The Hack@DAC Story: Learnings from Organizing the World's Largest Hardware Hacking Competition

  Рет қаралды 985

Black Hat

Black Hat

Күн бұрын

In this talk, we will share our insights and learnings from organizing Hack@DAC, a hardware hacking competition that hosted over 1000+ researchers over the last seven years. We discuss how Hack@DAC is unique when compared against other hardware CTFs. We highlight the value of organizing a hardware CTF for the general security community. Specifically, we highlight key takeaways for industry, academia, and security researchers.
There has been a significant spike in the number of hardware vulnerabilities and cross-layer attacks in recent years, leading to increased interest and focus in this area. However, unlike software/ firmware domains, there are very few open hardware designs that detail known vulnerabilities and their mitigations. Hack@DAC CTF offers an open-source hardware design (along with a simulation environment) that mirrors the security features and weaknesses commonly seen in system-on-chip designs. Such Hardware CTFs enable academic participants to gain a deeper appreciation of the challenges involved in detecting and preventing vulnerabilities in industrial-scale designs. More importantly, CTFs help participants learn, practice, and share key skills and best practices with one another. By encouraging the formation of teams between individuals with diverse skillset, varying levels of expertise, and across organizational boundaries, CTFs offer a great community-building experience.
Next, we explain the strategies we followed to organize the competition over the last seven years and the differences when organizing a CTF for hardware vs software targets. This includes insights into how we choose the target design for the competition, how security features are added, and how vulnerabilities are inserted. We describe the two phases of the competition: an initial phase where teams get to familiarize themselves with the design and a final phase where top-performing teams are invited to do harder tasks in less time. We then share the impact the competition has had on the security research community in general.
By:
Arun Kanuparthi | Principal Engineer, Offensive Security Researcher, Intel Corporation
Hareesh Khattri | Principal Engineer, Offensive Security Research, Intel Corporation
Jason Fung | Senior Director, Offensive Security Research & Academic Research Engagement, Intel Corporation
Jeyavijayan JV Rajendran | Associate Professor, Texas A&M University
Ahmad-Reza Sadeghi | Professor, TU Darmstadt
Full Abstract & Presentation Materials:
www.blackhat.c...

Пікірлер
Living off Microsoft Copilot
42:06
Black Hat
Рет қаралды 30 М.
Человек паук уже не тот
00:32
Miracle
Рет қаралды 4 МЛН
ROSÉ & Bruno Mars - APT. (Official Music Video)
02:54
ROSÉ
Рет қаралды 331 МЛН
ТЫ В ДЕТСТВЕ КОГДА ВЫПАЛ ЗУБ😂#shorts
00:59
BATEK_OFFICIAL
Рет қаралды 3,5 МЛН
СОБАКА ВЕРНУЛА ТАБАЛАПКИ😱#shorts
00:25
INNA SERG
Рет қаралды 3,6 МЛН
A Software Defined Radio (SDR) Approach to Radar
10:43
QIQ Systems
Рет қаралды 84 М.
Trump is About to Change Everything For Tech Startups
59:15
Where People Go When They Want to Hack You
34:40
CyberNews
Рет қаралды 2,1 МЛН
Do NOT Learn Kubernetes Without Knowing These Concepts...
13:01
Travis Media
Рет қаралды 319 М.
Privacy Detective: Sniffing Out Your Data Leaks for Android
30:04
Generative AI in a Nutshell - how to survive and thrive in the age of AI
17:57
Человек паук уже не тот
00:32
Miracle
Рет қаралды 4 МЛН