Saturday, 5 December 2009

The Hex Factor at SANS London 2009

The competition is now officially over and I have to say it was AWESOME!

Those that made it to BruCON had a chance to play it, those that came to SANS London 2009 also had their fun, all the rest of you - bad luck :-/ maybe next time.

The Hex Factor was run for four evenings/nights at The Fox Bar and Restaurant located literally next to the Excel center where SANS courses were hosted. What can be better than beer, hacking and a spirit of competition?!

Tasks set by the authors were varied in difficulty and topics they covered. One category was about history and culture of hacking with a bit of general teaser tasks and was called Once Upon A Time, like finding a name of candy shop at <street name>, so that was a soft introduction.

My favorite category was Out Of The Box category (also known as Pure Leetness), where questions were really 'out of the box' and solving them was the best fun I had for a long time! First 100 points for finding a number 'hidden' in the message was really simple and here's how I did it:

I didn't have time to do the one for 200 points, but finally after some time I managed to solve the 300 points one - finding a secret number hidden in the PDF file - hats off to Didier Stevens for this task - it was amazing! Didier's blog was a great guide and help in the process.

Third category was Pwned and consisted of physical box with
sensors you had to trigger in the right order to get the code and two
systems to be penetrated. As I said, the difficulty was varied and so
were the nominal point values for each task, from 100 to 300, but you
could also get the partial points if you did only part of the task
properly. Of course during competition like this one you are never alone... Hello brotha!

Anyway, it was all very very friendly competition - beer infused with brains hurting after the classes (typical for 'SANS Fire Hose Syndrome').

Third category of tasks was Binary fu where you had to work your way through programs delivered as .exe files and get the secret codes out of them. First one was easy, but again I had no time to go through the remaining two. That is the reason why our team (I was working with Chris Riley, better known as @ChrisJohnRiley) was called Drunk and going home.

At the end we were #4 at the leader board but as it turned out, two teams of the first three were the same people, so kind of we are #3, so here we are - two of three winning teams, already in The Hex Factor t-shirts!

I'd like to say THANK YOU to all the people behind The Hex Factor - it was really awesome experience and great fun, so I hope it's not the last time we see The Hex Factor. See you next time!