The Ethical Hacker Network - [Article]-The Nightmare Before Charlie Brown`s Christmas

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4167

Editor-In-Chief

[Article]-The Nightmare Before Charlie Brown`s Christmas

« on: December 08, 2010, 02:13:43 AM »

They're baaaaaack... Ed Skoudis and I felt strongly that although we haven't had a Skillz Challenge in quite some time, that it would be a shame if we didn't continue the annual tradition of an Ed Skoudis penned Xmas Challenge. If this one goes well, we'll pick it up again and have many more challenges in 2011. So be sure to help spread the word.

Permanent link: [Article]-The Nightmare Before Charlie Brown`s Christmas

Quote

Happy Holidays, challenge fans! Ed Skoudis here, with this year’s holiday hacking challenge. Have you ever seen the classic video A Charlie Brown Christmas, and pondered why Charlie Brown is so upset at the start of the video? Also, have you ever wondered why the rest of the Peanuts gang is so focused on the materialism of the Christmas season? Well, this year’s hacking challenge answers these questions. In our tale, you’ll discover that something happened before the start of the Charlie Brown Christmas video that put these characters into such a state. That something is what we like to call…

The Nightmare Before Charlie Brown’s Christmas

These challenges, which are an annual tradition here at EthicalHacker.net, are designed to help people develop their skills, show off their abilities, and have some fun. During past holiday seasons, you got to tangle with the Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself. And who can forget last year's Miracle on Thirty-Hack Street. Read this challenge, answer the questions, and send your responses in by January 3, 2011 to skillz1210 (at) ethicalhacker.net. We’ll choose three winners, each of whom will get an autographed copy of my Counter Hack Reloaded book. One prize will go to the best technical answer, another to the most creative answer that is technically correct, and the final prize is based on a random draw from every person who submits an answer. Even if you have no idea whatsoever for how to answer the questions, send in your best shot to be entered in the random draw. And now, without further adieu, the curtain rises on our story…

--Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Instructor

Have fun and be sure not to give the answers away,
Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

sil

Hero Member

Offline

Posts: 549

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #1 on: December 08, 2010, 09:47:18 AM »

Darnit, feel like I have an unfair advantage over a lot of individuals here. 75% of my day revolves around VoIP Sad

Almost feels like I'm cheating just by participating Sad

http://www.viperlab.net/wordpress/?p=268
http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/227500994/index.html
http://voipsa.org/blog/author/joquendo/
http://www.eventbrite.com/event/942379683
http://www.issa-ct.org/index.php?option=com_content&task=blogcategory&id=16&Itemid=43


	Logged

http://www.infiltrated.net/mgz/puppylecter.jpg

H1t M0nk3y

Hero Member

Offline

Posts: 864

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #2 on: December 08, 2010, 10:01:36 AM »

That's what happen when you work too much sil! Wink

For me, it's the opposite: I see it as an opportunity to practice in my lab what I have studied for CEH last year. So thanks for the links!


	Logged

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP

chrisj

Hero Member

Offline

Posts: 1163

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #3 on: December 08, 2010, 02:41:48 PM »

I'm happy to see the challenge. I've been waiting all year for it. I might get 1 question answered.

I still claim to be clueless at these things, but like seeing them, because if I remember correctly, one of the other challenges is what got me introduced to EH.net.


	Logged

OSWP, Sec+

sil

Hero Member

Offline

Posts: 549

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #4 on: December 08, 2010, 03:30:02 PM »

I sadly did it this morning. Didn't get too technical, figured I'd give it a shot while on a conference call (imagine that!). I don't want to disclose much but I will say this to those analyzing VoIP or thinking about VoIP security as a whole...

VoIP is no different than any other protocol (SMTP, HTTP, HTTPS). It is subject to the same attacks, same threats. Forget about the "call" and think about the connection between two devices as you would think about say an SMTP connection. What could occur there? How could it occur? What do I need to look for?

Anyway, I didn't want to get too detailed into the contest because I do this for a living however, I'd like to wait until its over and offer a video demonstration of what I did to analyze, so I will wait until all is said and done, get perms from Don, and present it after the winner is announced.

