 Tu peux te parler ? Oui. Allez. Je vous... Hey, hey, hey, hey. Hello, we... Hey, we're about to... We're gonna be starting quite soon. And now, I would like to invite on the stage 3 teams, team 34-6, and Bravo. Sardar, Zor-Exordar and Système de Torche. We're gonna get some refreshments for our great people on the stage. Brave people. Welcome to Hacker Jeopardy. 10th or 11th year in a row. Please welcome, your host of Hacker Jeopardy as of a year. The wonderful, the crazy, the exuberant Olivier. Forgot to turn my tie on. Let's wait a minute. Already fucked it up. Let me grab my cue card, so welcome everyone. By now, I think you're used to some of this. Isn't that okay ? So, we decided to bring the team up on stage early so that we will have them, have drinks in advance. On stage, now I'm not sure who is where. So on the stage we have 34-6 and Bravo. Raise your glass. Yes, thank you. We have Xor de All and we have Système de Torche. All right, so this is a semi-serious competition and competition means that there will be prizes. Our prizes tonight. So the prizes are at the end of the three games. So we will have a ladder. This game will create a winner. That winner will go on the third round. What was that ? Play that again ? Okay, you lost the button I guess. And so the second round's winner will also reach the third round and in the third round we bring in the Nordsek crew against the two best teams and the second place of that round will win one bottle of club maté. Wait, wait, wait, there's more. One bottle of club maté each. On top of that, a Yubiki. Yeah, we felt cheap with one bottle of club maté. But those who were there last year remember that that was the second place prize last year. So we're not innovating that much. We're kind of got more money. We added a Yubiki. But jokes aside or trying to be funny aside. The first place is we have, so for each individual, I should step back here because you'll think this is crazy. So we have three prizes. So the three person, one prize each. It will be a flipper zero for one of the contestant. Bazinga. A uberthout, one and a Yubiki for another of the contestant. And a covert lockpick starter kit and USB rubber ducky for the third contestant. And of course, Nordsec can't win. So this will go to the winners of the rounds. Okay, well, oh my god, I will not wear that jacket the whole time it's hot here. We, I'm gonna just go quickly through the game rules for those who haven't been with us for 11 years. So the start of the game is picked randomly. You remember our famous random number generator. Any team can answer, you smash the button. Jeopardy is negative scoring. So an attempted answer that is wrong means negative points. The winning team, team that answers successfully keeps the control. So they will tell the next clue that they want to have, that they want to see. And then so it's, you know, 100 points, 100 is worth, 100 points, 200 is worth, 200 points and it's summed up and you'll see the score as we go. I'm gonna recap the scores from time to time. I'm not gonna tell these rules every round, so here we go. And we don't have a final Jeopardy since six years, I think. This didn't change. President now didn't get time to do that. All right. So I, let's, are you ready? Okay, okay, okay. So cheers, everyone. Let's get this over with. Oh yeah, true, true, true. Thank you, thank you. So contestant, you need to answer in the form of a question obviously but our wonderful crowd always remembers. So we'll get that sorted out. Now I realize my cue cards are not sorted, they are bundled together by round but I didn't put the round in order so when we will reveal the category I'll take a few seconds to order that and then we'll start. I can't, I can't like succeed at all of the little things, right? So we have better lighting than last year but the cue cards are fucked up. Okay, let's reveal the categories please. So we have it's over 9000 with SQLI techniques name that key and mark. Now we're lucky because it's the first set of clues that I have here so I should have not tell anything and I would have done okay. Yeah, let's go with that. Alright, random please. 36 and bravo, you are in control. Oh no, no, no, we forgot something. We need to test the buzzers. So please, team 1, please unlock them please. Team 2 Excellent unlock Oh, you're not sitting in the right spot switch. There is an order to respect. Ah non, c'est bon. Ah ouais, système de tâche, je vais être là. système de tâche, you sit here Zoldo, you sit here and 346 and bravo, you sit here. So let me explain Allow me to explain what happened. We tried to go faster so I was like, why don't we bring the team on the stage so that they can have the drinks prepared and so we can go faster in the game and now we turn that upside down obviously. Okay, now we're ready but we need to test the third buzzer. Excellent, alright. So the random picked who? Do you remember? Pick you guys. But you moved so it was them, right? Just kidding, just kidding. Alright, you guys pick a category please. We'll do Mark for 100. Mark 100. A lightweight markup language for creating formatted text using a plaintext editor. Six. What is hypertext markup language? What is hypertext markup language is wrong. Système de tâche. What is markdown? What is markdown is correct. Système de tâche. Mark 200. Mark 200. A security feature that prevents malicious files and attachment from being executed or opened. The name of the category is Mark. Système de tâche. What is monsieur la voix is incorrect? What is the mark? What is the mark is incorrect? Do we have anyone who wants to pick it up? Because I'm sure the crowd knows. Anybody else? No? No. So we can time that one out. I have it. MACASPAM is incorrect. What is mark of the web is correct? Microsoft tags this and adds this and blah blah blah. Ok, so let's do a random selection for who is in control of the board. Système de tâche. You are in control. You're on the board. You guys can look over