The Recon Aacharya Contest at ReconVillage - DefCon 31: A Deep Dive into the Ultimate Subdomain Hunting Challenge
So, you want to be a master of subdomain enumeration? Then let's talk about a contest that was a highlight at ReconVillage during DefCon 31. Stick around as we delve into the Recon Aacharya Contest, a 36-hour challenge where participants had the Herculean task of uncovering subdomains from a pool of 14,917 seed domains. Whether you're a cybersecurity buff or just getting started, this is the tale of how the participating teams pushed the boundaries of what's possible in subdomain hunting.
Why You Should Read This:
You'll get a behind-the-scenes look into this contest, gaining insights that can shape your future hacking endeavors. By the end, you'll know how DomainTools emerged victorious among 67 skilled teams and what it takes to succeed in such high-stakes competitions.
Participation:
The Recon Aacharya Contest was a 36-hour marathon running from August 11th, 10 AM PDT to August 12th, 11:59 PM PDT. A colossal pool of 25 million + subdomains was submitted, all enumerated from the given seed domains. The contest garnered attention far and wide, with 67 teams registering to flex their recon muscles.
The Challenge:
Participants had their hands full with a list of 14,917 seed domains, provided in a file named "domains.txt." The rules were stringent but straightforward. Only valid subdomains could be submitted, and the guidelines were disseminated via email and the ReconVillage GitHub repo.
The Rules:
Each valid subdomain will score +1 and each invalid subdomain will score -1.
Domain resolution should be done using the DNS Server 8.8.8.8 to maintain consistency in results and scoring.
Results:
Many teams participated and played with a lot of determination and hard work. Here is the final scoreboard.
Notable Insights:
DomainTools Team won the challenge. We all would love to learn from their journey. Write up coming in shortly.
Voidstar submitted the highest number of valid subdomains. This team messed up in the invalid count and hence lost the competition. We are also interested to learn from their mistakes. Write up coming in shortly.
Quite a few file submissions did have a lot of binary bits in them and gave us a very hard time :D.
The DNS resolution at such a large scale was a challenge. We had all the systems stress tested, but the submissions were overwhelming for our systems too :D (We learnt from this year and next year we will be more prepared too).
Winner:
The winning crown went to DomainTools. With an unparalleled knack for identifying subdomains, this team showed us how it's done.
As winners, they received the following as prizes:
RedHunt Labs Attack Surface Recon API (6 Months Subscription)
A very Cool RGB Mouse Pad
Takeaways:
Volume vs. Precision: The contest was not just about who could submit the most subdomains but who could provide accurate, valid entries. Quality always trumps quantity.
Time Management: In a 36-hour window, strategic planning and effective use of time were just as critical as technical skills.
Teamwork: Cybersecurity is often romanticized as a lone wolf's playground, but the Recon Aacharya Contest emphasized the importance of collaborative problem-solving.
Scaling Abilities: Collecting and validating subdomains at such a large scale is not only about finding subdomains strategically but also about scaling the enumeration operations.
Datasets Release
As promised, we are releasing all the datasets to the community so that we all can learn and enhance our recon and subdomain enumeration process.
Here is the leaderboard/dashboard:
All the data is available on the GitHub Repository.
Subdomain Lists
all_valid_subdomains_keyword_sorted: A sorted list of all valid subdomains based on keywords.
domains.txt: A list of root domains.
valid_subdomains.txt: A list of valid subdomains
Keyword-Based Datasets
all_valid_subdomains_keywords_splitted_sorted: Sorted list of valid subdomains with keywords split.
subdomain_keywords_all_uniq_count: Unique keyword count across all subdomains.
subdomain_keywords_splitted_all_uniq_count: Unique count of split keywords across all subdomains.
Top Keywords
subdomain_keywords_splitted_top100: Top 100 split keywords (from nested subdomains).
subdomain_keywords_splitted_top1000: Top 1000 split keywords (from nested subdomains).
subdomain_keywords_splitted_top10000: Top 10,000 split keywords (from nested subdomains).
subdomain_keywords_splitted_top100000: Top 100,000 split keywords (from nested subdomains).
subdomain_keywords_top100: Top 100 keywords.
subdomain_keywords_top1000: Top 1000 keywords.
subdomain_keywords_top10000: Top 10,000 keywords.
subdomain_keywords_top100000: Top 100,000 keywords.
Feel free to explore these datasets for your research or operational needs.
Conclusion:
Reconnaissance is an ever-evolving field that rewards the curious and the relentless. The Recon Aacharya Contest was a showcase of what’s achievable when brilliant minds come together to solve complex problems. If you're feeling inspired to try your hand at the next one, stay tuned. Because who knows? The next winner could very well be you.