Friday, August 29, 2014

Need a free DerbyCon ticket?

Looking for a DerbyCon ticket but don’t have one?  We have one you can use.  It’s time for the first annual "RATs for hats" contest.

Dirty RAT

We wanted a way to celebrate the DerbyCon “Family Rootz” theme by giving away a ticket to a true, no joke Infosec practitioner (you know, a member of the family) while encouraging some friendly competition.  We decided on a programming competition with a task that can be done by just about anyone.  We’re looking for a RAT written in a pure scripting language.  We were originally going to require Python, but then a Perl zealot (is there any other kind of Perl programmer?) we were talking to cried foul.  We even remembered that there are some people who like PowerShell and Ruby too.  We've heard that there are people who like VBScript, but we don't believe it.  If you see one of these mythical creatures, please let us know.

Questions:

What is a RAT?
A remote admin tool.  These tools are used by legitimate administrators and hackers alike to control systems without having to sit at the keyboard.

What should the RAT do?
We don’t care – go hog wild (or better yet, RAT wild). It just has to support remote commands of some type that support systems administration.

What platform should the RAT run on?
Again, we don’t care, just so long as it runs. Solaris, Linux, Windows – we’re not picky.  But you have to tell us where it should run so we can judge your entry.

How will my submission be scored?
Scoring? Are you serious? We know good code when we see it.  Extra points will be given for creative submissions, particularly those that are DerbyCon themed. Of course, functionality rules.  Do you need to provide usage instructions?  Not strictly, but we're quite sure that if you document how it is supposed to work, we won't miss any awesome functionality it's supposed to have.

So the challenge is this:

Submit your most creative, scripted RAT to derbyrat@renditioninfosec.com by midnight ET, Saturday, September 6, 2014.  Submissions must be in password protected zip files (so the AV doesn’t block the email).  Obviously you will need to send the zip password in the email – we also need your contact information so we can award you the ticket.  We'll announce the winner on Monday, September 8th, 2014.

Standard Rules:


By submitting an entry, you give Rendition Infosec permission to use your code, name, likeness, etc. to promote your entry, the contest, etc.  Rendition Infosec has non-exclusive use of the submitted code for any purpose it sees fit, including the promotion of this contest.  We'll judge the contest and our decisions are final.  We are not lawyers and don’t want to deal with any legal crap.  You can’t win if you don’t play.