RSSSkillz

The Nightmare Before Charlie Brown’s Christmas – Answers and Winners

| January 26, 2011

nbcbc_sm.jpg

Hello, challenge fans!  Ed Skoudis and Yori “Skellington” Kvitchko here, with our announcement of the answers and winners from the holiday hacker challenge The Nightmare Before Charlie Brown’s Christmas.  In past challenges, we typically showed our answers first, followed by the winner announcement.  But, we know that everyone instantly jumps down to the winners first (we can tell this using the Metasploit-based tracking software we clandestinely installed on each of your systems while you read our packet captures – JUST KIDDING!).  So, in a topsy-turvy fashion for a change of pace, we’ll first announce the winners, and then provide our answers to the challenge.

As usual, this year’s competition was intense, with some of the smartest and most clever folks we’ve ever seen participating.  Also, many of you had a nice scent as well (we can tell via the new Meterpreter smell-o-matic script included in the payload of our tracking software; thanks for coding that one up, Carlos).  Our respondents included tried-and-true experts who have worked through many challenges in the past, intermixed with freshly minted newbies impressively building their skills, and everyone in between.  Many people commented that the challenge really helped get them engaged in VoIP attack analysis for the first time, which is one of the primary reasons we write these darned things.  Even if you didn’t win, we do hope that your had fun and learned some valuable lessons about VoIP (in)security.

–Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Instructor

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:December 2010 – The Nightmare Before Charlie Browns Christmas}

Continue Reading

The Nightmare Before Charlie Brown’s Christmas

| December 8, 2010

nbcbc_sm.jpgHappy Holidays, challenge fans! Ed Skoudis here, with this year’s holiday hacking challenge. Have you ever seen the classic video A Charlie Brown Christmas, and pondered why Charlie Brown is so upset at the start of the video? Also, have you ever wondered why the rest of the Peanuts gang is so focused on the materialism of the Christmas season? Well, this year’s hacking challenge answers these questions. In our tale, you’ll discover that something happened before the start of the Charlie Brown Christmas video that put these characters into such a state. That something is what we like to call…

The Nightmare Before Charlie Brown’s Christmas

These challenges, which are an annual tradition here at EthicalHacker.net, are designed to help people develop their skills, show off their abilities, and have some fun. During past holiday seasons, you got to tangle with the Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself. And who can forget last year’s Miracle on Thirty-Hack Street. Read this challenge, answer the questions, and send your responses in by January 3, 2011 to skillz1210 (at) ethicalhacker.net. We’ll choose three winners, each of whom will get an autographed copy of my Counter Hack Reloaded book. One prize will go to the best technical answer, another to the most creative answer that is technically correct, and the final prize is based on a random draw from every person who submits an answer. Even if you have no idea whatsoever for how to answer the questions, send in your best shot to be entered in the random draw. And now, without further adieu, the curtain rises on our story…

–Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Instructor

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:December 2010 – The Nightmare Before Charlie Browns Christmas}

Continue Reading

Miracle on Thirty-Hack Street – Answers and Winners

| April 6, 2010

facebook_santahat.png

Greetings, challenge fans!  It’s time (at long last) to announce the WINNERS for our holiday-themed challenge, Miracle on Thirty-Hack Street.  I’ve gotta say, we received a huge number of high-quality responses.  KJ0 (one of my nicknames for my challenge co-author, Kevin “Frickin’” Johnson) and I felt kinda like we were in the scene from the movie where they dump all the mail on the judge.  I apologize for not getting these answers done sooner, but a family medical emergency in January and February consumed much of my attention those months.  But, we’re back in action and ready to roll.

Dedicated little elves that we are, Count Kevula and I read every last word of every entry.  Actually, we read the first word, too.  Oh, and all of the ones in between. (Well, except for one entry, in which we read only every other word.  It was kinda confusing, quite honestly.  But, since that submission came from Don Donzal, who is ineligible to win, we figured it was OK to skip those words.)

–Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Instructor

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:December 2009 – Miracle on Thirty-Hack Street}

Continue Reading

SSHliders – Answers

| March 1, 2010

sliders-logo.jpgHello challenge fans. Sorry for the long delay, but better late than never, right? Actually this one caused a little debate, because we did not have anyone that gave a completely accurate answer on either the technical or creative sides. But in considering that these challenges are not just contests but also great ways to learn, we decided to release the answers without any winners. So although there are no signed copies of Ed Skoudis’ book, Counter Hack Reloaded, a couple of you still get your name in lights as we mention some of your good thoughts. We’ll just have to keep in mind the immortal words of Mike McDermott in Rounders when replying to one of the participants in the judges poker game that Professor Petrovsky is not paying him. Mike kindly replies, "Oh, well, knowledge is my reward, sir." So without further delay, here’s Mr. Shewmaker with the answers to SSHliders

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:October 2009 – SSHliders}

Continue Reading

Miracle on Thirty-Hack Street

| December 14, 2009

facebook_santahat.pngMerry Christmas, challenge fans! As you know, my friends and I write several challenges per year for EthicalHacker.net. But, we’ve made it a bit of a tradition around here of reserving the December challenge slot for me, an honor which I sincerely appreciate. During past holiday seasons, you got to tangle with the Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself.