there or over there. Mark 300. Which one? Mark 300. A uniform resource identifiers that is stored for later retrieval in any of various storage format. Yes, Système de tâche. What is a URL is incorrect. I put mark of the web. Again. You fucked it up. Again. The category is named Mark. Hi Mark. Ok, anyone else want to try it? No? It's so simple that it's like we forget about such a basic feature. What is a book mark is correct? Sometimes you explain things in such a way that they are more complicated. Alright, so let's do a random to figure out who's next in control. No, another one. Mark 400. No, it's not your turn anymore. J'ai jeté ta barnaque. Ok, kind of marker, covertly embedded in noise tolerance signal, such as audio, video, or image data. The category is Mark. What is marker? What is a marker is incorrect. He's trying, he's trying. What is a watermark? What is a watermark is correct? Excellent, you are in control. Mark for 500. Mark 500. The act of running a computer program, a set of programs or other operation in order to assess the relative performance of an object, normally by running a number of standard tests and trial against it, system de touch. What is benchmark? What is a benchmark is correct? Alright, system de touch, you still down 300 points, but congrats on that one. You are in control. With 100. With 100. 3, 4, 6, bravo. What is a JSON web token? What is a JSON web token correct? You are in control. With for 200. With 200. All the developers in the room are like, why is it this long? Oh, who is it? Alright, the crowd, do you have any idea? I've heard it over there. Google Web Toolkit. It's an old technology. Alright, let's do a random and it must be XOR.ALL who has the control. 33, 34, 6 and bravo. Your turn. Over 9100. A series of Intel processors that are above that level. Tell the all. What is I9? What is Core I9 is correct? You are right. The model numbers of the Core I9 series they are models over 9000 plus. So the first one being 908020X. XOR.ALL, you are in control. Name that key 100. Name that key 100. 34, 6. What is a USB key? What is a USB key is correct? The faithful one terabyte USB key. Let's go WIT for 300. WIT 300. KWT. Ok. It is more commonly known as KW. But the category is WIT so it ends with WT. KW. Any electrical engineers in the house? What is a kilowatt is correct? Thank you. It doesn't have always to be web frameworks. You can hit the random button many times until we get the team that we want. XOR.ALL, you are in control. Name that key 200. Name that key 200. Yes. What is a key? Unfortunately, I am expecting a specific answer here. Apparently, this key is really well known. Not a bad guess, but it's bananas. Like really well known. 34, 6. Bravo. What is a mailbox key? What is a mailbox key is incorrect? Alright. I'm going to answer this. Oh no, no, no. Anyone has the answer? Laurent, he's just Laurent. The famous name of that key is what is CH751. I was told it was an easy question. You guys should wait for the rest before doing that, right? It's not going to be any better. Alright. So let's do a random selection. XOR.ALL. Oh yeah, yeah, oh yeah. We need to... You need to score the people. No one did anything. Just submit the score, enter. Or submit score. Yeah. Yeah, yeah, it's you, it's you. No worries. Jégé has got mode on the software. We can do whatever we want. Make that key for 300. Key 300. I like that. Okay, I'm going to accept a broader answer than the previous one. But a key is too broad. I need like an in-between or of some sort. It can be the purpose of the key or where is it commonly used. Like very commonly used. I never thought I would be in a room full of key enthusiasts. So no one. Come on, you're at minus anyways. Like you're just going to be back to zero. You're going to be deeper in the hole. All right. Okay, I thought it would be like elevator key or something like that. This is not what I heard. But this is an elevator key or the F-E-O-K-1. You're booing them, right? No. Yes, yes, that's what's going on. Thank you. I like that. All right, we're back to the board and let's do a random pick. You're on the board. We'll do it's over 9,000 for 200, please. Over 9,300. This transport layer product all has meme-like RFC number. Some would even say it's related with the web. I want to, I just want to say this, this is the, RFC questions and Hackership party are almost always authored by François Brou. I don't know what he has with RFCs but it's a thing, really. Nice one, all right. So anyone knows? No, that's not the one. Great attempt though, the avian carrier, TCP over avian carrier. No, it's a quick, so quick which became or is the father of HTTP2. So the quick protocol was is actually RFC 9,000 I think I have the exactly. So it's not over 9,000 but I would have accepted TLS integration of quick protocol which is 9,001. I didn't say it in the form of a question either, you guys didn't get it. Ok, let's do a random. You're on the board. SQLI, this is a spicy one. Oh, no, no, no, no. Cachela, cachela, cachela, cachela. C'est moi qui est ça. So fast. You fucked it up. I did, I did. You fucked it up. You fucked it up. It's my new board operator, he's getting fired after this. The amount I paid. Well, we'll be able to go back to it. We have got mode. Yeah, so, Xoldo, what are we gonna try? We want it's over 9,000 for it. 300 over 9,000. C'est la forme de Z-character qui détruit son scouter. 34,6. Qui est Vegeta? Qui est? Vegeta, c'est correct. Bazinga. Ok, tu n'es pas en contrôle. 400 pour la même catégorie, s'il te plaît. Qu'est-ce que tu as? C'est plus 9,000. Plus 9,400. C'est la cpu qui a broken 9000 MHz et c'est un overclock. Je vais accepter une danse de bras. Mais c'est pas votre uncle's cpu, l'expérimental cpu. C'est un produit, un produit actuel. All right, time out. N'importe qui a l'idée? C'est la I9 13900K. Man, tu vas hater la 500. All right, let's do the random, please. System de torche, it's your turn. What is... No, what is... SQLE 100. SQLI 100. System de torche. What is union-based SQL injection? I think that's it. Right you are. Let's go. SQLI, they need 200, please. SQLI 200. Inselect load file. Load... Bye. This was supposed to be a quick one. Like everyone... 