Attack Derby V1!
Welcome to the Hack My Derby project! I'm not sure how you got here, but you're here. If we're lucky, you're here because you spotted the derby at DerbyCon, OR you saw one of our tweets. By the way, you can find us on Twitter at @HackTheDerby.
If you're not at DerbyCon, sorry, the best you can expect from this page is some information about my little project. So what is this page? It's the scoreboard, and about page for a eccentric device I've built. What is it? Glad you asked!
I'm a DerbyCon veteran. I've attended all but one of these fine events since the beginning in 2011. A few years back, the Hack Your Derby contest showed up as one of the events at the Con. We were intrigued, and in 2014 we got interested to the point where we paid attention. In 2015 we came to DerbyCon 5.0 armed with two "Hack My Derby"'s. See, when we heard about the contest, we'd imagined derby's that could be 'hacked'. What the contest really meant was, hack your derby into something a derby usually isn't. Which is equally cool, but we thought it'd be fun to see if we could put a computer in a derby, and let other con-goers Hack OUR Derby's. It was a blast, and we had some fun with it. We got to meet a lot of folks and even got inducted into the church of WiFi. Not bad!
For 5.0 we took a standard derby, and turned it into a tiny datacenter, by taking a Raspberry Pi A, running raspbian, and puting a bunch of services on it. Then we hooked the whole thing up to a WiFi adapter. That system ran an Access Point, that you could connect your laptop to, and THEN there were a number of services running on the Pi. We hid a few flags within the services that the derby hosted. These flags granted codes (codes look like: d48hr55-87hj4sfh), and those codes, when entered into the Scoreboard gave you points. What do the points get you? Well.. Nothing really, just your name on the scoreboard. But it's fun!
The big disappointment was that the Hack Your Derby contest wasnt held in 2015, so while we still had a blast with the project, it didn't get the exposure we'd hoped for. This year the contest is back, but the Hack My Derby crew is down to 1. @sunkthought has taken a new job and wont be attending this year. So I (@gangrif) will be attending with one derby. This year's derby follows the same concept as last year, but I've made some really awesome improvements. I will be entering this years Hack My Derby v2.0 into the Hack Your Derby contest, wish me luck!
I'd like to mention, that my employer, Lafayette College, has been very supportive of this craziness. The CIO (who has a network engineering background) even helped me work through some connectivity theory. Lafayette not only paid for all of the components, but also gave me a reasonable amount of time to work on this thing on their time. There's obviously a limit there, but the bulk of the research, and even design time was done in my office in bits and pieces here and there. It was fun to watch my co-workers sniffing around wondering what the heck that smell (solder) was. The things I've learned from this project, oddly enough, actually apply to my work, and because of that, it's benefited us all. So, Thanks Lafayette, you've been great!
This year things are different. In 2015 and 2016 this project was a CTF in a hat. This year, it's what I've always imagined it to be. Attack Derbys! Check out the attack page for more information. I'm hoping to get enough interest in this contest that next year, we submit it as an actual contest at DerbyCon. Which will mean more formality, and actual prizes! As with previous years, we're just doing this for fun, and its not an official DerbyCon Event. So, have fun, and ENJOY THE MOST AWESOME CONFERENCE ON THE PLANET, DERBYCON!
A full write-up of Derby v1.0 can be found on my blog, Undrblog. At DerbyCon 5.0 we presented a stable talk on the project, if you missed it, here it is.
And a follow-up performance at BSides, Delaware
Well, I'm back from DerbyCon 6.0, what a great time. I'm happy to report that Hack My Derby took FIRST PLACE in the home-built category in the Hack Your Derby competition. We also built an on-site derby (which.. ahem.. also took first place) out of a Hak5 WiFi pineapple. Which got us interviewed by Darrin from Hak5! Awesome! That video is below.