Professional Documents
Culture Documents
16
16
==
|=-----------------------------------------------------------------------=|
|=----------------------=[ International scenes ]=-----------------------=|
|=-----------------------------------------------------------------------=|
|=------------------------=[ By Various ]=------------------------=|
|=------------------------=[ <[email protected]> ]=------------------------=|
|=-----------------------------------------------------------------------=|
In this issue of your damn favorite magazine we bring you, not one, but
three international scene articles. The first is about the glorious
Spanish hacking scene. We had some very respected hackers review it and
we believe we have brought you a real gem.
Our third phile was a late addition due to absent minded Phrackstaff,
but a strong contribution none the less. Austin Texas seems to have a
strong lock picking scene, and jgor has thankfully written up this phile
to tell us all about it.
We would like to point out that the following articles are probably
outdated, as their original submissions date back to mid-2015, however
we believe they cover a fair deal of the, more or less, recent past and
thus are worth publishing. The Phrack Staff cannot, in any way,
guarantee the validity or the level of detail of the information presented
herein. Want to add/correct something? Mail us and we will try to
publish your side of the story as well.
Enjoy
-Phrack Staff
--[ Contents
|=[ 0x01 ]=---=[ A small historic guide of the first Spanish hackers
The Spanish 90's Scene - Merce Molist & Jay Govind ]=---=|
|=----------------------------------------------------------------=|
|=--=[ A short historical guide to the first Spanish hackers ]=---=|
|=---------------=[ The Spanish 90's Scene ]=-------------------=|
|=----------------------------------------------------------------=|
|=----------------------------------------------------------------=|
|=---------------------=[ Merce Molist ]=-------------------------=|
|=--------------=[ English version: HorseRide ]=------------------=|
|=---------------------=[ hackstory.net ]=------------------------=|
|=----------------------------------------------------------------=|
= Index =
This is how started the message that Mave sent to his colleagues of the
Konspiradores Hacker Klub (KhK) when he had the "honour" of becoming the
first hacker arrested in Spain. He was accused of penetrating systems
belonging to the Carlos III university and of having used a stolen card in
Compuserve, which was pretty standard among hackers back then. He was
caught because of a mistake: he entered a chat channel under police
surveillance with an account under his real name.
"There was a time in which the Internet was only a place for survivors, a
time in which Knowledge was acquired through a lot of personal work.
A time in which respect was gained by sharing with those that didn't know,
things you had learnt with effort.
At that time a Hacker was one who found that no matter how much he learnt
about systems he always knew very little.
A Hacker was the one that managed to program that routine even smaller and
more beautiful.
Ender Wiggins, Omaq, Akira, CenoIx, Agnus Young, D-Orb, Partyman, Quijote
AFL, Pink Pulsar, HorseRide, BlackMan/KhK, Wendigo/Khk, Mave/KhK, El
Enano, Bugman, Joker, Spanish Taste, Cain, Savage ...
As far as I can remember, I have never heard or read any of them call
themselves a hacker."(1)
The first Spanish hackers started appearing in the 70's, from the fields
of electronics and CB radio, when the word "hacker" had yet to reach
Spain. They would build their own calculators and personal computers and
worked in the few companies that used computers, such as the airline
Iberia, state investigation centres, banks and local branches of
northamerican companies. Among those few "computer nuts" Alberto Lozano
stands out as one of the few Spaniards that bought an Apple I. Some years
later he would help create the first Apple clones.
Alberto Lozano: "A Barcelona company built the Unitron, but couldn't sell
them because they contained two ROMs copyright Apple. They said to me:
Make it work without having the same ROM. I encrypted the contents of the
ROM and wrote a routine that decrypted it and placed a copy in RAM of that
Apple ROM when you turned on the Unitron. However, when you turned off the
machine, that would be lost. If a judge took the ROM and read it, it
wouldn't look in any way like the Apple one. In other words, I didn't
design a BIOS, I encrypted the same one. It was a hack: an interesting
solution to an important problem."
