Summer hacking school at FOI

Jasna Benčić on 25 Jul 2018

As you may have noticed from one of our previous articles, we love FSec events! They are creative, informative and very interesting. Hacking Summer School 2018 organized by FOI in Varaždin from 16th to 22nd of July was not an exception. Not only we attended it, but we participated as well. My bosses, Marin Bek and Dejan Strbad held the lecture for Hack School students about Industrial Control Systems and I have participated in one of the security challenges organized for students that I’ll cover later in the article.

Industrial Control Systems presentation
Industrial Control Systems presentation (from left to right: Dejan Strbad, Marin Bek and FSec host Tonimir Kišasondi)

This summer event was much much bigger than regular FSec underground events. It lasted for almost an entire week! The target audience was practically anyone who loves the technology, especially if they have an interest in the IT security area. You could learn a lot, starting from basic security terminology to hacking driving drones. Folks who have visited the event were from many European countries (Slovenia, France, the UK, Latvia, Austria, Italy, Switzerland), one of the lecturers was from the USA. The entire hacking school was held in English.

As a challenge for students Kraken prepared ICS/SCADA security challenge where young programmers could try their hacking skills and fight for the prize - 1 Ethereum. Only one team was successful to capture the flag and showed good skills of offense and defense security.

ICS/SCADA challenge
Marin explaining the ICS/SCADA challenge to the participants

I however have joined the other security challenge, the Drone hacking challenge. Its main goals were: to assemble the driving drone with a camera, connect to its Raspbian system via SSH, try some defensive and offensive security with it and scan QR codes with its camera. Of course, the room where QR codes were hidden was full of obstacles which made this challenge even more fun and difficult!

Drone assembly kit
Drone assembly kit

I got a chance to work with random IT geeks from Austria. We were working with everything on the go as there was not much time for planning and preparation. Most of us were security n00bs and, in the end, we managed to get into the top 3 teams during the first round of driving our drone and scanning QR codes. We even managed to win 0.1 Ethereum! For those who are regular CTF challenge participants will know what I am talking about.

The main point of all such challenges is that even if you are a n00b in some area, the best way to learn something is just start grinding on it. You will learn as you progress. We joined the challenge just for fun and ended up with great results! Making us being proud of ourselves. :)

Happy Chubby Unicorn in action (this was our drone and also name of our team)

If you didn’t manage to attend hack.foi.hr this year, you still have an opportunity to get some sense of it. There will be recordings on Youtube and a lot of photos. Just stay tuned with our Facebook page!

Until next post, keep calm and hack on!

comments powered by Disqus