger session got sniffed and fairly soon my friend or actually my friend's friend tasked me on the shoulder and says hey are you Jan Shosh like yeah and it turns out that they were in the gray net area as well and they were looking over the shoulder of the fucker that sniffed my AOLs in messenger session and that's how they knew I was in that room and they found me until then we had only known each other online it was amazing yeah so that's how I got first got into depth and I thought these people are like the CTF hackers like the people actually you know scoring points of their their gods now from the other side I realized what news we all are but it's some message I was trying to convey to everyone curious and interested about CTF is you know there's absolutely guaranteed that you can do it if you put your mind to it especially I mean look Adam is here I didn't go to actually Yana and I met at playing Defconn quals in 2008 2009 at UC Santa Barbara in 2009 yeah and that was I think my very first time going to Vegas for Defconn so it hasn't even been that long for me so yeah and honestly I mean the funny thing is running all this stuff you know and playing with these teams and everything you know I learned stuff today about tools and how to learn things like part of what we do as a group is help each other out when we're testing things or devying things or oh do you know this or do you know there's this cool feature and this kind of stuff so I mean the important thing is constantly learn get better and you definitely will improve your skills over time and you can be one of these amazing hackers that are you know competing in CTFs understanding these crazy insane game of life systems and yeah nothing's beyond your reach absolutely anyone got any questions about CTF about how whether it's philosophically in general or how the game progresses from here yeah it's hard for us to give specifics because we obviously don't want to give any anything that could be even construed as a hint but we would love to answer questions if we can absolutely we can also take text questions in I was yeah I already asked I was gonna say just like your classes I think people have fallen asleep and so maybe it's timely oh yeah yeah we can totally wrap things up someone asked about pistachios in the discussion do you want to tell that story or do you want to leave it as a mystery I'll say this who the fuck is pistachio fantastic all right on that note you can still ask last minute questions or sounds are late we'll we'll we'll chat otherwise day one is just the beginning no challenges have been retired so we can't really go in details tomorrow and that is actually tomorrow roughly this time I think actually an hour later maybe no maybe this time on Saturday yeah Saturday Saturday 1pm we have the next public we're gonna go in depth into some retired challenges hopefully there will be some retired challenges and then we can if these guys if these teams just started hacking I think we could retire some challenges but really I mean it's not up to us they have to steal the flags on we just create the challenges yeah you could you you can lead a hacker to the flags but you can't write their exploiting system and automated flag submission exactly the best thing is when you're looking at the logs and you you just obviously see that someone wrote an awesome exploit and they're running it by hand instead of like scripting it to hit all the teams what's easy you just hit up and you go back a couple control B so you go a whole word and then you change one to two to get team two you hit enter flag and then you copy and paste that in the interface and then you go to yeah I've been there done that we've all been there I had a whole year where our network analysis system oh should we talk about stealth big thing you did this year yeah I when we were playing where a whole network analysis system was it wasn't in TCP dump I mean it was easy to be done to capture the and then we graphed them just literally grep instead of actually parsing the packets it was easier for a number of reasons CTF you need an attack defense CTF where you're going up against really a kind of mono a mono again sharing my screen with the with the info there about the pkeps so obviously so previously in the past right previous years so you get access to the data that people are sending to your service the idea of which being you can see when people steal your flags you can steal your exploits and launch their exploits and launch them back at them and that other teams you get this you can see this really crazy behavior that happens or one team launches an exploit and then other teams steal it and now exploits are flying and teams are patching trying to fix those things so in previous years we would actually we said let's get away from pkeps let's limit the number of pkeps and we'll only release pkeps after a certain number of flags have been stolen for that can you go a little bit into the reasoning behind that yeah so the reasoning is well you know it comes back to what do we want to get out of this game who do we want people to win this game we want the like yon said earlier the best hackers the best you know mobile hackers if you drop these people into a desert island would they be able to hack sand and coconuts and trees and i think yes based on how resourceful they are with these systems so you know we wanted to be less about oh let me i see that you stole my flag because we actually had