DEF CON Black Badge – Coolest Prize Ever

The DEF CON Black Badge that Clayton Dorsey and myself won arrived last month, so I can finally blog about it!

DEF CON Black Badge - Note on Date/Posting

I apologize for just now posting this in 2018, but I wasn't able to publish it sooner.

First, there was an embargo on this post due to my previous employer and some questions about the badge.

Next, I wanted to get it again to take some more pictures and notes on it.

After that I (briefly) attempted to solve one of the challenges, but didn't get that far.

Finally, I ended up being busy, posting other stuff, and generally forgetful.

That said, this post is finally published, so hopefully you enjoy it!

DEF CON Black Badge - Introduction

If you did not know, we won a black badge from the SoHopelessly Broken CTF at DEF CON 24.

This contest was, and still is, sponsored by ISE.

It is a great competition, and we had a ton of fun competing in it.

By the end of the conference, we found out that we would be receiving a black badge for our victory!

Closing Ceremonies

Finally, on Sunday, Clayton, myself, and Sean went on stage during the closing ceremonies.

DEF CON Black Badge - Closing Ceremonies

It was crazy being up there, especially with that many people watching.

DEF CON Black Badge - Crowd Shot

That said, we gave a short speech, talked about the competition, and received our award.

DEF CON Black Badge - Speech

The Badge (Including Puzzles!)

We only got to see one of the demo badges that day, as we had to wait for DEF CON to ship out the rest.

That said, a few months later, it arrived in the mail!

DEF CON Black Badge - Front

On the back of the badge were DT and Lost's names.

DEF CON Black Badge - Back 1

Additionally, on the other side, shout-outs to DEF CON 24, Tknofile, and JonnyMac.

DEF CON Black Badge - Back #2

Finally, at the very bottom, were some badge puzzles.

DEF CON Black Badge - Puzzles

The first puzzle looked hex encoded, with a different dictionary, but I couldn't get anything useful out of it.

EE5VDEFSBFDOB1DHBMRLCKFYZUXVC1R4

The second puzzle looked like simple binary code. Unfortunately, even brute-forcing all binary strings of that length gave me nothing. I also thought that it might be out-of-order, based on the fact that Lost (1507) was slightly out-of-order as well.

10111001101110111101110100111507

If you have any hints, or solutions for these puzzles, then please let me know!

The Badge in Action

This is also a working badge, so here is a quick video of it in action!

This was actually designed by special effects artist Rick Galinson along with 1o57, so it was an awesome one.

DEF CON Black Badge - Conclusion

While I wish I could have shared this sooner, it was still an incredible honor.

I love the badge, and it is super convenient only having to share it between two people.

That said, in the meantime, I was on yet another black badge winning team! Team "What does the Fox Say?" won the Wireless CTF at DEF CON 25.

DEF CON Black Badge - DEF CON 25 Wireless

We (well, one of us per year) now get free entry for life, and get to keep that awesome badge.

Other than that, we're also enshrined on the DEF CON black badge winners page!

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Senior Penetration tester for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.