WCTF Magic as Told by a Clumsy Magician

this is w CTF magic as told by a clumsy magician I'm going to take you on a fantastic adventure

all right so I was told were on a live stream so I have to do my absolute best to behave myself but uh I can no promises I may say some stuff that may offend you I'm not really a sorry so Who am I 2001 decided to join Navy did an a vit for 11 years the coolest things I did were mobile comms team one with SEAL team one I did all their jungle comms when we deployed to the Philippines I ran the entire network sweet and calm sweet I worked at a non Maryland they made me go to shore duty finally and then calm tenth fleet fleet Cybercom my help stand up the Navy's Cyber Command I

work for Admiral Rogers and then Admiral mccullough and it was Roger's while he was a three-star before he went became a cool guy for start over at NSA so uh I was a principal security engineer I was the hbss me that sent out all the cool messages essentia to do what things on hbss i worked at raytheon on a nato network the combined federated battle laboratories network and then i'm currently doing a network navy network is SO du ska i do very boring paperwork junky stuff search because they made me have to do the 8570 compliance stuff and then i also recently joined the American fireworks team and I blow [ __ ] up the

most recent shoot we did was fourth of july four secrets in Ocean City we set off six thousand shells and some shells I held in my hand were bigger than your head and they let me hold those and wire them up and enough alright so now that we're done with that jerk who is wasabi so I finally started real info second 2010 after doing a vit for a while I do wireless hacking you know kind when I'm here to talk about I'm on the Crimson agents ETF team as an individual and as a part of a team we have won the last 5 w CTFs we have competed in we're not cool enough to go

to DEFCON and compete so I don't I don't count that one security enthusiast I enjoy security and I know that the world's going towards the Internet of Things or nearly a lot of fun with Wi-Fi and wireless in the future so as I said in my bio i'm looking forward to filling your kitchen with ice cubes after i take over your fridge alright the objective of this talk they do a much better job at explaining how to do a WC TF from the other side with the with the intro to the WC TF i'm going to give all these things from my point of view from the first time I ever tried to w ZT f and failed miserably

to putting points on the board and having tons of fun so I have fought with my computer I have stuck myself for six hours trying to figure out the same WEP thing and went down the rabbit hole and googled and things weren't working right and it's it's not fun and I'm hoping that you will learn from my mistakes and then don't incur the same wrath I received from the the team at the front of the room it's all love Wraith so as a matter of fact forgotten is here the first time I ever went to a security conference in the first time I ever tried to compete in the WC TF was the very first b-sides DC and I went I

just happened to go to the hackerspace on the Friday night he's like I got an extra ticket and I want to split a room I said I ain't got any plans this weekend let's go so literally on the car ride down i'm installing kali linux thinking I'm gonna yeah on the right down on battery power i'm installing kali linux thinking I'm going to take over this I because Iran rever once and got a password and thought I was cool and I followed the lifehacker article on how to break it to a WEP key and did it once so L obviously ready so so so here's the here's the funny part so I had just installed Callie over

windows on this asus that never had cali on it or any lennox on it before I sit down receive the brief I'm hiding in the corner because I don't know anybody this is my first con ever it's all a bunch of scary hacker folks my wireless stopped working like like all of it I couldn't get any networking working like at all and I'm thinking well [ __ ] I've been owned like I but that didn't take long I'm freaking noob like it happened immediately so I'm like in the corner fighting with my network card because all I brought was like my laptop and my charming personality no extra Wi-Fi cards no bluetooth nothing like I was good I was

convinced I had everything I needed for the competition so come to find out after three days of reinstalls after chasing forums after running through blog posts my asus laptop now hold on my asus laptop when you boot it up for the first time the network manager has a bug and it doesn't start networking it thinks its Hardware disabled so all i have to do is close the lid wait till there's just one light for the standby light open the laptop back up and boom I'm connected to Wi-Fi

