Challenge | t2 infosec conference https://t2.fi Thu, 09 Aug 2018 19:50:16 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://t2.fi/wp-content/uploads/2020/07/cropped-t2_web-icon-32x32.png Challenge | t2 infosec conference https://t2.fi 32 32 t2’18 challenge winner announced https://t2.fi/2018/08/09/t218-challenge-winner-announced/ Thu, 09 Aug 2018 19:50:16 +0000 https://t2.fi/?p=1497 This year we altered the challenge format once again, and ran it in the form of a free-format application over e-mail between the 4th of July and 4th of August. Neither attempts at bribery nor cheating were noticed, which was a slight but acceptable disappointment for the Advisory Board. As it has been the case …

The post t2’18 challenge winner announced first appeared on t2 infosec conference.]]>
This year we altered the challenge format once again, and ran it in the form of a free-format application over e-mail between the 4th of July and 4th of August. Neither attempts at bribery nor cheating were noticed, which was a slight but acceptable disappointment for the Advisory Board.

As it has been the case in the past, the same names often show up in the Hall of Fame. Whether it’s the technical talent, persistent effort or being in the right place at the right time, Fortune favors the bold.

Congratulations Carl “Zeta Two” Svensson! Well done!

To demonstrate what it took to receive the ticket, here are selected highlights from his long application:

We would also like to thank everybody who participated in the challenge this year. Your submissions were greatly appreciated. In other news, the ticket sales have been active during the summer and we are expecting a flood of registrations once the preliminary schedule is released. To make sure you don’t miss out, register now to guarantee your place at the 15th anniversary edition of t2.

The post t2’18 challenge winner announced first appeared on t2 infosec conference.]]>
t2’18 challenge https://t2.fi/2018/07/04/t218-challenge/ Wed, 04 Jul 2018 09:00:42 +0000 https://t2.fi/?p=1483 Regular visitors and friends of t2 know our struggles with the annual challenge. The main purpose behind the puzzle has always been to find and recognize passionate people who have the talent, but sometimes lack the necessary budget to attend the event. We strongly believe in paying it forward and this tradition is something we …

The post t2’18 challenge first appeared on t2 infosec conference.]]>
Regular visitors and friends of t2 know our struggles with the annual challenge. The main purpose behind the puzzle has always been to find and recognize passionate people who have the talent, but sometimes lack the necessary budget to attend the event. We strongly believe in paying it forward and this tradition is something we want to hold on to.

For t2’18 the annual challenge will take a new form. To showcase technical excellence and prove you deserve a free ticket, all you need to do is submit an open application (preferably in ASCII format) over e-mail. Whether it’s your tool repository on github, awesome local meetup presentation, craziest exercise in memory manipulation, a recent bug bounty submission or something completely different, let us know. Supporting evidence goes a long way.

Rules of the challenge

  • The Advisory Board will select 0-2 ticket recipients out of the submissions
  • Challenge deadline is August 4, 2018 @ 23:59:59 UTC
  • Submissions must be sent to info-2018@lists.t2.fi
  • Criteria for selection is unscientific, tough but fair and may change at any time
  • Participants unestablished in the security industry will receive a scoring multiplier
  • The free ticket entitles to the same perks as a single regular ticket
  • Travel costs (if required to participate) are not covered by the prize
  • Decisions are final, but we still love you. It’s not you, it’s us. We hope we can still be friends.
The post t2’18 challenge first appeared on t2 infosec conference.]]>
t2’17 Challenge winner announced https://t2.fi/2017/10/23/t217-challenge-winner-announced/ Sun, 22 Oct 2017 21:46:30 +0000 https://t2.fi/?p=1336 This year’s free ticket was awarded at LocalTapiola HackDay to the team who discovered the most severe vulnerability. After a full day of analyzing, verifying and rating the reported vulnerabilities, we had a clear winner rising above the competitors. Congratulations Harri Kuosmanen of team ROT! Well done! We would also like to thank all the other …

The post t2’17 Challenge winner announced first appeared on t2 infosec conference.]]>
This year’s free ticket was awarded at LocalTapiola HackDay to the team who discovered the most severe vulnerability. After a full day of analyzing, verifying and rating the reported vulnerabilities, we had a clear winner rising above the competitors.

Congratulations Harri Kuosmanen of team ROT! Well done!

We would also like to thank all the other teams and those participating in the challenge during the summer. The countdown to t2’17 starts now – see you on Thursday! (..or Wednesday night at one of the many pre-event meetups/lobby bar gatherings)

If you have ideas on how to give out free tickets to our 15th anniversary event next year, please let us know!