/ Edited for now to protect the innocent Wink


« Last Edit: December 09, 2010, 10:22:50 AM by sil »	Logged

http://www.infiltrated.net/mgz/puppylecter.jpg

sil

Hero Member

Offline

Posts: 549

The Nightmare Before Charlie Brown`s "SECURE" Christmas

« Reply #5 on: December 09, 2010, 09:26:27 AM »

Alright, work calls Wink


« Last Edit: December 09, 2010, 10:19:37 AM by sil »	Logged

http://www.infiltrated.net/mgz/puppylecter.jpg

hayabusa

Hero Member

Offline

Posts: 1632

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #6 on: December 09, 2010, 05:37:00 PM »

Wow, sil! You QUICKLY edited out that story modification / addendum / twist of yours!


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4167

Editor-In-Chief

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #7 on: December 09, 2010, 05:49:43 PM »

That was me. We were afraid that it might possibly give away answers.

Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

H1t M0nk3y

Hero Member

Offline

Posts: 864

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #8 on: December 09, 2010, 06:12:18 PM »

Ouff, I had time to read it! Grin


	Logged

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP

hayabusa

Hero Member

Offline

Posts: 1632

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #9 on: December 09, 2010, 07:39:32 PM »

Quote from: don on December 09, 2010, 05:49:43 PM

That was me. We were afraid that it might possibly give away answers.

Don

Oops, my bad... (sorry sil) Just noticed I'd seen something, and it disappeared so quickly! Tongue


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

sil

Hero Member

Offline

Posts: 549

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #10 on: December 09, 2010, 09:49:46 PM »

No apologies needed hayabusa, in fact I apologized to Don and now to others as I may have made things easier. I'm hoping once its over, I can make a walkthrough on the steps I took, tools I used, etc., I think some may find use in it


	Logged

http://www.infiltrated.net/mgz/puppylecter.jpg

chrisj

Hero Member

Offline

Posts: 1163

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #11 on: December 09, 2010, 10:57:10 PM »

Actually, I found Sil's post useful. I've been looking forward to this all year, but I know I don't have the time time to play with it.

I was going to ask about creating a side channel for those of us that want to use it to gain skills, but are willing to publicly and privately bow out of the contest in exchange of creating it. IRC or mailing list.

I have way way too much on my plate right now. Trying to LEARN, NOT DUMP to pass the Security+ by the end of the year. I've already put some of the things I've learned into practice at work. (Improvement of my monitoring tools, and the such). I have a lot of things to do by the end of the year, and not sure I'll get it all done, but going to try.

So somewhere to do a group crack on this challenge and learn some things along the way would be great.

Looking forward to a writeup.


« Last Edit: December 10, 2010, 09:54:32 AM by chrisj »	Logged

OSWP, Sec+

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4167

Editor-In-Chief

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #12 on: December 10, 2010, 01:15:44 AM »

They'll be plenty of time for open discussion of everything related to the challenge after the answers & winners are announced in mid Jan. Also keep in mind, that Ed usually does a very thorough job of explaining the answers along with the thoughts behind the challenges. He also explains why participants were chosen as winners or given honorable mention.

Hang in there,
Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

Pookie

Newbie

Offline

Posts: 47

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #13 on: December 13, 2010, 10:21:23 AM »

This is my first challenge I have participated in. I really enjoyed applying a great deal of my knowledge I acquired by studying for my Network+ and Security+ certs this year. I also learned more about tools I have poked around with in the past.

Thank you


	Logged

Certifications: A+, Network+, Security+

borat

Newbie

Offline

Posts: 3

Re: [Article]-The Nightmare Before Charlie Brown`s Christmas

« Reply #14 on: December 16, 2010, 02:44:44 PM »

i'm following here my first challenge and i haven't any knowledge on VoIP. Would you recommend me more to start with past challenges on domains i can face all days or this challenge can be solved without prior knowledge on VoiIP ?
Thanks a lot.


	Logged

Pages: [1] 2 Go Up

« previous next »