This year, Kevin Johnson and I worked together on a challenge in which you’ll get to save Santa Claus from the insane asylum! We call it "Miracle on Thirty-Hack Street", after the classic 1947 movie. In this tale, you’ll get to analyze some Facebook accounts to see if you can draw out the secrets needed to decrypt a file. Remember, we’ll award an autographed copy of my Counter Hack Reloaded book to three winners: the best technical answer, the best creative answer that is technically correct, and a random draw winner from anyone who happens to send in, well, pretty much anything in association with the challenge. Even if you can’t answer all of the questions, send us what you’ve got to try for that random draw slot. Thank you again for reading and participating in these challenges. I hope you enjoy this one! All entries are due by January 11, 2010.

–Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Instructor

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:December 2009 – Miracle on Thirty-Hack Street}

Continue Reading

SSHliders

| October 18, 2009

sliders-logo.jpgSalutations, challenge fans! Ed Skoudis here, ready to introduce our newest challenge. Jim Shewmaker, SANS Instructor and creator of the Netwars Capture the Flag Competition, has taken the keyboard this time, creating an awesome challenge for you based on the TV show, Sliders. It’s got some fun twists and turns, and includes jumps to parallel universes! What’s not to like? Have fun unwrapping this mystery. As always, we’ll choose three winners: the best technical one, a creative entry that is also technically correct, and a random draw. Even if you don’t know all the answers or can only guess, submit an entry with what you do have, and you’ll be entered in that random draw. Winners will receive signed copies of my book, Counter Hack Reloaded. All entries are due by November 23, 2009. Have a good time and I’m sure you’ll learn cool things along the way with Jim’s challenge!

–Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Fellow

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:October 2009 – SSHliders}

Continue Reading

Prison Break – Breaking, Entering and Decoding – Answers and Winners

| October 12, 2009

prisonbreak_logo.jpgHello, challenge fans! This is Raul Siles, author of the “Prison Break – Breaking, Entering and Decoding” EH-Net challenge, here to announce the answers and winners for this tough competition. BTW, the answers for this challenge were released to The Informer subscribers a few days ago. EH-Net had teamed with The Informer; in Johnny Long words, "(It is) a fund raising effort run by Hackers For Charity. It is designed to give subscribers a "backstage pass" to the world of Information Security. For $54 per year, subscribers get early, exclusive access to all sorts of goodies donated by the top names in the INFOSEC world. The industry’s most recognized names will post blog entries here before they even post them to their own sites." The EH-Net contribution will be the answers to the Skillz Challenges a few days before they are revealed on EH-Net.

The main goal of this challenge was to improve your pen-testing skills by devising an attack strategy to achieve multiple goals, such as dealing with a VoIP 802.1q (VLAN) scenario, squeeze the Windows and Metasploit meterpreter capabilities to sniff traffic, and decode and analyze HTTPS traffic. You became very creative, with different assumptions and answers, covering a variety of strategies and tools.

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:July 2009 – Prison Break}

Continue Reading

Prison Break – Breaking, Entering and Decoding

| July 26, 2009

prisonbreak_logo.jpgHello! Ed Skoudis here… with a new challenge written by my friend, Raul Siles. You may remember Raul as the victor in such challenges as Lord of the Ring Zero and When Trinity Hacked the IRS D-Base. Raul has whipped up a doozy of a challenge here, all based on the TV show Prison Break. In this challenge, you’ll work to thwart the sinister plans of The Company, an ominous, faceless group bent on world domination. To win, you’ll have to do some network trouble shooting, plot a clever hack, and perform some file and packet analysis, all skills that are extremely useful for security pros. As always, we’ll choose three winners: the best technical one, a creative entry that is also technically correct, and a random draw. Even if you don’t know all the answers or can only guess, submit an entry with what you do have, and you’ll be entered in that random draw. Winners will receive signed copies of my book, Counter Hack Reloaded. All entries are due by August 31, 2009. Have fun with Raul’s challenge!

–Ed Skoudis
EthicalHacker.net Challenge Master
Author of Counter Hack Reloaded, Co-Founder, InGuardians, SANS Fellow

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:July 2009 – Prison Break}

Continue Reading