this system when we played def con is we would be able to uh like yon said we were grepping for our own flags when we saw them going out of our pkeps we were able to take that actually just the pkep we'd drop it into a folder and then we'd replay that network traffic against the other teams and if they stole the flag we would submit it and we were able to actually get points and play the game without knowing anything about this service how it worked anything right so we really were standing on the poor backs of those uh reverse engineers and those vulnerability analysis people who did that time in that effort and so we really wanted to switch the game more less from network analysis and more to raw pawning hacking uh exploiting skills yeah and so that's why we said hey we'll only release pkeps when the service is close to being retired and that was the big kind of change that we created so that was uh the the change last year or the year before last when we took over hosting um and there was this comment that you know it's it is a bit of a bummer to lose that aspect right because you know pkeps would only come out uh when the you know after so much time that there's not really much you can do on this challenge anymore because everyone has patched it everyone is exploiting it left and right um and so we went back to the drawing board and we thought how can you make this sort of network analysis challenging useful and uh kind of not just uh something that you can show up with a completed system and just turn it on like we we did so many years and you only have to be slightly better than the second best than the best hacker right because you steal all their exploits you do one of your own and then bam you're in first yeah and and and we had years where our exploit replay system was embarrassingly enough responsible for the majority of our points right so uh we came up with this stealth system where um the inspiration for this was uh finneas fisher if if you haven't looked this up finneas fisher is a hacker who um the hacker who hacked hacking team and leaked all of their data and then and it's a really fascinating write-up that they wrote about this process right and what really struck me you can just search for it um online i have some of my slides from um my various courses online and and there are links to this um there or you can just ping me i'll send you a link to to their write-up finneas fisher as part of the the process of hacking hacking team did this hyper careful exploitation of data um to hide their presence right and this hyper careful exploitation of data had a cost the cost in in that case was bandwidth right they could exploit tons and tons of data uh because that's noisy uh so there's this trade-off in um these sort of exploitation scenarios often between stealth and um just just rob power or whatever right raw effectiveness uh short-term effectiveness and we try to capture that in the stealth system for DEF CON um more explicitly than than um has been in the past every um challenge has two endpoints one of these endpoints when you communicate with that challenge you do not leak your network traffic to the victim team that you're exploiting but any exploits you run are only worth half points right and so it takes you twice as long to achieve the same result just as it took finneas fisher much longer to leak uh the data and and so on um and a lot of different examples uh so this is the first year with this system um and so far it's really interesting uh they're seeing a very interesting mix of of course we see all the traffic uh stealth traffic not stealth traffic from the order exactly um it's been super interesting to watch you know the type of traffic that you know teams probe publicly and then they exploit stealthy and sometimes the other way around because sometimes the probes are what's uh what's what's yeah maybe you want to throw off people's analysis or whatever so you want to force them to have more p-caps to look at so yeah it's a really interesting dynamic that gets put in the player's mind of what do i actually do which which traffic do i make and the other awesome thing that we were excited about it makes network analysis critically important because you need to understand should you stealth based on the state of what everyone else is is uh doing as well okay so quick question yon i think for that for the end um there's a good question in the ctm discussions text about essentially about the spirit and we do i know i get this a lot i'm sure you get this a lot so how do i get started in ctf so i've just been listening to zardis i am super stoked about ctf i know some stuff how do i get started awesome i'm glad you asked so uh historically i have told people um just show up to ctfs but but this is a very painful process um it's important showing up is important i mean that's like there's no way literally a skill absolutely there's no way to avoid that but there is a way to make it less painful initially um and what i've seen is there are people that can't show up to ctfs and just lose over and over and over and over for months and then they start solving something and solving something and solving something more and then they get rolling right there are people like that but but the majority of really potentially talented hackers uh get discouraged through this process so uh adam and i are both professors at arizona state university um and we thought about this problem a lot because uh you undergrads