IRISS Con 2017

Let me start by saying this is a personal opinion / slant on IRISS Con CTF 2017.

Finally, the dust has settled on another eventful IRISS Con. I have been involved in at least 5 IRISS Con events that I can remember, each one just as good as the previous. I have assisted in some way with the Capture the Flag event for all of these times. Whether is was laying cables, moving tables, lugging boxes around or fielding questions from participants. This year was different. Like a schoolboy football player with aspirations of playing for his country in the world cup, I finally got my call up to the squad. The squad itself did not just appear out of nowhere. Like every other squad, you have managers, coaches, captains and regular players. At the forefront of this squad there has been two managers, coaches, captains and regular players all at the same time. To find all of these roles as part of one person at the same time is unique, to find two people, dare I say it, is a miracle.

I look at the Irish CTF scene just as I look at the South Bronx of the 1970s and the birth of Hip-Hop. In the 1960s and early 70s neighbourhood block parties where thrown by groups such as the Ghetto Brothers. They would use amplifiers for their instruments and big PA speakers hanging from lampposts. This was their way of breaking down barriers between different ethnic groups and creating unity and harmony within the boroughs. I would call this the early CTF days within the Irish security community. Hack Eire came first with the instruments and the PA speakers opening the door for hacking Hip-Hop to evolve. I never had the opportunity to be involved that early on but from my research they held some great events.

Then DJ Kool Herc came along. He developed the framework for Hip hop by taking existing records and deejaying percussion breaks on two turntables. Rapping and MCing followed and today we have a whole culture around this music. Just like DJ Cool Herc laid down those breaks in the 1970’s, for me these two men paved the way in the CTF world. They built the fameworks from scratch, no more pen and paper. Finally security engineers and students alike could be body popping at the IRISS CTF like never before. They are HoneyN3tters and IBMers Jason Flood and William Bailey.

For the last 6 years they have been my mentors and my friends (they might think otherwise because I trounce them at pool). Its unusual for a manager of a football team to be on the ground doing the sit-ups with you during training but these two guys did just that. Not actual sit-ups, but the technical aspect of a CTF. They spent nights in the trenches solving many issues to get a World Class CTF off the ground and purring like a Mustang with the top down on a Nevada highway in the 100s (i can say this). I think the Irish security community owes a lot to these two lads for their dedication and endless long nights to provide a quality service in the form of the IRISS CTF. Their mentorship for my colleague Richard Moore and I over the course of providing this years CTF has been invaluable. Without it I don’t think IBM APT CTF would have been the major success that it was. For this we are grateful. Thanks lads.

I also think the Brian Honan has been one of the shining lights in the Cyber Security space for many moons. He has provided a premier conference where us mere mortals can mingle with some of the most renowned experts in cyber security and Irelands tallest Leprechaun. He has allowed the CTF to be staged at this event for many years. Cheers Darby O’Honan

Alas we were not the only heroes on the day. There were many other volunteers who assisted in the lead up to the event and during the event. When a participant enters the CTF room they find everything is ready for them to just plug and play. Wouldn’t it be magical if all of those artefacts that make the CTF just appeared like it does as you enter the room?

There have been many hours invested by IBMers to get the CTF into that room. The tasks involved in this include cabling of tables, creation of content (VMs, variable offline content), configuration of many machines, hauling of hardware, fielding technical questions on the day, assisting participants with any issues, loading vans, unloading vans, loading vans, driving of vans across rush hour traffic, unloading vans (that is intentional as they are the facts) and practicing run throughs to name just a few of the tasks. Without their assistance this wouldn’t have been a great day for all involved. (Rob Conan, Trevor McWeeney, Gabriel Boyle,Julie Murphy, Allison Ritter, Nat Prakongpan)

Set up began in earnest the previous evening at 7:30 p.m. The team converged on the Ballsbridge hotel with military precision. Vans were unloaded and the fun began. Once all the artefacts were in the room all ethernet cables had to be retested just in case one had a split or had a broken end. Cables were labelled and rolled out to tables (poetry right there).

Hardware and TVs we placed in their locations and cabled. Once everything was in its place the power was turned on. Just like watching the XMAS lights on Grafton street as a kid, I got a little tumble in my tummy once things started flickering. Waiting for switch lights to turn from orange to green, informing you that Thunderbirds are go!!

I think that’s the first time I’ve ever got 3 hrs work into such a short paragraph. With everything powered up the task of checking each teams table was the next step. Once we had confirmed that all tables could connect and we where in a happy place we could all go home. Over tiredness had kicked in for me and I made the mistake of watching UFC until 2:30 a.m and then realising I had to get back to the hotel at 6:30 to power everything up again and run through connectivity for all artefacts again. For anyone whos ever had the pleasure of working with Arduinos they might understand my pain. I think they should fall under the same bracket as “never work with kids or animals”.

When they work they’re amazing, when they don’t……. Pressure sets in as the clock gets closer to kick off. Hoping that nothing goes down. As eager participants begin to arrive the mood in the room changes to one of jovial intensity. At the end of the day this is a competition. The participants are a mix bag of students and industry. Everyone in that room wants to win. As the rules are relayed to the participants and they are given their configuration details there is a smattering of keypad presses as they configure their machines and connect to the framework. Within minutes the scoreboard is lighting up as teams compromise the vulnerable servers and run the custom malware to gain points. GreenTeam stride out in front as they quickly figure out how to take control of most team VMs. At this stage there is a back and forth tussle for the team VMs as GreenTeam defend their position and the rest attempt to recapture the VMs. Alongside this frantic pace we had a multitude of offline challenges such as Steganography, PCAP analysis, Forensics etc… Participants would complete these challenges and input the recovered flag into the framework via the UI and gain points.

We also utilised IBM QRadar as our monitor of the gameplay. With this tool we could visualise the "hacking" for people walking the room. QRadar reported what teams where doing to what country (VM). A very novel utilisation of the tool.

This year we also had the Hackable City as part of the game (Arduino heaven). The challenge here was for a team to take control of 3 of the services within the city. Power, Lights, Transport, Entrance, Buildings, Air Supply and Communications were all up for exploitation. Only one team managed to achieve this but not in the way we expected. Overall it was a great day and a very close contest with only 9 points between the top two teams. I for one cannot wait until next year and I hope to see some of you there too.

T25jZSBhZ2FpbiB0aGFua3MgSmF5IGFuZCBXaWxs