it thinks its Hardware disabled none of that works like it thinks its Hardware disabled so I was looking through the bio so I'm looking for switches that I didn't even know existed on this laptop I was convinced I had to find a button that was not on my laptop so that is what you not do for your very first WCT up so look the only way that I'm even here right now is because I failed I failed some more a fill three more times and then finally through pure brute force I started learning this stuff through a little bit of mentorship and a little guidance from the w CTF team I've actually was able to put in a flag and

get like at least a couple of points so from the competitor point of view we're going to go over the game the challenges some methodologies the team of solo strategy offense of Defense and then some gear stuff so so it's a wireless it's a wireless ETF but it's it's kind of setup standards that other CTFs are you've got rules points prizes and opponents and sometimes in this one you can't even see your opponent because they can be further away because it's wireless not everyone's going to get a trophy you're not first you're last it's it's jeopardy of style in the sense that when you go to their website you submit your flag but it's not like there's not like a

scoreboard or just like a there's not unnecessarily I flow like you can go at any rate that you want and try any challenge that you need to based on what you're able to accomplish so if you don't know then ask so unlike my first w CTF I didn't talk to anybody I was hiding in the corner I probably could have got a little help the it's just a game like everybody's there to compete but I have never met anybody that want it wasn't truly like one did not want to help somebody so go up and like don't be shy go up and ask that they're more than willing I'll even help you if you show up today down there and

you're having a problem ask me and I will help you with sabe let's stop there so don't nuke it a little spicy so it's just a game we're here to have fun so Delaware is two days like right now people are scoring points and I'm not down there competing the w CTF like I should yeah I know thanks so if you get stuck on something move on and maybe come back to it don't don't corner yourself into one thing or one problem there they have so many different challenges that you can try whether it's SDR they just introduced SCADA they've got some Bluetooth stuff there's a bunch of Wi-Fi there's different kinds of Wi-Fi so if one is

your problem for you try another one and come back to it so don't give up but don't stay on the one challenge like I did for six hours and trying to figure out why web doesn't work so it's wireless you cannot see what's not there but that's the thing you can decide it's you know it's Wi-Fi you know it's Bluetooth you know that those things are out there start your scans know what you want to look for know what you want to start looking for and go from there the challenge is of course I believe with Def Con they just introduced a little bit more Bluetooth stuff especially with the release of blue Hydra really cool tool if you've

not downloaded it go to github and get it I've rented it a couple of different places and it is really cool the things that are running bluetooth that you didn't know a running bluetooth I I I I walked the entire der beek on and saw really really interesting things so there's Wi-Fi there's SDR all this stuff is low entry on equipment you can come in and participate think outside the box they may very well start introducing things like toasters that we have to take over and burn toast to get points like that would be cool I'm taking credit if you do it

alright so so what do I do now like when you show up like it's just assumed sometimes that you know exactly what you're supposed to already do like with other red team events that you plug in and you start scanning so pick the device that you want to look for pick the thing that you want to do pick Wi-Fi pick whatever else you want to do like if it's Bluetooth you want to go after the speakers and play your own music because they've picked some kind of weird esoteric freakin EDM from goth days or something yeah yeah I know about to start I'm pod to start off with negative points just like shmoocon so so take notes as you go I can't

emphasize this enough because there were times that I I had assigned WLAN one to do one thing and I signed WLAN to to do another and then I came back and I decided I was going to do something else and I assigned WLAN one to do that so everything I was doing on the other pain like it failed because I wasn't collecting anymore or doing anything so take notes write what you see right what you don't see if you / hear people talking about something steal from them so from my perspective get in get logged in get their word list downloaded look at their past freaking presentations and what they did at other places because you can do a lot of

homework ahead of time and see all the things you want to do settle in put all up your stuff do not over multitask do not over multitask your computer may not be able to handle it unless you brought your your gaming rig from home know what you're good at give it a good shot and then try and have fun with the rest they just brought up a bunch of skate of stuff I have no idea about scale abut I'm about to hit it today and I'm about to just hurt my brain as hard as I can or tomorrow

