MA-CCDC-09 Prelim Rounds

Mid-Atlantic CCDC 2009 – Collegiate Cyber Defense Competition

The preliminary elimination rounds of the Mid-Atlantic CCDC were held on Sat 17 Jan and Sat 24 Jan at White Wolf Security in Lancaster, PA. The Red Cell team was larger this year, with about ten members participating, including a few that were at remote locations.

Student networks:
The networks the student teams are assigned to defend typically have several Windows servers and several linux servers with a normal variety of business functions scattered across them, including Active Directory, DNS, email, some HR-like SQL databases, a web site, an e-commerce server and several workstations. This year, once again, the student teams had VOIP phones and an asterisk (PBX) server also thrown into the mix to defend and cameras on the network with a web interface. During the competition, they are tasked with “business injects” which are simulated business tasks that they must also put some attention on. They earn positive points for keeping services up and completing business tasks and have negative points tacked on when they are compromised by the red cell.

Red Cell Operations:
The red cell team is comprised of quite of mix of backgrounds and skills and everybody is using somewhat different tactics and tools. Probably the most common tools across the red team include: nmap, nessus, metasploit framework, core impact (limited copies supplied by Core for the competition), netcat, and a wide variety of tools found on backtrack3. Inside the red cell area at White Wolf Security, there is a horseshoe arrangement of tables with a monitor being projected on a big screen that shows the status of the college teams and also a world map that shows when a red cell member accomplishes a compromise of a system and launches the “phone home” script to tally a score. A line is traced across the map from the (fictional) location of the mysterious hackers around the globe to Lancaster, PA where White Wolf is located. The ceiling lights are usually lowered and the room turns into a huddle of dark figures hunched over keyboards. Every now and then, somebody asks the rest of the group a question or shares some information that might help the rest of the team. Sometimes red team members cluster around a single system to watch a spectacular post exploit “surprise” and then laughter and celebration often break out. One of the favorites this year was a joke program that made it appear as though the college system that had been hacked was installing Vista.

From the outside, it may seem as though the red cell activity is all fun and easy success and high fives, but nothing could be further from the truth. While those heady moments of congratulations do exist and are worthwhile, they come at the expense of weeks if not months of preparation and then many hours of failed attempts and some frustration before the more rare moments of joy when you know you have penetrated and own the system of a defending team. And it often takes years of study and training to get to the point where you can perform penetration testing activities.

In the debriefings after the competition, it’s always interesting to hear how the various teams made “business decisions” about balancing defense (protecting against negative points) versus business requirements (getting positive points) and what strategies and tactics they decided to use before the competition and how much that changes during the heat of the battle. Most teams end up abandoning some of their gameplan and being forced into damage control mode and crisis reaction.

Teams that made it through the preliminary rounds and get to compete in the finals in March are:
Community College of Baltimore County
George Washington University
James Madison University
University of Pittsburgh

Congratulations to these schools and their cyber defense teams!

One Response to “ MA-CCDC-09 Prelim Rounds ”

  1. MA-CCDC-09 Red Cell preparation
    The Red Cell prepares for battle

    MA-CCDC-09 Prelim Rounds
    How the preliminary elimination rounds went

Leave a Reply

You must be logged in to post a comment.