Contest Rules
- The goal of the event is to find who is able to gain the highest privileges on any of these devices. - The event will be divided into two days, on the first day, 1 hour will be given to anyone that registers to the contest. On the second day, it will be a “free for all” for anyone that wants to try his or her skills, everyone will be given “simultaneous” access.

URL
https://blogs.securiteam.com/?p=2780

Target Devices
Target Devicesa are below. You can buy these devices by Amazon
1. Ubiquiti Networks EdgeMAX EdgeRouter X ER-X
2. TP-LINK TL-WR740N
3. ヒューレット・パッカード ProCurve Switch 1700-8 J9079A#ACF
4. NUUO NVRmini 2 – Standalone DVR – 2 x 2 TB – networked
5. Cisco Systems(Small Business) SG300-10MPP-K9-JP 10-port Gigabit Max PoE+ Managed Switch
6. UPPEL 720p HD Wireless IP Cameras Remote Hidden Surveillance Wifi P2P Home security Spy Web Cam with 2-way Audio IR Day/Night Vision Motion Detection for Android IOS System
7. Ugreen HDMI 延長器 HDMI エクステンダー 120mまで延長 HDCP対応 3D 1080P支持 Cat5e/6/7 ルーター利用でマルチ画面可能 ACアダプタ付 送信受信セット
8. StarTech.com 10/100/1000 Mbps Gigabit 1 Port USB over IP Device Server (USB1000IP)
9. Home NetWerks 43802-PB WiFi Enabled Key Pad Door Lock with Lever Handle, Polished Brass Finish by Homewerks Worldwide

Prizes
- The prizes for the first day event will be, 8,000$ USD, 4,000$ USD and 2,000$ USD. The prizes for the second day event will be, 3,000$ USD, 2,000$ USD and 1,000$ USD.
- The first, second and third prizes for each day, will be given to one person (or group) for hacking any of the above devices that was not previously hacked. If a person (or group) is able to hack a device, it will be removed from the available targets list.

Judging Criteria
The decision whether someone wins first, second or third place will be based upon the following:
- Complexity of attack – what was required to achieve the access
- Innovative method – XSS, SQLi, RCE, from least to most innovative
- Attack affects on the LAN/WAN – if it affects the WAN more points would be given
- What is achieved by the attack – no access is given to the challengers, so they would need to reach from no-access to some access – therefore a guest access would be considered less valuable than root
- Writeup Quality – the best write up (in English), most detailed, best explanation, etc

Device Settings
All the devices will be factory reset – i.e. default settings, and the only non-default setting would be the password for the ‘admin’ (or equivalent) account as documented in the product’s user guide, and the WiFi password (if applicable).

Device Access
- The devices will be accessible to participants via the WAN Ethernet interface, or WiFi access.

What counts as ‘hacked’
A device would be considered ‘hacked’ if the participant can prove they:
1. Gained access to the device’s post-authentication admin web interface (remember – you will not be given any credentials)
2. Changed some configuration value, like WiFi password (note: We will not be giving any award for changing the IP address of the device)
3. Made the device do something it’s not supposed to do: like execute code, open a port/service which was previously closed (like SSH, telnet, etc)
4. Did something else that would be innovative and unexpected. Be creative! For example: get images from the Camera without actually hacking it

What we won’t count as a ‘hacked’
1. Causing a malfunction to the device, DoS, making it unresponsive, making it no longer boot, etc – we will immediately disqualify a participant if we feel this is being done intentionally
2. Physically opening of device, connecting to the device in any means other than what we allowed the participant to use (Ethernet or WiFi)
3. Usage of any known method of hacking – known methods including anything that we can use Google/Bing/etc to locate – this includes: documented default password (that cannot be changed), known vulnerabilities/security holes (found via Google, exploit-db, etc)
4. Anything we at Beyond Security would consider as being unfair – like doing Social Engineering on Beyond Security staff or personnel, hacking a device that is not the target and using that as means of gaining access to the device, etc

Eligibility
The contest is open to anyone who is at the legal age to receive a contest prize in your country, if you are not allowed to receive prizes – and please make sure to check this before participating – you may want to team up with a person that is at the legal age to receive prizes.
The contest is not allowed to anyone working for any of the above companies whose device participates in, or are involved in development of any of the above devices.

Announcing the winners
We will announce all the winners (for first and second day) at the end of the second day. We plan stop the hacking event 2-3hrs before the end of the second day – so that we can prepare. Please don’t wait until the last minute!