take it in chunks if you go to there if you go to their scoreboard at the bottom you can see what all the flags are you can see the different styles of like different things like you can see that there possibly going to have this and that it's kind of like looking ahead do lots of googling lots of googling there's wireless stuff all over the place from different years but there's lots of help on the internet so what if you get stuck ask others ask your team walk up and look at what's displayed on the table but do not go behind the table without permission and try another challenge just do not I I keep I keep egging on it because I

literally almost two days and it's at a CTF just trying to figure out why I couldn't break the first web challenge like its I wanted to figure it out I wanted to figure it out so bad alright so I scored the UH the Wi-Fi Fox was released and so is the SDR Fox and I had my SD our gear and I'm walking all over besides charm don't be shy because you're going to have to ask people if they are the fox or not just just being dumb I decided to ask somebody because I walked down the escalators I looked up and there's just a group of guys just staring at me guys I knew and I was like those are you the

Fox like I was like yeah yeah I am you walked right by me and you I thought you were gonna catch me so I get up there I've got SDR gear in my hand and he hands me the Wi-Fi Fox

so when I got back into the WC TF room Rick looked at me and goes no I don't even want to give you points for this I was like it's not against the rules like I should get extra points because I found something with the wrong gear but the rule is all i have to do is bring it back to the room but no I mean you're going to have to walk up to people if you're searching for the Fox do not be overly shy and ask people just random people because you never know what they have in their pocket either yeah so speaking of they named the Fox at freakin shmoocon foxy and I'm walking around with a shirt

that says bearded for her pleasure I am walking up to grown man i am walking up to women because i'm seeing this signal and i have to go talk to this girl and I have to ask her if she's foxy the looks on people's faces when you ask if there foxy which and I'm I'm spelt and bearded cuz like are you foxy no it's it's a good time

ok that may be my fault [Laughter] so team and so hook strategy uh join a team no I mean don't go sit in the corner and get stuck like I did like if Ida had two other people that I was there with they probably could have steered me in another direction help me even let me borrow a laptop let me borrow a dongle like if we don't join together and come together and work together and share information it nothing none of this cyber security stuff will work anyway so join a team have some fun but if you're not on a team go there have fun ask questions but it's it's not add eliminating all right look

share with your team but if you're not whispering I swear I will steal your flags break stuff up if you've got a guy that's your strong Wi-Fi guy and you're the strong against the yard guy start start knocking it out at the same time so you can start scoring fast and often all right it helps with what i did a charm was when i did find the Wi-Fi fox i actually didn't turn the Wi-Fi fox in i turned it off and left it in my pocket because while that was going on everybody else was still looking for the fox and i was in the room scoring points on other challenges so

yeah they're still not scoring points either so communicate with your team figure out a way we actually tried to walk we tried to follow 0 at shmoocon if I saw him leave with the bag that I knew the SDR Fox was in and we're communicating through slack found out that's not a good idea because there's a delay so he went out the door and my teammates finally got to the door he's already gone so we were actually going to follow him to the fought like the actual Fox and then just take it

alright so besides charm I actually sandwiches were in route from jimmy johns it was the second day we'd already had the con party i'm hungry as i'm walking out the door to find the SDR fox or Wi-Fi or Wi-Fi hide-and-seek I went over to the booth like the actual registration table for the conference and I started pulling apart t-shirts I was lifting up the skirt for the table I actually got on my hands and knees it was rolling around on the floor in and out of between people because I was looking for the hide-and-seek object I finally find it in a paper cup hidden underneath like the behind the table leg so do not be afraid to get

down and dirty to look for the hide-and-seek they will stick it anywhere they think his nest day I think one time they put it behind a painting at the hotel for DC one was actually in their hotel room and you had to give the hotel or the room number to say that you were even close to it so

