API tools faq
paste
Advertisement
Guest User

WHITE ELEPHANT 0DAY EXCHANGE 2013

a guest
Jul 10th, 2013
6,080
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.90 KB | None | 0 0
raw download clone embed print report
  1. =----------------------------------------------------------------------------=
  2. =-- LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL --=
  3. =----- -----=
  4. =------- GREETINGS! -------=
  5. =------ YOU ARE FORMALLY INVITED TO: ------=
  6. =--- - - ---=
  7. =--- _.-- ,.--. ---=
  8. =--- .' .' / ---=
  9. =--- | @ |'..--------._ ---=
  10. =--- / \._/ '. ---=
  11. =--- / .-.- \ ---=
  12. =--- ( / \ 0DAY \ ---=
  13. =--- \\ '. | # ---=
  14. =--- \\ \ -. / ---=
  15. =--- :\ | )._____.' \ ---=
  16. =--- " | / \ | \ ) ---=
  17. =--- snd | |./' :__ \.-' ---=
  18. =--- '--' ---=
  19. =--- ---=
  20. =----- 3RD (ALMOST) ANNUAL WHITE ELEPHANT 0DAY GIFT EXCHANGE -----=
  21. =------ WHEN: 6PM, FRIDAY AUGUST 2ND, 2013 ------=
  22. =------ WHERE: POOLSIDE AT DEFCON (RIO) ------=
  23. =----- -----=
  24. =-- LOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL --=
  25. =----------------------------------------------------------------------------=
  26.  
  27. ====================
  28. =- What is it? -=
  29. ====================
  30. A white elephant gift exchange ceremony for 0day.. some background:
  31.  
  32. "A white elephant is an idiom for a valuable but burdensome possession of
  33. which its owner cannot dispose and whose cost (particularly cost of upkeep)
  34. is out of the proportion to its usefulness or worth"
  35.  
  36. Read More:
  37. http://en.wikipedia.org/wiki/White_elephant_gift_exchange
  38. http://en.wikipedia.org/wiki/White_elephant
  39.  
  40. Everyone has found white-elephants while bug hunting. These are bugs that
  41. are laughable due to their insignificance or unexploitability. Now you get
  42. to swap them for other, better (shittier) 0day at an informal meet-up by
  43. the pool at DEFCON. Woooow!
  44.  
  45. For this event, a white-elephant 0day is defined as:
  46. ----------------------------------------------------
  47. A zero-day vulnerability (and accompanying exploit) with one or more of the
  48. following qualities:
  49.  
  50. - the privilege/access gained from exploitation is lower than or same as
  51. the level(s) of privilege/access required for exploitation itself.
  52.  
  53. - the deployment conditions for the vulnerability to be usable are
  54. impractical, unreasonable, or very rare in real-world scenarios
  55.  
  56. - the affected software is hilariously worthless
  57.  
  58. - the bug/exploit holds little or no value for an actual attack
  59.  
  60. --------------------------------------------------------
  61. NOTE: The bug must be real and not purely theoretical!
  62. --------------------------------------------------------
  63.  
  64. Here are some examples from previous years exchanges:
  65. --------------------------------------------------------
  66. - GPS device memory corruption, triggered by manually walking the
  67. device around in specific patterns to reach affected code path (LOL!)
  68.  
  69. - OS/2 Telnet.d local-only stack-based buffer overflow (90s gold!)
  70.  
  71. - Vulnerability with privilege-plummet (de-escalation) in local
  72. listening service
  73.  
  74. ==========================
  75. =- How Does it Work? -=
  76. ==========================
  77. All participants show up at the date and time of the event with a print
  78. out (hard-copy) of their vulnerability's description of details and the
  79. proof-of-concept code. Each printout should also have a large-font title
  80. giving a vague description of the target software, bug class, and spoils
  81. gained from successful exploitation. The title should just be enough to
  82. give an idea of how hilarious the white elephant is, DO NOT GIVE ENOUGH
  83. DETAIL TO EXPOSE THE BUG IN THE TITLE. The rest of the printout must
  84. contain enough information for triggering the bug.
  85.  
  86. At the event, each printout is placed into an envelope and sealed shut and
  87. placed in a pile on the floor or somewhere. Each participant then draws a
  88. number from a SUPER_SECURE_RANDOMIZED lottery hat. Whoever draws 1 gets to
  89. pick first from the envelope pile. The first participant opens the envelope
  90. they selected and reads the title of the white-elephant 0day to the group.
  91. For each following turn, the participant with the next highest number has
  92. two options:
  93.  
  94. #1 Steal the 0day someone else has already opened and announced
  95. === OR ===
  96. #2 Pick an unopened envelope, open and announce it
  97.  
  98. In the case that a participant chooses to steal an already opened 0day
  99. rather than pick an unopened envelope, the victim of the theft gets the
  100. same options: steal someone else's prize or pick an envelope.
  101.  
  102. No steal backs allowed. Bartering is encouraged. Have fun!
  103.  
  104. =----------------------------------------------------------------------------=
  105. =-=[ For any questions: drraid [at] gmail, or @drraid on twitter ]=-=
  106. =----------------------------------------------------------------------------=
  107. =--- LOLLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOL ---=
  108. =----------------------------------------------------------------------------=
  109.  
  110. EOM
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!