come to us and like how can i hack how can i hack and we tell them okay join asus ctf team um and and uh you know hack with us but people get discouraged so uh we have a number of uh resources at as you all talk about one right now um and it is called poem.college let me bring it up on the the stream i can do it on mine are you or you got it oh yeah go for it do you have a poem college account uh i think i hacked one earlier no i actually don't make something up all right so i brought up poem.college as you can see we really like this um uh hacker theme uh poem college is a educational framework for uh cyber security specifically that the type of cyber security that um is very easy to approach in terms of moving into ctf um binary analysis which i love might not be the easiest thing so this is uh the course i teach undergrads um and i took a completely uh established course at asu i threw it out and i remade it from scratch to be a ctf course um i created a bunch of different individual modules that students who have zero knowledge people coming into this course typically don't even know how to use linux on the command line and that's fine because we have a module that requires you to use linux on the command line um there's a bunch of modules and these modules have documentation slides and uh before next semester i'll have videos up uh that's my plan for uh losing sleep after defcon but let me show you the challenges which is the heart of the system so we go to ctf.pon.college here you can click uh register or log in and it shows you the challenges these challenges are for the various modules you say okay i am interested in uh learning how to use setu id binaries or i'm interested in learning how to uh escape jails you know like ch for simple not like a real jail you have to go to the lockpicking village for that exactly which i highly recommend but you can uh do locking uh uh whatever software jails um how to write shellcode how to write uh like how to reverse engineer binaries to write key generators etc etc and you say okay well here's like the setu id um challenge and then you choose a challenge setu id is special because basically these are all the various utilities in linux and you have to use them to leak out a flag um and we can uh actually let's let's leave that as an exercise for the reader what's a nice easy one uh we will do uh like one of the shell coding challenges so here's a bunch of challenges right the idea is practice makes perfect so you can go from zero to hero step by step by step and the other idea is these challenges will teach you how to solve them so you click this teaching challenge that's 23 solves a platform horizon you can do this right now and say okay let's uh practice doing this challenge you click here it weighs and say okay hey you can now as a s h n you can set a private key in the config or you can just click terminal right here and it'll actually take you right to a terminal where you can start interacting with the challenge and here is uh the challenge dropped into a running linux box that you're s s h into through your browser i don't know if it's just me but i can't hear you yeah it's really tricky to handle this text of course to talk uh along with uh the router so anyways uh this teaching challenge explains what you're trying to do explains where memories map etc etc reads in input and then you can again can hear you yeah he's uh he's got a baby at home so there may be uh he's deliberately not pushing the talk but so you can kind of read the screen a little bit so it's telling you that it's not what that was a really problem i i hit f f and are you messing with pulse audio again everyone knows you don't mess with your back you're back all right anyways so this uh teaching challenge will tell you all about the constraints so you don't have to reverse engineer it and then it'll ask you for shellcode and it lost connection but let me show you what happens when i uh get my connection back and then enter some shellcode so i just hand tied some x86 assembly obviously it's meaningless and it disassembles your assembly and tells you this is what you input and then it'll run it and tells you hey you know you crashed the awesome thing in practice mode i can debug it pushes yeah that's because that's capital p so you can remember that if you want to write other stuff i don't remember uh this the meaning of the name pvp it's just push rax push rax push rax the awesome thing of course it's a ctf uh challenge you need to cap a flag so let me cap the flag because i'm in practice mode i can actually see what the flag is so that when i debug this challenge and and step through it i can figure out that it's working or not right so this is a practice flag of all zeros so then for some challenges like the reversing challenges that meet in the flag and then do crazy stuff on that you can actually single step through them in a debugger in practice mode and then you can't do that in in uh real mode because there is no pseudo you have to actually solve the challenge but it's the same challenge so you can practice your exploit figure out what's wrong with debug it and then run it i'll show one more thing we partnered with a company called Vector 35 to give everyone a binary reverse engineering a tool that they could use to actually look at these challenges and i'll show you that right now come on man you don't know how to do pop-ups correctly hey it's not me it's uh i blame my student was this the 90s