The post t2’17 Challenge winner announced first appeared on t2 infosec conference.]]>
What ever happened to the t2 challenge? https://t2.fi/2017/10/23/what-ever-happened-to-the-t2-challenge/ Sun, 22 Oct 2017 21:00:49 +0000 https://t2.fi/?p=1334 So, the t2 challenge of 2017.. It’s over for sure, but not in a way we anticipated. Before we get ahead of ourselves, let’s get back to the beginning. The challenge was originally created in 2005 to give out free tickets to people with fantastic technical talents – there were two tracks, speed and elegance. …

The post What ever happened to the t2 challenge? first appeared on t2 infosec conference.]]>
So, the t2 challenge of 2017.. It’s over for sure, but not in a way we anticipated. Before we get ahead of ourselves, let’s get back to the beginning.

The challenge was originally created in 2005 to give out free tickets to people with fantastic technical talents – there were two tracks, speed and elegance. You could either win by being the first one to solve the challenge, or by submitting the finest write-up. The idea was that also those without a personal training budget had a chance of participating the event – in practice, many new talents got a turbo boost for their contacts and career in security.

The format was successful for almost a decade, until the successful completions, attempts and downloads/page views started to drop steadily. The numbers were coming down and there was no denying it – the format of each year’s challenge appeared to have no effect on this.

We tried to compensate by putting more effort into creating the challenges, and promoted them also on Twitter in addition to the traditional channels. Alas, this did not work and we pivoted to a bug bounty this year.

The challenge was open for three full months over the summer, and during that time our own tweets alone reached over 130 000 people. Further promotion was done on our own blog, and mailing list, in addition to Full Disclosure and DailyDave. In the spirit of past challenges, the rules emphasized quality submissions and finesse to allow people to focus on what truly matters. Most importantly, the target had been selected exclusively for the t2 challenge, and had not been previously subjected to a bug bounty.

Despite a major scope increase two weeks before the challenge end date, we received exactly zero submissions. Not one, not two, but Z-to-the-E-to-the-R-to-the-0. Talk about failing..

Our question now to you, esteemed fellow hackers is:

How should we give out the free tickets in the future?

Please tweet or e-mail us, we want to hear your ideas! All feedback on the subject is appreciated.

There is sunshine after the rain – our good friend Leo Niemelä invited t2 to judge the annual LocalTapiola Hack Day. That’s the where the story continues in the following post.

The post What ever happened to the t2 challenge? first appeared on t2 infosec conference.]]>
t2’17 challenge update https://t2.fi/2017/09/03/t217-challenge-update/ Sun, 03 Sep 2017 19:13:00 +0000 https://t2.fi/?p=1271 We are updating the rules slightly, and increasing the challenge scope to cover the complete LocalTapiola Bug Bounty program. The basic rules stay the same, with these changes: The in-scope domains are expanded to cover all the domains that are in-scope in the normal LocalTapiola bug bounty program as well All submissions are eligible for …

The post t2’17 challenge update first appeared on t2 infosec conference.]]>
We are updating the rules slightly, and increasing the challenge scope to cover the complete LocalTapiola Bug Bounty program.

The basic rules stay the same, with these changes:

  • The in-scope domains are expanded to cover all the domains that are in-scope in the normal LocalTapiola bug bounty program as well
  • All submissions are eligible for bounties – the rules are the same as in the normal LocalTapiola bug bounty program ($50-$50k)
  • Only NEW reports are eligible – don’t duplicate current open and/or unresolved reports from the normal LocalTapiola bug bounty program
  • In any case of confusion or ambiguity between the two bug bounty programs – LocalTapiola reserves all rights to make wise decisions

Happy hunting!

The post t2’17 challenge update first appeared on t2 infosec conference.]]>
t2’17 Challenge – a break from tradition https://t2.fi/2017/06/17/t217-challenge-a-break-from-tradition/ Sat, 17 Jun 2017 09:19:19 +0000 https://t2.fi/?p=1228 This year’s pre-conference challenge will be a t2 exclusive bug bounty. For more information on how to participate, please see the t2’17 Challenge page. As we’ve been organizing challenges for over a decade, you might wonder why change now? For several years in a row, the challenge participant numbers have been steadily declining, despite increased …

The post t2’17 Challenge – a break from tradition first appeared on t2 infosec conference.]]>
This year’s pre-conference challenge will be a t2 exclusive bug bounty. For more information on how to participate, please see the t2’17 Challenge page.

As we’ve been organizing challenges for over a decade, you might wonder why change now? For several years in a row, the challenge participant numbers have been steadily declining, despite increased efforts put into creating the technical puzzles, challenge descriptions and back stories, and actual promotion. It’s not just the number of submissions, but also the downloads and page views. Thomas Malmberg kindly pointed out that with conference challenges we’re competing for people’s time – this is the arena where also bug bounties play.

