Author: rvasadmin

RVAsec 7 CTF Prizes

RVAsec 2018 is just a few days away, which means it’s almost time for another CTF! As mentioned in our first blog post, we have some exciting problems planned in topics ranging from cryptography to web and binary exploitation to lockpicking and badge hacking. The actual CTF will take place on Friday, June 8th all day, but we’ll have some practice challenges set up on Thursday.

Thanks to Crowdstrike as well as Offensive Security and Netsparker, we have some really exciting prizes. As done in the past, we will have two separate prize tiers: you can either compete individually or in teams of up to 5 people. The top 3 individuals and teams in each category will be guaranteed a prize, and the remaining prizes will be distributed to the next highest individuals/teams. Priority will be given to the highest finishing competitors/teams (1st place chooses first, then 2nd, etc), with the top 3 individuals picking first, followed by the top 3 teams.

As one last note, you’ll be able to connect to the CTF stuff both wired and wirelessly. As we don’t have enough hardware to allow everyone to connect via a wired connection, you are encouraged to bring your own switch and long Cat5 cable.

Without further ado, the RVAsec CTF 2018 prizes:

● 2x Offensive Security PWK Course with 30 days of lab + OSCP Certification
● 2х Netsparker License
● 2x Hak5 WiFi Pineapple Tetra Tactical
● 2x Hak5 Bash Bunny
● 2x Hak5 Rubber Ducky
● 3x Holy Stone Racing FPV Drone
● 2x Anker PowerCore Speed 20000 Portable Charger
● 1x $250 Visa Gift Card
● 2x $100 Visa Gift Card


RVAsec 7 Layout

2018 Map

Click map for larger version

Wondering where things are for RVAsec in the VCU University Student Commons? Look no further!

  • Registration is outside the Richmond Salons
  • Talks are in Commonwealth Ballroom & Commons Theater
  • Vendors & food are in the Richmond Salons or outside Salons/Ballroom
  • Capture the Flag (CTF) is in the Virginia Rooms
  • Badges from HackRVA are in the Virginia Rooms

Click the map of the Commons 2nd floor for a larger version.

Talks:
Virginia Commonwealth University Campus
University Student Commons, 2nd floor
907 Floyd Avenue, Richmond, VA 23284

Parking:
Main Street Parking Deck
801 West Main Street, Richmond, VA 23284


RVAsec 2018 Proof of Attendance

If you need proof of attendance for your CISSP or other certification CPEs, please use this PDF.

Instructions:

 

Proof of attendance:


RVAsec 7 CTF

The CTF crew is once again hard at work preparing challenges for this year’s competition. As in the past, the first day of the conference will be CTF prep while the actual competition will take place on Day 2 (Friday, June 8th). Even though it will contain some hard challenges, this is a learning CTF – not just a bash-your-head-against-the-wall competition. As such, there will be plenty of challenges from lockpicking to recon and web exploitation for people of all levels and backgrounds. Additionally, you may choose to compete as an individual or form teams of up to 5 people – there are separate prize categories for both.

You will need an updated Kali machine, but we will provide everything else.

Below is a list of some of the skills/topics that have been covered in previous years.

Entry Level: Primarily aimed at beginners and those with a less technical background, focusing on basic infosec skills and concepts.

  • Rot N encoding
  • Google Fu / OSINT
  • Examining website source code
  • Basic file analysis (eg. file, strings)
  • Trivia

Intermediate: Expect to begin taking a deep dive into the core categories by finding and exploiting vulnerabilities, cracking passwords, etc.

  • Extracting objects from Wireshark dump
  • SQL Injection
  • URL Fuzzing
  • Cracking password hashes (using john, Hashcat, etc)
  • Reverse Engineering and Disassembly

Hard: For our battle-hardened, seasoned CTF players which will challenge competitors to truly think outside the box, crack encryption, exploit binaries, and more.

  • Blacklist filter evasion for SQL Injection
  • Binary Exploitation (buffer overflows and more)
  • Cracking RSA Encryption
  • Multi-step OSINT investigation
  • Hardware

In addition, we are always looking for volunteers to help out with creating and testing all of the problems. If that interests you, please reach out to us at contact [at] metactf.com, and we’ll add you to the mailing list.

We are pleased to announce that CrowdStrike has sponsored the CTF this year!

Finally, good luck to everyone and we’ll see you in June!

 


RVAsec 7 After Party at The Circuit — Register Now!

The RVAsec 7 after party sponsored by Risk Based Security and GuidePoint Security, will be at The Circuit on Thursday, June 7th, after the conference!

Thu, June 7, 2018
5:30 PM – 7:30 PM

The Circuit is located at:

3121 W. Leigh St
Richmond, Virginia 23230

The Circuit is an arcade bar in the Scott’s Addition Beverage District of Richmond, VA. We have a growing family of 70 arcade games, pinball machines, and skeeball lanes, as well as a forever rotating 50-tap beer wall boasting both local and national favorites.

This is an exclusive event with limited availability, so you must be registered to attend and bring your RVAsec badge or you will not be allowed entrance–no exceptions!

Even if you have a ticket for RVAsec and said that you wanted to attend during the signup process, you MUST now registered for the party!

Register Now!

https://www.eventbrite.com/e/rvasec-7-after-party-tickets-45987727531



Josh Corman (@joshcorman) To Keynote RVAsec 2018!

 

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded RuggedSoftware and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh’s unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serves as an adjunct faculty for Carnegie Mellon’s Heinz College and on the Congressional Task Force for Healthcare Industry Cybersecurity.


RVAsec 2018 Speakers and Schedule Announced

We had many great submissions to the CFP this year! It was extremely hard but the CFP team has managed to select a great lineup for RVAsec 2018.

Thank you to everyone who submitted a proposal to the CFP –the review team had to make some tough decisions and we appreciate all the time and hard work that went into submitting.

Without further delay, here are the speakers for the RVAsec 2018!

For the full details and times for specific talks, please see the schedule page.

Ticket are selling quickly so if you haven’t now is the time to register if you haven’t yet!


Katie Moussouris (@k8em0) To Keynote RVAsec 2018!

We are pleased to announce that Katie Moussouris, CEO of, Luta Security will be keynoting RVAsec 2018!

Luta Security is a company offering unparalleled expertise to create robust vulnerability coordination programs. Luta Security specializes in governments and multi-party supply chain vulnerability coordination.

Ms. Moussouris recently testified as an expert on bug bounties & the labor market for security research for the US Senate, and has also been called upon for European Parliament hearings on dual-use technology. She was later invited by the US State Department to help renegotiate the Wassenaar Arrangement, which she successfully helped change the export control language to include technical exemptions for vulnerability disclosure and incident response.

She is a coauthor of an economic research paper on the labor market for bugs, published as a book chapter by MIT Press in 2017, and presented on the first system dynamics model of the vulnerability economy & exploit market in 2015, as part of her academic work as a visiting scholar at MIT Sloan School.

She has over 20 years of pioneering leadership in information security, as a former penetration tester at @stake , to creating Microsoft Vulnerability Research, the first MS Bug bounties, and advising the US Department of Defense for years resulting in the launch of the Hack-the-Pentagon program. She is also an author and co-editor of standards ISO 29147 Vulnerability disclosure and ISO 30111 Vulnerability handling processes.