anyway button and then the pop-up blocker that never runs that's the stop it exactly you click that um and it will open it up i don't have a binary ninja account at the moment here um and then open it up in binary ninja which is like you know ita pro which is kind of the the standard tool for reverse engineering uh but it works in your browser so as you can see you can do all of this in your browser honestly i didn't mean to go on a sales pitch of this i'm just really excited about the platform and adam brought up how do you uh get into ctf this is one way right look at the slides watch those lectures they'll go online in a couple of weeks and then um the other important thing that you mentioned sorry is uh you know i think it's it's really important to do a combination of things right like yan said show up to ctfs find a group if you don't have a group find a ctf group there's a ctf team called open to all which is literally open to everyone i mean find a group go to ctfs be lost be okay being lost yon and i were those people sitting in that room as ctf looking at a challenge going i have no f-ing idea how i could possibly solve this but you try and you try and you try for eight hours and you probably fail and failure's okay and then the really important thing is to always go back and learn how did people solve those challenges there's a great community of ctf write-ups that and the problem with ctfs write-ups is they don't show you all of the headbanging that the author had to do against the wall in order to solve the challenge they show you the beautiful golden path that gets you the flag so it's important to keep that in mind but learn from those write-ups and then at the same time while you're competing in ctfs do these kind of training activities there's ponible.kr there's a lot of really good over-the-wire type resources that are amazing yon's gonna put up his wargame in that browser there so he has if you go to github.com slash zardis slash wargame-nexus it's a list of all these different types of ctf challenges in all the different categories you want to get better at web you want to get better at binaries you want to get better at reversing you can go here and really honestly you know it's on you you have to put if you put in the time in the effort i guarantee you you will be a good ctf player and a good poner exploiter reverse or whatever you want to be so yeah take advantage of those opportunities for sure absolutely um adam and i our mission with even with everything with defcon et cetera is has a strong educational component so if you're interested about learning about this stuff and we do other stuff we do academic research into cyber security i'm one of the founders of uh binary analysis engine called anger if you're interested in any of these concepts just contact us ask us a question we're pretty friendly i guess we'll be on the discord now we're on the discord now all right um come see us tomorrow for our uh sync up uh our recap at one time and otherwise um if you don't know the game go ahead don't the kids say like and subscribe isn't there some way they can give us social capital or money or something yeah i think it's here maybe or i don't know discord maybe just say thanks at whatever and some random bottom will give you rep i think we've been given the rep for like food or something maybe yeah how about this you can just get us a beer at the next defcon exactly exactly all right feel free to reach out with questions otherwise if you're playing the game be playing otherwise see you at the next sync up um hi i have a question yeah what do you think of starting city learning in ctf and reverse engineering by first learning in assembly and not just digging into like what do you think should be like learned first assembly or without the knowledge of assembly starting doing reverse engineering and getting along thanks that's a great question um yeah you probably have a i would say both that one i mean i'm more of like a choose your own whatever honestly i mean a lot of this stuff is interest so if like you if you find yourself reversing binaries for hours it probably means you like reverse engineering and you're going to be good at it eventually um and then you know once you learn one assembly language it's actually pretty easy to pick up another one and understand what's going on on arm or mips or whatever i mean it's just different ways of thinking so in my mind it's like it's nice to have a base of knowledge so you know what you're looking at and you know what the tools are you know how to use object dump it's nice if you're able to write a an assembly program to do something but then doing both i think is really good like you know improving your reverse engineering skills by looking at binaries yeah i don't know what you think jan so i actually think i'm gonna take the opportunity to answer a slightly different question i think all of computer science should start from the lower level up i right now we teach kids uh python first or java even worse right first and so forth i think it would be much more helpful to start with logic gates and build up on solid principles the understanding of what a computer is and then you can start from the game of life boom and then you can really go in depth into uh hacking right away you know into reverse engineering because you've just done the whole you know process from logic gates up and then you can kind of go back down um so from that perspective i would say