34 seconds. What is injection? What is injection is incorrect? Oh, you're so close. Very incorrect. So, this category, we... the beginning of the first character is like the injection point, if you want. Maybe the single quote is not showing here. I don't have it in my notes. But here, the focus is on the load file. Like, this is a technique allows you to do stuff. We'll do it live! You're done, you're done. Right, so the answer is arbitrary file read. I would have accepted LFI although it's not an LFI but I would have accepted an LFI. I would have accepted it. But it's arbitrary file read. Like ATC, PassWU, whatever. There is an SQL track, don't you guys try it? Anyway. Alright, so let's go with the random. You're on the board. Name that key for 400. Name that key 400. Yes! So it's a bit small, we'll have to look over here. So it's 4-E-9-9-0-6-E-8-FC-B-6-6-C-C-9. Hardcoded key. This is... This is... Here it is. So this is a screenshot of Microsoft's website. They had some hardcoded keys in there. Apparently. Documented. What is... GPP is correct. GPP stands for Group Policy Preferences Password. Password. This is clearly just for pentesters. No one else gives a shit. Alright, let's do the random. I'm no pentesters. I don't give a shit. You're on the board. Guess what? Name that key 500. Let's do it! I guess I hang out with the wrong people. They tell me, no, no, it's a little bit hard, but it's obvious. So this is a hardcoded key in hardware. Which means that a whole class of devices are fucked once this is exposed. It's related. I need to have eye contact with someone to not say anything stupid. But it's related with keycard access. Am I right? It's related to keycard access. I would accept only the company name as a correct answer. No shaming. We all made mistakes. We all hardcoded keys in, you know, secure building access systems. Alright, we're going to time this out. This was... Oh, I hear it in the back. So this is the H-I-D-I class master key. Which means you can derive all the type of card if you have it. Alright, so let's do random. System de tâche, you're in control. SQLI 300. SQLI 300. So we have the injection point, which begins with a single quote. Or 1 equals 1. Divided by select flag from flags. It looks suspicious. This is gonna work. What is an error base SQL injection? What is an error base SQL injection is correct. So I'll take a second here to explain it. Tu veux-tu la remettre? Oh mon dieu, les gens qui parlent en français, ils ont tellement de caries. So what we have here is that the division by a string will generate, will throw an error. But in the error will be the result of the select. So this is why is an error base SQLI. A little bit of education here. Now go do that track. Alright, System de tâche, you're in control. SQLI 400. Yeah, it's okay, it's clear. It's missing a little bit here and there, but everything is there. Yes, System de tâche. What is a time-based blindest good injection? What is a time-based one is good. Right you are. You got it. The hint here was the sleep function, obviously. So you guys are good at SQLI. Oh, you're back on in positive scoring, congratulations. We still have 346 leading. Oh, the score was not there yet. Okay, so now you're leading. Sorry about that. You have plenty of opportunity to fuck it up though. Oh, I'll take more beer too. Okay, System de tâche. SQLI 500. This is a spicy one. Caliente. So we have a load file. Concatenation. Way too many backslashes. Just some information. Oh, why are we concatenating? Why didn't we just put it at the beginning? Yes, System de tâche. What is a remote file inclusion? No, this isn't correct. I didn't hear it. Speak in the mic. You accepted local when it was clearly not an answer earlier, and now it's the same thing. I didn't accept it, no one solved it. So here, let's have... No, not in the crowd just yet. Pass is good. Pass is good. So, yes, in the crowd? No. Out of bounds. So DNSXFIL is kind of the side effect, but the name of the SQLI is an out of bound injection. Out of band. Sorry, out of band. So here, there was a domain name, and it was related to our domain name in the CTF. So I kind of mixed some CTF stuff in there, you know? We're only exfiltrating the version, but still the whole concept is expressed here. Thanks, Marc-Olivier, for helping, for actually doing this track with me. All right, so let's go back and do a random... Merci. System de tâche? Width 400. Width 400. Any PTSD? Amazon Web Token? Amazon Web Token is incorrect. Yeah, he fucked it up anyways. Amazon Web Token was incorrect, though. It is... We are in a case of acronym CLASH, but I will not accept the answer, although it could have been good. I'm in douchebag mode right now. So, anyone else want to try? Okay, I'm going to slide a couple of hints here and there. Anyone did Java in the 2000s? Now, you need to remember that... No, I'm sorry. No, it's second, it's 11 years old, so we need to work on newer technologies. System de tâche. What is Apache Web Toolkit? What is Apache Web Toolkit? It's incorrect! I guess, but it's bananas. No, it's not even close. Il n'y a pas Apache, il n'y a pas Web, il n'y a pas... Il y a Toolkit, il y a Toolkit. Tu dis Toolkit? Il y a Toolkit. Qu'est-ce que tu parles? Abstract Windows Toolkit. AWT, c'est une technologie de Java que personne n'a pas utilisé, d'un des universités des 2000s. Sorry about that. C'est une question de 400. All right, let's take a look at the score. We're near the end of the game. 34-6, and Bravo, 0. Zorda or minus 100. And System de tâche minus 400. What will... What team will pick what? Zorda, you're in control. It's over 9000 for 500. Over 9000? This geological epoch saw the last major ice age. It's over 9000 years ago. The game can be played