DRG Challenge at FIRST 2013 Summary Recap and Trivia Solutions

The Dragon Research Group, for the second year running, hosted the DRG Challenge at FIRST 2013. We undertook some architectural changes to the game and we are pleased to report all went swimmingly. Chalk up another successful and fun-filled event. We would like to acknowledge and thank all the attendees who participated as part of a challenge team, but also all those who simply stopped by or hung out at the challenge headquarters to observe the activities. We would especially like to thank the FIRST 2013 program staff, which includes the program committee, steering committee, secretariat, Cisco on-site network team and CAPS LLC for their unflappable support and assistance. Last, but not least, we are eternally grateful to those who helped provide travel support for DRG volunteers, including those employers who allow their DRG volunteers the flexiblility to participate in these sorts of efforts. Without which none of this would have been possible. A special hats off to CERT.br / NIC.br, RSA Security and Team Cymru Research NFP for helping to underwrite travel costs for one or more DRG volunteers.

This time around we implemented a new, automated web-based challenge framework. This new framework, provided a convenient, easy-to-use interface that managed the roll out of each individual challenge as well as kept track of each team's progress, aggregating progress into a main page scoreboard. As a result, we were able to offer many more challenges, but like last year, the competition was heated until the very end. Ironically, the DRG Challenge at FIRST 2013 Scoreboard shows the team named FIRST Team, so-named because they were the first team to register for the challenge, came out on top, and each participant of that team took home an iPad Mini. There were numerous determined and capable players, but the winning team best demonstrated tenancity and skill to come out on top.

As promised to all those that asked, we will begin releasing the challenges and their solutions in a series of blog posts over the coming months, starting with the trivia challenges today. Like all challenge questions, a varying amount of points were awarded based on the estimated difficulty of the challenge. Without further ado, the DRG Challenge at FIRST 2013 Trivia Questions and Answers:

Question: The size of these attacks keep growing, we saw some of the biggest ones within the past few months. (100 points)
Answer: ddos

Question: What is the number one password tried by SSH scanners? (200 points)
Answer: 12345
The DRG SSH Username and Password Authentication Tag Clouds would provide the answer.

Question: A well known weakness in a class of cryptographic functions that was largely theoretical was recently seen in the wild for the first time. What piece of malware used this weakness? (300 points)
Answer: Flame
The trailofbits MD5 collision analysis blog post is worth a look.

Question: An important algorithm was "in the news" over the past year. The hallmark feature of this algorithm involves a function with two phases that is capable of mapping any size input to any size output. (400 points)
Answer: keccak
The winner of the SHA3 competition utilizes so-called "sponge" functions, making it algorithmically different from existing and commonly used hash functions.

Question: The following assembly instruction can be used as an alternative to what popular sequence of commands used by exploit writers? call dword ptr[esp+8]
Answer: pop pop ret
These commands are commonly used by malware writers to bypass the structure exception handler (SEH) when attempting code injection. call dword ptr[esp+8] effectively moves the stack pointer to the same location in memory as pop pop ret.

Stay tuned for the next installment of the DRG Challenge at FIRST 2013 Summary Recap.

posted at 5:32 pm | permanent link

About DRG

Apply to DRG

Host a DRG Distro Pod

Insight & Analysis


Weekend Reads


Security Innovation Grant

Mailing lists

DRG PGP public key

Follow us on Twitter Follow DragonResearch on Twitter

Feedback: dragon@dragonresearchgroup.org