HITB2014AMS - Capture The Flag

May 28, 2014 - May 30, 2014

Teaser update:
Registration & scoreboard url: http://ctf.haxpo.nl/
Official IRC: #hitbctf  on freenode
Launch-time: 18:00 UTC, 03/03/2014

TL;DR;

HITB CTF Teaser: 3rd of March - 28th of May online; one prize for first to finish.

HITB CTF: 29th and 30th of May, on location at De Beurs van Berlage. Teams of max. 3 people, register by sending email to perzik {at} hackinthebox.nl

Hack in the box Amsterdam 2014 CTF - State of Security

Do you understand the difference between SIGINT and SIGHUP? Are you able to untangle complex logic problems? Do you value your FREEDOM and SAFETY? Then we want YOU to join us at the Global Security Initiative.

The Free World is changing, and so are its enemies.  Gone are the days of easily identified dictators. Gone are the days of early warning missile detection systems. We are entering a new era of applied intelligence and reconnaissance methodology. War has changed. Battleships have been replaced by bitcoin powered botnets. Soldiers exchanged by script wielding cyber spies. Basic wiretaps have evolved into complex cryptograpic and sidechannel attacks that need to be executed with surgical precision.

The Global Security Initiative is the first and last line of defense against the threats of digital warfare. Ever vigilant in defending our critical infrastructures, safe guarding the digital economy and protecting your online privacy. In the fight of Us versus Them, the GSI does not discriminate between gender, hat color or multiplicity.  The GSI acknowledges only the Unit, which may comprise of any combination of up to three physical bodies.

So, does your Unit have what it takes to join the fight against terrorism and oppression?  Then join our GSI recruitment program and prove your worth!

The GSI recruitment program will be held on the 29th and 30th of May, 2014 at the center of the Free World: HITB Haxpo Amsterdam. You can register for the recruitment program by sending a mail with your Unit composition to perzik {at} hackinthebox.nl Beware: first come = first served.

For those prospective GSI Units that wish to hone their skills before the official recruitment program, we shall release a small training exercise on the 3rd of March. This exercise will remain publicly available until the start of the recruitment program, but the first prospective Unit to complete it will receive a small prize.

What to Bring?

- Laptops
- A network switch
- Network cables
- Extra power sockets.

Each team is limited to a maximum of 3 people and at the end there can only be the top 3 winners.

Prizes and Recognition of your Mad Skillz

1st Place – TBA

2nd Place – TBA

3rd Place – TBA

 

Teams Signed Up

1. (UK) 0xbadf00d


2. (NL) Beginbazen


3. (NL) Hack.ERS


4. (NL) Pruts.ERS


5. (NL) hDs


6. (NL) Heap Heap Hooray


7. (NL) WomenInCyber #1


8. (NL) WomenInCyber #2


9. (NL) '; drop table teams --


10. (DE) StratumAuhuur


11. (NL) VUBAR


12. (NL) Beurs©rash


13. (GR) Pingu


14. (NL) Team Red Ace


15. (NL) :Duurtlang


16. (US) Three Men in Black Hats


17. (DE) 0ldEur0pe


18. (RU) TechnoPandas


19. (RU) BalalaikaCr3w


20. (??) SIGSTOP

0 slots remain open. Sorry guys, we're 100% booked. (for now) :-)

HITB2014AMS - HackWEEKDAY

May 28th, 29th & 30th 2014

Sponsored by Mozilla, HackWEEKDAY is back once again with a 3-day long developer hackathon (eight-hour session per day) held alongside HITB Haxpo

HackWEEKDAY at HITB Haxpo

HackWEEKDAY is back at HITBSecConf2014 - Amsterdam with even more challenges, greater cash prizes and an all new 3-day challenge featuring LEGO Mindstorms! Running alongside the first ever HITB Haxpo (May 28th, 29th & 30th), the quest - as it has always been - is to find the most 1337 software developer in Europe!

During the past 3 years of HackWEEKDAY, we’ve seen several great projects with a majority of them managing to turn their initial ideas into full blown working demos within the 24 hour period. Some of these are:

Social Mapper - a social networking app with augmented reality (HACKWEEKDAY HITB2013KUL Winner!)

DiCOM-WAVE – An open source DICOM image viewer with Microsoft Kinect as its control interface (HACKWEEKDAY HITB2012KUL Winner!)

YAP - yet another plugin, a firefox browser plugin to check SHA1/MD5 hashes of files (HACKWEEKDAY HITB2012AMS Winner!)

inSecureHITB - a Windows 8 application to analyze users’ exposure level to stalkers. Additionally analyze social behavior of observed person.

