Warning: Use of undefined constant add_shortcode - assumed 'add_shortcode' (this will throw an Error in a future version of PHP) in /nfs/c03/h02/mnt/49321/domains/hackingtheuniverse.com/html/wp-content/plugins/stray-quotes/stray_quotes.php on line 615

Warning: Use of undefined constant MSW_WPFM_FILE - assumed 'MSW_WPFM_FILE' (this will throw an Error in a future version of PHP) in /nfs/c03/h02/mnt/49321/domains/hackingtheuniverse.com/html/wp-content/plugins/wordpress-file-monitor/wordpress-file-monitor.php on line 39
MA-CCDC-09 Red Cell preparation

MA-CCDC-09 Red Cell preparation

I’ve been invited to participate in the 2009 Mid-Atlantic CCDC as a member of the Red Cell (attacking team). The mission of the red team is to emulate hackers attacking a business network. The game conditions change a bit from year to year and even from the preliminary rounds to the final rounds (because of time restraints) but there are some things that are fairly constant. We know the defending college teams will have a mix of servers and workstations and a mix of Windows and Linux operating systems. There may or may not be components of wireless technology, VOIP technology and other transient twists to the game.

The red team methodology is fairly straightforward: use recon techniques to discover and identify targets, attempt to identify vulnerabilities and weaknesses, attempt to penetrate targets, establish a presence on the target, leverage that presence with pivot attacks or other means of compromising more systems, escalate privileges at all stages until we own their network completely.

Red team technology and tactics are anything BUT straightforward. Each member of the team brings different experience and background and tools to the table. We try to discuss strengths and weaknesses and merge them to our best effect. We share information and tools and will attempt to communicate well enough during the event to keep our efforts balanced fairly across all of the teams we are attacking.

We already know attacking team members will be using tools such as:

  • nmap/zenmap – for basic recon
  • nessus – for detailed vulnerability analysis
  • metasploit framework – penetration and pivot attacks
  • core impact – mostly for penetration with agents for pivot attacks, but also does recon and some vulnerability analysis
  • canvas – penetration, with some recon and agents for pivot attacks
  • john the ripper – for password cracking
  • netcat – for just about everything

Core Technologies has supplied the red team with trial copies of their Core Impact product and some training on how to use the product. This product comes about as close as you can get today to having a “point and click” penetration testing framework. But it also allows analysis of web applications and the technology to enable client side attacks.

Red team members are assembling a variety of custom made tools, mostly trojan backdoor programs that we hope will allow us to maintain our access once we have established an initial foothold.

And then we get down to practice. Setting up a lab/test environment and trying to hone the skills we anticipate needing is essential. Working with cutting edge technology and techniques is always dicey at best. Things that seemed to work in the lab may not work in the competition and vice versa. Having backup strategies and alternative paths is required.

Here is Seth Fogie’s account of a preliminary round in last years Mid-Atlantic CCDC:
The Collegiate Cyber Defense Competition Year 3: Revenge of the Red Cell

In this update we are going to give you a behind-the-scenes look at the third installment of this story as we go to the State Qualifying Rounds and join up with the Red Cell to infiltrate the students’ networks.

One Response to “ MA-CCDC-09 Red Cell preparation ”

  1. MA-CCDC-09 Prelim Rounds
    How the preliminary elimination rounds went.

Leave a Reply

You must be logged in to post a comment.