Skip to main content
How Can We Help?
IT Services
Back
IT Consulting
Back
IT Strategy
Assessments
Audit Readiness
IT Governance & Security
Professional Services
Back
Project Implementation
IT Staff Augmentation
Development
Managed IT Services
Back
OnDemand Access
OnDemand Assurance
Technology Solutions
Back
Collaboration
Back
Unified Communications
Contact Center
Conferencing
Networking
Back
Enterprise Networking
Mobility & WiFi
IoT Network
Software Defined Networking
Data Center
Back
Data Center Networking
Compute
Converged Hyperconverged
Data Storage
Data Protection
Cloud Solutions
Cybersecurity
Back
Network Access Control
Endpoint Protection
Cloud Security
Identity Management
Threat Intelligence
Industries
Back
Healthcare
State & Local Government
Education
Manufacturing
Service Provider
Retail
Financial Services
Learning Center
Back
Blogs
Videos
eBooks
Tools
Pricing
About
Back
Our Company
Our Process
Why IE
Customer Experience
Corporate Social Responsibility
Partners
Events
Careers
Contact
MyIE Login
OnDemand Login
How Can We Help?

«  View All Posts

OktoberTekfest: Hack for Beer 2.0 Blog Feature

By: IE Security Team on September 29th, 2017

Print/Save as PDF

OktoberTekfest: Hack for Beer 2.0

Company News | OktoberTekfest | Cybersecurity | Mobility & WiFi

We received quite a few interesting looks at last year’s OctoberTekfest, when we unveiled the KegBot and Hack for Beer challenge. A couple of hours into the challenge, we developed a crowd of folks gathered around the booth. Some people came to watch and cheer on their friends, while others took notes with hopes of decreasing the amount of time it took to “Pwn Beer.” The most interesting thing that happened, at least from my perspective, was that all of the folks that came to the booth experienced all of the excitement and frustration associated with executing a hack to a networked system. Many folks took note that some of the methods used to hack the KegBot, leveraged vulnerabilities and configuration issues that could have been easily mitigated. Several conversations started that examined the ideas of: What if the firewall placement changed? or What if the admin’s workstation had been patched, or not left on or unlocked? This is the true value in the whole demonstration. The process forces us to think about the issues that allowed the hack to happen in the first place. The beauty of the demonstration is that it was conducted in a controlled environment, no real data was ever at risk, and we all learned a lot.

It seems almost silly to run hack scenarios against a smart kegerator, until you start to think about the simple fact that this could have been a SCADA device at a water treatment plant, an ATM machine, or all of the IV pumps at a hospital. The only real difference is real world security controls and beer. The control units, solenoid valves, monitoring meters, and interfaces are the same. We like to think of our Hack for Beer challenge as a fun teaching tool that employees Red Team vs. Blue Team and Tabletop methodology.

What's New for 2017?

So, we’re bringing back our KegBot this year, with a few surprises. We’ve increased the attack surface, increased the vulnerabilities, and even increased the security controls. We’ve built a “Beginners Guide to Hacking” to help challengers Pwn Beer and thrown in some exploits for you folks who want to try your own way.  We also decided to bring the Red Team vs Blue Team methodology to Tekfest in a “mini cyber range” environment with some known and not so known exploits and vulnerabilities. Here are some talking points around the exploits, you’re likely to see:  

  • “These aren’t the Droids you’re looking for.” – Star Wars

KegBot/Droid: These could be devices or machines, in environments such as nuclear power plants, on the energy grid, or water treatment plants that aren’t on the security radar, but we know have access and are potentially vulnerable.

  • “I know you’re out there.” – Matrix

Windows XP: Every company or IT manager will tell you that there are no Window XP devices on their network, but it always seems to be the case that once a scan is run, there are some (way more than expected).

  • “Do you feel lucky, punk?” -Dirty Harry

Dirty WiFi: A very common question that IT Security professionals get asked is, “Is it safe to use WiFi at the airport?” My response is this: If you find a used toothbrush at the airport, it may be safe to use, but may not the best hygiene practice. Do you still want to use it?

  • “Da-da-da danger, watch behind you, there’s a stranger out to find you.” – Duck Tail theme song

USB Exploits: This is something that many people don’t think of. They will plug their devices into “Free Charging Stations” and plug USB devices into their personal laptops without knowing the common exploits that are out there. We want to shed some light into these little-known tricks.

  • Run DNS is “Raising sHell”

DNS Man in the Middle : A large percentage of malware is running over and utilizing Domain Name Services (DNS) for outbound access to the handler or the “mothership.” Ransomware and other malware can be shut down as it tries to phone home and shedding light to common Shell.

  • Monty Python Script and the Holy Shell

Python Exploits: Python has increasingly gained popularity and is used in many of the networking architectures our data runs on and the systems that store our data. If a script can be created, ran, updated, or deleted then that shell access can be obtained on that system, in this case, the KegBot.

Of course we also have some very cool prizes for our successful hackers, but our KegBot is just one interesting piece of our Security Practice area at OctoberTekfest. Come by and meet our security team, along with some great folks from some of our partners. Jason Smith will also be hosting a breakout session, “The Anatomy of an Attack” where you’ll learn about the hackers perspective and how to best defend your environment. You can register and get all the details about this year’s Tekfest event here.