Defcon badges 20198/10/2023 ![]() There were a few drawbacks and complications with this approach that we’ll go into later on in the post. HoneyDB logs are stored on each badge and are retrieved by a few master badges that possessed the private keys for all badges, unless disabled by the user of course. The DHCP scope is then set with a base value of 10.190.239.$random to prevent clients from retrieving a lower allocation in the space, which may signify no other clients on the network and raise suspicion.Īll DNS lookups for connected clients resolve to the badge’s IP and all traffic is routed to the badge. This issue alone is enough to change to the address scheme. For example, macOS will not obtain an address from a DHCP server in a multicast range. Occasionally a MAC address would convert to a restricted or special IPv4 range, such as multicast, which can cause a number of issues. We could not rely on the badge’s MAC address for the first octet, therefore it is always a 10. The badge’s WIFI AP IP is static and derived from the last 2 values in the MAC address of wlan0. When a client connects to the badge’s WIFI AP, it is assigned an IP address with a slightly randomized DHCP scope. Almost all HoneyDB services were enabled by default, but there is functionality on the badge menu to randomize the services to make each individual badge’s services different than the others. The HoneyDB honeypots stored data directly on the badge itself for retrieval and upload to HoneyDB later. The SSH honeypot has the ability to replay any SSH sessions from attackers directly on the badge screen. The honeypot mode fired up a WIFI AP and enabled two honeypots, a high interaction SSH honeypot (cowrie) and the HoneyDB agent which provides a large number of low to medium interaction honeypots. Each badge starts up with honeypots disabled and when in honeypot mode, the screen text is red, so it is relatively easy to visually spot when honeypot mode was enabled. The badge had two modes of operation, “badgenet” mode in which each badge connected to an ad-hoc WIFI network for basic communications, and honeypot mode. Note: For the initial post providing an overview of the features and functions of the DEF CON 27 Blue Team Village Badge overview, please visit Part 1 of 2 Honeypots There were a few hidden Easter eggs thrown in during the development of the badge those are explained below and, of course, a wrap-up of the on-badge challenges. This post is going to serve as a bit of a wrap-up and post mortem. We had great conversations about what hacking actually happens at DEF CON, what kind of hacking can be expected, and we think there is enough evidence to at least partially answer that question. We received lots of great feedback, and folks were very curious about the honeypot data. DEF CON 27 has come and gone, and it was amazing to see folks get engaged with the badge, solving the challenges, having fun with the honeypots.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |