Looking for a DerbyCon ticket but don’t have one? We have one you can use. It’s time for the first annual "RATs for hats" contest.
Dirty RAT |
We wanted a way to celebrate the
DerbyCon “Family Rootz” theme by giving away a ticket to a true, no joke Infosec
practitioner (you know, a member of the family) while encouraging some friendly competition. We decided on a programming competition with
a task that can be done by just about anyone.
We’re looking for a RAT written in a pure scripting language. We were originally going to require Python,
but then a Perl zealot (is there any other kind of Perl programmer?) we were talking
to cried foul. We even remembered that
there are some people who like PowerShell and Ruby too. We've heard that there are people who like VBScript, but we don't believe it. If you see one of these mythical creatures, please let us know.
Questions:
What is a RAT?
A remote admin tool.
These tools are used by legitimate administrators and hackers alike to
control systems without having to sit at the keyboard.
What should the RAT do?
We don’t care – go hog wild (or better yet, RAT wild). It
just has to support remote commands of some type that support systems administration.
What platform should the RAT run on?
Again, we don’t care, just so long as it runs. Solaris,
Linux, Windows – we’re not picky. But you have to tell us where it should run so we can judge your entry.
How will my submission be scored?
Scoring? Are you serious? We know good code when we see
it. Extra points will be given for
creative submissions, particularly those that are DerbyCon themed. Of course, functionality
rules. Do you need to provide usage instructions? Not strictly, but we're quite sure that if you document how it is supposed to work, we won't miss any awesome functionality it's supposed to have.
So the challenge is this:
Submit your most creative, scripted RAT to derbyrat@renditioninfosec.com
by midnight ET, Saturday, September 6, 2014.
Submissions must be in password protected zip files (so the AV doesn’t
block the email). Obviously you will
need to send the zip password in the email – we also need your contact information
so we can award you the ticket. We'll announce the winner on Monday, September 8th, 2014.
Standard Rules:
By submitting an entry, you give Rendition Infosec
permission to use your code, name, likeness, etc. to promote your entry, the contest, etc. Rendition
Infosec has non-exclusive use of the submitted code for any purpose it sees
fit, including the promotion of this contest. We'll judge the contest and our decisions are final. We are not lawyers and don’t want to deal with any legal crap. You can’t win if you don’t play.