In 1978 Lozano created the first personal computer user club in Spain
Apple II, Commodore Pet and Radio Shack's TRS-80). The club reached 100
members and in 1985 Lozano made a BBS out of it.
Mave or Lester the Teacher were part of the generation following Lozano,
when there was sufficient critical mass to talk of a hacker community.
Many started out as crackers, among them the mythical Zaragoza duo of
Super Rata Software & AWD, active from 1983 to 1986 and addicted to de
protecting (cracking) games. They already had a rudimentary hacker ethic:
their work had to be copyable using the ZX-Spectrum copy program Copion by
Arguello, one that everyone had, was easy to copy and easy to find.
Alternatively the games would autocopy using a key combo.
However, AWD, as many others, left the cracking scene for the hacking one,
obtained a modem and changed his handle to Depeche Mode. He joined
HorseRide, Han Solo and Alf and together they created the first Spanish
hacking group, active between 1987 and 1989. It was called Glaucoma, like
the illness that attacks the eyes iris, a reference to their main hobby:
penetrating RedIRIS (Iris-net), the Spanish university network, from where
they would jump onto international X25 networks.
It is still remembered how Glaucoma managed to get the password that gave
access to the Telefonica X25 nodes (or PADS) in Spain: HorseRide and Han
Solo, who were in their early twenties, passed off as sales rep for an
English company selling shared mainframe time and wanted to buy X25
accounts. When Telefonica did a demo, they memorized the password as the
technician repeatedly entered it: ORTSAC, the reversed last name of the
engineer that had set them up (CASTRO).
2. X25 Hackers
Depeche Mode met The Phreaker through the Minitel chat called QSD, a hub
for European hackers. The Phreaker was Catalan and wrote comm programs for
modems, such as COMS4, which in 1988 were used worldwide. His are the blue
box for MX BB.BAS, the exploit for Linux imapd.c, NePED -one of the first
IDS, resulting from a bet after a few too many beers-, and QueSO
("cheese"), which remotely determined OS's and on which Nmap was based (2).
The Phreaker created QueSO in 1996, when under the alias of Savage he
helped the Portuguese group ToXyN in the first campaign of systematic
attacks in the history of hacktivism against the government of Indonesia
in favour of the independence of East Timor. The campaign consisted in
assaulting and defacing the largest possible amount of Indonesian
governmental and corporate systems. Savage contributed creating exploits
and other purpose created tools such as QueSo.
Savage: "We set up search scripts for all .id domains. For each one found,
we'd look for the machines hosting www ftp mail and news and tried to
attack all four. We set off as many automated attacks as we could. When
we'd get a positive hit, we'd finish it off manually. We owned thousands
of machines. When you have a working exploit and nobody knows the
vulnerability, it's really easy."
In the end, Indonesia recognized East Timor and QueSO became a weapon for
peace: the Internet Operating System Counter project used it to produce a
monthly report on the OS's of European computers connected to the
Internet, including Israel. The promoter of IOSC was a German who ran
QueSO from a machine in USA maintained by Lebanese, called beirut.leb.net
. There was a curious conflict when two Israeli security companies
reported that Israeli machines were being attacked from a Lebanese site.
The news media exaggerated the event and IOSC ended up shutting down.
Returning to 1989, The Phreaker and Depeche joined El Maestro and Petavax
to form the group Apostols. Later on they would be joined by Sir Lancelot
and Ender Wiggins, who in 1987 wrote the first book in Spanish about
hacking and phreaking: "Manual del novicio al hack/phreack" [The novices
manual to hack/phreak] (3). Ender offered the Apostols his ample knowledge
about phreaking in exchange for something he didn't know: why the American
blue-boxes didn't work in Spain.
