This weekend I was invited to
participate in the 2015 RMCCDC (Rocky Mountain Regional Collegiate
Cyber Defense Competition) held at Regis University in the Denver
Tech Center area.
Several student comprised Blue
Teams, each with an identical infrastructure to protect, and had to stand
up to a barrage of attacks. Personally I found myself less focused,
(much less focused than during a typical penetration test) than I
normally am due to several factors: Lack of adequate preparation,
large scope and being new to the format.
Just to do something different, I
was running the Windows 10 Technical Preview and only had my
professional version of Burp installed along with a couple other
non-standard applications. The issues with this choice (not testing
thoroughly) manifested themselves in myriad ways: Nmap wouldn't run,
my VM instance of Kali (that I had installed the night before) needed
significant updates and tweaks to get the GUI to work, not to mention
all of the issues inherent to a Beta OS (think basic things no
audio). I thought I would be fine with just Burp, maybe ZAP and a
couple of browsers. Wow was I wrong.
The scope was vast as previously
mentioned, so I found myself spending about 10% of my time on web
applications and the rest split between trying to get my box and
tools running effectively, metasploit, panning and zooming webcams
aimed at Blue Team white boards and an outrageously slow network (at
times) due to saturation. But it was an awesome experience!
Each team had their own room, ours
was a piping 80 degrees; perhaps on purpose at to fatigue us in order
to slow down the attacks. After the first hour or so Social
Engineering attacks were called off and I was challenged a couple of
times by Blue Team members intent on keeping their assets secure, all
part of the exercise and well received. The local news was shooting
footage, organizations from all over the area were invited to check
out the action for first hand and I was able to speak with curios
observers and share insight on how a Red Team operates.
Thanks to all the teams, students,
sponsors and folks behind the scenes that made this possible. Richer
for the experience, and a firm believer in the spirit of the
competition, I would be glad to participate in the future.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.