Pacific Rim Collegiate Cyber Defense Competition
When: This Saturday March 28th-29th 2009, 0900 . 1700 hours
Where: Microsoft Campus, 3009 160th Ave SE, (building Advanta-B), Bellevue WA 98008
Wanted: Volunteer Red Team Attackers / PenTesters / Security Misfits / Curiosity seekers
RSVP: MACKER*AT*NOSPAM*GMAIL – DOT COM (please include full name and email per MS requirements.
Overview of CCDC:
The Collegiate Cyber Defense Competition was originally started for West Point IT security students, and has now grown into a national event for colleges both domestic and foreign. This is the second annual event for the Pacific Rim area, in conjunction with the Center for Information Assurance and Cyber Security at the University of Washington. For the Collegiate Cyber Defense competition, 7 teams from 7 universities from the Pacific Northwest will attend for the 2 day competition. The red team is there to provide a credible, realistic threat perspective to the students. Red team members are typically volunteers from the security industry with experience in assessment and penetration, though everyone from full time professional to rookies are welcome.
Each team will be defending their .pod. of servers and services from attacks by the red team members. At any given time, there should be no less than 1-2 red team attackers per pod at all times. These pods will contain from 8-10 computers, running a variety of OS.s, applications, and services, possibly built in backdoors, etc. While the red team members are attacking the student teams, the students must also undergo injects. Injects are situations that the students must perform while maintaining their defenses, and will gain increasing more challenging as the competition continues. Ideally we will have 3 stages of increasing difficulty, starting slow on the first day, to major attack situations closer to the end of the competition. Points for injects will be graded manually.
In addition, after each successful intrusion, the attacker will fill out a brief form stating the Source/Destination IP, script/tool/technique used, and any other additional information about the attack. If the students discover the attempt, they will fill out a form stating what they think happened. This form will be given to the red team attacker for review. If the answer/technique described by the student is correct, they will have 50% less points deducted from their overall score.
Examples of injects might include:
- Creating an inventory of all servers, applications, services
- Creating new user groups
- Creating network shares performing a server wide password audit
- Containing a network intruder
A scoring engine written in python/MySQL will constantly poll a selection of services for each of the student teams (SMTP, POP3, HTTP, HTTPS, DNS, POP3, and FTP). Points are based on keeping these services up and running. Each student environment is logically separated from the others to prevent teams from attacking each other to gain advantage.
Traffic generation will also be injected into the network to prevent the students from predicting the scoring engine sequence. In addition, the scoring engine IP addresses will change frequently and can generate random IP addresses.
A documentary was created for the CCDC the previous year, which was aired on University of Washington TV. Microsoft has provided funding for the Documentary and competition space for 120+ people. Thanks MS! Also, Thanks Cisco for donating gear! For the 20min clip of last year’s event,
- Understanding the trade-off between operational system availability and security.
- Learning how to setup networks, components, and understanding architecture concepts.
- Gaining experience in Disaster Recovery and contingency planning.
- Understanding that you have to play the cards you are dealt with.
- Use teamwork, ethical behavior, and effective communications both within and across teams.
- Keep services operational and prevent break-ins by the red team.
- Introduce students to new technology and real world scenarios and situations.
- Build a meaningful mechanism by which institutions of higher education may evaluate their IT security programs.
Red Team / Attackers objectives:
- Provide a real world, credible threat to the student’s environments
- Compromise student environments and gain elevated access
- Install, reconfigure, services, processes, applications, backdoors, IRC, etc
- Direct targeted attacks based on OS.s type, patch level, etc
- Have fun with the students including ANY creative means to inform them of compromise (open xterms and echo words of wisdom, open cdrom trays, flip screens, change backgrounds, or just don’t leave any trace and let them figure it out.
- Social engineering attacks: last year we stole a blank template of the inject paper, duplicated it, and made a fake telling them to just set us up accounts. A couple teams fell for it. Ide really like to get a Microsoft janitors uniform if anyone has one, so a mole can walk around and collect all their trashcans.
Red Team requirements:
- Attackers must have either their own workstation or laptop, and necessary supplies. **Note that due to network limitations, we will only be providing internet access on certain machines. You are welcome to bring hard drives full of any software / scripts / exploits you feel you need/
- Any operating system of choice is allowed
- Any open source, or closed source tools available to the general public are allowed
- Must be available for at least 4 hours (or longer if you want) Saturday March 28th-29th.
**Note** Red Team members will have internet access available to download any tools, exploits, scripts, or to perform research, etc.
Welcome to bring anything else you might need hardware wise (usb drives, printer, crossover cable, hub, etc. Most stuff should be provided, but I know I can’t be the only one who covers all his bases.
Red Team / Attackers Rules & Regulations:
In order to keep the scoring as fair and balanced as possible for the student teams, certain guidelines must be followed. To ensure proper scoring, red team activities must be tracked, and red team members must note in detail what system was compromised, how it was compromised, what was changed/deleted/modified, when the activity was performed, source and destination IP address involved, and who performed the activity. Once there is a successful intrusion in one of the teams pods, the same technique should be immediately applied to the other student teams, whether by the same individual, or through knowledge transfer. You are one team, and knowledge transfer is encouraged. This isn’t about one red member vs. another red member, this is about making these college kids scramble around and having fun on their expense.
Specific guidelines include:
- Red Team members may scan, probe, and penetrate team systems as they would for any network assessment or penetration activity.
- Red team members may gain root/administrative level access to as many systems as possible.
- Red team members may access/modify key files, and disrupt business operations.
- Red Team members may use buffer overflows, scripts, brute force attacks, and any other methods available to penetrate target machines/networks.
- Red team members may install rootkits/Loadable Kernel Modules, modify code, perform injections, keystroke loggers, IRC servers, etc.
- Red team members MAY NOT perform DOS/DDOS attacks, or release any self-propagating code (no tribeflood folks, kind of lame).
- Red team members must be informed of the Scoring engine IP address so they do not mistakenly attack the engine.
Everyone had such a great time last year (heh, cyben and his ‘Mr Dude’), mojo and his ‘fuck all these students i’m gonna take them down’ attitude, which he did. I was trying to have a pre-beer party for everyone, but as you are aware with the economy the way it is, was very challenging to fund this event this year, which costs well over 30k. last year people went out for been after the event. I couldn’t get funding, but will keep trying moving forward. I know some of you have responded, but now I am compiling the official list can you please just respond again and I’ll make sure to get you on the list. Please specify what days you want to attend as well.
Please contact me MACKER*AT*NOSPAM*GMAIL – DOT . COM