 So the scoreboard right now is the best scoreboard. I think I've ever seen on a Saturday morning There's like 18 people playing and there's like 19 teams or something like that Which means there's a lot of one-offs if you guys decide that you want to start combining teams We're gonna tally up what the numbers are right now, but the first place prize looks to be around $4,500 worth of stuff For first place for the capture the flag second third places is Gradually down from there, but new on Aruba bi achievers Edis help me here pony express Simple Wi-Fi we have a website. We have a website They've all been donating prizes and money to us for the conference And not just for this conference. We use these for all of our conferences We do about 12 a year and we do about 12 capture the flags a year So that being said you guys are kicking ass keep doing it. It's awesome Please ask questions during now if you have questions about the foxes the hide-and-seek Anything that's going on in the room Russ is surprisingly not here right now So if we have specific SDR challenge questions, we're gonna have to pick his brain unless Dan can answer it but Russ is the Weird mad scientist behind some of the SDR stuff my guys are you that don't know what we're talking about So software-defined radio is something that we realized a couple years ago Was going to be enormous and we were right and all the rest of the industry kind of followed suit Somebody then said in a capture the flag one time off SDR is just a sideshow So if you want one of the SDR as a sideshow stickers, we have a couple of those Because they made us laugh. So we made stickers But software-defined radio gives us mortal humans the ability to actually see what's in the air Once Russ sets it up, and I think it's going to be it's either up on a couple frequencies or we have to check it We're actually painting the air painting the RF. So if you have even the $18 Dongle and GQRX which is a free tool that comes with pen to and is available to load on you bunt to raspian Cali you name the the Linux distribution you can actually see pictures in the air we can actually Send jpegs into the waveforms in the air and you can pull pictures out of the sky It's it's it's tagging spray painting Whatever you want to call it air graffiti But it is a really really really cool capability that we saw two years ago at a conference and tried to get in the middle of Yeah, yeah during during one of Balan's presentations So these you know forefathers of SDR that have been doing it for five years that are you know the old dudes in SDR at this point have just paved the way for us to have a whole lot of fun So in that we have our challenges painted with that logo so that we don't have to tell you the frequencies for the challenges CT efforts So if you go across the spectrum and start looking for About a 20 meg we are wide 18 meg wide no way narrower than that It's like one depending on the frequency and the challenge it's it's pretty narrow to Appropriately fit in that band you will see a jpeg of our Daily jpeg running across that's highlighting the frequency for the challenge you see that Look a couple you know a couple megahertz to the left couple megahertz to the right You should see something very very interesting might be music playing it might be a TV signal it might be Something else that Russ has come up with it might be pox ag Pager network. There's there's a whole lot of stuff out there and that's on the challenge slide So again, please if you have questions go to the challenge slides if those slides don't answer it come up to us and ask and you Know we'll help you from there The schedule is on hacker Hacker tracker. It's at the information booth and it's also on our website at wc tf.us Current conference and then the schedules right there. So the whole schedule talks for the for the next two days is up there I think we have what 812 talks today I think it's 10 10. Okay. I hope it's 10 at 1 o'clock 1300 today We're going to do the SDR drinking game if you're not playing. It's really fun to watch If you're into watching athletic ish like events in it Basically, we throw up a signal and the first person to find it raises their hand. They say I found it We walk over and verify it. They then flip a coin heads. They drink tails. Everybody else is playing drinks We provide the beer and it's fun for everybody. We all laugh But it's 50 points per signal. So if you're really good at finding signals quickly, it's a it's a real good Real good contest a lot of what we do in this is to get people the Capabilities to go out in the world and do this as a job We all do this as a job and we bring what we see on a regular basis into the conference into the capture the flag To give you real-world experience. There are no shooting ranges for it There are no places that you can just hack stuff, you know It's it's called illegal or it's called your own home lab and you start to know the answers It's easy to find the answers if you don't have a clue what the answers are and we make it difficult for you You're gonna dig and dig and dig and dig until you find it and when you find it Hey, cool You've learned something and you've you've failed 25 times to get that one time that you learn it And you don't forget that piece and then you move on to the next cracking web cracking WPA We've got a couple industrial Capable wireless networks that are exactly what you would see with name your contract DOD contractor of choice Uncleared we're not running sweet bee this year. There's a chance. We might next year sweet bee is the What is approved for classified deployment that also companies can use that aren't classified? But it is literally the wireless media exchange you're back to an encrypted back-end off of a controller with the data encrypted underneath of it There are ways of breaking it. We'll allow you guys to try and see what you can figure out So that being said CTFers do you guys have any questions? This is open forum if you don't want to ask in front of everybody Oh, hold on. Let me let me field some of the questions that we've had already. Oh, I had a couple of complaints yesterday about Being unable to connect to the network duh Welcome to Defcon To the people who keep jamming the network. I really would like it if my music stayed playing Jamming is bad and if you do it long enough and my music stops long enough I'll get bored and then we'll have to hunt for you and accidentally break things Do I look happy? Yes, okay. This is happy Welcome to Saturday. All right There were a couple of problems with the wireless setup yesterday that have been