Differences

This shows you the differences between two versions of the page.

--- cyberconquest [2021/11/11 00:32] – Gaelin
+++ cyberconquest [2023/08/23 04:44] (current) – Gaelin
@@ Line 1: / Line 1: @@
 ====== CyberConquest ======
-Cyber Conquest is a purple team competition! This means that each team can attack other teams while they are defending their environment using their offensive skills along side their defensive skills.
+Cyber Conquest is a purple-team cybersecurity competition (that is, it combines both offensive and defensive skillsets) into one king-of-the-hill contest. Teams are tasked with defending their own infrastructure while attacking other team’s infrastructure to gain points. Defensive points are gained by keeping your services up and keeping other teams off your systems, and offensive points are gained by planting your flag on opponent’s systems.
-Teams of around 4 people are be given 5-10 systems and work together to secure them from the other teams. Teams gain points for their scored services being functional and for gaining access to other teams' systems.
-===== Team Composition =====
+Successful teams will consist of both attackers and defenders. Teams must communicate and work together to as effective as possible. While good offense informs defense, good defense also informs offense.
-Teams will consist of at most six members. The specific composition of each team will be left up to the teams. A good team should have a mix of defenders and attackers.
+==== Defense (Blue) ====
-==== Defender Objectives ====
+Each team will be given console access to systems that they are responsible for. Similar to defensive competitions like CCDC, each of these systems will be running a set of services that must be maintained in order to gain defender points. Defenders are tasked with securing these systems while maintaining service uptime. A large part of securing these systems will consist of seeking out and destroying enemy persistence. All teams will start with nearly identical systems, so as a secondary objective, defenders should look for vulnerabilities in their systems which their attacker teammates can exploit on other teams.
-Each team will be given console access to six systems that they are responsible for. Similar to defensive competitions like CCDC, each of these six systems will be running a set of services that must be maintained in order to gain defender points. Defenders are tasked with securing these systems while maintaining service uptime. A large part of securing these systems will consist of seeking out and destroying enemy persistence. All teams will start with nearly identical systems, so as a secondary objective, defenders should look for vulnerabilities in their systems which their attacker teammates can exploit on other teams.
+==== Attack (Red) ====
-==== Attacker Objectives ====
+Each team will be given a token. To earn attacker points, the team must hit the scoring engine with that token (via curl, wget, etc). The goal is not to destroy systems but rather to stealthily gain access and plant persistence. Therefore, offensive and defensive points are only awarded if a system’s services are online and functioning.
-Each team will be given a set of binaries or flags to plant on an enemy’s systems. The objective is to gain access to enemy systems and plant your persistence flag. To earn attacker points, the team’s binary must be periodically run to check in with the scoring system. The goal is not to destroy systems but rather to stealthily gain access and plant persistence. Therefore, offensive and defensive points are only awarded if a system’s services are online and functioning.
+=== Persistence Points ===
-===== Scoring =====
-Services are scored every 2m+-30s
+Hit the scoring engine with an HTTP GET request at where here TOKEN is your team token that we've given to you, and that IP is the scoring engine. <code>http://10.30.0.100/persist/TOKEN</code> You must request that URL from the machine that you've hacked. The engine determines what machine you're on based on its IP address. For example, if your token was soup, you'd prove persistence like this:
-Persistence must have checked in at least once since the last service check to count
+<code>
+curl http://10.30.0.100/persist/soup
+</code>
-For each system:
+Or on Windows (powershell):
-  * Points are generated by each service on the system
+<code>
-  * Points are divided between all teams on a system (red and blue)
+Invoke-WebRequest -Uri http://10.30.0.100/persist/soup
-  * Point formula: T is the number of teams, S is the number of services alive and functioning on the system, R is the number of other teams on the system (persistence):
+</code>
-    * Each team (red and blue) on the system gets: (T*S)/(1+R) points
-    * Note: This assumes that each system has the same number of services on it
-  * Example:
-    * With 5 teams, for a system with 3 of 3 services up and 2 red teamers on it
-      * Blue team (owner) = (5*3)/(1+2) = 15/3 = 5 points
-      * Red team 1 = 5 points
-      * Red team 2 = 5 points
-==== Resets ====
+See the [[https://scoring.defsec.club|scoring engine]] for more competition-specific information.
-Teams may revert a system to its original state once every 10 minutes. Each system has its own separate cooldown. Teams may also power on, power off, or restart any system in their network including their router.
-----
+=== DakotaCon 10.1 Cyber Conquest ===
+    * [[https://blog.gael.in/cyberconquest|Infrastructure write up by Gaelin]]
-===== Cyber Conquest Rules =====
-==== Definition of Terms ====
-  * Competition Director – Individual leading the operation of the event
-  * White Team – Competition officials tasked with running the competition, including configuration of the environment
-  * Purple Team – Competitors tasked with defending systems against other teams, and with attempting to compromise the systems of other teams
-  * Team Captain – Team member of a Purple Team acting as the primary liaison between the Purple Team and the White Team
-==== Eligibility ====
-  * Eligibility, entry fees, and brackets will be defined on an event by event basis.
