BSides PDX Update

BSides PDX was a blast, as expected. My team (@sectribe) ended up ranked 3 out of 26 on the scoreboard. I was the first person to solve the web-100 and web-200 challenge, and the third to solve the web-300. The web-300 was some pretty standard SQL injection, the web-200 was a padding oracle attack on an encrypted cookie, and the web-100 was URL knocking. Out of all of them, the web-100 frustrated me the most. I spent pretty much the entire first day on it. @swordofomen solved osint-200, and Aaron J solved the pwn-re-200, giving us a total of 1000 points at the end. I was extremely close to getting osint-300 at the end, which would have boosted us to 2nd place, but I gave up. I was super burnt out by 5:00 on Saturday when they froze the scoreboard. I also sorta helped @The4rchangel find a missing teenager in the OSINT CTF (finding real-world missing persons) by suggesting that he check Snapmap after adding the missing person on Snapchat after finding it on their Instagram. You can read his article on the OSINT CTF here.

It was really cool meeting @_MG_ and checking out his HID-attack iPhone charging cable, as well as seeing the Hardware Implant Panel which discussed the Bloomberg article about the “tiny chip that China used to infiltrate America’s top companies.” The entire thing was basically: this likely isn’t real, but it’s plausible, the concern is real, and you should worry about it.

The after-parties at @pascalpdx and @ctrlhpdx were super fun. I’m beyond excited for next year’s BSides PDX. Maybe this whole thing has even motivated me to go to Defcon 27.

Github Solutions/Notes/Recreations: