We received quite a few interesting looks at last year’s OctoberTekfest, when we unveiled the KegBot and Hack for Beer challenge. A couple of hours into the challenge, we developed a crowd of folks gathered around the booth. Some people came to watch and cheer on their friends, while others took notes with hopes of decreasing the amount of time it took to “Pwn Beer.” The most interesting thing that happened, at least from my perspective, was that all of the folks that came to the booth experienced all of the excitement and frustration associated with executing a hack to a networked system. Many folks took note that some of the methods used to hack the KegBot, leveraged vulnerabilities and configuration issues that could have been easily mitigated. Several conversations started that examined the ideas of: What if the firewall placement changed? or What if the admin’s workstation had been patched, or not left on or unlocked? This is the true value in the whole demonstration. The process forces us to think about the issues that allowed the hack to happen in the first place. The beauty of the demonstration is that it was conducted in a controlled environment, no real data was ever at risk, and we all learned a lot.
It seems almost silly to run hack scenarios against a smart kegerator, until you start to think about the simple fact that this could have been a SCADA device at a water treatment plant, an ATM machine, or all of the IV pumps at a hospital. The only real difference is real world security controls and beer. The control units, solenoid valves, monitoring meters, and interfaces are the same. We like to think of our Hack for Beer challenge as a fun teaching tool that employees Red Team vs. Blue Team and Tabletop methodology.
What's New for 2017?
So, we’re bringing back our KegBot this year, with a few surprises. We’ve increased the attack surface, increased the vulnerabilities, and even increased the security controls. We’ve built a “Beginners Guide to Hacking” to help challengers Pwn Beer and thrown in some exploits for you folks who want to try your own way. We also decided to bring the Red Team vs Blue Team methodology to Tekfest in a “mini cyber range” environment with some known and not so known exploits and vulnerabilities. Here are some talking points around the exploits, you’re likely to see:
- “These aren’t the Droids you’re looking for.” – Star Wars
KegBot/Droid: These could be devices or machines, in environments such as nuclear power plants, on the energy grid, or water treatment plants that aren’t on the security radar, but we know have access and are potentially vulnerable.
- “I know you’re out there.” – Matrix
Windows XP: Every company or IT manager will tell you that there are no Window XP devices on their network, but it always seems to be the case that once a scan is run, there are some (way more than expected).
- “Do you feel lucky, punk?” -Dirty Harry
Dirty WiFi: A very common question that IT Security professionals get asked is, “Is it safe to use WiFi at the airport?” My response is this: If you find a used toothbrush at the airport, it may be safe to use, but may not the best hygiene practice. Do you still want to use it?
- “Da-da-da danger, watch behind you, there’s a stranger out to find you.” – Duck Tail theme song
USB Exploits: This is something that many people don’t think of. They will plug their devices into “Free Charging Stations” and plug USB devices into their personal laptops without knowing the common exploits that are out there. We want to shed some light into these little-known tricks.
- Run DNS is “Raising sHell”
DNS Man in the Middle : A large percentage of malware is running over and utilizing Domain Name Services (DNS) for outbound access to the handler or the “mothership.” Ransomware and other malware can be shut down as it tries to phone home and shedding light to common Shell.
- Monty Python Script and the Holy Shell
Python Exploits: Python has increasingly gained popularity and is used in many of the networking architectures our data runs on and the systems that store our data. If a script can be created, ran, updated, or deleted then that shell access can be obtained on that system, in this case, the KegBot.
Of course we also have some very cool prizes for our successful hackers, but our KegBot is just one interesting piece of our Security Practice area at OctoberTekfest. Come by and meet our security team, along with some great folks from some of our partners. Jason Smith will also be hosting a breakout session, “The Anatomy of an Attack” where you’ll learn about the hackers perspective and how to best defend your environment. You can register and get all the details about this year’s Tekfest event here.