Phreaking was essential to reach BBS's and X25 networks, the natural field
of action. As the European and USA X25 networks were linked, hacking
sessions would generally extend beyond the ocean. The main port of entry
for USA networks was the MITRE system, from a provider for the US Army.
MITRE would gain fame from the book "The Cuckoo's Egg" by Stiff Stoll,
which recounts how hackers from CCC (Chaos Computer Club) used it to steal
corporate secrets from USA and sell them to the KGB:
The Phreaker: "MITRE was well connected to all the active networks back
then. There was an entry menu to access a phone directory service which
you could break out with the sequence CTRL-Y **Interrupt**. If you did it
right, the menu would abort and drop you in a shell from where you could
connect anywhere. It was known nearly worldwide and for years all the
hackers would go in through there."
The Galician BBS Dark Node would become the most famous BBS, breeding
ground for 29A, the most internationally known Spanish group. Respected
virus authors worldwide were part of 29A during its 13 year run from 1995
to 2008: Mister Sandman (es), Anibal Lecter (es), AVV (es), Blade Runner
(es), Gordon Shumway (es), Griyo (es), Leugim San (es), Mr. White (es),
Tcp (es), The Slug (es), VirusBuster (es), Wintermute (es), Darkman, Jacky
Qwerty, Rajaat, Reptile, Super (es), Vecna, Mental Driller (es), SoPinky,
Z0mbie, Benny, Bumblebee (es), LethalMind, Lord Julus, Prizzy, Mandragore,
Ratter, roy g biv and Vallez (es).
Amongst their always original creations stood out the first virus for WinNT
/Win95/Win32s (Cabanas/Jacky Qwerty), and for 64 bits (Rugrat/roy g biv),
the first multiplatform (Esperanto/MrSandman), the first reverse executing
(Tupac Amaru/Wintermute), the first for Windows 2000 and Windows 98 (
appearing prior to the public launch of those OS's, the first that ran
under Linux and Windows (Winux/Benny), the first 32 bit polymorphic (
Marburg/GriYo), the first PHP trojan (Pirus/MaskBits as colaborator), the
first virus to infect PDA's (Dust/Ratter) the first for mobile phones (
Cabir/Vallez) or the first anti-ETA hacktivist virus (GriYo) and Tuareg (
MentalDriller).
Marburg, the first 32 bit polymorphic virus, saw the light in October of
1997 after a bitter discussion on alt.comp.virus between 29A members and
the antivirus industry. 29A was criticizing the industry for false
advertising, as their products could not detect 100% of virus, to which
the industry responded with taunts. Following this, GriYo created Marburg
which none of the existing antivirus could detect. Somehow Marburg ended
up on the free CD's that came with the magazines "PCGamer" and "PC Power
Play", and on the MGM/Wargames game CD. Marburg spread throughout the
world like wildfire.
As 29A was an international group, so were its meet-ups which would last
for days and days. They spent a month in Amsterdam, in Brno a few weeks. A
nice and well loved Belgium female follower, Gigabyte, went to the latter
one, who was so young that she travelled with her cheerful grandfather.
The long lifespan of 29A had it witness in first person the decadence and
criminalization of the whole virus scene, a decadence which would also
apply to the whole hacking scenario.
Benny, in 29A ezine, 2002: "The whole scene and many things in it will no
longer be the way it was. Some programmers talk of "death", "decadence",
some talk of serious problems. (...) Script kiddies and their so called
"virus/worms" rule in cyberworld. (...) Antivirus earn money off people
whose stupidity is 99.99% responsible for vast virus outbreaks ("click
here" viruses). Where are those elite programmers, those elite groups?
Where are those hi-tech viruses that *yesterday* dominated the world?
*Decadence*".
