Saturday, December 2, 2017

More words of Wisdom from Wasabi's Corner
BSides Delaware Recap



Another Bsides and WCTF is in the books.  We had a great time and the winner was _r from Team1 with 1910pts.  I will give a brief overview and talk about some of the things I saw.   Thank you for having us Bsides DE and we look forward to next year.

Thank you Dragorn for sitting in on the WCTF and showing off Kismet it looks freaking awesome.

Thank you to all the competitors who came out and gave it a try.  I was glad to see new faces really getting into it.  I will see you next time when your skills are better and you get more points.

It as two days of fun indoors listening to a strange mix of music and banter.  The usual crew were on-site running the WCTF.  The challenges ranged from basic to epic rage quit.  Bribes were accepted and points were awarded.  The cookies and energy drinks were so very much appreciated.

Now onto the beating of the overly dead horse.

The Board

A lot of points were left on the table.  Lots.  A metric ton.  Looking below the scoreboard you can see the available flags and which ones were taken by competitors.  All of the SDR flags are still there and the second day foxes were not captured.  While _r was at the top of the board on the first day he was unable to attend the second day and while it was possible to catch up, and even pass _r no one did.  Between some wifi, a few SDR, and a fox or two another competitor could have crushed the scoreboard easily.  The WCTF is a timed event and there are enough points and varying types of wireless flags to choose your own adventure to be successful.  Get the most bang for your buck.  If something is strange or hard move on and keep trying other things because you might be able to get lots of points instead of pulling out your hair on why WEP is weird and you can't figure it out.


The Foxes

I am not sure what happened.  I can’t tell if it's a lack of gear or a lack of proper explanation.  The foxes were really not on anyone's priority list.  Each fox is 750pts.  And on Saturday no one found a fox.  There were three foxes out at a relatively small conference.  I know not everyone does the WCTF so often that they have all kinds of gear falling out of their bags just ready to do a fox hunt.  If this is something you wish to start doing and winning then a fox hunt must be apart of your plan.  And it will only get harder at conferences that get bigger such as Shmoocon.  Testing your gear and practicing will give you a damn good advantage.  Dont skip out on these huge chunks of points.  Finding a rogue device is a absolute

Cheat Sheets and Guides

Make your own cheat sheets and don't over depend on a cookie cutter guide you found on the internet or got from a class.  A few people used some wireless guide and it was causing lots of grief.  I have heard of reading between the lines but some were skipping right over the text and getting right to the command line parts. 

The challenges are set up in very specific ways to be challenging and emulate things seen in the wild.  Your cookie cutter article for how to crack wep or get a handshake may not and will not work.   Make your own guide so that you don't have to google for all the same articles you have googled at every WCTF.  The aircrack-ng suite has many tools and many ways to use the tools.  A classroom wifi class has a clear order to things, if you do X and Y you will get Z.  A live scenario like the WCTF helps train your creativity that will be helpful on a real engagement.  If the standard way to get WEP is not working it’s time to try something different, or take a deeper look at what you are seeing besides the encryption type.  Just like pentesting a Windows system you have to properly Enumerate these challenges to be successful. 

I will repeat something I said a few times in the WCTF.  WEP is not easy.  It is vulnerable.  You have to do the right things to collect the right things to get the key.  No,  the challenges are not broken and yes they are working.  You need to scan, identify, and notice the “thing” that makes that challenge special and try something and fail.  Then try something else. 

We try to help and we have to find ways to help that don’t immediately give away the answer.   I have sat in your chair and cursed the WCTF team for their vague hints.  But I am better at it now because I was forced to get my lightbulb moments to nail the challenge and get the flag.

Monday, October 23, 2017

Words of Wisdom from Wasabi's Corner


I had a blast.  There were lots of new faces, some old, some familiar, and some only scored 10 points and left.  As usual I walked the floor and tried to help everyone from veteran wctf person to all the new people.  But I think the WCTF team just loves watching the blind leading the blind so they keep inviting me back to help.  HAHA 

We had a great turnout and competition was tough for the top individual score until the wireless fox was found.  Congratulations to all the winners and I hope the new people saw the fun and will be back next time.  The following are my observations and suggestions for the next time you participate in the WCTF.

Ask for help
Yes I know I was vague lots of time when you asked me something.  Sometimes I knew the answer and could not tell you or I had no idea.  I am not told the exact answers to all the problems.  And I only know the ways I would attack it or attempt to find the solution.  Dont sit and stew.   I will help you get on the scoreboard.  I won't do it for you and I won't tell you the exact thing to type into your terminal but I will suggest tools and or reasons why you are having a hard to impossible time with what you are working on.  And BTW it's not like I'm quiet or anything, if you hear me helping someone listen in and write stuff down because it will probably help you too.

People getting stuck on what they thought was easy
I saw a lot of people get stuck on WCTF_01 (WEP).  WEP is not easy stop saying that.  WEP is vulnerable and can only be defeated if you do the right things and collect enough of the right things to exploit the vulnerability.  If what you are doing is not working it might not be broke and you should try something else because that one thing from that one article you read that one time is not working.