Registration
Only the first day of the event will require you to register, either “on site” or before via email – this will allow us to give you a dedicated time slot with the device or devices of your choice. The second day will be a “free for all” type of event, anyone can hook up their laptop to the “network”. To register for the first day event, please send an email to （ ） or register below form .

- Pre Registration form http://bit.ly/cb16h2w

Technical Details
The contest is open to all attendees at the conference. Come to the contest booth at the CODE BLUE venue.

Winners
The results will be announced at the end of the conference.

In this contest, there will be real-time output of the contestant’s logs (at the kernel level) and logs may be displayed on the big screen.
There will be live play-by-play commentary by host Sen Ueno and other commentators. Free beverage (beer included).


Prize:
As prizes, Drone with Camera (about 10,000 yen) will be presented to all participants.

[Day 1 – POWER OF FULL PURSUIT – Level: Intermediate]
First Challenge : 11:00 to 12:00
Second Challenge: 14:00 to 15:00
(Winners will be announced at 17:00)

One contestant per computer, hackers must work alone.
There will be 4 computers with a logging tool called Full Pursuit, which outputs detailed logs at the kernel level (it does NOT prevent or stop any attacks in any way). (FYI, FULL PURSUIT is used at NPA). Switches and LAN cable (Cat5e) will be provided. Contestants may freely use their own computers and other devices. The challenge is to earn many points as possible in 1 hour (you can also challenge in the next game if you want more time).

The following types of attack will be scored (same attack methods will not be counted twice):
- External communication using script processes
- Cmd execution with administrator privilege
- Writing files in the Windows folder
- Activating remote desktop services
- DEP cancellation
- Exploiting other user process memory
- Exploiting or aborting other system process memory
- Altering the Interrupt Descriptor Table (IDT)
- Rewriting the MBR

Rules:
The target PCs will have the following configurations:
- Toshiba Satellite Pro S750 Series
- Full Pursuit Contest Version, Windows7 Professional 64bit SP1, Office 2010, Chrome, Firefox, Safari, Acrobat Reader, Java VM, Microsoft Security Essentials (all latest updates)
- Contestant will be provided with a guest account only

Do’s and Don’ts
- NO restarting, or BSOD – game’s over at that point!
- Intentional physical destruction of any device will result in disqualification.
- Logical destruction of the OS (doesn’t start) will result in disqualification.

[Day 2 – ATTACK ON INTΦ – Level: HARD]
-13:00 to 16:00
(Winners will be announced at 16:30)

One contestant per computer, hacker must work alone.
There will be 4 computers with a contest version of a product called INTΦ(Zero). Switches and LAN cable (Cat5e) will be provided. Contestants may freely use their own computers and other devices. The challenge is to earn many points as possible in 3 hours.

INTΦ(Zero) is a endpoint security product that operates in the hypervisor domain. INTΦ does not use pattern matching, protects the computer according to unique rules, and prevents any process that conflicts with the fules. (http://ftron.co.jp/english/products/)

The following types of attack will be scored (same attack methods will not be counted twice):
- External communication using script processes
- Executing EXE file with administrator privilege
- Writing to the Windows folder
- Activating remote desktop services
- Changing the Registry
- DEP cancellation
- Exploiting other user process memory
- Exploiting or aborting other system process memory
- Altering the Interrupt Descriptor Table (IDT)
- Rewriting the MBR

Rules:
The target PCs will have the following configurations:
- INTΦContest Version, Windows7 Professional 64bit SP1, Office 2010, Chrome, Firefox, Safari, Acrobat Reader, Java VM (all latest updates)
- Contestant will be provided with a guest account only
Do’s and Don’ts
- Do not change the BIOS configuration.
- Intentional physical destruction of any device will result in disqualification.
- Logical destruction of the OS (doesn’t start) will result in disqualification.

How to Apply:
Please submit your application by October 5, 2016October 17, 2016. There will be a drawing for late submissions.
- Pre Registration form > http://bit.ly/cb16HaT
Contest Winners will be invited to the Networking party on the second day (starts 18:00).

Winners:
Day 1 and Day 2 winners will be announced at the end of each day.
Contest Winners will be invited to the Networking party on the second day (starts 18:00). 
There is a prize for every contestant.

Contest Rules
- Participants should pre installed python version 3.5 at laptops to use CANToolz or install another car hacking software.Also participants get USBTin and ubertooth for connecting to CAN and Bluetooth. Participant who find out most of unit control technique become winner.

Technical Details
The contest is open to all attendees at the conference. Come to the contest booth at the CODE BLUE venue.

Winners
The results will be announced at the end of the conference.

How to Participate
- Pre Registration form > http://bit.ly/cb16ch4a