DNSSocial – DNSSEC Management Made Easy

TALEB – A unique social communication & collaboration platform made for students

Touch’N'Go Android Reader – An app which utilizes NFC-enabled phones to read MiFare cards

 

HACKATHON CATEGORIES

0x1-day App Hacks (8 hours per day)

Day 1 of Haxpo (28th May) - Focus on mobile applications  (FirefoxOS, Android, WP8, iOS)

Day 2 of Haxpo (29th May) - Social networking apps (Facebook Parse API)

Note: The 0x1-day App Hacks category is open to individual developers. You can choose to participate in ONE of the 2 days or participate in all. Since there are only 8 hours to each day, you can add features to existing apps for both categories, which has to be a considerate amount for it to be considered a prize worthy of.

0x3-day App Hacks (8 hours per day, D1-D3)

Day 1 - Day 3 of Haxpo (28th -> 30th May) - Build an app for security testing, awareness, privacy or a socially driven SOS app for use in emergency situations. You can also propose your own idea of an app.

An example of a socially driven SOS app would be; make use of various social networking APIs to ‘call for help’ amongst all your friends or perhaps sync to a public “call for help” emergency website where  emergency services, police or the general public can be notified and come to the distress person’s aid. The ideas are many but the main purpose is singular - to build an app for the general public and ‘the greater good’! : )

Note: The 0x3-day App Hacks category is open to both individuals and team developers. 3 persons in a team.

[Note] We have a total capacity of 75 developers for both 0x1-Day and 0x3-Day App Hacks.

0x3-day Hard Hack Soft Fu (8 hours per day - D1 = build, D2 = code, D3 = compete)

Day 1 - Day 3 of Haxpo (28th -> 30th May) - LEGO Mindstorms EV3 Challenge - Using a LEGO Mindstorms EV3 kit (model number 31313), build an M&M colour sorting robot that can sort the most number of peanut M&M’s in 120 seconds. Each team will be provided with 1 x LEGO Mindstorms EV3 kit and 3 bags of peanut M&Ms [140g]. Your robots must be ready for competition by 13:37 CET on Day 3 of HITB Haxpo (30th May)

Note: You will need a team of 3 in order to participate in the 0x3-day LEGO Mindstorms challenge. We have space for 10 teams in total and priority will be given to .edu participants. Professional developers can still participate, however you must be affiliated / a member of an EU or NL based hackerspace.

[NOTE] Please read the Rules & Regulations, and Terms & Conditions before signing up: http://bit.ly/HW2014AMSRnR + http://bit.ly/HW2014AMSTnC

 SIGN-UP NOW: http://bit.ly/HW2014AMSReg

 Need a place to stay? Official Event Hotels: https://bvbroomkit.nl/hack-in-the-box

PRIZES

0x1-Day App Hacks

Day 1 (28th May) - Mobile Apps - TBA

Day 2 (29th May) - Social Networking Apps - TBA

0x3-Days App Hacks

1st place team/person  - EUR1337 for the ‘most 1337 coder’ (sponsored by Mozilla)

0x3-Days Hack (Lego MindStorm Challenge)

1st place team  - 3 sets of the Lego MindStorm EV3 kit + EUR750 (TBC)

2nd place team - 3 sets of the Lego MindStorm EV3 kit + EUR500 (TBC)

3rd place team  - 3 sets of the Lego MindStorm EV3 kit + EUR250 (TBC)

 

Accepted participants to HACKWEEKDAY will also receive

**   1 x complimentary pass to HITBSecConf2014 on the 29th & 30th of May (valued at EUR1337)

**   Access to the HackWEEKDAY ‘arena’ (Food and drinks provided).

**   Access to the #HITB #Haxpo and #HITB2014AMS high-speed network

 

WHY HACK ON HackWEEKDAY?

1. 
   

   Develop an interest in building, making, hacking hardware and software to solve specific problems.

   
   


2. 
   

   Propose, develop, improve or update the functionality of existing FirefoxOS / Android / Windows Phone 8 applications.

   
   


3. 
   

   Develop new socially-driven applications using Facebook’s APIs and/or Parse’s back-end as a service.

   
   


4. 
   

   Develop a socially driven SOS alert application for public good.

   
   


5. 
   

   Propose a new and cool idea that the participant could come up with based on any of the technologies mentioned above or any other HTML5-based applications.

   
   

 

PARTICIPANT CATEGORIES

STUDENTS - Students from Higher Education Institutions. Entries for “0x3-day Hacks (Lego)” must be in a group of 3 students who are able to be at De Beurs van Berlage across all 3 days (8 hours per day).

PROFESSIONAL / HACKERS - Developers, enthusiasts, hackers from the industry. Entries for “0x1-day Hacks” are on individual basis with one qualification for each sub-category. If you wish to join the 0x3-day Hack, you must be affiliated / member of an EU / NL hackerspace with a team of 3 in order to participate.

