December 8, 2010 at 8:13 am #5871
They’re baaaaaack… Ed Skoudis and I felt strongly that although we haven’t had a Skillz Challenge in quite some time, that it would be a shame if we didn’t continue the annual tradition of an Ed Skoudis penned Xmas Challenge. If this one goes well, we’ll pick it up again and have many more challenges in 2011. So be sure to help spread the word.
Permanent link: [Article]-The Nightmare Before Charlie Brown`s Christmas
Happy Holidays, challenge fans! Ed Skoudis here, with this year’s holiday hacking challenge. Have you ever seen the classic video A Charlie Brown Christmas, and pondered why Charlie Brown is so upset at the start of the video? Also, have you ever wondered why the rest of the Peanuts gang is so focused on the materialism of the Christmas season? Well, this year’s hacking challenge answers these questions. In our tale, you’ll discover that something happened before the start of the Charlie Brown Christmas video that put these characters into such a state. That something is what we like to call…
[font=Verdana:28yg914s]The Nightmare Before Charlie Brown’s Christmas[/font:28yg914s]
These challenges, which are an annual tradition here at EthicalHacker.net, are designed to help people develop their skills, show off their abilities, and have some fun. During past holiday seasons, you got to tangle with the Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself. And who can forget last year’s Miracle on Thirty-Hack Street. Read this challenge, answer the questions, and send your responses in by January 3, 2011 to skillz1210 (at) ethicalhacker.net. We’ll choose three winners, each of whom will get an autographed copy of my Counter Hack Reloaded book. One prize will go to the best technical answer, another to the most creative answer that is technically correct, and the final prize is based on a random draw from every person who submits an answer. Even if you have no idea whatsoever for how to answer the questions, send in your best shot to be entered in the random draw. And now, without further adieu, the curtain rises on our story…
Have fun and be sure not to give the answers away,
December 8, 2010 at 3:47 pm #36808
Darnit, feel like I have an unfair advantage over a lot of individuals here. 75% of my day revolves around VoIP 🙁 Almost feels like I’m cheating just by participating 🙁
December 8, 2010 at 4:01 pm #36809caissydParticipant
That’s what happen when you work too much sil! 😉
For me, it’s the opposite: I see it as an opportunity to practice in my lab what I have studied for CEH last year. So thanks for the links!
December 8, 2010 at 8:41 pm #36810rattisParticipant
I’m happy to see the challenge. I’ve been waiting all year for it. I might get 1 question answered.
I still claim to be clueless at these things, but like seeing them, because if I remember correctly, one of the other challenges is what got me introduced to EH.net.
December 8, 2010 at 9:30 pm #36811
🙁 I sadly did it this morning. Didn’t get too technical, figured I’d give it a shot while on a conference call (imagine that!). I don’t want to disclose much but I will say this to those analyzing VoIP or thinking about VoIP security as a whole…
VoIP is no different than any other protocol (SMTP, HTTP, HTTPS). It is subject to the same attacks, same threats. Forget about the “call” and think about the connection between two devices as you would think about say an SMTP connection. What could occur there? How could it occur? What do I need to look for?
Anyway, I didn’t want to get too detailed into the contest because I do this for a living however, I’d like to wait until its over and offer a video demonstration of what I did to analyze, so I will wait until all is said and done, get perms from Don, and present it after the winner is announced.
/ Edited for now to protect the innocent 😉
December 9, 2010 at 3:26 pm #36812
Alright, work calls 😉
December 9, 2010 at 11:37 pm #36813hayabusaParticipant
Wow, sil! You QUICKLY edited out that story modification / addendum / twist of yours!
December 9, 2010 at 11:49 pm #36814
That was me. We were afraid that it might possibly give away answers.