right now. What is the Younger Dryest? The what? The Younger Dryest. The Younger Dryest sounds very scientific and correct, although it is incorrect. Right, do we have anyone who want to try? Okay, anyone... any ice age people in the room? I never thought I would say the phrase ice age people before. The answer is, and I should have double checked, François, but it's the Holocene period. What? I had it! Oh my god. Interesting. So what is the Holocene period? He said it like a mouse. Holocene period. No, he didn't get the point because it was his second answer, but he was his second best guess. Okay. Everyone's ready? We're going to jump right into the 500. Alright, it's going to be a quick one. You're on the board. Easiest question of the board. By far. Go ahead. No, no, no, no, no one needs to pick. Just click on the 500 points. Ah shit. 346 and Bravo. What is what? What is what is incorrect? Unfortunately. Alright, so I think people are now trying to play strategic here. I don't know if you saw that happening, but there is some like, you're not playing this a year here, so that they would like try and then slide right under. We have a clear winner at minus 100 points. So what's funny, like I'll take a couple, one minute to explain. I was looking for like, of course something ending with WT. Ah, what does it end? I tried chat GPT. It completely sucked at it. And in the end I just like framework WT. And I ended up on a framework I have already bookmarked before in my life. And listen to this. I mean you can't make this up. It's a web gluey library in modern C++. Who's going to do that? Anyway, so this was WT. And this ends our game. We have 346 and Bravo at minus 1000. Xorda at minus 100 winning and going in last round. And System de Tosh at minus 400. There's a cup, there's a left over cup here guys at 346. Well, it's 346. Ok, merci. Ok, don't move. Don't move. We're jumping back right into next round. You'll be back in the not this game but the next one. So don't go too far. I'm calling on stage right now Cyber Ages. Where is Cyber Ages going to sit? Guillaume? Tu m'acquittes? Cyber Ages here? Look at me. Cyber Ages. Next one is Coldroot. Coldroot up on stage here. And Navits and friends. And Navits and friends on the stage here. So we have Cyber Ages. Cyber Ages. Coldroot. Coldroot. And Navits and friends please. For round 2 of our corporations team building activity Hacker Jeopardy. So you are you are Navits. Is that Navits and friends? Excellent, merci. Coldroot. Cyber Ages. Correct? Excellent. Alright, I'm excited. I have my little notes. We're about to start but not quite yet. We'll wait till everyone is settled. Oh my god, shots on stage. I'm glad our license allows that. What is it? Like fireball? Is everyone ready? No, no, no. Ah, why not? We do it like before. It's like priming. This is not bribing by the way in any sense of fashion. Okay, this is awful. Don't drink that. It's like I... What is pisang li in English? The yellow flower. Dandelion. It's like biting dandelion roots. Like drinking the juice of it. And I know I was raised on a farm so I know what that tastes like. Okay. Are you guys ready? Ready? Yes. Excellent. Let's reveal the board. In the cookie jar, Chad GPT, ATM, the internet iceberg and famous authors. Let's do the random. You're on the board. Navits and friends. You have control. Chad GPT 100. Chad GPT 100. So this is a prompt to Chad GPT. Last year's Nordsec theme was a startup crypto-company dealing with mushrooms. This year's theme is a dystopian cooperation with hints of freemason lore suggests a theme for next year in one sentence. So you need to guess what Chad GPT answered to that. And remember answer in the form of a question. Just saying like it's, he went straight into the obvious. This is why it's the 100. Also another hint like this is the 100 points. It's the time to try and fail. Like later, not the best time, now, why not try something? I also will accept loosely. Like anything that is in the realm of what it answered, I'm going to accept. Of course. We'll do it live. It's going to be a boring one. People, it's not Rao. It doesn't know about Rao at all. Not Chad GPT. I don't think so. No, so, it went straight into cyberpunk rebellion in a post-apocalyptic city ruled by a sentient AI. He went straight for it. I would have accepted cyberpunk rebellion, you know, post-apocalyptic. Any of these would have been good. You see sentient AI. All themes that we explored before also. So, we have a theme, I guess. All right, let's go back to the board and do a random. Navits and friends. ATM 100. ATM 100. Can you stand in front of the monitors? We use them as a... I forget the word all the time. Okay, ATM 100. What ATM stands for? What is automated teller machine? What is what? Automated teller machine. No, no, no, no. You're not the team who punched. Look at the... So, this is these guys. I fucked it up. What is an automated teller machine? I'm gonna wait for it to be really specific. Just give me one second. Because I'm French, so I need my little cue cards. Where is it? Oh mon dieu, les gens qui parlent en français, ils ont tellement de charisme. Go ahead. What is an automated teller machine? Teller machine is correct. Automated teller machine. All right, Navits and friends, you are in control. You're on the board. ATM 200. ATM 200. The name of the attack that makes ATM spits of cash. Cold root. What is jackpotting? What is jackpotting is correct. You are right and you're back on the plus side. Did anyone jackpot it at Nordsec so far? All right, you're in control, cold root. The internet iceberg for 100. Internet iceberg 100. The TXT file used for indexing the above water part of the iceberg. You host it on your website and you tell it not to look at the dirty stuff. Cyber ages. What is robot.txt? What is robot.txt is correct. You're in control. In the cookie jar 100. It's a bit small. I have text one second. What is it? I need to read the text. We want you to have the best