This is a continuation of the previous post talking about BSidesROC onion related CTF challenges. Double Ontonion One team figured this one out. The point of this challenge is to exemplify a common problem with onion services. Basically, if you don’t configure the web server correctly, there are cases where an onion service might leak additional information about the host. For example, if you were hosting an onion web service on the same server as another web service, you could sometimes replace the Host header with something like “localhost” and have crushing results.
Now that BSidesROC is over and the CTF is closed, I can share some of the details about the Onions CTF category that I made. I think the feedback was that a lot of the challenges were too hard or they were straight-forward but they took too long to do. Setup Each of the services in the Onions category contained a vanity BSidesROC onion address. This was thanks to my friend who threw some GPU cycles at generating keys for services that either start with or end with “bsidesroc”.
Our little hacker conference that usually draws about 400 people is happening again on 4-21 and 4-22. If you want the song and dance about all the things we have planned, you can check out the website. I want to cover all the internal changes. Volunteers We’re getting old. What can I tell you. The longer you run something like BSidesROC (and Interlock and 2600 for that matter) the more likely your core people are going to have different priorities and interests.
I’ve made a scalable way of building a fully private functioning tor network using Docker. Why give any back story, if it’s useful to you, then here you go: Source: https://github.com/antitree/private-tor-network Docker Hub: https://hub.docker.com/r/antitree/private-tor/ Setup All you really need to do is clone the git repo, build the image (or download from Docker Hub) and then spin up a network to your liking. What’s nice about this is you can use the docker-compose scale command to build any size network that you want.