_______________________

 

Registration for HackWEEKDAY is COMPLETELY FREE and opens in the first week of February 2014. We have space for a total of 75 developers and 10 teams of 3 for Lego MindStorm challenge.

The full event agenda will be published in the first week of May.

 

Got questions? Email us! hackweekday@hackinthebox.org

Haxpo Call for Papers

Show the world your hackf00!

As part of our all new HITB Haxpo or 'hacker expo', we are calling on the community of hackers, makers, builders and breakers to send us their 30 minute talk abstracts for consideration to be included in the 3-day single-track agenda. Taking place at De Beurs van Berlage on the 28th, 29th and 30th of May, this single track, like the Haxpo itself,  is completely FREE TO ATTEND and we are encouraging everyone to come! If you're in Amsterdam during these dates, this is the place you want to be!

In total we have spots for 30 x 30 minute presentations and we're looking for talks that cover a wide range of topics including:

- Electronics & Micro Controllers - things like Arduino's, ARM, RaspberryPi, etc

- Mobile Communications (GPRS/3G/HSDPA etc)

- Hardware / Embedded Reverse Engineering

- Home Automation

- Network Security

- Software Security

- RFiD, Bluetooth and NFC

- Next Generation Application Development

- 3D Printing / Fabrication

- Programming

- Privacy

- Data Security

Submissions must be sent via email to haxpocfp@haxpo.nl with the following details included:

- Your full name

- Your designation / job title

- The length of your talk (standard is 30 minutes including time for Q&A)

- Title of your submission

- Details of your talk (please be as verbose as possible - if you send us only 1 or 2 paragraphs of text don't expect us to be able to evaluate your submission with that!)

- Any special requirements (as standard we supply a VGA projector / beamer connector and mini-audio jack)

Terms and Conditions:

- Talks should be 30 minutes in length although you can specify if you would rather speak for 60 minutes. Availability of 60 minute slots is to the discretion of the CFP committee.

- Acceptance of your talk will be done via email no later than the middle / second week of March 2014

- We do not provide travel reimbursement or accommodation

DEADLINE EXTENDED TILL MONDAY MARCH 31ST 2014

The Awesome Presentations Waiting for You at #HITB2014AMS

Have you seen the finalized list of conference speakers for HITB2014AMS in May? We've got a content-packed line-up with loads of demo awesomeness planned and something for everyone! Please don't forget that late-registration rates for the conference start on the 15th of March. Stay tuned for the keynote title and abstract announcements coming in the next couple of days...

60-minute Goodies

The NSA Playset

Breaking Cloud Isolation

XSSing Your Way to Shell

REboot: Bootkits Revisited

Bitcoin Forensics: Fact or Fiction?

Exploiting Passbook to Fly for Free

Exploiting NoSQL Like Never Before

FRODO: Format Reverser of Data Objects

Compromise-as-a-Service: Our PleAZURE

G-Jacking AppEngine-based Applications

Exploring and Exploiting iOS Web Browsers

Reloading Java Exploits: Long Live Old JRE!

AIS Exposed: New Vulnerabilities and Attacks

Hacking Your Cable TV Network: Die Hard Style

Setup for Failure: More Ways to Defeat SecureBoot

Shellcodes for ARM: Your Pills Don’t Work on Me, x86

On Her Majesty’s Secret Service: GRX and a Spy Agency

Exploit Development for New Platforms Based on 64-bits

Scalable Network Recon: Why Port Scans are for Pussies

State of the ART: Exploring the New Android KitKat Runtime

Legacy Sandboxing: Escaping IE11 Enhanced Protected Mode

JS Suicide: Using Javascript Security Features to Kill JS Security

In the Middle of Printers: The (In)Security of Pull Printing Solutions

LOL (Layers On Layers) – Bypassing Endpoint Security for Fun and Profit

Vulnerabilities Exposed at the Protocol Level in TN3270-based Applications

Alice’s Adventures in Smart Building Land – Novel Adventures in a Cyber Physical Environment

120-minute Lab Sessions

The HITB Labs are hands-on sessions for 75 - 100 attendees and spaces are available on a first-come first-serve basis. If you're interested in attending a session, be sure to be at Track 3 at least 10 minutes before the stated start time.

Sniffing the Airwaves with RTL-SDR

Tintorera: Attack Surface Intelligence of Source Code

Haxpo CFP

Did you miss the conference Call for Papers? Fear not, you can still deliver your next gen research, idea or project that you're currently working on in our all new HITB Haxpo Track taking place alongside the conference on the 28th, 29th and 30th of May. Submissions for Haxpo talks are due before the 31st of March but slots are already starting to fill up!