BSides Cape Town 2017 - Hacker Jeopardy

so we're doing hacker jeopardy again for those of you sorry I don't know the song I know I don't know this file jeopardy correct

presumably I don't actually need yeah apparently this is an integral part of hacker jeopardy so I'm just gonna play the song there's all my data said this is how committed I am through what you going on I'm actually logged into YouTube here so hopefully nothing we had pops up on the side for suggestion [Music] sorry okay guys as committed as we are to that that was brilliant hopefully that has satisfied you again so last year it didn't work so well because it was in the PowerPoint this year we kind of put it into like a website but it's also using a game engine because one of my colleagues who is a bit of a hipster

designed it so it's like some weird game engine in HTML so I don't have it I'm not able to tell you that it will work but we think it will as you can see the formattings of it all it's not going to be perfect just embrace it so categories we have our dfi are something I couldn't think of anything call there know thy network so obviously networking questions just come online things so these are like syntax for tools not all necessarily tools and carry just random tools that you might use in security and once that valve that's just gonna be source code so if you can identify the valve from source code then yeah okay into two teams

because there I think that probably makes more sense um so I'm just gonna split down the middle or this way I think yeah I think I make sense cool John going that side thank you okay um someone from the side can start Ross wants to start okay Russ which which would you like to start with another networks 100 all right okay oh right sorry guys I forgot to actually ask because it's jeopardy you need to answer the question so I don't know any examples yeah but you need to answer the question otherwise you lose all your points so just just bear that in mind Craig

technically correct but not what I'm looking for so Craig so our challenge is 17 early and we're saying classes on thing anymore a networking that did right over there yeah so go fight him you're wrong sorry Craig did I screw this up he's totally grind at all yeah these aren't even close to right guys let's actually just skip over this I'm gonna sign all the points a team for these women to be non-rooted all IDs like private IDs sorry oh yeah well that's what I said that's why I specified like private IPS cuz ya know unreadable ideas and great oh yeah we didn't start off great but we gotta get better guys yeah that was an example

we've all that are we gonna continue stronger anyone else Craig you can you can start this up 200 I'll accept quite a lot of things here that's under cool wait again you guys a team won you guys team - cool team one team two gets the points oh sorry volatility but I would have accepted any any comment or any on what people wanted like red line what else is there no that but yeah if enough people seem convinced I'll totally take it I don't do ire at all so I really struggle with this category okay yeah I look at pretty things I would have struggle with that one all right Craig I don't actually know how you meant to

decide who chooses Craig do something

200 cool I'll take us see one yeah sorry Andrew yes I just figured Andrew would definitely know what is Owen transfer was so I that's why I targeted him with this one we got some examples but then we were googling Krishna we're doing this last night and it turns out so in France was actually illegal somebody'd went to jail for doing a zone transfer in 2008 so we didn't want to give an actual example this won't work but you're welcome to try yeah in case you didn't hear dancers a zone transfer so this is Jake just dig syntax to request a zone transfer who answered that team one team one who oh yeah um yeah I don't know how Japanese

man to work someone from Team J just pick something well really that's awful oh yeah oh come on man 400 oh yeah so obviously I've made the tool named tool name otherwise ovg obvious yeah say if you didn't share that was a single map pretty obvious I don't know I made that one 400 I did this last night so I'm really concentrating okay Craig you're up

hold on there was a good with your hand I'm gonna have to you have the score I

think the most important thing to remember is that I'm the person in charge okay all right so do two in a big sigh yeah Brian all right I didn't know there was another Brad I was playing to someone else but cool no like that works 400 all right was Craig in team - sorry well there's all that BS correct so old app runs on three at nine I was like sure sure many people would get that but Craig seem to get it instantly on a legend go team - you guys are way better [Laughter] Craig you're up I think this one was pretty dumb if I recall yeah this one should be hard I think no it's not that

hard incorrect frame yeah oh that's that's double penalize yes correct Jason full points ah so yeah the doctors used off to free I wasn't actually sure how to represent to use after free sir I just did it and then I freed it and then I did it again anything about this kind of stuff yeah so Jason's actually explain to me how use after freeze are exploitable at some point but really interesting that Jason is pretty smart okay team one you get full four points there Congrats yeah so I can't actually hollow points from the other team cuz I didn't think about that as a use case yeah Jason you know their networks 300 all right Craig go Craig yeah so the

long Cesare this is just what in our packet looks like all right Craig you're up oh yes apparently this is incorrect parenting classes aren't a thing yeah there's yeah Tony philosophy I don't think I don't know I'm if you say Class B everyone knows what you mean so I'm gonna just go on that but yeah so things typically multicast in in this fast beat or slash 16 plus D I have no idea what do we give them points Chris so this is the quest a question is what which Clause the bead do things typically multicast in like like if it does that you make sense so if you were to divide ip's up into a slash 16 yeah