Augmented to hopefully stand up just to touch better to all the constant abuse So hopefully that'll work well and if you were interested in the ICS challenges We decided to make it just a touch easier today I'm not going to explain how but it's protected by a web network just like an ICS network should be and I said ICS. I almost didn't I almost got hurt. I said ICS though So if you want to connect to a web network and try to attack ICS today You might find something different when you connect making it a whole lot easier to find what you're trying to attack So there's a lot of points on the board for that. I highly recommend it Yeah, that's great. We have a couple of people running with some just epic antennas That's so cute So I see a whole lot of really ridiculously sized antennas and we were chatting with some of the competitors earlier So just as a reminder Antennas aren't magic and they don't boost your signal. They shape Your signal so if you have an omnidirectional antenna, what that means is is omnidirectional on the horizontal plane So the higher the number the less vertical plane you get So if you have a 9 dbi antenna on your desk, you won't see what's in the hotel room below you You might not see what's in the room you're in you might not see what's in the room You're in because it'll blow out the front end of your radio, which is also funny What does that mean? It means that Mike Osman will probably tell you you have to desolder components from your hack RF and then fix it So that's for wireless for Wi-Fi as well as for wireless So in the RF challenges when we see people with the ant5 antennas that are you know, yay Hi, you're seeing Alice Air Force base by the way when you've got that antenna up And you're probably seeing a couple emmer sats and you're probably seeing a DSB You're probably not seeing what Russ is sending out. So bring your antenna down if you're doing a fox hunter You're doing something mobile. I promise you you won't break your radio unless you screw up So I'm not you know going to take full blame, but if you take a paper clip You know those things that hold that that papyrus gel gelatinous stuff that they press down And you stick it in the end of your of the end of your hack RF or your radio and walk around You will find the Fox if you've got a an ant5 out this far You're gonna see the Fox the entire time you're at the conference and wonder why you can't spot them When they walk past you and you've got a piece of crap antenna stuck in the end of your radio They're gonna show up like a fucking Massive huge signal when you have this antenna up They're always gonna show up like a massive signal because we're running at 72 megahertz 72 megahertz is a big wave Think of the size of a hurt. I mean we're talking, you know electronics and physics here 2.4 gigahertz is really really low high frequency Pretty razor-sharp when you start getting into the lower frequencies you start to get a much differently shaped sign Sign wave so going down one of these hallways It's going through the entire hallway down two or three floors back up again and back down If you've got an antenna this big You're gonna see all of that if you've got a piece of crap You're not gonna see the Fox until you're right there, and then you look around and go, okay Go up to 12 people and say are you the Fox are you the Fox or what does the Fox say? What does the Fox say? What does the Fox say? Yeah, variable attenuation is a really good thing So maybe you start with it like this and you say I can see the Fox And then you put it down and down and down and down at a paper clip because honest to God The paper clip will find the Fox way way more easily than a real antenna most of the time besides charm this year We we did a test and we actually got people to listen to us for the first time And they literally were finding the Fox in minutes, and we were just sending it out again over and over again It was like oh there it is. Oh, that's really cool. There it is Learn what choke points are guys if you're trying to find the Fox or the hide-and-seek Learn what choke points are choke points are the way that you track Warm watery bodies that are masking signals as they're walking around A choke point is a part of a walkway where people have to go like this and go through If you're standing there and you see that signal come through and you have more than one person on your team Have them flank back and start looking for where the signal goes gosh I wonder if casinos or places like that that are high security would be like specifically designed to have those You think and hotels too, especially when they're trying to get you to go to food Huh, that's interesting So I promise you you will find it if you weren't here for the talk yesterday I'm finding the Fox We typically bring back the team that found the Fox the prior year to give a talk on how to find the Fox You should have listened because they did a really good job And those talks are recorded and posted like every year so Look up the last year and the year before and the year before that We've got a lot of video content posted at this point Use it we created this year's contest to handle two different Specifically different groups of people the people that are hardened into wireless capture the flag that know what they're doing They can literally sit here for three days straight and get a ton of points We also made it for the people that aren't really good at this But are good at human or good at being an agent or being a counter intel spy or whatever you want to call it And can go out and find things because that's really fun too But we've scheduled to set up the points so that if you found all the foxes You could essentially win the whole thing without doing a single thing in the room If you found the hide and seek the foxes And maybe cracked wep. I think you'd be Well in first place right now So those are the kind of things that we've restructured this so that different people can have fun with the things that they do I personally like the tracking sitting in sitting in a room is great because there's no crowds But I like the tracking so we build that in we're doing one a day at 750 points each Plus three a day in bluetooth at 350 507 50 Start adding those points up and that's that's a lot of points that are on the board right now bluetooth hunting Is a because blue hydro was released. Thanks to rick and gabe if he's still here. Yeah, thank you, gabe They had a really good talk in 101 the other day But also because everybody in this room raise your hand if you've got a bluetooth device On you are with you right