Battle of the Bots
Battle of The Bots (BOTBs) is a reverse engineering and capability development competition where the competitor is tasked to reverse engineer custom services to identify and exploit vulnerabilities in said services. Once access is gained to the vulnerable systems, the competitor will plant their team’s flag to score points. A twist on this king-of-the-hill style competition is that services will be rotating throughout the competition. Giving your bot the ability to “worm” through multiple services is critical for its survival!
The vulnerable services competitors are tasked to exploit will be a mix of real off-the-shelf vulnerable services (ex: Log4Shell) or custom-built services to represent widely exploited vulnerabilities within commercial software. This “CVE informed development” ensures that competitors are being tasked with realistic vulnerabilities and not fictitious “what-if” scenarios making your time investment at this competition beneficial to both blue teamers and red teamers alike.
New to reverse engineering and capability development? Vulnerable services are written in a mix of interpreted and compiled languages allowing competitors of all skill levels to engage with the competition! More on the blue team side? The BOTBs Staff will be capturing network traffic on the target environment to make available publicly after the competition
Black Cybersecurity Association Village
The Black Cybersecurity Association is dedicated to increasing diversity and representation within the cybersecurity industry. Our village will provide a platform for networking and learning opportunities for individuals from underrepresented communities in cybersecurity. Join us for engaging discussions, hands-on workshops, and the chance to connect with industry leaders and peers.
The mission of The Open Organisation of Lockpickers (TOOOL) is to advance the general public knowledge about locks and lockpicking. By examining locks, safes and other such hardware and by publicly discussing our findings, we hope to strip away the mystery with which so many of these products are imbued.
The more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sportpicking endeavors and also helps them simply be better consumers in the marketplace, making decisions based upon sound fact and research.
Visit TOOOL and learn how to pick a lock or work on refining your current skills!
Machine Learning & Data Science Village
The Data Science Village will consist of a CTFd server providing a structured way for village participants to work through a series of challenges leveraging Data Science for Defensive Cyber use cases. Data, notebooks, and/or Jupyter Notebook infrastructure will be provided (equivalent of like a SIEM) to allow participants to do real-world, data science-based “hunting.” Participants will gain a familiarity in: 1) common Data Science infrastructure stacks, 2) the Python ecosystem for Data Science, and 3) ways to view Cyber Data through a Data Science lens.
We will work to have 2-3+ SMEs (bare minimum in Python) to help troubleshoot, educate, and answer questions. Participants will need their own laptops. Basic Python familiarity, Pandas familiarity, and Defensive Data Familiarity will be helpful, but there will at least be a few basic challenges for all.
Mental Health Hackers Village
The Mental Health Hacker’s (MHH) mission is to educate tech professionals about the unique mental health risks faced by those in our field – and often by the people who we share our lives with – and provide guidance on reducing their effects and better manage the triggering causes. This will be done through numerous talks and speakers conducted within the village during the conference. There will also be fun activities, crafts, coloring, and more to help you reduce stress and take a mental break from the conference activities and attendees.
MHH also aims at providing support services to those who may be susceptible to related mental health issues such as anxiety, depression, social isolation, eating disorders, etc.
Please understand that MHH does not provide counseling or therapy services.
Their website can be found at https://www.mentalhealthhackers.org/
Mobile Hacking Village
We are a group with the goal of teaching, with a security focus, about mobile devices. We cover a range of topics on Android/iOS internals, providing demos for interesting topics, and demonstrating best security practices, to hands-on learning for basic to intermediate topics.
Radio Frequency Capture the Flag
Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?
RF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at BSidesCharm 2023. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question – ASK! We may or may not answer, at our discretion.
FOR THE NEW FOLKS
Our virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.
Read the presentations at: https://rfhackers.com/resources
For BSidesCharm 2023 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.
To score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice,
and we might also play nice.
Getting started guide: https://github.com/rfhs/rfhs-wiki/wiki
Helpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files
Support tickets may be opened at https://github.com/rfhs/rfctf-support/issues
Our whole game is also open source and available at: https://github.com/rfhs/rfctf-container
Twitter: @rf_ctf and @rfhackers
Website: http://rfhackers.com – play with us
Official Support Ticketing System: https://github.com/rfhs/rfctf-support/issues