4. The community
However, prior to the decadence, the latter half of the 90's had a
bubbling fertile and noisy community, proud heirs of the pioneers, meeting
in newgroups such as es.comp.hackers, mailing lists such as hacking or
hackindex, the IRC-Hispano chat group and ezines such as Raregazz,
NetSearch, 7a69ezine, Cyberhack, CatHack, JJF Hackers Team or Virtual Zone
Magazine. This breeding ground would give fruits in the form of tools that
are still useful today such as Halberd (rwxrwxrwx), OSSIM (Ulandron),
RKdetector (aT4r) or Unhide (Icehouse).
Heading this small horde of apprentices were two veteran rival groups:
!Hispahack from Catalonia and Saqueadores from Murcia. The former started
in 1992 and their high technical level was apparent through the tools
created and distributed by their members: SMBScanner (Flow), ICMPush (
Slayer), HTTPush (JFS) or Yersinia (Tomac and Slayer). Amongst their
multiple feats, hacking forum.phrack.org with a PHP exploit in 2000.
As for Saqueadores, they stood out due to the ezine of same name, born in
1996, the longest running of the Spanish arena. Some of the notable hacks
of the time were narrated inside, such as when the editor of the ezine in
1997, Paseante, took control of Infovía (5), or when he obtained control
of another sister, also owned by Telefonica, that controlled important
networks of companies and institutions, amongst them the Iberia airline,
the parliamentary congress, or Caja Madrid (a bank).
From 2000 onwards, when the scene had reached its climax and little by
little the decadence was taking root, a new generation of hackers gained
strength, more transversal due to the groups they belonged to and more
collaborative from an international point of view. Amongst them Zhodiac
from !Hispahack stands out as author of EMET and multiple exploits (6). He
published an article in Phrack in 2001 about overflows in PA-RISC, which
opened the gates for others who would also publish there: Pluf and Ripe,
Ilo, Dreg and Shearer, Pancake and Blackngel.
Alejandro Ramos: "Hans Ulrich, from the CCC, after doing some forensics on
the systems announced the vulnerability, attributing it to himself. It
wasn't until then that RomanSoft reacted and explained that he had
discovered the exploit a few months before and spread it to a small group
of people from where it had filtered. Even the author of Twiki himself
confirmed that Román had notified him of the vulnerability a few days
prior".
(1) http://www.netcomunity.com/lestertheteacher/index.htm
(2) https://nmap.org/nmap-fingerprinting-old.html
(3) http://hackstory.net/Manual_del_novicio_al_hacking
(4) https://www.youtube.com/watch?v=jXmAzeMoZNs
(5) http://set-ezine.org/ezines/set/txt/set11.zip
(6) http://zhodiac.hispahack.com/index.php?section=advisories
(7) http://examples.oreilly.com/networksa/tools/rpc-statd.c
(8) http://www.vfocus.net/hack/exploits/os/linux/suse/6.2/su-dtors.c
(9) http://examples.oreilly.com/networksa/tools/rs_iis.c
(10) http://archives.neohapsis.com/archives/fulldisclosure/2006-07/
0234.html
(11) http://www.digitalsec.net/stuff/fun/CCC/camp-server-hack.htm
(12) http://www.digitalsec.net/stuff/fun/CCC/ccc_and_cccs.txt
5. Thanks to:
|=[ 0x02 ]=---=[ Wargaming Scene Phile - Steven, adc & weekend ]=--------=|
In 2007, 3 dudes captured the first slot in the DEFCON CTF Qualifiers.
They didn't come from anywhere, and they werent actually planning on
playing, which is why they had to decline. The only explanation is
wargames. So if you eat your veggies and do loads and loads of wargames
you too will have brains, discipline, and hilarity.
And the wargame scene has bloomed! There are CTFs available just about
every month now, many of which can be played remotely. And persistent
shell-based wargames and web-vuln sites continue to run, year after year,
completely free.
Leviathan - this was the first shell based game, where all newbies start
Behemoth - where I exploited my first buffer overflow
Utumno - A little harder
Maze - Harder again, easy remotes
The four shell-based games above I would highly recommend to anyone just
starting out. They are just easy enough that it's welcoming to a beginner
but after leviathan the esoterism begins to seep through and make the
levels something else altogether. They're fun and captivating to this
day.
