Personal.X-Istence.com

Bert JW Regeer (畢傑龍)

Toorcon

So Friday at around 1600 hours, someone in the Hardware lab up in room 422 at UAT goes "We are all going down to San Diego for Toorcon, want to join?". I am down for almost anything. We get together a total of 11 people at 22:00 at night, get in 3 cars, and start the 5 hour drive down to San Diego. We drop by the local Fry's Foods and buy food (11 people walking in at once is scary looking, especially all geeks :P). Once we are stocked up, we get on the road. Armed with nothing more than a few laptops, some clothes, deodorant, soap and tons of tech gear and a map-quest printout of directions, we are off.

We get to San Diego at around 0400 hours in the morning, and we look around for a Hotel. We head over to a local Days Inn, and WifiWarrior1 the oldest of the group, our schools student government vice-president lets us get the rooms at a discounted rate for $1092 per night, 2 hotel rooms, for $260 total. THAT WAS DIRT CHEAP. So we get some sleep, and head over to the convention center. We pay admission $120, and get these cool Lan Yard's with Pac Man's attached to them as our passes to the convention. We sit in on the Saturday morning talks and then head over to the CTF 3 and sign up for 11 college students to compete under the team name UAT. We set up, and start trying to hack the servers, not knowing what we are doing we just basically DDoS the shit out of the servers, and the other teams are starting to get pissed about the fact that they are not able to get any real work done since we are slowing the network down too much. Tough shit. We never get into a single computer, but we do end up knowing what services the machines are running so we can decide a plan of attack the next day.

That night we go out to dinner for Thai food (real good food as well, Lotus Thai in San Diego on 9th and Market), and we get to spend the evening with Captain Crunch (Wikipedia him). He is one of the coolest guys ever. He has some awesome plans to stop much of the spam email many of us are trying to deal with lately. The amount of fun 11 people can have is awesome. 11 people that share the same interests and or passions just got together and had tons of fun.

During the con, I met several key security people, that keep our networks safe. People like Dan Kaminsky. That guy got up on stage hung-over/drunk and gave his entire presentation, and it seemed to make sense, some parts were just way over my head, but it left me with some great ideas for future projects and or research I would like to do. Captain Crunch was awesome in his own way. His ideas and thoughts were great, but sometimes he just seemed to be unable to tell people just exactly what he was thinking.

The second day we got back, and we finally got into one of the servers through a Samba exploit, getting us our first 30 points on the leader-board! Then I out of my sheer "Let's secure this now" mindset removed all the services that could be exploited, and hard rebooted the box. Thing is, we had re-set the root password to "sorry" to thwart the other people, and thus the people running this CTF could not get in, to fix whatever services I had closed, since after all, others should have a fair chance of getting in as well. In the end we had 60 points. Which was two servers hacked, and rooted! We, as in almost all 11 of us, learned more in just two days than what we could learn from some of the classes at UAT. The creators of the contest talked with us afterwards giving us tips of what we should strengthen up on, and what we should look into, that way when we come back next year, or DefCon we can show up strong.

The car ride back was about as eventful as the event there. In our car we had great talks about American politics, and other software/hardware. What we learned, what we needed to learn, and other really useful information. This was one of the best weekends I have had so far here at UAT, and I can't really say I have had a bad weekend here. Just the entire attitude that 11 people could get together last minute, with about 10 minutes of preparation and jump into 3 cars, drive all the way down to San Diego (California), and everything was perfect, was just really cool. The entire rush of "Let's go to San Diego!".

I bought two books, and a T-Shirt. Total money I spent: $320. Time to earn that money back! People still owe me some money, so I am getting some of that money back, but it is gone from my bank account, so it really does not exist in my books anymore!

To learn more about Toorcon, visit their website http://toorcon.org/. To learn more about UAT visit the website http://uat.edu/

  1. This name was given to him by lostboy when he pulled out a 3 - 5 ft 18 Dbi gain Marina antenna and his 15 Dbi Directional wifi antenna and held them up like he was a knight, with a shield and a sword! 

  2. Normal price: $129 per night, plus $20 per person extra. Social engineering for the win! 

  3. Capture the flag. Computers are set up with operating systems running known services that can be exploited, the point of the game is to steal as many of these systems that are running, and capture those that others have taken. The OS's can range from Linux to FreeBSD, to Solaris, to Mac OS X, to Solaris. This game is normally only entered into when one has the skill-set, but at smaller cons like this one, even with no skill-set, one may jump in and just attempt it, and learn from the experience.