C57258b3faac137a43ddcc63deb22517

by Bernhard M.
from SUSE

SUSE software developer and sysadmin in the Cloud team
original designer and developer of openqa.opensuse.org

No video of the event yet, sorry! Meanwhile...

The Hacking Contest simulates a scenario that could happen in lots of
offices every day: The admin leaves the office to fetch some coffee, but
doesn't enable the screen lock. In the meantime, an attacker walks into
the office and hides some backdoors etc. on the admin's laptop which he/
she can abuse later.

Two persons or teams play against each other, each of them has a laptop.
The hacking contest consists of three rounds of 15 minutes each.
In the first round, the attacker places backdoors etc. on the laptop.
In the second round, the laptops are swapped, and the admin hopefully
finds and removes the backdoors.
The third round includes the most fun - the laptops are switched back
again, and the attackers shows off what backdoors were left and how they
can be abused.

It's allowed to bring notes (on paper) with you, but it's not allowed to
bring or use any devices (for example USB sticks). Internet access also
isn't allowed.

The modifications you do must meet two conditions:
- the system and all services must continue to work (additional
"features" are of course ok)
- you must not do anything that damages data on other partitions or the
hardware

It wouldn't be a contest without counting points, so here are the rules
for that:
- making a system insecure is easy, so no points are given in the first
round
- in the second round, you'll get one point for every backdoor etc. you
find, and another point if you can fix it
- in the third round, you'll get one point for exploiting a backdoor
locally, or two points if you can exploit it over the network
- points from a successful access in round 3 are doubled if you get root-access
- in the third round, the jury can give extra points for really
evil, scary or crafty exploits - or if someone from the security team
blacks out

If you want to participate in the contest, please send email to hackingcontest@zq1.de
Watching the contest taking place does not need registration.

Date:
2016 June 24 15:00
Duration:
3 h
Room:
Seminarraum 2
Conference:
openSUSE Conference 2016
Language:
Track:
Technology & Development
Difficulty:
Hard