The thing of it is, I used to actually get a huge adrenaline rush from
solving these back then. Like my heart would be pounding while I was
waiting for some shellcode to land, and when it did, it was always a
great smile. After spending an evening to a week or two miserably stuck,
taking copious notes, and then finally solving a level, I couldn't wait
to be working my way up to the next one. It was really damn addictive.
Oddly enough, real-world hacks rarely got close to the rush from wargames
for me, as the real world has lots of complications which my biology
begins to think about.... I'm weird.
Many wargamers also keep copious notes in order to capture the subtleties
of the different game levels. The notes directories usually begin only
with the credentials for each level, but as most wargamers find, the notes
directory tends to escalate. It contains for each level of each game: which
vulnerabilities have been identified, which exploits might work, which
exploits failed, and finally which exploits succeeded. It's also a good
idea to keep notes on different shellcodes, different techniques for
debugging, heap tricks, and so on. I would probably learn a ton from the
disclosure of other people's notes :-).
wargames.unix.se transformed into Digital Evolution dievo.org and was
around until '06 or so. Digital Evolution was quite awesome. It had
basically everything I use from the internet still today: wargames, a
chill music station (delphium radio!), an awesome picture gallery from the
userbase, an extensive archive of links to knowledge, irc!!!, and
leaderboards to compete about everything on the website.
So tempting to namedrop some greetz here to all the nick, but archive.org
really says it best!.
http://web.archive.org/web/20050729112313/http://www.dievo.org/
So what's around today if you're looking to get yet-better at memory
corruption when CTFs are not around? I highly recommend two oldies, which
I consider transformative in my exploitation education. The first of
these is vortex on overthewire.org, the second is #io on smashthestack.org.
When I first played vortex, the first level showed me that I did not really
understand pointers as well as I thought I did. I recall andrewg telling
me to draw a stack diagaram. So I did, and finally the &s and *s made
sense when combined with my diagram and the assembly code. It was mind
bendingly difficult for something quite simple the first time through. And
other levels repeat the experience. Subtly exploitable bugs that at first
don't appear to be possible because of certain limitatio yns. The level of
difficulty does continue to grow until at some point you become somewhat
skilled.
When showing up to play #io, the first time through, I got to 11 and was
utterly disappointed until then. And then something happens, the levels
become hard. Quite hard. I had been a wargame veteran at this point, so
#io was a gift! Today, the first 10 have been rewritten to all be fun.
Now up to about 30 levels, #io continues to grow with well-researched,
subtle vulnerabilities for exploitation. At least one level has a real
world, remotely exploitable vulnerability found by a player and crafted
into a challenge for your intellectual pleasure. Beat #vortex and #io and
you will be rather _good_ at exploiting unix memory corruption.
After that, go play them all. Play every wargame. They all contain
knowledge that will enhance your skills. Also play CTFs when you can and
if they're fun! If they're not as fun or getting stale, then hack the
game!
- adc
old rant:
When I was younger I was aggressive and persistent, probably still so.
Wargames were the perfect outlet to mold my energy into some pretty useful
tricks. I remember coming and going back to wargames many times, the same
challenges continually kicking my ass. I started out as a google copy
pasta chef. I didn't know how to code very well, though I remember checking
out a copy of Turbo C once when I was 12, then a C++ book from the store
when I was 13, and being bored while attempting to learn something from it.
I still hate C++, I think that Bjarne Stroutsups overgrown haircut explains
it all.
I have always, always kept coming back to really play with the machine
though. I want to watch it tick and take it apart. I think I always had
the itch when peering into a screen.