so often sand defense is in play so Josh in general actually pulled off a really good event where he was replaying their website and posting old information so that nobody could get current information for the the WCT f you can bring your Wi-Fi pineapple and you can run karma and you can be a jerk but they will shut you down they know how to use this stuff better than you do they know how to do it better than I do and that's it you're at a hacker conference everybody knows what that Wi-Fi pineapple is you can get away with it at some other place but you're going to get shut down here but uh red teaming

is allowed you cannot Jam frequencies you cannot do anything that will like get the FCC in trouble with you but you can attack protocols and you can do other things so add charm I was searching for the Wi-Fi Fox and I noticed every time one of the competitors walked by me I got stronger signal and as he walked away the signal went down he was replaying the Fox as a part of red teaming so that nobody knew what was going on and that's why I when I finally found the Fox because i had to pay attention that if i actually got a good signal i had to make sure he wasn't nowhere around so i knew it was actually

actual real Fox so that's why I turned the Fox off and put it my pocket because he was still replaying it the whole time so people were still seeing with that mac address and that SSID they were still seeing foxy so everybody still thought the Fox was out but it wasn't he was actually trolling himself cuz he actually still kept going out looking for the Fox to all right gear none of my stuff is like commercial-grade hardcore anything I've got TP Link center UD 100's I've got anything that's you know like fifty dollars and blow I have a hack RF just because I wanted one for doing SDR but I got the port of pack and

I did all kinds of stuff but uh there's nothing that's that you don't have to come in with ten thousand dollars worth the gear to get flags unless you're cryptos as a matter of fact my current setup is based on what his setup was when he won a competition for the bicycle race thing like the way that he had the USB hub and the way just I I stole often ideas off other people so why reinvent the wheel know your gear and test your gear I still fail at this I still don't test my gear I'm telling you to test it because you'll be in a position like me and he'll tell you this morning that the pen

to load that I installed crashes and does a kernel panic when you put your Wi-Fi into monitor mode so now I have two laptops are going to kernel panic on me for the game because I didn't test my gear before I showed up so now I might have to try and download a different pen to over Dotel Wi-Fi oh it is alright sweet but seriously test your gear

so a cool and interesting story that I cool and interesting thing I learned I was walking around with the SDR the little gray SDR and I had a little bass and I had like the giant antenna that I could telescoping antenna they were they told me you're not going to find the thing that's right in front of your face within tha's antenna that's over your head so they actually sent me packing and looking for a freakin paper clip but I then stuck into the end of my SDR and now because I have a terrible antenna I'm not getting the freakin signal from like somebody's blender making a smoothie two blocks away I'm actually getting what the

actual SDR Fox is right in front of my face so I actually know crap as soon as I stuck that in I went straight out found the Fox and came right back it I mean it was that quick because I had it was so fine tuned in just what was in front of me as soon as I actually had the signal that was the actual Fox so I went from I brought literally nothing to I brought too much I went on amazon i did like a buying spree i'm buying USB hubs i'm buying Wi-Fi antennas i'm buying AC cards that don't even work on freaking linux yet like I just I I need to die I was so mad

at myself for the very first w CTF that I decided that I wasn't going to let that happen to me again so I decided to go on a purchasing spree and I got single people money so so so I bought a few Wi-Fi dongle [Laughter] so most of the most of the gear that you need to participate in this is anywhere from twenty to a hundred dollars and it's a hundred dollars because you bought one Wi-Fi dongle one bluetooth dongle and one SDR they are at about twenty dollars and below so you can participate for relatively easy and out of the box random bits and bobs when you go out looking for the Fox make sure you've got

one of these really cool external batteries for your for your devices because when you're out there for two hours looking you're gonna start running out of juice and you may get really close to that Fox that open sudden or two percent one percent and you're not finding the Fox USB hub I recommend this because when you start putting in the Wi-Fi dongle and the SDR dongle in the side of your computer the stuff like the USBs are like right up next to each other and they're not going to fit at the same time the dongles too big alright so different styles of antennas directional omnidirectional know what your antennas can do know what they can

