This year at DEFCON I thought I would try my hand at the Social Engineering CTF. Not only do you have to raise your hand and and go ‘pick me! pick me!’, you also must submit a short video for their review.
I was accepted so I wanted to share my video.
A few weeks ago while attending BSidesDC I found out that BSidesDE was planning a kids event this year. The moment my kids heard the word minecraft all bets went out of the window and they just HAD to be there.
Upon arrival the kids were given a raspberry pi kit. You would have thought it was Christmas morning watching my kids unbox everything. Once everyone had caught up with the assembly they were talked thought the installation of the software. My kids had a race to see which would hit 100% first.
Then there was minecraft. This took up the rest of the morning while they each ran around in the PI version and created weird things and fly around the sky.
In the afternoon they went over the basics of Scratch and then were set loose to make little creations spin around the screen.
Off and on durning the day they would take a break to play with a table full of snap circuit kits. There must have been about 15 kids open around the table for kids to play with.
The whole ride home (about an hour) was filled with stuff they got to do and what they wanted to do the next day.
Day two was filled with much of the same as the previous day. Snapcircuits everywhere, minecraft everywhere! Early in the morning they brought up a wireless network and a server for minecraft so that all the kids could play together. This was a huge hit, which took up almost the whole day.
The Review: Parent Version
I really enjoyed the fact that the kids were not separated from everyone else in their own room. I was able to socialize and still keep an eye on my children at the same time. Letting the kids take home their PIs was awesome!
Some improvements I would love to see next year:
- A walkthrough of some of the snapcircuit projects
- A project to complete with scratch
- The ability to register your children with an adult ticket
The Review: Spawn Version
Warning, this was written by my oldest child (7) and will only be edited for spelling.
I loved the spawncamp. I loved how they made a server and everybody got to play minecraft. I also loved how they had this thing called snapcircuits. I didn’t like how everybody could destroy things that someone made in minecraft and how you could not take away permissions in minecraft. I loved how everybody made friends with someone else. I think nothing should change.
I was trying to cut out some shapes from some 1/16" thick acrylic the other day when after a few cuts the material seemed to be lifted by the drill. The cutout part would also start to move as the drill reached the end of its travel. This is when it hit me, having a vacuum table would sure be nice!
I’m not much of a master carpenter so I decided to use my shapeoko to make itself a table rather then cutting out all the parts and properly gluing and clamping them together. I knew it may take longer, but it was easier for me to design and then mill and then just glue a base on later.
Using some 3d software I created a model of what I wanted it to look like and made sure all my measurements were corrected.
After exporting the model to a STEP file format I was able to import it into some CAD/CAM software called HeeksCAD. This is where one would specify the drill sizes, pockets, and paths to machine. It then generates Gcode that the shapeoko can understand.
The finished results work out great, I am now able to clamp down on my material without worry of the middle bowing, or flexing while engraving. I’m using a shopvac as my air sucking source, so depending on the size of your shopvac your mileage may vary. All files can be viewed on my github page (including a stl file that you can zoom, pan, and rotate) here.
The NoVA Hackers is an infosec group from the northern Virginia DC area. As a member I thought it was time we had our own DEFCON style badges while in Vegas (much like many of the other infosec groups). It was just a random idea that the rest of the group loved, so over the past 8 months it has been a constant off again and on again project.
The badge was based on the open source hardware design from Wyolumn. Their site has all the details about the badge so i wont get too deep into the hardware in this post.
In case you don’t want to read all the tech specs and such here is a general overview. It is arduino based with an eink display ,which could also be used as an arduino shield. It had a 2gb SD card that you could load images and text from to show on the display. You were also able to program the badge using the arduino IDE, which should make modifying the badges pretty easy for anyone.
One of my favorite parts about this project was being able to auction a few of the badges off to raise money for charities. We raised a total of $750 for Hackers for Charity between left over funds from the project as well as their auction in the vendor area. We also raised $150 at the EFF Summit.
I also want to show off Tech-Rat’s badge:
- Defcon 22 Badge
- Bluetooth Audio
- Raspberry Pi B (with touchscreen)
- Weight of 2lbs (approx)
- Lord knows what else he attached…
There is no way I could end this post without thanking the sponsers for helping us pay for the badges:
This year I had some extra money burning a hole in my pocket and right away I thought Blackhat Training. This year I had the pleasure of taking the Advanced Practical Social Engineering class by Social-Engineer, Inc.
This is a class I have wanted to take since its inception four or five years ago. I’m quite introverted and dealing with people is outside of my comfort zone (to put it mildly). Don’t get me wrong, I can put on an extrovert face when needed but its uncomfortable and draining.
As a small disclaimer I would like to say that I have known Chris Hadnagy from conferences and twitter and such for some time before taking this class. That being said, Lets get on to the fun stuff.
The requirements for the class are listed as the love of learning new things, the willingness to try anything, and the willingness to expand your mind. By far the willingness to try anything is the most important requirement for the class (keep reading, you’ll understand why later on).
Day one is all about DiSC, which stands for dominance, influence, steadiness, and conscientiousness. You can find a great overview at discprofile.com.
You spend a good amount of time learning about the strengths and weaknesses of each profile and how each type tends to function in general situations. Be aware that if you already know this information about yourself you may be bored on day one, but stick it out, it will get better.
I got something that was totally different then what I expected which really peaked my interest.
Towards the end of the day you get put into groups to make sure you have at least one of each type of person in your group and that’s when the homework begins.
Day One Homework
At the end of the day, you get hit with homework. I knew this was coming from others who have taken the class and was one of the reasons I wanted to take this class, not only do you get to learn about this information, you get to try it in the field. The goal for the night (in either your group or solo) was to get information from complete strangers. You will have to attend the class to find out more. This task is made more difficult when you are instructed to stay away from any service staff.
Day One Homework Experience
After meeting with my group we decided to go solo, some of the class were not aware of homework and/or made other plans for that night. I hit the strip and started to walk from casino to casino trying to find a good target. To make a long (and boring) story short I struck out and after an hour or two I had a few peoples first names but that was it. While heading back to the Rio (where I was staying) there where a bunch of people in Star Trek uniforms, turns out there was a Star Trek convention at the Rio during blackhat. An idea hit me, scavenger hunt; it was one of those moments where you want to just slap yourself on the forehead. I approached some people and they were quite happy to take a picture with me. I then mentioned that I needed someone’s information in order to verify the photo was real and not staged. I handed my phone over to the closest person and had them enter the details I needed. No one questioned this and I didn’t quite understand why.