possible user experience on our website. We use cookies to analyze how visitors like you use our website so we can make improvements and we use cookies to make sure that the website functions normally. For more information see our privacy policy. What we're looking for here is why do we have to go through this hell? What triggered this nonsense? The European body of law created Come on, il n'y aurait pas à aller dans toutes les sens. C'était pas si clair que ça. C'était clair. I fucked it up. I'm okay, I'm going to live through this. Yes. What is GDPR? Oui, oui, oui. Posing gun. What is GDPR or GDPR cookie prompt? The whole industry got created just out of it law. All right, you are in control, Navits. Famous order 100. Famous order 100. I think you all understand what we're looking for here, right? I mean it's the 100. This person is so famous but at the same time he hasn't been publicly researching recently and this makes it maybe a boomer question. But if you think this is a boomer question wait until the later ones you're not going to like this track. All right, anyone? One person. Who is HD more is correct. Excellent, let's do a random. Navits and friends. Spam that random another time. They've been in control the whole thing. Cyber ages. Internet iceberg 200. Since the 70's the scene is the place where this type of digital content is being distributed. The FTP protocol and hacked servers were usually used for content distribution. Cold root. What is the Juarez or Weres scene? What is Juarez or Weres? Or as we said in Quebec Juarez. Oh, that's good. Anyone else said that but I was saying that alone. Oh mon dieu, les gens qui parlent en français ils ont tellement de caries. Cold root, you're in control. Internet iceberg for 300. Internet iceberg 300. A website facilitating access to indexed binaries from newsnet. I realize my rounds are unbalance. There's a lot of boomer stuff in this one. I'm surprised you're here and not playing Zelda right now. It just came out. No one... I don't have the card ready. You could have waited longer. Newsgroup is kind of... There's a specific service that was better than the others. Can we get a guess with immunity? Newsnet is written in the question. Can we get a guess with immunity? You wrote the question, come on. Newsbin is correct. So newsbin website indexing binaries from newsnet. So basically you could download a lot of stuff that exists because they were indexing it. Hard to find stuff. I don't know about any of this. Let's do a random for the next question. Cyber ages. Which one? Chad. Chad, GPT 200. Do you see a future where humans are identified only by numbers and member of a large worldwide corporation? Why would that happen in one sentence? Cyber ages. What is? Cyphercon. What is cyberpunk? Can I? So I'm going to read the answer and you guys will decide. We already know what the result will be. So what is Is this the question? No it's not. Thank you. You're also fired. What is in a future dominated by the consolidation of power and erosion of individualism, humans may be reduced to mere numbers and members of a global corporation as control and efficiency superside personnal identity and autonomy. It's pretty much cyberpunk resume, right? Let's go. Good answer. You are in control. It's in the cookie jar for 200. In the cookie jar, 200. The default name of the PHP session cookie. What is PHP session? It was the other team that s'est mis. Yes. It needs to be pretty on it. Oh, here it is. What is PHP session ID? What is PHP session ID? Correct. I wasn't sure if it was an O or not. So I had to use my cue cards. Navits, you are in control. Sorry about that. Famous others 200. It's in the URL on GitHub. Like you get clone the tool, it's there. Cyber edges. What is spider labs? This is the... Yeah, it moved since then. But it was the original author. So the spider labs is archived. He used to work at spider labs. But this is not the answer that we are looking for, unfortunately. Anyone else? Anyone knows in the crowd? Who is Laurent Gaffier? Is correct? Or L... Not sure how I would pronounce that, actually. Let's do a random. Cyber edges, you are in control. Chad GPT for 300. Chad GPT 300. Right now, here are the top of our CTF. Cold root, Système de Torche and Huber Hacken. Who is going to win based on the team name alone? You need to choose one and answer in one sentence. Cold root. Who is cold root because they drink malort? Do you think the AI would have said that? I wrote this this afternoon. They didn't know yet that you were drinking Vendallian juice. I don't think that's accurate. I think they know. Oh, you think they know. I like that. Of course, it's wrong. Anyone else want to try? One sec. The buzzers are lucky. Yes. Who are cold root and probably because they have the word root in the name of their team. But they just said cold root and it was not the answer. Yeah, the name is pretty important for the whole thing to work, right? So, it's not that. Team, I guess. I'm leaking some information here. Anyone else want to try? What is Huber Hacken because they're hacking? OK, listen to this. You can't make this up. What is Huber Hacken is likely to win because it suggests a combination with a determined attitude. They are no longer top 3, I think, anyways. AI is wrong. Cyberages, you are in control. It's in the cookie jar for 300. Cookie jar, 300. Yeah, Navits. What is a JSON web token? What is a JSON web token is correct. You are in control. In the cookie jar, 400. Cookie jar, 400. The cookie attribute name and value that prevents sending the cookie on any cross-site requests. Cold root. What is the same site? OK, yeah, name and value. Oh, same site. None. What is the same site? None is incorrect. Anyone else want to try? So close. Same site. What is the same site strict? Same site and strict is correct. Unfortunately, so close. But so far. You are in control, Navits. You are on the board. In the cookie jar, 500. Cookie jar, 500. Underscore, underscore, CF, underscore, BM. That's