[ mainpage :: register :: training :: conference :: hitb-labs :: the venue ]
[ capture the flag (CTF) :: wireless village :: lock picking village (LPV) :: open-hack ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]


HITBSecConf2008 - Malaysia (Day 1)

HITBSecConf2008 - Malaysia (Day 2)

Registration for HITBSecConf2009 - Dubai is also now open.

Open Hack

Filed under: Main Page — Administrator @ 11:46 am

For the second time ever in a HITBSecConf we will be organizing an Open-Hack competition with a slight twist inspired by the Pwn-to-0wn contest run by the guys at CanSecWest.

The purpose of an Open Hack is to uncover new and previously unknown software vulnerabilities in operating systems and software. This year’s Open Hack will involve 4 fully patched Macbook Air’s with a default install of Leopard with all patches applied and the firewall set to default settings. Similar to the contest in CanSecWest, the machine will be accessible via wired cross-over ethernet connections. Be the first to hack in and you walk away with a brand new machine!

To claim a laptop as your own, you will need to read the contents of a designated file on the system through exploitation of a 0day code execution vulnerability (ie: no directory traversal style bugs). Each laptop will only have a direct wired connection (exposed through a crossover cable) and only one person may attack each system at a time so that each team’s exploit remains private. Slots will be available for sign up in 30 minute increments at the beginning of each day. Any WiFi or Bluetooth exploits will be verified offsite in a secure lab to prevent snooping. The first winner of each laptop gets to keep it (one laptop per vulnerability entry).

Attack Vectors

Day 1 - 29th October 2008 - Default client-side applications
Day 2 - 30th October 2008 - Popular 3rd party apps


All remote submissions exploits can be submitted to mel@hackinthebox.org - his PGP key ID is 0x885E28F9 - please send your public key before sending your encrypted mail. All submissions should reach us no later than 1700 MYT on the 30th of October 2008!

Once a laptop is won however, no more exploits may be submitted. All winning exploits will be handed over to the affected vendors at the conference through WabiSabiLabi with the appropriate credit given to the contestant. All contestants must agree to the responsible disclosure handling of their vulnerability/exploit.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian National Computer Confederation

Multimedia Development Corporation

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)

Gold Sponsors

CTF Sponsor

CTF Prize Sponsor

Open-Hack Sponsor

Metro-e and Official Bandwidth Sponsor

Network Equipment Sponsor

Our Speakers are Supported By

Supporting Media:

Virus Bulletin

InfoSec News

InfoSec News

XAKEP (Russia)

Supporting Organizations

Professional Information Security Association - Hong Kong

Special Interest Group in Security & Information InteGrity Singapore