OffSec Village 23
Facilitated by Volkis
Welcome to the Offensive Security village! Here, we live and breathe for the hacks, the shells, the exploits, learning, teaching, the rush of beating a challenge, and of course, supporting our fellow outcasts.
What can I expect from the village?
Anything and everything offensive security related, including penetration testing, physical intrusion and bypasses, red teaming, CTFs, and hacker culture.
We will be running 3 hands-on workshops each day, showcasing physical security bypass techniques, running a CTF, and blasting some music to tune out to.
We'll also have some stickers and T-shirts up for grabs; get them quick as they will run out!
If you want to learn some practical skills, or talk to real hackers about their work and the industry, definitely check us out!
How is it different to the main track of talks?
Our workshops are all hands-on, meaning you will be performing the attack techniques you learn as part of the workshop in a lab environment. The goal is that you walk away with something you can use at work or in life.
Do I need to preregister or bring anything?
No preregistration is required, but space is limited so it'll be first come, first served. Don't stress though; we'll be running each workshop once per day.Check out the activity descriptions below for what to bring.
Village Schedule
HCKSYD23 Fix the Flag Challenge
10 AM 23 Nov (Start) - 4 PM 24 Nov (Finish)
Kubernetes hacking 101
11 AM - 1 PM 23 NOV and 24 NOV
Finn Foulds-Cook (f3rn0s)
"Get ready to immerse yourself in the fascinating world of Kubernetes cluster security. In this highly interactive workshop, you'll embark on a journey to test and enhance your skills by attacking a Kubernetes cluster."
Who Should Attend:
This workshop is designed for security enthusiasts, penetration testers, and anyone looking to sharpen their Kubernetes security skills. While previous Kubernetes experience is not required, a basic understanding of containerization and Linux will be beneficial."
What to bring:
Laptop with Linux as native or in a VM.
Required Knowledge:
Basic linux skills. Basic container knowledge
__________
Physical Bypass and RFID Hacking
2 PM - 4 PM 23 NOV and 24 NOV
Adam Jon Foster (evildaemond)
"Physical security comes in many forms, from the doors you enter, to the cards you swipe, this workshop aims to show off some of the aspects of physical security, including bypass attacks against common systems, and RFID Security including a Building access control system. Test out some techniques in a safe and setup environment, and look at some common physical weaknesses within organisations.
Come for the workshop, or just drop by any time and test your skills against real, miniature doors."
What to bring:
Everything will be provided. But if you want to practice with your own tools, bring those. A Proxmark will be handle but not needed.
Required Knowledge:
None - everyone is welcome to attend.
__________
Step Up 2 The Cloud - Getting from Domain Admin to Global Admin
4 PM - 6 PM 23 NOV and 24 NOV
Alexei Doudkine (skorov)
"You're on a pentest and you've just gotten Domain Admin: Congrats! But you soon learn that all the organisation's important data (like email and documents) is in Microsoft 365. How do we elevate our privileges to **the cloud**?
In this workshop we'll go over 5 different techniques for how to gain the coveted Global Admin privilege during a pentest involving Hybrid AD. You'll also try these techniques yourself in a lab setting to solidify your knowledge."
What to bring:
Your shiniest hacking laptop with the following tools preinstalled:
- ROADRecon & ROADtx: https://github.com/dirkjanm/ROADtools
- evil-winrm: https://github.com/Hackplayers/evil-winrm
- Any RDP client
Required Knowledge:
Basic knowledge of AD and AzureAD. Competent in both Powershell and bash-like command line. Some, but not a lot of hacking experience.
HCKSYD 23 Fix the Flag
This year's Fix The Flag competition is being run by Sustaining Partners, SecDim.
Challenge yourself in an Attack & Defence CTF - 23 November to 24 November.
What
This is an online event with HCKSYD as part of the OffSec Village for anyone interested to challenge themselves in AppSec.
We have a novel Attack & Defence CTF game, where you secure your app whilst trying to hack others in a King of the Hill styled contest.
We also have other challenges based on real world incidents. Fix security vulnerabilities and get a score for passing the challenge.
There is a participation badge as well as an exclusive Winners badge along with swag prizes.
Why
We want to encourage more developers to write secure apps to help protect our ecosystem, so we see less disastrous breaches impacting millions of users.
We want penetration testers to take their skills to the next level by finding security vulnerabilities in code.
How
Bring your laptop and a back up internet connection (ideally there shouldn't be any problems).
Show up on the first day for the Attack and Defence CTF briefing session, after that you can play the game at your own discretion.
When
The game starts on 23 November 2023 and ends on 24 November 2023 4pm and winners will be announced afterwards.
The game will be available online for the whole duration specified.