40byte CTF

This year's BSides Charm Capture the Flag is brought to you by @40ByteCTF! Originally from cold snowy Minnesota, we've run several BSides-style CTFs around the country from Minneapolis to Dallas, and a few international ones as well. Building capture the flag events for BSides is always a little challenging, after a few years and many attempts to find the right mix of difficulty and fun, we think we've got it down! You'll find the standard challenges range from reverse engineering to exploitation with a little cryptography, and some very unique challenges from each member's favorite computing area. Whether you're new to InfoSec, a seasoned veteran, or hardcore CTF player, we've got a challenge or two just for you.

While we want to make you work a little bit, we do make all 100-300 point challenges beginner-friendly, but they do get more difficult as points increase. Seasoned players will find 300-500 point challenges, there is definite overlap, a little more to their liking with modern defenses and real-world trickery. If you're stumped, frustrated, or just want to ask a question, we've been there too and are happy to help! The scoreboard and challenges will be available online, so you can be sure to play capture the flag and see awesome talks or participate in other ways too!

As always, everyone is welcome to hang out with us, play all weekend, and learn tons of cool new tricks!

Wireless CTF

The BSidesCharm Wireless Capture the Flag (WCTF) is a trip through the useable RF spectrum. Challenges will involve all of the physics and RF theory that we have all come to love so much. You will be using tools like the RTL-SDR, HackRF, BladeRF, your cell phone, and various 802.11 radios.  Although not all are necessary to compete, they will help. The WCTF can be completed with experience ranging from a little knowledge to a pen-tester’s capability, and $40 to $4000 worth of equipment. Regardless of what you bring, the key is to read the clues and determine the goal of each step. We teach along the way, so if you are a N00b, we will help you learn strategies to get you to competition level. This year we maintain certain aspects of past WCTFs but are also introducing new challenges. For example, as in past WCTFs, you will need to sit for a while and hack at crypto and break into networks. But, unlike past WCTFs, you need to break out your war-walking shoes because you will be tracking and finding hidden nodes and possibly even remote sites -- and not all of them will be WiFi. We will also be holding the very popular, RF Signal Drinking Game. There will be clues everywhere, and we will provide periodic updates so make sure you pay attention to what’s happening at the WCTF Control Center, on Twitter, the interwebz, etc.

Flags: Flags will range from transmissions in the spectrum to pass-phrases used to gain access to wireless access points. Once you capture the flag, submit it right away because some flags are worth more points the sooner they are submitted (e.g., timed challenges) and others will be awarded negative points (e.g., false flags). Offense and defense are fully in play by the participants, the WCTF organizers, and the Con itself.

Links:  Check out our websites for tools, what you need, and what to do.  Enjoy your journey.

Lockpick Village

The mission of The Open Organisation of Lockpickers (TOOOL) is to advance the general public knowledge about locks and lockpicking.  By examining locks, safes and other such hardware and by publicly discussing our findings, we hope to strip away the mystery with which so many of these products are imbued.

The more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present.  This makes them well-equipped to participate in sportpicking endeavors and also helps them simply be better consumers in the marketplace, making decisions based upon sound fact and research.

Visit TOOOL and learn how to pick a lock or work on refining your current skills!

IoT Village

Organized by security consulting and research firm Independent Security Evaluators (ISE), The IoT Village™ delivers thought leadership advocating for security advancements in Internet of Things (IoT) devices. The village consists of workshops on hacking numerous off-the-shelf devices (e.g. medical devices, home appliances, routers, and storage devices), live educational talks and a variety of contests. The IoT Village's™ contests are brought to you by SOHOpelessly Broken™, the first-ever router hacking contest at DEF CON, which delivered 15 new 0-day vulnerabilities to the research community.

Hands-On Lab

New this year will be a series of hands-on labs provided by experts in the field. These labs will demonstrate effective methods for network defense by actually letting you perform the actions. More information to come.