Team Lakeland vs Polite Slenderman: Review of 5-State Qualifiers

-

Team Lakeland vs. Polite Slenderman. Review of 5-State Qualifiers

The Enemy

I categorize the enemy as 'Polite Slenderman'. Why? The hackers didn't destroy any boxes beyond repair. They would change a line of config and that's it. Polite Slenderman sat idle on boxes, just watching us. It felt like playing Where's Slenderman and Slenderman would get angry if you didn't notice him in 2 hours.

Slender Activity

"Oh hello Slender! You've been in this box for 22 minutes! I should've kicked you out sooner! Thanks for sitting like a duck and visiting. Out you go now. Have a good day."

Polite Slenderman broke into Debian MySQL, Ubuntu DNS and the Splunk box. One hacker really wanted to lounge in that Splunk box. I would kick them out, retype iptables, shut down sshd (I think?) and they would be back. Slender would change enableSSL=0 to 1. I had to change that config three times. Debian I only had one issue, kicked them out, and didn't see activity again. Same with Ubuntu DNS. The hackers were probably idling on CentOS and Windows 2008. They just didn't break anything.

Surprises

I'm surprised Windows 2008 AD/DNS didn't go down. We didn't do much with that.

What could've been done better?

1. Confusion on where I did/did not put host-based FW rules. Keeping track of 10 hosts can get confusing.
2. Network-based FW rules.
3. Better backups.

What went right?

1. Inject Quality.
2. Time management. We had a lot of time left. We only had a 30 minute window where we felt overwhelmed. I heard over speaker multiple teams had trouble within the same time frame. An inject about OpenVas and not having enough space for it.
3. Pacing. We started at 45mph and ended at 45mph. We had a linear performance which is good. We were running a cross country race.
3. Scrubs. We only used 1 scrub total and it was the right call.
4. Service up-time at a high ~90%.

Total Capacity: 80%. Grade: A-

Okay so this concept of capacity. I graded us at 80% because we could handle 20% more work without suffering. Suffering is called over-capacitated.

How do we know were overcapacity?
1. Inject degradation. Quality and quantity down.
2. Service uptime suffers.
3. Can't do everything.
4. Overwhelmed with work.

I predict Wildcards would be our max-capacity. We would be cutting it close to deadlines. This is just judging off my 2017 experience.

Regional Predictions

Before you reach a capacity problem, you will hit a skill issue first. It won't matter if you have 60 minutes for an inject if you have no idea how to do it. I predict I'm going to be hitting into some skill deficits. Injects that are new to me that I can't solve in time. Hopefully I can solve most of them. I just started practicing Regional level injects after Qualifiers was over. I'm also worried about the Cisco devices. Our team only has a few-months experience on them. We've always started from scratch and haven't been dropped into an existing network.

Overall, we have a good fighting chance. I don't think we will be in the bottom pack. We're going to work hard for 3rd and bring out a performance to be proud of. Below is a sneak-peek of our strategy: Manji Formation Firefighter rescue. Next time: Team Lakeland vs Zabuza of the Hidden Mist Uninvited Guest:

Comments

Post a Comment

Popular posts from this blog

Palo Alto for GNS3 CCDC Tutorial

-
Image
Opening Hello fellow CCDC Competitors! Struggling to get a Palo-Alto VM? I know how you can get one! Email me at ASzampiasSWD@gmail.com. I'll tell you the steps to get a PA-VM for GNS3. Why am I giving this info to you? Wouldn't it make sense to hog the info to myself? Wouldn't my team have an advantage? There are have and have not universities when it comes to PaloAltos. I fell into the "have not" group. Our college didn't have access to PA-VMs and still doesn't. Even if PA Cybersecurity Academy is free, there is too much red tape. I can't change the outcome. I can only come up with this one solution. Another reason is Tri-C is a tryout team. I think its pretty unfair as a potential Firewall Admin I'm the only one with access. No one can challenge me unless they spend 2K for a PA-VM. It becomes a rich-person only position. I have a leftover PA-VM from 2018 I promised not to share. I couldn't share that with my challengers. But I f...
Read more

Trace Labs Global Missing Persons CTF V

-
Image
Trace Labs CTF V TraceLabs hosted the Global Missing Persons CTF V event on July 11, 2020. My team //synergy got 64th place out of 190 teams. Introduction This was my first Trace Labs CTF. I captained a team. The good thing about being a captain is you can control who is on the team. My rules were: Must have sock puppet accounts ready. Must have a VPN. Writing out this is a competitive team where we work the entire 6 hours. I was worried about a future team member spamming submissions and disqualifying the team. I thought my requirements would eliminate people who weren't serious. The team hit 4 members Friday evening pretty quickly. Notes My laptop was too slow for this event. My virtual machine froze and I had to restart. Restarting means I have to login to my accounts again. I'll use my desktop next time. The team used Slack and Trello. Our strategy was to research a person and rotate every hour. This strategy broke after 1 rotation. Some missin...
Read more

Release of CCDC ISE Manager Website

-
Image
I worked on the ISE (Inject Scoring Engine) website from 2017 to 2019. I made it to encourage teams to follow a merit-based, open admission tryout format. I identified a problem and made a solution for it. Problem: Call for Merit and Fairness on CCDC Rosters Solution: Github Project Solution: How to run a Team After Tri-C was finished with 2017 Midwest Wildcards I used httrack to grap the Inject PDF files. I didn't grap just the files, but the entire front-end code of the website. If you created the HTML and CSS of the original ISE website, tell me your name so I can give you credit! My goal was to make an almost-replica of the original. The database and back-end code is all guessing by me. I used a LAMP stack because I believe the original website is built on that. I did some fingerprinting and found the "ccdcadmin1" website was hosted on Apache and PHP. If you notice any bugs or errors let me know. If you want a feature added let me know. I will be working ...
Read more