Pacific Rim Collegiate Cyber Defense Competition

When: This Saturday March 28th-29th 2009, 0900 . 1700 hours
Where: Microsoft Campus, 3009 160th Ave SE, (building Advanta-B), Bellevue WA 98008
Wanted: Volunteer Red Team Attackers / PenTesters / Security Misfits / Curiosity seekers
RSVP: MACKER*AT*NOSPAM*GMAIL – DOT COM (please include full name and email per MS requirements.

Overview of CCDC:
The Collegiate Cyber Defense Competition was originally started for West Point IT security students, and has now grown into a national event for colleges both domestic and foreign. This is the second annual event for the Pacific Rim area, in conjunction with the Center for Information Assurance and Cyber Security at the University of Washington. For the Collegiate Cyber Defense competition, 7 teams from 7 universities from the Pacific Northwest will attend for the 2 day competition. The red team is there to provide a credible, realistic threat perspective to the students. Red team members are typically volunteers from the security industry with experience in assessment and penetration, though everyone from full time professional to rookies are welcome.

Each team will be defending their .pod. of servers and services from attacks by the red team members. At any given time, there should be no less than 1-2 red team attackers per pod at all times. These pods will contain from 8-10 computers, running a variety of OS.s, applications, and services, possibly built in backdoors, etc. While the red team members are attacking the student teams, the students must also undergo injects. Injects are situations that the students must perform while maintaining their defenses, and will gain increasing more challenging as the competition continues. Ideally we will have 3 stages of increasing difficulty, starting slow on the first day, to major attack situations closer to the end of the competition. Points for injects will be graded manually.

In addition, after each successful intrusion, the attacker will fill out a brief form stating the Source/Destination IP, script/tool/technique used, and any other additional information about the attack. If the students discover the attempt, they will fill out a form stating what they think happened. This form will be given to the red team attacker for review. If the answer/technique described by the student is correct, they will have 50% less points deducted from their overall score.

Examples of injects might include:

A scoring engine written in python/MySQL will constantly poll a selection of services for each of the student teams (SMTP, POP3, HTTP, HTTPS, DNS, POP3, and FTP). Points are based on keeping these services up and running. Each student environment is logically separated from the others to prevent teams from attacking each other to gain advantage.

Traffic generation will also be injected into the network to prevent the students from predicting the scoring engine sequence. In addition, the scoring engine IP addresses will change frequently and can generate random IP addresses.

A documentary was created for the CCDC the previous year, which was aired on University of Washington TV. Microsoft has provided funding for the Documentary and competition space for 120+ people. Thanks MS! Also, Thanks Cisco for donating gear! For the 20min clip of last year’s event,
http://kangar.eu/cyber_security_competition.rar .

Student objectives:

Red Team / Attackers objectives:

Red Team requirements:

**Note** Red Team members will have internet access available to download any tools, exploits, scripts, or to perform research, etc.

Welcome to bring anything else you might need hardware wise (usb drives, printer, crossover cable, hub, etc. Most stuff should be provided, but I know I can’t be the only one who covers all his bases.

Red Team / Attackers Rules & Regulations:

In order to keep the scoring as fair and balanced as possible for the student teams, certain guidelines must be followed. To ensure proper scoring, red team activities must be tracked, and red team members must note in detail what system was compromised, how it was compromised, what was changed/deleted/modified, when the activity was performed, source and destination IP address involved, and who performed the activity. Once there is a successful intrusion in one of the teams pods, the same technique should be immediately applied to the other student teams, whether by the same individual, or through knowledge transfer. You are one team, and knowledge transfer is encouraged. This isn’t about one red member vs. another red member, this is about making these college kids scramble around and having fun on their expense.

Specific guidelines include:

Everyone had such a great time last year (heh, cyben and his ‘Mr Dude’), mojo and his ‘fuck all these students i’m gonna take them down’ attitude, which he did. I was trying to have a pre-beer party for everyone, but as you are aware with the economy the way it is, was very challenging to fund this event this year, which costs well over 30k. last year people went out for been after the event. I couldn’t get funding, but will keep trying moving forward. I know some of you have responded, but now I am compiling the official list can you please just respond again and I’ll make sure to get you on the list. Please specify what days you want to attend as well.

Additional Questions/Comments/Suggestions:
Please contact me MACKER*AT*NOSPAM*GMAIL – DOT . COM