Our First Team Capture the Flag

At the end of June, the three of us attended our first BSides together in Asheville North Carolina. This was a small BSides, perhaps 150 people, with a single session track. They also had Jeopardy-style Eversec Capture the Flag (CTF) area next to a Lockpick Village managed by Foxpick.

This outing demonstrated how much more work we need to do to be fully prepared for future CTF competitions. To view the problems and the scoreboard you needed to be on the CTF’s dedicated wireless network which was NOT routed to the Internet. So you’d look for a CTF problem to work on, then you’d have to switch networks to gain access to those resources not resident on your laptop. Also only one of the three of us had a Windows system, the other two were using Macs running Kali in a VirtualBox. This meant that if someone other than the guy with Windows, wanted to work on a Windows problem, they then had to swap laptops. Finally, there is the raw experience that we’re lacking, several times we were grasping for straws. So where do we go from here?

We’re planning on attending BSides RDU in the fall, so in preparation for that event W3bMind5 is building the team a “Hackpack.” This is a backpack that includes the following components: a power strip, an 8-port Gigabit Ethernet switch, several small servers, and various cables. The switch will afford all the laptops a wired path to the outside world via a dedicated router/server connected to the Internet. The router/server will be a Raspberry Pi 4 which was built for this purpose, and which also includes a 256GB high-speed flash drive. This Pi will store all the tools and resources we need, outside those already installed on our laptops. We will even mirror some vital hacker web resources to this server. The Pi will route through a phone hot spot then provide a wired connection to others. This will enable our laptops to be both connected via the wireless network to the CTF, while also being connected to the Internet. Depending on CPU utilization during testing with the Pi4 this summer, we may also use this system, with additional Wifi antennas, to record all the CTF Wifi traffic. You never know what you might find using wireshark.

The second server ordered for the Hackpack is a ZynqBerry. This is a Raspberry Pi v2/3 form factor board, but instead of the typical multi-core ARM processor; it contains a Xilinx Zynq 7010 chip which has both a dual-core ARM, a sizable FPGA, and some DSP resources. A side project for later this summer is to use OpenCL and port Hashcat to the FPGA. Hashcat was ported to OpenCL for an FPGA, and it has been shown to have performance gains over generic x86 cores that are extremely impressive. Also, the FPGA resources could be used to crack WPA2 wireless encryption.

The final hardware issue we’ve addressed is the lack of a spare Windows laptop. We’ve now added a low-end convertible tablet Windows system that can be used to address any CTF challenges that require a Windows system.

On the experience issue, we’ll be working that over the summer as each of us focuses on our respective areas. Also we’re meeting weekly online to do RingZer0 CTF challenge questions. — W3bMind5, July 2019

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s