500 I'm almost certain this question makes sense so like if I got tense right the first - yes that's a 16 right which is a Class B

so alright I think I'm gonna assign all of the points to myself thank you guys it's been real I'm going to choose the next question alrighty what's that vomb 100 anyone ok John I

like it that was really nice alright let's go John 300 all righty ok hold on can we all just just take a second there will be no disagreement on this damn question thank you continue I think were you first no Sunday yes whoo that's a bird it's cuckoo cuckoo sandbox it's really great oh wait all right on with Smith Sunday 300 ok what's that bone 300 so this one's a little bit more subtle I definitely check this though so it actually runs you'll have to excuse me for the blank sequel statements earlier

Angela as a PHP dev you're welcome to comment yeah Jane yes woohoo cross-site scripting one of the coolest bombs in the world your update damn what's the phone 400 I was told I shouldn't put this one in say if if you guys hated the other ones I increase yes my Sunday no I'll be sick just read it take your time guys take your time there might be other violence in this code I believe I wrote most of us where should I be having the score you meant hard the school and something good something wrong I'm Way too young

let's just think about the if and else guys if an else John yes it's quite clearly using enumeration because it's if it's based on whether it's in the day that's not come on guys I'm just gonna have the score a lot for that one all right

I'm not sure this will compile Andrew

I wish I could give points without breaking the flow of this because it's actually a game I wouldn't put it past myself they might even be missing a new line yeah yeah there's definitely missing a new line there that should definitely you know I'm a Sunday you were first and then there was a whole better than I no use asking the actual questions mother no see works I think Friday no Jason so when I copy pasted this from my actual document it seems there were some huge backups and not show her one to eight yes it's be about blood no i-i've dig this up I'm not gonna I'm gonna shake it cut it yeah yeah pastor twenty-eight I

don't have an excuse for how I got all the missing you like all right yeah but past equals one doesn't do anything yeah how is that gonna make anything we rewrote the IP like ages ago guys all right was that one yeah that was team one I'm gonna have the score all right [Laughter] Ross Europe all right

I'm gonna let someone else get it one of you guys has well correct what is TCP dump that was it okay okay

Chris you know not answer this Craig another gear large either so this is an easier way of getting to main trusts than PowerShell if you can't use PowerShell Craig you're a lot answer it I mean you can it's not gonna work I don't want to stop you though I know you guys the most important I think it's important to be supportive of people is oh I gonna get this okay Chris you're not answer in all tests yeah so this is actually really sweet you don't have to use partial to any remote domain trust I don't know how many people actually work in OPSEC yeah I thought I see Dane and like my colleagues like so yeah that's really

sweet of you have you tried a numerate domain trust without using actual Recon scripts so 5 points to Chris

all right Chris you're up I'll totally buy you a beer you know this off by heart sorry no there's a great article on this event ID as with everything pretty much famous teens right yeah Chris is busy googling you guys are allowed in Google I guess is it nobody does I oh yeah and window sort of yes correct kind of yes so I got my question you a UN team one or two teen three alright the points where scientists came home thanks everyone would you like to okay so this is sort of like a class of things these are all separate issue separate entries thanks to think of them in the same way oh yeah yeah I can't go

back those were just different ways of getting persistence so like registry keys you can set and then set also setting a machete good task that exe is sorry very deity to some of us Craig you're odd all right Jason that's what I thought and then I checked last night and it does I don't make the rules Chris I just follow them kind of when I want to MC does have a - - SSL I thought it didn't until last night yeah it's crazy sorry I could have literally that would be weird sorry NC based on n cat I've always used in cats for SSL before so yeah uh I guess miss for this though it's been are

we lost all right yes okay guys it's been a real fun I think we've all events many things like to thank you all your contributions we're going to see now I think my NC is your siblings

all right I yeah okay cool yeah it's been a real great day guys we're gonna reveal the final scores now so I guess

so I mean it's not sorted 13:1 got so many more right here let's do it you guys don't get anything all we got was the enjoyment and the time we had together which i think is more important than than gifts really so I'd like to thank you all I'd like to apologize to you Andrew for being incorrect about NC I don't know what my inseam length oh right sorry I really this is a pointy this is Fedora or whatever it's called

but that means by default even nmap installed right okay interesting yeah it's yeah that's very you saw wouldn't have one sorry yes no like literally it is like this isn't check yeah I was tired that's my excuse guys yeah like literally at the top it says this is the in cats man page guys

yeah it doesn't even matter if you won guys come on I don't think anyone really want today yeah so I hope you all had fun guys it seems there might be some tweaks which needs to be made to this maybe someone who isn't in confident can do it next yeah you know like just just minor things alright cool thanks like guys I think we're going to someplace that is quite close but not in walking distance for drinks if anyone's keen yeah yeah sure technically most things are in walking distance I wouldn't flirt as I was just trying to give you a recommendation don't walk it it's pretty far we did that last year yes sorry um you got what I'm so

confused I'm genuinely confused seven yes correct seven I'm gonna I'm gonna go with that cool guys thanks a lot this was real fun real fun [Applause]