December 10, 2010 at 12:12 am #36815caissydParticipant
Ouff, I had time to read it! ;D
December 10, 2010 at 1:39 am #36816
December 10, 2010 at 3:49 am #36817
No apologies needed hayabusa, in fact I apologized to Don and now to others as I may have made things easier. I’m hoping once its over, I can make a walkthrough on the steps I took, tools I used, etc., I think some may find use in it
December 10, 2010 at 4:57 am #36818rattisParticipant
Actually, I found Sil’s post useful. I’ve been looking forward to this all year, but I know I don’t have the time time to play with it.
I was going to ask about creating a side channel for those of us that want to use it to gain skills, but are willing to publicly and privately bow out of the contest in exchange of creating it. IRC or mailing list.
I have way way too much on my plate right now. Trying to LEARN, NOT DUMP to pass the Security+ by the end of the year. I’ve already put some of the things I’ve learned into practice at work. (Improvement of my monitoring tools, and the such). I have a lot of things to do by the end of the year, and not sure I’ll get it all done, but going to try.
So somewhere to do a group crack on this challenge and learn some things along the way would be great.
Looking forward to a writeup.
December 10, 2010 at 7:15 am #36819
They’ll be plenty of time for open discussion of everything related to the challenge after the answers & winners are announced in mid Jan. Also keep in mind, that Ed usually does a very thorough job of explaining the answers along with the thoughts behind the challenges. He also explains why participants were chosen as winners or given honorable mention.
Hang in there,
December 13, 2010 at 4:21 pm #36820PookieParticipant
This is my first challenge I have participated in. I really enjoyed applying a great deal of my knowledge I acquired by studying for my Network+ and Security+ certs this year. I also learned more about tools I have poked around with in the past.
December 16, 2010 at 8:44 pm #36821
i’m following here my first challenge and i haven’t any knowledge on VoIP. Would you recommend me more to start with past challenges on domains i can face all days or this challenge can be solved without prior knowledge on VoiIP ?
Thanks a lot.
December 16, 2010 at 10:21 pm #36822tturnerParticipant
Even if you don’t get it right you will learn a lot attempting the challenge. It’s a great way to learn!
December 16, 2010 at 10:35 pm #36823PookieParticipant
This is my first challenge ever and I have almost zero prior knowledge of VoIP. I feel good about my answer and have learned a good bit about my tools and VoIP as a whole as a result of this. It’s not like you get electric shock if you are incorrect. Have fun and try it!
December 16, 2010 at 11:46 pm #36824
Ok pookie & tturner ! Thanks a lot taking time to answer, hope to hear something like that.
I’ll be happy to try this one. I’ll participate !
December 19, 2010 at 8:02 pm #36825
December 23, 2010 at 2:23 am #36826
Nice little interview with myself and Ed Skoudis for Darlene Storm’s blog at ComputerWorld:
Attention hackers: holiday hacking contest
Digg the interview here:
Let us know what you think,
December 30, 2010 at 6:59 pm #36827sandcrawlerParticipant
Just started working on it this morning. I’ve also been waiting on this all year and I’m going to put a bit more effort into my answer this year as well.
For those new to the challenge it’s just as the more experienced have said, it’s a great opportunity to learn and unlike some places where you’re never given then answer or how the answer was derived you can guarantee Ed’s gonna give us both. If nothing else you’ll learn what your strengths and weaknesses are and then once you’re hooked on these you’ll be better prepared by the time this rolls around next year.
January 4, 2011 at 2:44 am #36828
Don’t forget to get your answers in ASAP. Only a few more hours left before the deadline. Also, remember that even submissions with wrong or incomplete answers will still be entered into the random drawing to win a signed copy of Ed’s book, Counter Hack Reloaded.
Good luck & hope you all had fun with this one.
January 4, 2011 at 3:50 pm #36829sandcrawlerParticipant
For those of you with CEHs that submitted for this, it wouldn’t hurt to turn your documentation in to EC-Council for credits. Heck, you might even try if you didn’t make the deadline. I turned mine in last year as a “case study.” It was accepted and I managed to eek a few points out of them 😀
January 5, 2011 at 12:15 am #36830
I was happy yo participate.
Thanks team for the challenge 🙂
- You must be logged in to reply to this topic.