It’s been a hectic and productive few days for Perth’s infosec community, with a privilege escalation workshop on Thursday/ Friday last week, followed by the inaugural BSides conference and WA’s very first open Capture the Flag hacking contest (run by WACTF), both keenly sponsored by Kinetic IT, over the weekend.
Particular thanks should go out to the University of Western Australia for providing BSides and WACTF with the facilities to host the weekend’s proceedings – the setting down by the Swan River helped attract over 150 visitors over the two days.
Demonstrating the Power of Privilege Escalation
Technical security expert and highly experienced penetration tester, Sagi Shahar, hosted the BSides Privilege Escalation workshop. This intense hands-on workshop aimed to provide insight into the exploitation of bugs, design flaws or configuration oversights to gain further access to resources that would ordinarily be highly protected and was offered as a free-of-charge perk to the first 20 customers buying BSides tickets. It was hailed a success by delegates, covering most of the modern hacking techniques attackers use when targeting Linux and Windows operating systems.
The main event kicked off on Saturday morning, with a short introduction by the BSides core team, Kinetic IT’s Nigel Hardy and Peter Yorke, and BSides’ Alex Dolan.
WACTF was then launched by Aaron Doggett, before handing the microphone to Chester Wisniewski of Sophos. Chester is a highly respected cyber security guru and holds the title of Principal Research Scientist in the Office of the CTO at Sophos. He is based in Vancouver, Canada, and is heavily involved in BSides in his hometown – so he pulled out all the stops to support Nigel, Peter and Alex to make Perth a success. Chester gave the keynote address, looking at the kinds of tools cybercriminals are selling on the dark web and showed just how easy it is to buy them. His talk set the tone for the rest of the conference, which proceeded to introduce talks on careers, penetrating testing, research into Google Chrome extension security and security control bypass techniques.
According to WACTF organisers, the core aims of the competition were to bring together Perth’s existing cyber security industry, as well as to entice emerging cyber security talent into the business community. The spokesman, Aaron Doggett, said, “We see too much good talent leaving WA due to an overall low level of awareness of the need for cyber-security related skills, or the inability for entities to find the right talent.”
Over the weekend, 95 participants hacked increasingly difficult targets – each time retrieving a token from compromised systems as proof of their success. Teams would submit their test reports online, feeding into a live leader-board. The competition was expertly orchestrated by the WACTF team, with sponsors providing hardware, software, challenges and refreshments to sustain the hacking teams through the day.
By the end of day one, submissions were coming in thick and fast. Then, overnight and into Sunday, participants, which ranged from university students and teams from local WA schools, through to a father and son team (who fared very well), worked tirelessly to complete as many of the tasks as they could.
The awards ceremony was held on Wednesday 6 December in SpaceCubed in Perth, where winners will be crowned WACTF’s hacking champions for 2017. Top prize is return flights and accommodation for the winning team to attend BSides in Canberra in 2018, along with a $250 DigitalOcean card – stay tuned to find out the results!