Presented by:

Bernhard M.

from SUSE
  • SUSE software developer and sysadmin
  • original designer and developer of openqa.opensuse.org
  • since 2016 working on reproducible builds for openSUSE
No video of the event yet, sorry! Meanwhile...

The Hacking Contest simulates a scenario that could happen in lots of offices every day: The admin leaves the office to fetch some coffee, but doesn't enable the screen lock. In the meantime, an attacker walks into the office and hides some backdoors etc. on the admin's laptop which he/ she can abuse later.

Two persons or teams play against each other, each of them has a laptop. The hacking contest consists of three rounds of 15 minutes each. In the first round, the attacker places backdoors etc. on the laptop. In the second round, the laptops are swapped, and the admin hopefully finds and removes the backdoors. The third round includes the most fun - the laptops are switched back again, and the attackers shows off what backdoors were left and how they can be abused.

It's allowed to bring notes (on paper) with you, but it's not allowed to bring or use any devices (for example USB sticks). Internet access also isn't allowed.

The modifications you do must meet two conditions: - the system and all services must continue to work (additional "features" are of course ok) - you must not do anything that damages data on other partitions or the hardware

It wouldn't be a contest without counting points, so here are the rules for that: - making a system insecure is easy, so no points are given in the first round - in the second round, you'll get one point for every backdoor etc. you find, and another point if you can fix it - in the third round, you'll get one point for exploiting a backdoor locally, or two points if you can exploit it over the network - points from a successful access in round 3 are doubled if you get root-access - in the third round, the jury can give extra points for really evil, scary or crafty exploits - or if someone from the security team blacks out

If you want to participate in the contest, please send email to hackingcontest@zq1.de Watching the contest taking place does not need registration.

Date:
2016 June 24 - 15:00
Duration:
3 h
Room:
Seminarraum 2
Language:
Track:
Technology & Development
Difficulty:
Hard

Happening at the same time:

  1. Key signing party
  2. Start Time:
    2016 June 24 14:00

    Room:
    Hacker Room

  3. A Guided Tour of Machinery
  4. Start Time:
    2016 June 24 15:00

    Room:
    Galerie

  5. Disk encryption
  6. Start Time:
    2016 June 24 15:00

    Room:
    Roter Salon

  7. Configuration Management in Production
  8. Start Time:
    2016 June 24 15:00

    Room:
    Seminarraum 1

  9. Improve the quality of Plasma with Wayland
  10. Start Time:
    2016 June 24 15:00

    Room:
    Saal

  11. Images for the clouds with KIWI and OBS
  12. Start Time:
    2016 June 24 16:00

    Room:
    Roter Salon

  13. openQA - Avoiding Disasters of Biblical Proportions
  14. Start Time:
    2016 June 24 16:00

    Room:
    Galerie

  15. Stress Tests and Performance Monitoring
  16. Start Time:
    2016 June 24 16:30

    Room:
    Seminarraum 1

  17. Testing complex software in CI
  18. Start Time:
    2016 June 24 17:00

    Room:
    Galerie

  19. GNOME Keysign - Signing OpenPGP Keys easily and securely
  20. Start Time:
    2016 June 24 17:00

    Room:
    Roter Salon