It was time for us to either adapt or perish. This being t2, failure was not an option and quitting is something you do for apps, not in real life. With conference budgets one simply does not organize a bug bounty – you need friends’ help for that. That is the reason we partnered up with LocalTapiola to provide you a t2 exclusive bug bounty, targeting a real world business application running in production environment. To make sure the spirit of t2 challenges is still there, we are emphasizing the vulnerability quality and proof of exploitability. The challenge is not a speed competition – the most elegant and meaningful vulnerability submission will receive the free ticket, and we have adjusted the whole bug bounty process to reflect that.

Once you convert someone else’s medium severity local file read into unauthenticated remote code execution, you start to value proper analysis and investigation into the technical details of a vulnerability. In other words, 2002 called – they want their apache-scalp.c back. The 15 year anniversary is a pure co-incidence, as is Dave Aitel’s headline keynote at t2’17, the stars just happened to align the right way, like good exploitation primitives after putting in the time and effort.

The challenge is dead. Long live the challenge.

We hope you enjoy the reinvigorated format!

The post t2’17 Challenge – a break from tradition first appeared on t2 infosec conference.]]>
t2’16 Challenge winners https://t2.fi/2016/10/09/t216-challenge-winners/ Sun, 09 Oct 2016 15:15:29 +0000 http://t2.fi/?p=985 Carl “Zeta Two” Svensson from Sweden was the first one to solve the t2’16 Challenge. Well done! Congratulations! The elegant write-up trophy goes to Alexander Polyakov, Russia. His write-up will be published soon so you’ll have a change to evaluate the submission yourself. Congratulations to both winners! We would also like to thank each one …

The post t2’16 Challenge winners first appeared on t2 infosec conference.]]>
Carl “Zeta Two” Svensson from Sweden was the first one to solve the t2’16 Challenge. Well done! Congratulations!

The elegant write-up trophy goes to Alexander Polyakov, Russia. His write-up will be published soon so you’ll have a change to evaluate the submission yourself.

Congratulations to both winners! We would also like to thank each one of you who participated. Last but not least. if you have an interesting idea for t2’17 Challenge, please let us know – authors get a free admission to the conference among other perks 😉

The post t2’16 Challenge winners first appeared on t2 infosec conference.]]>
t2’16 Challenge write-up submission deadline is 2016-10-08 10:00 EEST https://t2.fi/2016/10/02/t216-challenge-write-up-submission-deadline-is-2016-10-08-1000-eest/ Sun, 02 Oct 2016 08:59:04 +0000 http://t2.fi/?p=982 This is just a short note to let you know that the deadline for t2’16 Challenge write-up submissions is 2016-10-08 10:00 EEST, after which the creators of the Challenge will select the winner. Please remember that the criteria for the selection is the elegance of the answer. The solution must include a detailed description of …

The post t2’16 Challenge write-up submission deadline is 2016-10-08 10:00 EEST first appeared on t2 infosec conference.]]>
This is just a short note to let you know that the deadline for t2’16 Challenge write-up submissions is 2016-10-08 10:00 EEST, after which the creators of the Challenge will select the winner.

Please remember that the criteria for the selection is the elegance of the answer. The solution must include a detailed description of methods and tools used. If you don’t know the definition of elegance – please check out the winning write-ups from previous years.

The post t2’16 Challenge write-up submission deadline is 2016-10-08 10:00 EEST first appeared on t2 infosec conference.]]>
t2’16 challenge submission form https://t2.fi/2016/09/10/t216-challenge-submission-form/ Sat, 10 Sep 2016 13:52:16 +0000 http://t2.fi/?p=972 We just realised that we forgot to include the link for submitting the flags (it was not supposed to be part of the challenge 😉 Sorry!! Here we go!  

The post t2’16 challenge submission form first appeared on t2 infosec conference.]]>
We just realised that we forgot to include the link for submitting the flags (it was not supposed to be part of the challenge 😉

Sorry!! Here we go!

 

The post t2’16 challenge submission form first appeared on t2 infosec conference.]]>
t2’16 Challenge is on! https://t2.fi/2016/09/10/t216-challenge-is-on/ Sat, 10 Sep 2016 07:00:17 +0000 http://t2.fi/?p=967 t2’16 Challenge is on! Good luck! As usual, you can follow the contestants via (near) real time scoreboard!

The post t2’16 Challenge is on! first appeared on t2 infosec conference.]]>
t2’16 Challenge is on! Good luck!

As usual, you can follow the contestants via (near) real time scoreboard!

The post t2’16 Challenge is on! first appeared on t2 infosec conference.]]>