> blog
contestsubdomaindefcon-31community

The Recon Aacharya Contest - Community Data Release

Recon Admin
September 7, 2023
3 min read
The Recon Aacharya Contest - Community Data Release

The Recon Aacharya Contest at ReconVillage - DEF CON 31

So, you want to be a master of subdomain enumeration? Then let's talk about a contest that was a highlight at ReconVillage during DEF CON 31. Stick around as we delve into the Recon Aacharya Contest, a 36-hour challenge where participants had the Herculean task of uncovering subdomains from a pool of 14,917 seed domains.

Why You Should Read This

You'll get a behind-the-scenes look into this contest, gaining insights that can shape your future hacking endeavors. By the end, you'll know how DomainTools emerged victorious among 67 skilled teams and what it takes to succeed in such high-stakes competitions.

Participation

The Recon Aacharya Contest was a 36-hour marathon running from August 11th, 10 AM PDT to August 12th, 11:59 PM PDT. A colossal pool of 25 million+ subdomains was submitted, all enumerated from the given seed domains. The contest garnered attention far and wide, with 67 teams registering to flex their recon muscles.

The Challenge

Participants had their hands full with a list of 14,917 seed domains, provided in a file named "domains.txt." The rules were stringent but straightforward. Only valid subdomains could be submitted, and the guidelines were disseminated via email and the ReconVillage GitHub repo.

The Rules

  • Each valid subdomain will score +1 and each invalid subdomain will score -1
  • Domain resolution should be done using the DNS Server 8.8.8.8 to maintain consistency in results and scoring

Results

Many teams participated and played with a lot of determination and hard work.

Notable Insights

  • DomainTools Team won the challenge. We all would love to learn from their journey.
  • Voidstar submitted the highest number of valid subdomains. This team messed up in the invalid count and hence lost the competition.
  • Quite a few file submissions did have a lot of binary bits in them and gave us a very hard time :D
  • The DNS resolution at such a large scale was a challenge. We had all the systems stress tested, but the submissions were overwhelming for our systems too.

Winner

The winning crown went to DomainTools. With an unparalleled knack for identifying subdomains, this team showed us how it's done.

As winners, they received the following as prizes:

  • PlayStation 5
  • RedHunt Labs Attack Surface Recon API (6 Months Subscription)
  • A very Cool RGB Mouse Pad

Takeaways

1. Volume vs. Precision: The contest was not just about who could submit the most subdomains but who could provide accurate, valid entries. Quality always trumps quantity.

2. Time Management: In a 36-hour window, strategic planning and effective use of time were just as critical as technical skills.

3. Teamwork: Cybersecurity is often romanticized as a lone wolf's playground, but the Recon Aacharya Contest emphasized the importance of collaborative problem-solving.

4. Scaling Abilities: Collecting and validating subdomains at such a large scale is not only about finding subdomains strategically but also about scaling the enumeration operations.

Datasets Release

As promised, we are releasing all the datasets to the community so that we all can learn and enhance our recon and subdomain enumeration process.

All the data is available on the GitHub Repository.

Subdomain Lists:

Keyword-Based Datasets:

Top Keywords:

Feel free to explore these datasets for your research or operational needs.

Conclusion

Reconnaissance is an ever-evolving field that rewards the curious and the relentless. The Recon Aacharya Contest was a showcase of what's achievable when brilliant minds come together to solve complex problems. If you're feeling inspired to try your hand at the next one, stay tuned. Because who knows? The next winner could very well be you.