I started out wargaming in 2003. From memory, there are some good ones I
remember from that year, there was web stuff like try2hack.nl,
hackthissite.org, and C stuff like hackerslab (a korean site),
pulltheplug.com (now overthewire.org), and wargames.unix.se (a swedish
site which later became dievo.org). I remember not really knowing my way
around a command shell after cheating on some of the hackerslab levels.
Then one day, a friendly hacker started talking to me through my bash
shell. I had no idea how he did it. Peering up, the difference of skill
level between us was laughable. I wanted to learn :-)
Sometimes the systems you're hacking are completely synthetic, which can
be quite tame at times. Sometimes the synthetic game is hackable to
reveal the real game, which is a lot more fun, and I always have more
fun when the real game comes out from the synthetic. For example, I recall
one roothack in 07 or so, eagerly awaiting Epic (RIP) to kick off a 5-way
king of the box game when felinemenace crew ended the game on the gateway
machine before the event had even started. Meanwhile, beist was on my team
had hacked another team's account, and we thought *we* were the ones being
cool...
Those two week lulls before classes would pick up again in high school,
and nothing felt better than procrastinating the binges of assigned
summer reading with some real intellectual stimulation of my own volition.
Landing some code.
Since 07, CTFs have just exploded. I am lucky to have played with the
loller skaterz dropping from rofl copters as well as RPISEC and pick up
teams here and there. One thing that always impressed me about the teams I
encountered was when they *hadnt* played persistent wargames before. You
can have a read of atlas' blog to see what kind of catching up they have
to do. Many CTF players have managed to compress an year's worth of
debugging exploits into a few months, it's impressive.
Here's what I love about wargames. One, it will expand your understanding
of programs and debugging like nothing else can. Many wargame levels will
be little 100-line programs that don't *appear* to have any security
bugs and they will kick your ass for awhile. Others will be obviously
exploitable, until you go and try and exploit them, and find all the
difficulties whether an XSS filter, a NUL byte in the wrong place, or the
compiler reordering stack variables...
Three, they come in baby steps. The way most persistent wargames and CTFs
are organized is through a potpourri of easy medium hard and random
challenges. Each challenge itself is usually quite manageable and
bite-sized. A well designed game makes it effortless to figure out which
pieces to solve first. A common strategy among wargame players it to keep
a copious notes with the successes (and sometimes failures) of each level.
I personally logged most of my failed attempts, and always felt great
satisfaction revisiting them. The games provided excellent facilities for
conquering genuinely hard, unknown problems with a lot of research, gdb
(or whatever web stuff for web stuff), and head scratching. Was also
always a joy ;-) to grab a copy of someone's note directory and learn
little tricks.
Four, you will learn real skills. There are skills encoded in the levels of
the games out there that haven't been yet published in an article. I'm
fairly certain #io on smashthestack.org revealed linux ASLR bypasses quite
awhile before they were patched and semi-public. Though many wargames start
out quite easy the difficult ones are there. And it is the difficult ones
that will transform you from a noob into a conscious hacker.
Five, the people. Yes some people are ornery, and if you're vain then you
think I'm talking about you. Some people are trolls. And some people are
just so genuinely cool. Throughout my time in the computer security space,
I am persistently impressed and inspired by people. Both competitively and
creatively, I feel like I've always worked best in pairs or small groups
of people. It's always just a pleasure for me to work with others. And
people of very different backgrounds and goals come to sharpen their skills
on wargames, which means there will be fun.
I remember the first guy I learned to exploit a stack buffer overflow with,
we both had no clue, but we figured it out after a few days of gdbing. This
was on the wargames.unix.se website, which I am EXTREMELY nostalgic for. I
owe Sweden a lot of beers.
Throughout the different wargaming sites and CTFs you will find lots of
different attitudes, some very mysterious people, and some incredibly
ordinary. Back in 2003 when I found wargames.unix.se I knew nothing but
just had a compulsion to solve some levels. I was doing whatever it took
to get to the next one, but I often couldn't figure it out *on my own*.
