It might have been the pumping music and flashing lights that made ECS director of analysis and malware analyst James Dieteman think it would be fun to attend DEF CON, the popular security and hacking convention held in Las Vegas each year. But it has been more than just fun. James not only brings home awards; he brings back insights crucial to cybersecurity efforts that protect the nation’s most critical organizations and infrastructures.
DEF CON has been held annually since June 1993. The convention attracts security professionals and hackers from around the world. Contest teams are made up of cybersecurity analysts, researchers, students, government employees, and those just interested in hacking.
Some of the most competitive hackers in the world team up at DEF CON to play against each other, competing to solve complex puzzles and problems over the span of three days. Each year,
DEF CON says of the fabled Black Badge award:
The DEF CON Black Badge is a powerful talisman, awarded only to those who have emerged unbeaten from the crucible of elite DEF CON competition. Which competitions? The answer varies from year to year. This is in the nature of the talisman. Those chosen by the Badge enter DEF CON free of charge for the duration of their natural life.
DEF CON as Competition
Team pTFS (named after an “inside joke”) is made up primarily of Apple employees—and James. For the past five years, James and his team have been meeting at DEF CON. For the past four, they’ve placed first in their competitive group, Warl0ck, run by Mr. and Lady Warl0ck creators of Warl0ck Gam3z. This year, James and his team won again, receiving the coveted black badge.
Describing the competition as intense would be an understatement. For 72 hours, James and about nine other hackers on pTFS worked on challenges that popped up on the competition site at different times, from first thing in the morning to the middle of the night. “I don’t get much sleep at DEF CON,” James said. The team sleeps in shifts. They even developed an alarm to alert them when new challenges go live.
“It was down to the wire, and many times we were neck in neck,” James said. But the team prevailed, even over their closest competitors, team Ambush. “We see Ambush each year,” said James. “They always come close, but our team manages to take the prize.”
At the end of this year’s contest, James solved a puzzle worth 100 points. James examined the puzzle, presented as a PDF. When he looked more closely, he noticed that it had a “weird looking” code at the end of the file. “It didn’t keep the file from opening normally,” he said. “But it was just…sitting there. So, we stripped the code off and ran analysis on it. We cracked the code using contextual hints and several tools we had made for past competitions. I extracted an encoded string,” he said. “That’s how we won the Black Badge.”
James joked that he thinks their competitive group, the Warl0cks, have gotten sick of pTFS. “A few times, we’ve discovered bugs in the system,” he said. And this year, the team was asked if they wanted to work on the questions for the next DEF CON.
Beyond the Badge
James has always liked hacking. “DEF CON just looked fun,” he said. “That’s initially why I checked it out.”
But this is serious business. James appreciates the time he spends at DEF CON because he is exposed to vulnerabilities he encounters on the job. Since he has seen the vulnerabilities at DEF CON, he remembers how to prevent associated breaches. For example, one of the puzzles included braille encoding, which James had not seen before. It required the team to translate Braille into words. Now, he’ll be on the lookout for similar tactics.
The challenges also include cybersecurity risks like live malware and alternate data streams encoded in files in unusual ways that can pose threats in real life systems. “An alternate data stream is when data is hidden on Windows images on the filesystem in certain difficult-to-access areas; specifically, it’s taking advantage of a largely forgotten compatibility mode for communication with older Mac systems pre-OSX,” James explained.
Another test involved recognizing a precise kind of encoding, not one commonly used among computer challenges and people, explained James. “Once again, we were able to effectively ‘brute force’ this section with tools we had built, specifically one that will try around a hundred different encoding types and output the results for manual inspection,” said James.
James brings all these different types of puzzles and strategies to solving them back to the ECS cybersecurity team . “It’s a great learning and training tool,” he said. He enjoys watching the cyber team work on the new challenges and add to their skill set.
“DEF CON has challenges for all levels,” said James. “I would encourage anyone interested in cybersecurity to give it a try. It’s a great place to start and a great way to get you thinking critically.”
Are you looking for a challenging career in cybersecurity? Learn more about opportunities at ECS. #MeetTheChallenge #MakeADifference