now And everyone in the room should raise their hand because you all have a phone in your pocket I promise and if you don't you did one of those listen to the def con stuff and whatever Your laptop your phone your fitbit your watch your headset I got like five like right now And that means that he now has a digital signature that I could track him all over new york city Without a whole lot of problem once I figure out how to find him You're very trackable if you know how to be tracked You know how to hide from being tracked if that's something that's important to you And it could be important if you're going to a business meeting and you have a big merger coming up If you've got important information on your laptop If you're going to work and you don't want to be trailed because of the work you do I have an alert for when my mother-in-law pulls in the driveway and there's that I mean, there's a lot of uses of this software guys So bluetooth you combine a bluetooth signal with an str signal from let's say what on star a car calling home Any type of of tpms chip that's on your vehicle Your cellular type, which is a frequency type. I'm not saying sniff cellular. I swear to god I'm not saying sniff cellular But a frequency type for Verizon for AT&T for tmobile or for sprint is an indicator your tpms on your car Your on-star or whatever else system you have xm radio I've got flow graphs for each one of those types of signals that we can actually put into place and track a human Anywhere and we do that because this one of the things that we do for a living But when you have the ability to find somebody you can protect them You can also find them and show them how to be a little bit better at what they do So there's some op sec There's some human and there's also some some cloak and daggery stuff that's just fun to play with These are also the kinds of things you can do passively. You're not collecting any data To my knowledge. I'm not a lawyer and I didn't stand a holiday and express It's not illegal to track a signal. I don't think As far as I'm aware if you tune to a cellular band and decode data that is illegal and everything else is okay Yeah, tracking is allowed. It's fun play games My kids walk around the yard with their walkie-talkies and we you know show signals of where they are It's fun casino Adding bluetooth to somebody adding bluetooth to a school when you start to see students going off off site It's a safety capability that you know, you could go back to work and say, hey, listen What are those little chips a buck each two bucks each? Yeah, you could actually do safety tracking of groups of important people at work of your ceo There's a lot of things that this capability is going to start to allow for that Spooky groups have been doing for years that you can now start bringing down into some safety and security for groups So again, just thoughts that you know, we ramble on about but you've heard of iot everybody heard of iot You know what iot is it's it's wireless It's wireless. That's it. It's cheap unauthenticated Improperly implemented wireless if you understand this stuff iot is silly but also biomed starts to become sort of silly and Page your networks and protecting and data protecting and tracking and all these other things Really start to get silly when you start looking at the physics of how rf works That's what we're trying to do here So if you have questions about any of that stuff We still have 40 minutes to stand up here and either dance talk or play music and say before we do questions a reminder of the rules There basically aren't any connecting to our network is consent for us to do whatever we please and sometimes we're bored sometimes we're angry Please keep connecting to the network. It's been fun so far Yes, we play everything is allowed that means you can come up to us can ask us questions Hey, can I see your laptop? Hey, can I have a password? You got any spare keys? Why? Yes, I do We might give you a key. We might not give you a key. It might be a negative key Whatever it is. It's all completely permitted We also show all of the taken flags and available flags If you guys are playing and haven't looked at that whole list look at it There are a couple there are a couple rabbit holes in there that you may want to go down That don't take any technology whatsoever There's actually one on there that if it's not taken by the end of maybe today I'm gonna have to just kick all of you out Because it's really like seriously we gave you a whole in brief full of hints And nobody seems to have read the scoreboard which miraculously this year has the names of all of the challenges Which turn out to be better hints than the hints were sometimes So seriously people seriously That's a hint. It's up there. It's right there. Yeah, there it is. It's just not on the screen Just scroll down on the scoreboard. I know that's gonna be tough for Raging security And whoever those other two people on top are I can't read from here But like I know your name's on the top like scroll down. See what you're missing There's a lot missing and some of it is It should be easier than you think. Well, it depends. This is Defconn That is true. This is Defconn. A lot of people don't follow hygiene. It is disgusting. All right Questions. Oh, yeah, and leave the hotel alone. Leave the casino alone. The casino is out of bounds. Do not play in the casino Thank you. Well, I mean you can play slots, but don't be walking around with the antennas and shit Yeah, they get a little cranky more than a little and by a little I mean like really cranky Yeah Yeah Close the laptop screen when you have to walk past the slot machines. Don't be playing in there We have taught covert fox hunting in the past Yeah, and we're not going to talk about that they can watch the videos We're not encouraging them to watch the casino. I just said we've talked about it. That's all I'm saying Questions concerns Somebody wanted you jumping jacks to wake up And now mike ryan you ever ridden a skateboard? Damn it. Oh One year anniversary of the vulnerability release in the skateboards and they still haven't patched it Is that why you're not riding it this year because now you put it into uber tooth tools and you're afraid to ride it Look up mike ryan's talk on skateboards. It's awesome Wait, you mean not moxie Excellent excellent. All right. Well, if there's no questions, there's a talk starting at 11 o'clock on the schedule And uh, we'll let you guys hack and I guess you guys can be comfortable And if you guys just want to sit somewhere at defcom where it's not overly hot and crowded enjoy