learning assembly and then applying it is great i'll give a caveat my class where i learned assembly i went to rents clearpaw technique institute for undergrad um they back then uh ct i knew security there i don't know that was before security uh i i i think i think uh our it has a security code um so rpi sex actually now competing in uh def con uh with you know they're one of the teams um let's see what place they were at a place top 16 i think top 16 so right now rpi sec is in like 10th place but you know they're uh they're they're hanging in there um at rpi the computer organization class which is what you typically take as a sophomore uh was basically x86 assembly and then hacking reverse engineering etc and x86 assembly was almost an excuse to get to the hacking um and that for me was the perfect way to learn x86 assembly i learned it through hacking challenges i mean sure there was like one homework assignment it's like write a function and then it's like okay now here is a binary bomb reverse engineer to figure out an input to diffuse it that was awesome so i would recommend trying to do something very similar um i'll do another sales pitch plug um a group of rpi sec alumni uh rpi alumni i was never an rpi sec it didn't exist back when i was in college but a group of fellow rpi and alumni founded a platform called war games which lets you again in your browser get familiar with uh assembly uh and reverse engineering and even exploitation look it up um the company is retu systems the platform is war games yeah and i think they you know the i don't know a lot of this stuff is transferable i feel i think it's like programming language is a lot of the time is like you know you get really good in one language and you can go into another language and write you know throw down code there because you can you don't it's not because you know that language it's because like when we're debugging one of our team members crazy ruby code and i haven't written ruby code in over a decade and it's like ah i can kind of read it and then i can google for how do i do a list in ruby um and the other thing actually that i've found i don't know if yon has found this but you know there is a lot of truth to this adage of like you really don't understand something until you have to teach it and so like my actually background in cts was all web security stuff but when i started uh when i became a professor and i started teaching how to do binary exploitation that made me understand it at such a deep level that now i really have a much much much better handle on it than i ever had um so i you know you can even apply that in like a ctf context right if you have a ctf team organize regular meetings and be the person that is presents go through the latest um god i hate all those the house of whatever heap exploits or even start small at whatever level makes sense but like you know break a problem down when you really start looking at it and say how do i explain this to somebody else you really have to understand it yeah and i'll elaborate on this house of whatever so there's a class of exploits like a whole genre of exploitation called heap techniques right heap techniques yeah so by um misusing or causing a program to misuse uh dynamic allocators you can do crazy stuff right no achieve execution and and so forth and then um this used to be just like a computer opaque magic um to me and to my teammates back when i was uh hacking with shellfish um before we decided to host this ctf with order doorflow um and back then we created something we had a hacking meeting in santa barbara and then we created an offshoot and said this is going to be the heap exploitation meetings and we just took turns teaching each other various heap exploitation techniques and to teach it through that that process none of us knew them through that process we learned them uh well enough that shellfish is how to heap repository is like a de facto source of knowledge for um heap exploitation nowadays um i absolutely support i would generalize it if you really want to learn something in a very deep level go one step beyond whether that step is not just learning but teaching or whether that step is learning something that uh depends on what you wanted to learn so like you said reverse engineering if if you push through and become a good reverse engineer you will understand assembly for sure that's all right there's no way so things that kind of are dry and boring on their own uh like the inner workings of dynamic allocator suddenly might become very exciting in a different context as a base for something and then it helps you i feel like in learning a new weird system right so there's a new weird maybe it's a different allocation system maybe it's something else but you know you've studied the system to understand what kind of primitives allows you to do those types of things that you can apply that mindset to this new domain yep absolutely i'm uh cool looking i gotta get back to see the adminning yeah i'm sorry to keep kind of short but um we'll we're here feel free to just PM us at at any point or you can of course also um uh shoot us an email our contact info is is is quite public uh look up overflow.io and then there's a team list there um bring us on discord uh drop into the next recap uh and uh yeah hope to see those of you who aren't hacking in rctf this year hacking in rctf in the future especially if somebody else is hosting exactly exactly all right chat bye everybody