Full Report
If last year taught us anything, it was that we can move quickly to organise a fully online hacker conference in little over a month. This year our annual, internal hacker conference ran from the 16th to the 18th of September, was attended by 102 hackers from 9 countries across 2 timezones, and was once again filled with epic hacks and laughs! In this post I’ll tell you more about the run up and execution of our internal SenseCon 2021! Some of this year’s challenges are available to play for a limited time on our Orange Cyberdefense Hacker Discord server as well. You can join using this link: https://discord.gg/yhfPKyBGbp.
Analysis Summary
# Main Topic
The execution and organization of SenseCon 2021, an annual, internal hacker conference held by Orange Cyberdefense, which featured CTF challenges, workshops, and a hackathon, all managed through a custom Discord integration.
## Key Points
- The conference was held online from September 16th to 18th.
- Total attendance was 102 hackers from 9 countries across 2 timezones.
- The theme was inspired by the classic 1983 film *Wargames*.
- The entire conference experience, including onboarding, running challenges, and accepting flags, was integrated using a custom Discord bot written in TypeScript leveraging `discordjs`.
- The bot included mechanics derived from the *Wargames* film, such as a simulated DEFCON level status that changed based on outcomes of a "tic-tac-toe" game played via the bot (`&gp tictactoe`).
- The conference included four official challenges, four "easter egg" challenges, three password challenges, and one "global" challenge.
- Hackathon projects focused on security research areas like facial recognition daemons, USSD fuzzing updates, EDR investigation (Cylance/Cybereason), license plate recognition, passive intelligence gathering (pwnbox), extending Nuclei templates, swapping Impacket's PSExec with Sysinternals remcom, and Oracle Cloud security research.
- Challenges and potential write-ups are planned to be released later, with some challenges temporarily available on the Orange Cyberdefense Hacker Discord server.
## Threat Actors
- Not applicable. This report details an internal, controlled cybersecurity training and community event, not an external threat campaign.
## TTPs
- **Challenge Submission:** Hackers used the `&sf` command to submit captured flags to the custom Discord bot.
- **Bot Interaction:** Interactions were handled via message creation events processed by the TypeScript bot using `discordjs`.
- **Thematic Simulation:** Simulation of DEFCON level manipulation via game outcomes (Tic-Tac-Toe).
- **Hackathon Projects (Research Focus):**
- Building custom application security tools (e.g., facial recognition daemon).
- Fuzzing (Updating USSD fuzzer).
- Explaining/bypassing EDR mechanisms (Cylance, Cybereason API unhooking).
- Extending vulnerability scanning tools (Nuclei template extension).
- Improving lateral movement tooling (Replacing PSExec with `remcom` leveraging signed Sysinternals binaries).
## Affected Systems
- **Platform:** Discord (Used as the integrated platform for event management).
- **Internal Systems (Hackathon Focus):** Internal research into EDR solutions (Cylance, Cybereason) and Cloud environments (Oracle Cloud).
## Mitigations
- **For participants attempting challenges:** Utilize the `&sf [flag]` command to submit solutions to the custom WOPR bot on Discord.
- **For general awareness (based on hackathon projects):** Security research efforts suggest continuous monitoring and understanding of proprietary EDR internals and specific cloud provider security controls (e.g., Oracle Cloud).
## Conclusion
SenseCon 2021 was a highly successful internal function leveraging custom Discord automation to facilitate a hands-on cybersecurity training environment themed around the *Wargames* movie. While this report does not detail external threats, the reported hackathon projects highlight active internal research into advanced defender evasion techniques (EDR unhooking) and the development of novel security tools, suggesting continuous investment in developing cutting-edge offensive/defensive capabilities within the organization. Participants interested in the challenges can join the specified Discord server.