Every August, about 25,000 programmers descend upon Las Vegas to attend DEF CON, one of the world’s most well-known hacking conventions. Apart from building relationships with industry peers and putting their skills to the test, virtually everyone in attendance has one goal in mind — winning the Black Badge.

We’re extremely proud to say that Pete Souba, aka “Kybr,” Red Team Operator at SimSpace, took home the award after completing the three-and-a-half-day Badge Challenge — just a few seconds before the second-place finisher. The Black Badge is one of the highest honors a DEF CON attendee can receive, and in addition to earning free admission for life, Souba will be inducted into the Black Badge Hall of Fame.

“Never in my life did I expect to win a Black Badge,” said Souba. “The competition is so fierce, and you’re competing against some brilliant human beings. I just happened to have the right mix of skills to put this particular puzzle together a little bit faster than the next person.”

How do you win a Black Badge?

Interestingly, no one actually knows how to win a Black Badge until they are presented at the end of the conference. That’s because every year, the Black Badge can be the prize for winning any of the events hosted at DEF CON. But it’s the Badge Challenge, Hacker Jeopardy and World Championship of Capture the Flag (CTF) that garner the most attention and participants.

At DEF CON 30, it was winning the Badge Challenge that put Souba among elite company in the Black Badge Hall of Fame — and in the hacker world. The activity began on Thursday when badges were handed out and ran until Sunday, just four hours before the conference came to a close.

Experience, skill and a little bit of luck

While the Badge Challenge is an individual event, participants work together to give each other a chance to reach the finish line — which is all but impossible to do alone, given the volume and complexity of the riddles, ciphers and stages that must be navigated along the way.

DEF CON 30 badge
The clues included musical measures found on the faceplate of the DEF CON badge itself.

Near the end of the competition, after his group completed a book cipher, Souba noticed the first letters of the code words read backward referenced a Rickroll — an infamous internet prank which ends with an unsuspecting user clicking a URL and being treated to a surprise viewing of Rick Astley’s “Never Gonna Give You Up.”

Push button telephones used in badge challenge
One part of the Black Badge challenge required old-school push-button telephones.

Now at the final stage of the challenge, he was on his own, racing against his former teammates for a first-place finish. With seconds to spare, he obtained a piece of gum from the surrounding crowd so he could quickly scribble out the answer to the riddle, “who died and left you in charge?” on the wrapper, per the event creator MKFactor’s instructions.

“I love puzzles like this, and as soon as I saw the word ‘never,’ I knew it was going to be a Rickroll,” said Souba. “And for the final answer, I used a Google dork to connect the phrase presented to me with the movie script it came from, which led me to the answer, ‘Captain Bipto.’ ” Google dorking, also known as Google hacking, is a way to search for information that is not readily available through simple searches by using specialized commands.

For Souba and his fellow contestants, the road to the finish line was not without its challenges. In fact, the entire group was stuck on one stage for almost an entire day before MKFactor sent out a tweet to point participants in the right direction. When asked what he thought helped him win this event, Souba pointed to his experience, skill and a little bit of luck.

Pete’s writeup of the event is available on GitHub for those interested in a play-by-play breakdown of how he completed each stage of the Badge Challenge.

From cyber defense specialist to red team operator

Souba, a computer science graduate, began his infosec career in the Navy. As his first assignment, he was dispatched to work in cyber defense with the NSA.

“I loved that job, but when I heard about people doing work in cyber offense, I went to an open tryout and ended up getting reassigned,” said Souba. “It was right around that time when I stumbled upon someone else’s DEF CON badge writeup.” After learning more about the conference and the types of cyber events that took place there, he started participating in CTF exercises, which helped him develop new attack and defense skills over time.

“To win the badge that initially inspired me to get into the work that I do now, it really hit close to home,” he said.

Souba is currently one of the operators on SimSpace’s Red Team, which challenges organizations to defend against advanced cyberattack techniques within high-fidelity simulations of their production environments.

“We’re the spear,” said Souba. “We help organizations test their blue teams, their defenses and their ability to follow their own playbooks by seeing how they perform during a hands-on-keyboard cyber warfare exercise.”

SimSpace is proud to have highly-skilled security professionals like Pete Souba holding positions throughout the organization. Our collective industry expertise is just one of the many assets that allows us to provide the advanced cybersecurity training tools and simulated environments that help organizations optimize their cyber readiness.

Want to learn more about how SimSpace can help you improve your cybersecurity posture? Visit simspace.com to request a demo.

 

Pete Souba headshot

Pete Souba

Pete Souba is a Red Team Operator at SimSpace corporation. Before joining SimSpace, he worked in both cyber defense and offense with the NSA and the US Navy. In addition to his work for SimSpace, Pete regularly participates in CTF and other cyber activities to further hone his skills. Originally stationed in Hawaii for his Navy service, he still lives there now with his family.

Blog byOwen Dudley
Owen Dudley
Owen Dudley
Owen Dudley is the Staff Writer for the Product Marketing team at SimSpace Corporation. Before joining SimSpace, he covered a variety of topics as a freelance writer, from cybersecurity and fintech to music and arts. A graduate of The New School, he lives in Brooklyn, NY and enjoys writing and performing music in his spare time.