Security/Hacking Team @ CMU

Introduction

I have spent some time over the past month or so trying to use Go binaries in a secure manner and trying to exploit Go binaries and I thought it would be useful if I talked a little bit about my journey.

First, I have been working in Go for about a year now. As part of this years pCTF, I created a problem that involved exploiting a Go binary (binary and source here). I consequently had to deal with securing the binary to prevent leaking unnecessary information and had some fun playing around with exploiting a Go binary.

Read more

One of PPP’s favorite competitions is CSAW, mostly because it gives us an excuse to go to New York City if we qualify, but also because it was one of the first competitions that PPP won back in 2009 when it started. So, of course, in late September PPP competed in the CSAW qualification round. This year we put together 3 undergraduate teams: PPP{1,2,3} and 1 graduate team PPP5. We had both veterans and new recruits play this year.

Shortly after our weekly Friday meeting and dinner outing the teams separated and went to start with the hacking. The challenges started off pretty easy, with even the team composed entirely of new members solving all the crypto problems in a short period, but as the night progressed more difficult and interesting problems opened up.

After a few hours of sleep, the fun continued into Saturday with everyone working hard to solve as many problems as possible. But, even hackers need to eat and there is always time for a PPPPP (PPP Pizza Party).

By the end of Saturday night, PPP1 and PPP5 had solved a large subset of the problems and PPP{2,3}, while not as far, were still making constant progress. However, by Sunday morning, it became pretty clear that we would soon have to figure out how the hell to get 12 people to New York since it looked like all 3 of our teams were going to qualify for the final round.

Indeed this was the case.

By early November, mostly everyone was ready to skip class for a few days and go to New York City for the CSAW finals. Let it be known, that when PPP travels, PPP travels in style, so we rented two minivans and left on Thursday afternoon to drive to New York City. By the end of the night both teams had arrived safely, although one driver managed to get a speeding ticket.

The next morning we woke up and made our way over to NYU Poly’s campus to begin. The competition started at noon and went for 24 hours. The organizers of CSAW were extremely hospitable, buying us pizza, candy, and even letting us attend a fancy dinner event during which Mudge from L0pht gave a talk. The competition itself had some really fun problems, most of which were much more difficult than the those in the qualifying round. For example, one of the problems made by Dino Dai Zovi required constructing an exploit for Safari which allowed us to gain access to a box he was running remotely. However, even then the location of the keys weren’t obvious, one of the more well hidden keys required using a webcam attached to the box to take a picture of a piece of paper with a key written on it that was in front of it.

Overall, PPP had a great time and also did very well, taking both 1st and 2nd place.

 

 

On May 18th, PPP was in Moscow playing in the Positive Hack Days CTF competition. This competition was organized by Positive Technologies, a computer security firm located in Russia. Andrew, Brian, David, Ricky, and Tyler traveled to Russia to participate in the challenge.

This was the first time in Russia for most members of the team, and none of us knew many Russian words or phrases, which made the trip quite interesting. Luckily the organizers of the competition sent Yulia to pick us up from the airport, as well as to help us check into our hotel and do some translating into English for us.

 

After settling into our hotel and managing to get some food without using the Russian language, we went to bed after a long day of travel. The next day we tried out the Russian metro system (if we can handle crypto, we can handle Russian, right?), traveling to Red Square and Izmailovsky Park.

There were many beautiful and historic buildings, though we didn’t have enough time to see them all. Eventually we traveled to Izmailovsky Park, where we were able to get some food and take a break from the urban Moscow life.

Of course, with the CTF competition fast approaching, we needed to get back to our hotel and get some rest so we could be ready to pwn in the morning.

After a good night’s sleep, we went to the adjoining building to our hotel for the PHDays conference and competition.

We were pretty surprised once we got into the actual location where the CTF was being held. Not only was the room originally a nightclub rather than a standard conference hall, but everything was setup in the room quite awesomely. There were three large projectors displaying the status of game services for each team, a standard scoreboard, as well as a neat visualization of attacks between teams.

The competition organization was quite excellent. Not only were there a ton of challenges (some of which we didn’t even have time to look at), the organizers also had some awesomely made video clips throughout the competition to introduce new updates, which were handed to us in envelopes marked “Top Secret”.

 

Throughout most of the competition we were able to maintain a pretty good lead by patching and exploiting services quickly, rather than spending time focusing on “blackbox” problems (which were like more typical CTF style problems).

Of course, LeetMore did not let us relax our guard, so we had to keep working hard the entire competition to maintain our lead. In the end, we were able to stay ahead of everyone else and take first place!!!

After the eight hour competition we had some time to talk with the other teams, as well as eat some food (and cake!) while listening to live music.

Afterwards there was a small individual “Russian style” hacking contest, followed by the awards ceremony.

Not only did Positive Technologies give us an awesome trophy, they also gave us our prize money in a bad-ass looking briefcase. Because really, what better way to receive your prize money than in a locked briefcase?

After the ceremony was over, we went back to our rooms to get some sleep after a long day of hacking.

On our last day in Moscow, the organizers from Positive Technologies set up a tour for all the foreign teams to see the city. Despite some heavy traffic close to Red Square, we still had a great time with our friends from Nibbles, BIOS, and Positive Technologies.

After our tour of Moscow, we all went out to dinner with the international teams, as well as presenters and organizers from Positive Hack Days. Unfortunately, the CTF teams from Russia were not able to make it to dinner, so we did not have more time to hang out and talk with them.

After dinner we walked around Moscow until nighttime, when we eventually went back to our hotel to rest for the trip home.