On wargames.unix.se I found mentorship and just a super inviting attitude
to do the hard stuff. The standard of thinking hard was well-ingrained,
and more impressively, people were just really damn friendly and accepting.
And the reason that is impressive is because I asked *a lot* of dumb
questions. It also had a great scoreboard with green dots that I lived for,
plus the rankings.
I'm pretty sure that I can crash in pads around the world on the promise of
explaining a wargame level to someone.
Steven, I'll race you...
-adc
--[ OverTheWire
OverTheWire.org (OTW for short) is, as far as we are aware, the oldest
hacker wargame community on the internet. The goal of OTW is to learn
security principles and coding practices through a hands-on approach, and
have fun while doing it. The regular OTW community idles on IRC and is very
supportive of new users willing to learn. They answer technical questions
about the games, provide hints and often discuss all kinds of topics
surrounding computer security.
We currently host 11 online games and 3 downloadable images for games that
can be played offline. The topics covered in these games are typically
related to lowlevel security in linux userland (vortex, semtex, leviathan,
narnia, behemoth, utumno, maze, manpage), but we also cover commandline
scripting (bandit), networking (semtex), crypto (krypton), web (natas) and
some kernelland (monxla).
More people joined in the following years and PullThePlug (PTP) grew out of
Brian's basement and into a dedicated hosting enviroment. Now being run by
a core management team and a lot of volunteers, the games existed on 4
physical machines and a bunch of vserver instances.
At this point, most of the old games were gone and replaced by newer games.
Because of all the turbulence caused by moving domain names and problems
with hosting providers and DDoS attacks, development of new games stalled
out. It took a couple years before the server infrastructure got back on
it's tracks. By this time though, a lot of the crew had moved on to other
things.
In 2010, OTW created its first custom wargame for the French Hackito Ergo
Sum (HES) conference and has been doing that annually ever since: HES2010
and abraxas (HES2011) can be downloaded as VM images, while monxla
(HES2012) can be downloaded as a livecd ISO. Kishi, a custom game for 2013,
will be shared by HES and NSC (No Such Conference, also French) and offered
as a download later on.
In 2012, it became apparent that games from intruded.net went offline and
were staying offline. We were asked to adopt these games and, with the help
of their former administrators, managed to resurrect them all 6 on the OTW
servers: leviathan, narnia, behemoth, utumno, maze and manpage. In addition
, 2 games for complete beginners were developed to lower the barrier for
newcomers. Bandit focuses on the very basics of systems security, and natas
covers serverside websecurity.
We will keep working on developing new games and maintaining the old ones,
for as long as we can. Several new games are already in development,
covering topics such as kernel exploitation, web-security and others.
Many great hackers started out playing, or at some point regularly visited
the PTP/OTW games.
It's an honor to be part of their lives in this way and it is our hope to
continue to provide this kind of hands-on experience to the next generation
of hackers.
Remember, kids: "Experience is what you get, when you don't get what
you want!"
This looks like a good place to thank some people: andrewg, arcanum, astera
,aton, bk, Brian Gemberling, deadbyte, dusty, gizmore, jduck, joernchen,
kripthor, l3thal, malvina, mercy, morla, mxn, nemo, rainer, samy, everyone
else of #social and probably a ton of people who slip my mind right now <3
|=----------------------------------------------------------------=|
|=----------------=[ The Austin Lockpicking Scene]=---------------=|
|=------------------------=[ by jgor ]=--------------------------=|
|=----------------------------------------------------------------=|
The hobbyist lockpicking scene in the U.S. has become wildly organized in
the last decade. If you've been to a hacker conference in that time you've
likely heard the names TOOOL (The Open Organization Of Lockpickers) [0] or
Locksport International [1]. While TOOOL has been going strong in the
Netherlands for far longer, the U.S. branch didn't make an appearance until
the mid-2000's, and Locksport International popped up around the same time
in 2005 as a joint effort between U.S. and Canadian founders.