the clue. It's a difficult one. 500 points. We're going to time it out. Anyone knows in the crowd? Cold fusion, default cookie, incorrect. Great attempt, though, CF. Cloudflare, but what specific ? What? Butt management cookie is correct. Cloudflare butt management cookie. You know. Stuff you deal with every day. All right, let's do a random, please. Again, we're playing for maybe one club matéh. Think about it. The internet iceberg 400. Internet iceberg 400. Internet iceberg 400. A very secure, net punching and anonymous system allowing to reach the very bottom of the iceberg. Cold root. What is UPNP? What is UPNP is incorrect? Reach the dark net through UPNP. Navits. What is Tor? What is Tor is correct? Internet iceberg 500. Internet iceberg 500. The anonymity network gained popularity after the Silk Road takedown in 2013. It implements this food related protocol named garlic routing. Cold root. What is the onion router? What is the onion router is incorrect? It's a trick question. Onion router was the answer of the previous clues. What is Tor? It's kind of a trolling like garlic onion. Like these guys are playing games, right? Got popular after the Silk Road takedown which was on Tor. So they were like come to our network it's better it's more anonymous sponsored by the Russians maybe I don't know. Don't quote me on that. No one? Crowd? What is I2P is correct? It's pretty intense techno right there. Ok let's look at the score. So we have cyber ages at 400. Cold root at minus 1200. And navets and friends at above 1200. It's over 9000. Pretty broad range of scoring here but nothing is done yet. Everything can go in all directions. So cold root you are in control. 2 famous authors Famous author 300 Cold root Gentle Kiwi Gentle Kiwi Or also Benjamin Del P Is correct Famous authors 400 Famous authors 400 So Nordsec is 11 years old I remember I attended DEF CON around the beginning of Nordsec and I sat on a talk that he was giving I was really close to the stage and back then the room was used were line ups and stuff and I was just like in awe in admiration of this person who created NMAP you know built a business model around a GPL you know security software but he's using a handle everywhere trying to give some clues here and there but he is not he's running very important stuff without the fame so it's a harder one to know but he's super important like he's hosting critical mailing lists and doing a lot of good service for the community that doesn't give any hint but he's a good guy anyone Fyodor who is Fyodor is correct not in the form of a question random ATM 300 so we're talking attacks techniques you know describe what you see cyber ages what is a card skimmer is correct you got it cyber ages you are in control ATM 500 500 jumping to the 500 400 you could you can there are no rules all right ATM 500 the full name of the standards body governing the XFS standard cyber ages the full name not the acronym so you're close I think so nope but it's bananas people who would be trying the ATM CTF track would probably have come through this several times by now and would probably embody the name I've come across the XCF but I didn't read the name of the it's like on the top of the document yeah but that's what's not important all spelled out all right so anyone anyone playing the ATM track who is grinding XFS right now and struggling the name is European committee for standardization the acronym is EEN big climax here so no one succeeded and let's go back to the random now let's and friends let's go with ATM 400 ATM 400 what issue caused by poor bank coding practices are most exploited to skim EMV cars it's an ongoing problem right now oh I see our badges are having a similar pattern activity now there's someone messing with them interesting look around we're all like it's not related to the question that's cool I wonder like have I security on this thing maybe not so no one's trying all right so the the answer it's a pretty tough one I realize now it's the lack of CVV validation so they validate a lot of stuff but not the CVV or the ICVV so it causes right now it's a big problem thank you all right back to the the board and do a random Navits unfortunately chat GPT 400 chat GPT 400 which is the superior invitation format tab spaces or no characters answer in one sentence and don't be nuanced you need to choose one cold root the answer was tabs and there is no justification it's just tabs you wish you would be through but it's not the case wrong answer so anyone else can try maybe it's null characters we don't know it's a computer it's an AI I can't believe you guys are not like spamming the button right now so there's like tabs spaces or null they tried tabs and it didn't work cyber ages because it can be used across multiple coding platforms it was not in a form of a question unfortunately I'm sorry it's wrong I can't tell yet they can't take the answer what are spaces what are spaces is correct and that was it no explanation it was tough to make it decide we had to really drill it down shut the fuck up and choose let's go with chat GPT again chat GPT 500 be ready what is the most important software vulnerability in one sentence what are humans that's bold I like that but it's incorrect chat GPT why he fucked it up chat GPT anyone else I guess I should have wrote this is the exact prompt we're not playing games here but I guess I should have added class of software you see this can help you choose maybe and it's not excessis Laura is on several of our early competitions solely with excessis back in the boule de cristal days what do you think remote code execution is correct this was like easy disappointed sorry about that we have one question left so I guess already we're gonna show it and we're gonna play famous authors 500 I think we can straight jump to the crowd I knew all the other ones before looking or researching but this one I didn't but now I will forget I will remember all my life cause it's easy once you know it's a nickname taking a souvenir it was in 95 come on thank you I'm French so who is a bit what a climax to end the round we have cyber ages at minus 200 cold root at minus 1300 and navets and friends at 1100 age the winners of the previous round right now we're gonna have the people from north sick I hope you were briefed cause you're coming up here I don't remember exactly who has been chosen and we're gonna start right away for our final round for a chance to win a club maté that's not the good sound for that man yeah ok so where so it's navets and navets and friends around them navets and friends l'autre c'est 6 heures dehors ils sont là t'es mis dans quel ordre navets and friends test oh I'm back excellent thank you bathroom break their problem bathroom break your problem I don't get a bathroom break you don't get a bathroom break alright so we have people from north sick who are gonna suck at this game probably I'm gonna take a few seconds to say honestly like stage fright is real like a lot of the smartest person in the audience and we did this with Alex Guedon and not too long ago he was like always answering in the back all questions no matter how hard and then one year he came up on stage north sick and he totally sucked he was a disaster are you here Alex? Alex you're there? is it true? here we go I'm not lying so we have fine members of our north sick crew Junior, Lamber Anne, Andréanne Lamber Lamber is on the co-lead of the badge design team he's the one who said we should have two badges and we're the one stupid enough to say yes of course to make up for last year I don't know why we did that it's complicated to handle though yeah oh Junior is a part of the CTF team and doing a lot of the discord integration and infrastructure and Andréanne Andréanne is part of the outreach and volunteers team and they will not win the club maté they're not eligible so we have these fine folks here who will alright so we've waited long enough your friend is going to arrive when he's going to arrive or maybe we should wait for a hydration ok without further ado let's reveal the board oh we're still having the god mode it's good but it's complicated to handle I will try to do some small talk thank you François hey François play us through a couple of the sound samples you prepared ok excellent what a great timing I was told last year I was not drunk enough I was told last year I was not drunk enough let's make it up ok we have Skynet off by one unstable diffusion hardware acronyms let's do a random and start this game oh and suck who wrote this ok I guess you're going to have to go through this and suck you are in control hardware acronyms 100 hardware acronyms 100 modern firmware interface available on x86 and ARM64 systems I should say that x64 is also included navits what is UEFI what is UEFI is correct you got it right you are alright navits you are in control hardware acronyms 200 hardware 200 this component in its 2.0 revision is a requirement for Microsoft's latest operating system navits what is TPM C'est correct, TPM 2.0, now a requirement. Navits? Hardware again for 300. Hardware for 300? Computer and your computer. Commonly used for server managements. What is IPMI? Should I accept this? Are you there? Nope, nope, alright. So this category was contributed, then I think I recognize the voices. So IPMI is incorrect, unfortunately. There's another way. So anyone else? Nope, alright, anyone? What is board management controller or BMC is correct? Let's do a random. You got it. Another one. They've been in control long enough. And suck. Skynet 100. Discord bot to interact with an AI generating pictures. Xor... The Hall. What is mid-journey? What is mid-journey is correct. It's right you are. Xor the Hall, you're in control. Excuse me, I'm all out, yes. Yes, you have to play this game now. You're there. Off by 1, 100. Off by 1, 100. What is QWERTY? What is QWERTY is correct. Nord sex, 10 year anniversary is also 1 by 1 because it's actually our 11th year. Thus this category. Off by 1, 200. Off by 1, 200. Think about it. Picture the keyboard. Picture the keyboard. And suck. What is ADJ? What is SDJ? I don't know what keyboard layout you have, but this is incorrect. Now take a good look at this and remember the answer because it's going to help you on the next one. Anyone else? What is SSH is correct? Oh my god. I live for moments like this. All right, so let's do a random please. Navits. Let's go with off by 1, 300. Off by 1, 300. Let's compute. We don't really know our keyboard, do we? We just know how to type. I used a tool to generate these because I was not able to do it by my mind. I was tired. It's taking too long. So, what is XSS is correct? Oh my god, you should move away from that category. Just finish it now. The rest of the game will be better. Random please. Unstable diffusion 100. Unstable diffusion 100. Take a good look. These are two images generated. We need to figure out what it's talking about. It's very simple. What we're looking for is very simple. And suck, what is? Tor. So it was an onion with a router like in bread together. On one end. And the other one was just weird, an onion on top of some hardware. So we're using like, here we have like, I think stable diffusion and mid journey side by side. Alright, so you are in control. Don't overthink the whole thing. Un stable diffusion 200. Un stable diffusion 200. What is Netcat? What is Netcat? It's correct. Ok, I like this one. Unstable diffusion again. Unstable 300. Mavits. What is Warrior Shark? What is Warrior Shark? It's correct. Let's go Unstable diffusion again. Let's drill this down. 400. Don't, don't, don't, keep it to yourself. I'm surprised it didn't figure it out already to be honest. And suck? Bus pirate. What is bus pirate? It's correct. What is pirate bus? You could, you could be like, what is... I mean you could have faked the word you didn't understand and do the other one right. Ok, what is bus pirate? That's good enough to be accepted as an answer. He actually did say bus pirate. This is a hardware tool that is well known. So congrats. It's great. This is fun. You are in control. Your doll, we're waiting. We'll take We Fee for 100. We Fee 100. I triple the protocol name. 802.11. And suck? What is 802.11? You are correct. Bazinga. I was, I was afraid, I was afraid we were gonna say what is what he said. Or what... No, that's correct. 