-==== Competition Conduct ====
-  * Questions will be directed to the White Team or competition organizers.
-  * Printed reference materials (books, magazines, checklists) are permitted in competition areas and teams may bring printed reference materials to the competition. Digital resources are also allowed.
-  * Throughout the competition, White Team members will occasionally need access to a team’s system(s) for scoring, troubleshooting, etc. Teams must immediately allow White Team members’ access when requested.
-  * Teams must not connect any devices or peripherals to the competition network unless specifically authorized to do so by White Team members.
-  * Teams may not modify the hardware configurations of competition systems. Teams must not open the case of any server, printer, PC, monitor, KVM, router, switch, firewall, or any other piece of equipment used during the competition.  All hardware related questions and issues should be referred to the White Team.
-  * During a competition period, teams may not remove any provided equipment from the competition area unless specifically authorized to do so by White Team members.
-  * Teams must compete without “outside assistance” from non-team members from the start of the competition to the end of the competition (including overnight hours for multi-day events). All private communications (calls, emails, chat, texting, directed emails, forum postings, conversations, requests for assistance, etc) with non-team members that would help the team gain an unfair advantage are not allowed and are grounds for disqualification and/or a penalty assigned to the appropriate team.
-  * “Destructive” attacks that may adversely affect hardware or competition infrastructure are prohibited. These types of attacks are not allowed and are grounds for disqualification and/or a penalty assigned to the appropriate team. Examples include but are not limited to: Denial of Service attacks, ARP Poisoning, DHCP exhaustion, hardware side-channel attacks, etc.
-  * Physical attacks/social engineering are strictly prohibited.
-  * Attempts to reverse-engineer, modify, or tamper with competition scoring and/or infrastructure is strictly prohibited. These actions are not allowed and are grounds for disqualification and/or a penalty assigned to the appropriate team.
-  * Teams must not modify the network configurations of provided systems.
-==== Internet Resources and Usage ====
-  * All activity on competition networks must be related to the competition.
-  * All network activity that takes place on the competition network may be logged and subject to release. Competition officials are not responsible for the security of any information, including login credentials, which competitors place on the competition network.
-  * While designing custom tools and scripts is allowed, only systems that are physically present at the event may be used to exploit and manage systems. Teams may not use external systems as part of their command and control mechanisms nor may they use external systems as staging points for their payloads. These and any similar activities must be done from systems that are physically present at the event.
-  * It is permissible to use external chat and email applications for sharing information between team members as long as these are not used on provided systems (exception for provided laptop to teams that did not bring their own).
-  * Paid tools are not allowed. Software that is freely available to all teams is allowed. Paid tools that allow for temporary use without a fee (such as a trial) are allowed.
-==== Professional Conduct ====
-  * All participants, including competitors, sponsors, and guests/viewers are expected to behave in a professional manner. Activities such as excessive swearing, sexual harassment, disrespectful or unruly behavior, consumption of illegal drugs, unauthorized consumption of alcoholic beverages, and others are considered to be a violation. This is not an exhaustive list as such other actions/behaviors deemed either improper or unprofessional, by staff, may be determined to be a violation.
-  * No physical or verbal altercations between competitors and/or competition staff/sponsors is allowed. Violation may result in immediate disqualification from competition pending decision by competition staff.
-  * Participants must also follow the conduct rules of the hosting event, such as the rules of the conference and/or physical venue.
-  * These rules apply to all Cyber Conquest events involving its activities and/or participants.
-  * Any and/or all violations may lead to a punishment as little as a warning, to disqualification from the current event, to an outright ban on participating in future events. Investigating possible violations and deciding punishment severity is the responsibility of solely the Cyber Conquest staff. All decisions are final.
-==== Disputes, and Disclosures ====
-  * All data collected throughout the course of the competition, including but not limited to system/network/application logs, are solely owned by Cyber Conquest. Participation in the competition is implied consent to this collection. Cyber Conquest is not responsible for the security of said information; including anything personal and/or private in nature that was willingly provided by the participant.
-  * Cyber Conquest is not responsible for data collected by other participants in the event.
-  * All data collected by the hosting conference, sponsors, viewers, and/or physical venue is not under the control of Cyber Conquest.
-  * Flash and or video photography may be taken of competitors by Cyber Conquest staff and/or its approved media, and consent is implied by participating in the event. Participants may request to not be photographed/videoed at any time.
-  * We are not responsible for other entities that may take photos/video of participants. If you’d prefer to not be, then please inform the person of this. Contact Cyber Conqest staff if others are not abiding by your privacy request and we will do our best to resolve it.
-  * Protests by any team must be presented in writing by the Team Captain to the White Team as soon as possible. The competition officials will be the final arbitrators for any protests or questions arising before, during, or after the competition. Rulings by the competition officials are final. All competition results are official and final as of the Closing Ceremony.
-  * In the event of a team disqualification, the entire team must leave the competition area immediately upon notice of disqualification and is ineligible for any individual or team award.
-//(Rules are subject to change at any time)//