do for you phone or tablet the most successful I've been is with Wi-Fi analyzer to find the Fox I'm trying to fix that that it's not the only tool that you can use I'm actually developing something right now and homemade stuff because of the paperclip incident I back I actually got a SMA to BNC connector I've hot glued a paperclip into it so now i have a homemade permanent paperclip antenna so that I'm not just sticking it in the end of my freakin like the actual dongle that I have I do what I want I'm grown all right so so after i copied somebody and I had this giant USB with 19 dongles in it

because I did my single people money thing I couldn't I still couldn't crack anything and come to find out I was over saturating the USB bus when you are pulling in that much information from five different cards doing arrow dump kismet doing everything else it is not going to work for you and then if you try to do SDR at the same time you were just pulling too much information through that one area focus on a few things at a time because your computer's not going to be able to take it you it is not going to be you have to bring you want to do 18 things at once you're going to have to bring in

hardcore hardware so this is my most fun story I got cut loose with corey's hack RF that wasn't in a case with a porta pack and a floppy whip antenna because I had it on good I had it on good they told me that the STR Fox was actually going to be at the party so I believed them so I'm walking around drinking my my white russians and my ciders and about 10 drinks later I finally I was finally told have you not been looking at Twitter no I'm freaking looking for the Fox so the Fox left and went home I was looking for nothing for an hour but by this time I was thoroughly

beverage and I decided why not have a little fun since I'm already that got the weird guy with his stuff so i would actually walk up to people and go ahh visa and then just walk away

hey [Applause] there was also one gentleman that was really really drunk two and walked up to me was like hey man I've seen like a couple of those like what is that and I was like cuz im an ass mmm I'm not a nice guy I said well it's a small penis penis detector and it's going off so you've probably seen several so his entire group of friends all of a sudden it was long but know that the credit card thing was the best but so this is this is what that setup looks like like at a hacker conference you're holding this weird contraption that you know not everybody does wireless you've got your red team

ur guys or hard core of this you've got database guys that are into that not everybody knows what this weird gizmo is what this antenna is so you have to be prepared when you walk up to somebody and say I just got your visa information you might take one to the chin so don't be I'm prepared for that I was also thoroughly beverage so it was it was not going to be a problem so

thank you thank you to everybody its contributed thanks to the Wi-Fi village it's been freaking fun I'm not retiring or anything you've not banned me yet but uh thank you beat me sides and thank you to everyone else is there any questions no actually I probably could I had to I had to take a bunch out so is there any questions do what maybe

uh there wasn't really like a hope yeah so I mean the batteries generally just for like your device is like you're like I've got the Community Edition pwned pomp add fruit there okay so with an OTG cable because you're rooted you can actually hook your SDR up to the pone pad and there's a 99 cent app on the App Store that is amazing at doing SDR waterfall so you just punch in the Freak and you can go straight to it and if you gather for the phone you can do the same thing i do not have RF analyzer

yeah I did not I was not trying to recreate their in brief because it's it is it is great but I mean these are just small things that I've learned along the way

anybody else bueller bueller all right then I'm done what now bring it okay

no so depending on where you live there's a lot of great resources like I'm from Maryland and we're kind of a Baltimore hackerspace unallocated and we're actually going to do an SDR class right now and we just did three weeks of training and we're having our own little wireless CTF with just SDR on Tuesday there's their website is the WCT us is just littered with links and everything that you need to find out and if you go downstairs new if you're new person I will help you all right anybody else Bueller let's go right by bwi what like there's a prison right here prison right here then there's us just no no I'm kidding is it on which website

absolutely yes I'm not like an allocated space out of work almost watch it all right final call yes sir yes I do this again uh

the website is grave before shave grave before shave again well so you listen to insane clown posse and they've got a really great write-up on that they get out of white paper out and bring it on what else what you got

how BIG's my god well it depends depends on whether I ate recently or not I love you too i will see you afterwards so if that's it i'm done i'll let y'all cut loosen cuz it's lunch time and I'm from hungry