802.11. I triple the 802.11 is correct. And suck, you are in control. You need to speak in the mic. Unstable diffusion 500. Unstable 500. Let's go. What is Tomcat? What is Tomcat is correct. The second one is wow. Yes. We know. Navits. Let's go with We Fee 200. Oh mon dieu, les gens qui parlent en français ils ont tellement de caries. You said 200? So We Fee 200. A band shared with microwaves. And suck? What is 2.4 gigahertz? What is 2.4 gigahertz is correct. We Fee 300. We Fee 300. Navits. What is a can tenna? What is a can tenna is correct. We have a battle of the wifi right now. Who? Okay, one second. Let's take a stop. Look at the score, sorry. And suck minus 200. Xoldo 600. And Navits and friends 1200 points. You're on the board. All right. Navits, pick your poison. We Fee 400 please. We Fee 400. In what frequency does wifi 60 operate? Navits. What is 60 gigahertz? What is 60 gigahertz? 60 gigahertz. 60? Is incorrect. And suck? What is 60 gigahertz? What is? 60 gigahertz. What is 60 gigahertz is correct. And suck? We Fee 500. We Fee 500. Protocol name for fine time measurements. Probably only one person in this room knows. He's the one who sent me the question. He might even need to google it himself. Do you, Gigi? Non? You know by heart? Have you read it? He read it. It's 802.11 something I'm looking for. So like with the extensions. So it's 802.11 MC is fine time measurements. I don't even know what it used for. Come on, it's good. You suck. It's a good question. Or clue. All right, let's do a random. Almost done. Sky Nets and Friends, you are in control. Sky Nets 200. Which one? Sky Nets. Sky Nets 200, thank you. A Dungeon and Dragon class, which is also an AI. Navits. What is a bard? What is bard is correct. Or a bard. Some fine D&D action, you know, sued. Cleverly sued into the jeopardy. Navits, you are in control. Let's go again with Sky Nets 300. Sky Nets 300. Tool used to automate pen test by leveraging artificial intelligence. Pen test. You basically just make something up and add GPT to it. It's not a thing. It's like toilet GPT. Facebook GPT. All right, anyone? Yes, GPT is the correct answer. They're not clever. Yeah, it's true. It's a tool. I'm not saying it's good. I'm just saying it exists. All right, random please. Exor... Oh, I'm having a hard time reading the font from afar. Sky Nets 400. Sky Nets 400. A cryptocurrency AI leveraging LLM to increase profitability as a co-pilot to optimize your trading. What could go wrong? I guess if you hang out in the right subreddits, you know about that one, otherwise you don't. Because it's probably a fraud. Another one, another time. Right, so anyone? It's probably a better name than this one. So you should register that domain or whatever. But so this one was called Satoshi. Pick the right one, yeah. All right, so let's do another random. And friends. Let's go back to the of by one 400. Of by one 400. It's not gonna get any easier. Okay, listen carefully. We talked about this before tonight. Overlord of the necktie. Can I get a color change, please? Overlord of the necktie. Thank you. Anyone? End map is correct. Okay, that last one you're never gonna have. It was a bad idea. Navits. You're on the board. Hardware hacker names 400. Hardware hacker names 400. Computer memory design in multiprocessor systems exposing hardware nodes to the operating system for proper handling of latencies. It's for big ass computers. What is Numa is correct for non uniform memory access. Numa nodes. All right. Random. And suck. You are in control. Hardware 500. Hardware 500. In modern AMD CPUs, this component holds one or more core complexes as well as their associated L3 cache. What are CCDs? What are CCDs? Non, non, non. He didn't fuck it up. Bazinga. Who fucked it up? He said this correctly. So what are CCDs? What are CCDs? Core complex die is correct. A big 500 points this late in the game. They're gonna be careful now. Let's try the last one off by one. The last off by one 500. I think I'm gonna give hints until someone figures it up. It's an important piece of hacker lore. It's a flag. Yes. What is hack the planet? What is hack the planet is correct? Bazinga. Congratulations. This is amazing. Great stuff. You are in control. I mean, there's one question. I know, I know, but you are in control. The last two rounds, no one was in control. So now take the control. Yes, grasp it. Skynet 500. According to a bird tweeting billionaire, this AI will understand the nature of the universe. For someone tired of AI, he sent me a lot of AI question this year. Didn't you love? He's tweeting so much crap then. It's just like filtering what makes sense, what doesn't make sense. No one wanna try? This could be a game changer, right? If someone tries and wins or loses, can change the outcome of the game. What is... Should I... OK, let's time it up. It's been long enough. What is true? GPT is correct. All right, congratulations everyone. Do it live! We have a clear winner. Navits and friends, come up on stage, give you the prizes. And stay right here where you're gonna get your club maté, real soon. And... Noir, you live the name. Yes, basically. We're gonna see each other soon though. But so yeah, thank you for playing and congratulations on winning. So we have... the... Lockpicks and rubber ducky. You can then figure it out by yourselves later. Huberthout and the Yubiki. And the Flipper Zero. I don't wanna let it go. All right, so congratulations. That is all for tonight. And enjoy the CDF. We're open until 3 a.m. Do some more points.