[HN Gopher] Hack a satellite
___________________________________________________________________
Hack a satellite
Author : mooreds
Score : 100 points
Date : 2022-05-30 14:08 UTC (8 hours ago)
(HTM) web link (hackasat.com)
(TXT) w3m dump (hackasat.com)
| O__________O wrote:
| Here's a link to the "rules" document, which is basically all you
| need to understand the (3rd) satellite hacking CTF hosted by the
| US military:
|
| https://hackasat.com/wp-content/uploads/2022/04/HAS3_Rules_V...
|
| Prior HN comments on a prior event:
|
| https://news.ycombinator.com/item?id=22991947
|
| Related HN post, "A crash course on hacking satellites"
|
| https://news.ycombinator.com/item?id=24072829
| O__________O wrote:
| Per the rules PDF linked to above: "Registration Closes: May
| 22, 2022"
|
| ** This currently appears to be an annual event though, so if
| you're interested, there will likely be an event next year.
| the__alchemist wrote:
| The website/game appears functional, from a few minutes of
| experimenting, with the main LCD starting a puzzle. What's
| the split between the hard-registration, and playing the
| game?
|
| edit: After you complete the "first challenge", you you told
| to provide your email and wait. Not sure if the intent is to
| bypass this or something, and what's a game vs what's not?
| mikewarot wrote:
| It would be interesting to join a team which uses a series of
| data diodes to harden satellites against attack. Reifying a
| physical, instead of logical, separation of command and data
| flows could go a long way to reducing vulnerabilities for systems
| built in the future.
|
| Perhaps a project to create low cost data diodes, and a set of
| best practices for their use, could be helpful.
| imnotreallynew wrote:
| What sort of time commitment does this require?
|
| I'd be thrilled to join a team; I work as a senior developer (web
| and mobile apps) but unfortunately have no CTF or "real"
| cybersecurity experience. I have a deep interest in space and
| relevant technologies. Would such a skillset be useful?
| rfoo wrote:
| > What sort of time commitment does this require?
|
| A full weekend around May, per year.
|
| Of course if you really want to make sure your team can go to
| the final event you may want to practice on past challenges,
| which could be done at your own pace (or just don't, you may
| still make meaningful contributions to a team as long as you
| can learn new shit really fast).
| failTide wrote:
| You could probably train yourself pretty easily. Give some of
| these a go. https://overthewire.org/wargames/
| hakkoru wrote:
| Our team has qualified for the Hack-a-Sat finals three years in a
| row. I wasn't a part of the first year but was a part of last
| year and this year. Last year's finals didn't go super well for
| us, but we're hoping to do better this year.
| ackbar03 wrote:
| Is this still part of defcon? Or is it just it's own thing now
| hakkoru wrote:
| I think it's its own thing now. Last year the organizers were
| at DEF CON and showed off the satellite for the finals and
| had a few talks, but the actual competition was in December.
| I assume the same thing will happen at this year's DEF CON.
| dang wrote:
| Related:
|
| _US Air Force Space Security Challenge 2020: Hack-a-Sat_ -
| https://news.ycombinator.com/item?id=22991947 - April 2020 (86
| comments)
| tester756 wrote:
| https://www.airforcemag.com/article/hackers-balk-at-rules-ch...
|
| Seems like there was a lot of criticism
|
| >Even those who performed well were frustrated. "We had really
| high hopes ... for the contest, but at the end the disappointment
| and frustration completely took over, even after finishing second
| and winning a big cash prize," wrote Michal Kowalczyk on
| CTFTime.org, a blog where contestants rate and review different
| capture-the-flag (CTF) competitions. Kowalczyk, whose hacker
| handle is Redford, is a co-founder for the team "Poland Can Into
| Space," which was the runner-up both this year and last. "I wish
| it was different, but I have to say that this was a pretty bad
| CTF."
|
| >Tyler Nighswander of Plaid Parliament of Pwning, a storied team
| connected with Carnegie Mellon University, complained that "lots
| of things regarding how the game operated were not explained
| clearly."
|
| >He suggested that expectations for Hack-A-Sat were high. "I
| think all of the participating teams have played in CTFs which
| were run worse than this contest was," he said. But given that
| Hack-A-Sat was backed by the resources of the U.S. military,
| competitors expected a flawless execution. "There was an
| expectation level that I don't think was cleared," he said.
| karmicthreat wrote:
| I love working on these. I'm not really into CTFs but I learn
| quite a bit each time I participate in Hack-a-Sat. The
| astrodynamics questions in CTF1 were quite hard, such as make a
| star tracker and find your position.
| octagons wrote:
| My team and I had a blast the first year this came out.
| Definitely recommend participating in this, even if you're not
| familiar with more traditional security CTF challenges. These
| challenges tend to draw from the broad set of engineering skills
| needed for space-faring technology, not just your traditional
| vulnerable service or configuration.
| the_only_law wrote:
| What if I'm not an established team, but just some bozo with
| interest in security research and hacking stuff?
| rfoo wrote:
| Register as a one-man team and play. Just don't expect that
| you may qualify for the finals (unless you are geohot).
| Remember to read all challenges and feel free to skip a
| challenge if you get stuck.
|
| Though the news got posted a week later (this year's quals
| ended a week ago) and you have to wait one year if you want
| to play this specific event.
| [deleted]
| anonymousiam wrote:
| Having previously done both satellite development and (legal)
| satellite hacking, I participated in both the 2020 and 2021
| qualifiers, but sat it out this year. It was a lot of fun and our
| team did well, but we did not make the finals. (We scored 19th in
| 2020 and 27th in 2021.)
| ewuhic wrote:
| Do I understand it correct, that all the CTFs are basically
| puzzles with planted cues and weakened parts, since if there was
| no such a preparation, almost noone could score a flag, plus the
| orgs could not know in advance how their system is crackable,
| which would result in a competition being in essence "find a
| zeroday"?
| mshockwave wrote:
| Correct, IMHO these competitions are mostly setup in search of
| talented people and (maybe) catch the attention of general
| public on certain security fields
| jallbrit wrote:
| Yes that's correct. Typically there's is a "flag" or a string
| of text that the hackers attempt to find.
|
| Good companies have a bug bounty program where people can
| submit 0-days.
| Vladimof wrote:
| [2020] ?
___________________________________________________________________
(page generated 2022-05-30 23:01 UTC)