Running in VM’s
I will give you the short answer on this.  DONT.  Ok now here is why.  Myself nor anyone else wants to figure out why your system is not working right, not capturing traffic right and any other little quirk or hiccup because you are running in a VM.  (I take that back yes I will help you troubleshoot your IT problem but you won't like my IT Consulting rate and I make no promises it will work)  Yes, I know you don't do this all the time.  So make two bootable USB drives and an extra copy of the ISO.  Do you have to install Pentoo or kali on your laptop? No you don't I have run off a live USB to compete in the WCTF before.  People found out real quick if you don't give enough resources to the VM that using aircrack or SDR is really really really terrible and slow.  And even if you did give tons of resources to your VM USB passthrough and virtualization will still be a problem.
           

Build your own wireless cheat sheet
Again I know you don't do this all the time.  So why are you still Googleing the same things at every WCTF.  Open the note pad or note taking app of your choice and start writing stuff down and add the link in case you want to do further searching.  Those 30-45 minutes you have to keep Googeling you could be looking for foxes or getting another WPA2 Flag and it could mean the difference between winning or coming in second place.
           

Hostile Air
I feel bad that two people left out of frustration of the networks intermittent issues.  And while there is no correct answer or solution for this all I can say is welcome to wireless hacking.  The wireless in the room is kinda wonky and all over the place.  People are hacking, cracking, Deauthing, and some new people have no idea what they are doing and might just be flooding the air with craziness. Plus you are at a INFOSEC Security Conference and there are super leet and super script kiddy bull crap going on too.  We saw different things going on and the WCTF team used a little magic of our own and fixed them.  Just be aware this is a thing.

Conclusion
If this is something you wish to pursue personally or professionally then give it a little time, do it legally, and have fun. The WCTF is a competition, it is a game, it is not impossible.  With a little prep work I can't guarantee winning but you will be less frustrated and have lots of success.  Even (insert local sports ball team here) has planning, strategy meetings, and preparation for the next game.  How much would it suck to know that given a little more preparation you would not have lost by 100pts or less.  Just saying.  But what would I know.  And I'm not your supervisor.  You do what you want.  Im sure you know better.  I would agree with you but then we would both be wrong.

Sunday, October 8, 2017

2017

Well BSidesDC 2017 has concluded and we had a great time!  Hope all our players and visitors did as well.  
We were treated to a great presentation by Wasabi covering great information for newbies and veterans alike. 
Thanks brother for all the work and support you gave the Village!








Wiresharknado   2485 Points


  • $250 Gift card to Micro Center
  • 2 x WCTF Challenge Coins
  • 2 x BSidesDC black badges





Crimson Agents  1512 points

  • $100 Micro Center gift card
  • 1 x BSidesDC black badge








 








Root_Acquired   1375 points

  •  1 x BSidesDC black badge

Sunday, July 30, 2017

DEFCON 25 Wireless Village CTF


Final scores




Thank you soooooooo much to our awesome sponsors who donated the awesome prizes below.




And the winners are......



What does the fox say?

WiFi Pineapple Tetra
5 ESP board
Lock Picks
Telefreaks pager watch
Ettus b200 with metal case
Lan Turtle
Bash Bunny
Hak5 long range amp
WiFi Card
HackRF
No Starch T-shirt
HFC Shirt
Wide Band
Wireless Village 2017 coin for each member



DiPolarBears

WiFi Pineapple
3 ESP boards
US Go
Hackers for Charity shirt
No starch t-shirt
Aerohive AP
cables and pig tails
4 caffeine vape pens
Pager watch
Wireless Village 2017 coin for each member



DalesPaleAles

Hak5 Everything kit
Hackers for charity shirt
Variety of four No Starch Press Books
Caffeine vape pens
3 ESP boards
Simple WiFi small antenna
Wireless Village 2017 coin for each member



Friday, July 28, 2017


We're winding down to the end of Wireless CTF Day 1 here at DEFCON 2017.

Here are the current scores and challenges status:





WELCOME to the 1980's


DEFCON 25 is on!!!

In-brief is underway and talks begin at 11:30am today.
Check out the schedule here.




Wednesday, July 5, 2017

Calling all sponsors, call all sponsors....


Hey there!  Wireless Village here.

Do you enjoy the fun, learning, antics, and prizes of WCTF?

Want to help WCTF remain a strong presence at all your favorite cons?

You can!

We are currently looking for corporate sponsorships.


Many of the people who participate in the WCTF work with network security, signals analysis, and general INFOSEC.  Maybe you're one of them?  Regardless of your employers sector in INFOSEC, odds are your employer has benefitted from the skills and practice you experienced at WCTF.  If so, do you think your employer might be interested in supporting our team?

  1. How can you help?
    1. Speak to your employer and ask if they would like to have their name on WCTF swag, such as, our team t-shirts, team website, and acknowledgement during WCTF announcements at all the cons we attend.
  2. What will it cost?
    1. Thats up to them.  
    2. Your employer can sponsor us with a cash donation or a gift in kind of products.  Company products, such as Hak5 WiFI Pineapples, Great Scott Gadget Hack RFs, Pwnie Express Pwn-Pads, and Aruba APs (just to name a few) are examples of gifts in kind which become the awesome WCTF sweet prizes teams can win!
  3. How do they sponsor WCTF?
    1. Contact us through our website.  You can download the sponsor information and participation form here WCTF Sponsors.  Here you will find a list of the awesome companies that sponsored us last year and in years prior.  Download a copy of our sponsor information documents to share with your employer.
Remember without sponsors WCTF can't happen!