The next day we took a taxi to the airport (again kindly arranged by Positive Technologies), where PPP parted ways for our journey back to the United States. Hopefully next year we will be able to participate in Positive Hack Days again, and see all our friends and fellow hackers. We would like to thank all of the organizers for Positive Hack Days. It was very clear that a lot of work went into making the competition and conference run smoothly, and we are very thankful for one of the best run competitions we’ve seen!

(Many more pictures from multiple sources, collected by the competition organizers can be found here.)

As you may remember, PPP qualified this year for the annual Korean Codegate competition. This is one of the most popular CTF competitions in the world, which made it an impressive feat to even make it to the final round for a second time.

This year the team decided to schedule more time in Korea than last year, giving more chances to see Seoul and hang out with other teams. Although we were disappointed that the top teams this year were not as geographically diverse as last year, we were happy that another American team, Disekt, was around.

After a bit lot of resting from the long flight from Pittsburgh, we went to COEX so the competition organizers could record some rather embarrassing videos of our team to play during the competition. We then met up with Disekt, as well as our friend LarsH from Hacking for Soju (HFS) for some pre-CTF dinner.

 

Of course, we came to Korea to hack, and so early the next morning we traveled to COEX for the competition. In order to make the competition more observer friendly, the organizers this year changed the way that scoring in the competition would take place. Rather than simply submitting keys for points, the game was actually styled after the Korean game Yut. Although this was a bit confusing at first, it ended up not changing the game play too much.

 

We were a bit disappointed (though not surprised) to see that this year the competition focused less on binaries problems and more on forensics. Of course, that’s no reason for us not to solve problems! By about half way through the competition, PPP was in the lead.

 

Of course, as we learned last year, it is very easy for one to lose one’s position, so if we wanted to stay in first, we needed to keep solving problems!

 

After a lot of furious googling to solve forensics problems and very little sleep, we managed to maintain our position, despite the other teams working hard to get ahead. At the end of the 24 hour match we had a comfortable lead of 8 spaces on the Yut board.

 

Behind us were the teams PLUS (who were originally not going to participate in the finals) and One-Eyed Jack, both of which are awesome teams from Korea. Although we tried to return to our hotel to get some rest before the final ceremonies and dinner with other teams, we were called back to talk to some reporters about the competition and our team. Despite not having slept for about 30 hours at that point, we still enjoyed the speakers and final ceremony.

 

 

After finally getting a chance to go back to our hotel with just enough time to shower (but sadly not so sleep), we went back out to have dinner with the awesome organizers and other great teams.

 

Of course, even though the competition ended, this was not the end of our trip! After a day to catch up on sleep, we spent some time with HFS.

 

After first going out to dinner with HFS as well as some organizers from the competition, we then found a Korean pool hall. Luckily pool skills were not tested in Codegate, as HFS is much better at it.

 

The next day the team went to Seoul Women’s University to give some talks on security. This was a bit different from our normal routine, so we weren’t quite sure how things would work out.

 

We presented two talks to a classroom full of students: one talk on buffer overflows and preventions, and another talk on lockpicking. As most of you probably know, computer science/engineering is a field with a disproportionately large amount of males, so it was great seeing that many female students interested in computers and computer security.

 

After we left, we had dinner with a few awesome students from Seoul Women’s University, generously paid for by the professors Hyung Jong Kim and Yoonjeong Kim. Some of the students had recently formed a group for people interested in computer security, we hope to see them participate in CTF competitions soon.

 

The next day we met up with one of Brian’s friends for lunch at a Korean Chinese restaurant and to see some new parts of Seoul.

 

We then toured around Seoul seeing some impressive historic places and monuments, eventually we wandered into a small “tea museum”, where we each tried different types of teas.

 

After finishing our tea, we went to a large open market/mall to see some random Korean shops. Soon after, we met up with another friend of Brian’s, who was an organizer in Codegate both this year and last, to go up to Namsan tower.

 

After getting to the tower and walking around for a little bit, we went back to the city to get some food. For our last night in Korea, we met up with some graduate students under a professor Yong Su Park, who is currently visiting Cylab CMU.

 

Of course, we love Korean food, so that couldn’t have been the end of it. When we woke up the next morning to go to the airport with Brian’s dad, we stopped for one last Korean lunch, as well.

With no more last Korean meals to take, we headed back to America, to catch up on a week’s worth of missed classes and homework. We had a great time in Korea! Thank you to all the Codegate organizers and all the friends we met (and made) in Seoul for such a great week.

Hope to see you all again next year!

 

 

Hi everyone, I’m posting this at our Faculty Advisor’s (Professor David Brumley) request.

If you are interested in the following position, please contact him!

Job Opening (Staff Programmer)

We’re looking for great systems programmers to work on automatic program exploitation and program analysis problems. We need strong programmers with an emphasis on systems-level knowledge (knowing how a program gets compiled down, unix, etc.). Being able to reverse engineer binaries and write exploits against program binaries is a plus. Experience with writing compilers/optimizations, or program verification is also a plus. We write our code in C and OCaml. The position is at Carnegie Mellon University in CyLab (www.cylab.cmu.edu) with Prof. David Brumley. You’d also be working with CMU PhD students and undergrads. To get a sense of the security projects, visit http://security.ece.cmu.edu.

If interested, please apply at http://www.cmu.edu/jobs to job listing 7993
or by this link:
https://secured.kenexa.com/cmu/cc/CCJobResultsAction.ss?command=ViewJobDetails&job_REQUISITION_NUMBER=7993

If you have questions, please send an e-mail to dbru…@cmu.edu