User Tools
cyberconquest
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| cyberconquest [2021/11/11 00:32] – Gaelin | cyberconquest [2023/08/23 04:44] (current) – Gaelin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== CyberConquest ====== | ====== CyberConquest ====== | ||
| - | Cyber Conquest is a purple team competition! This means that each team can attack other teams while they are defending their environment using their offensive | + | Cyber Conquest is a purple-team cybersecurity |
| - | Teams of around 4 people are be given 5-10 systems and work together to secure them from the other teams. Teams gain points | + | |
| - | ===== Team Composition ===== | + | Successful teams will consist of both attackers and defenders. Teams must communicate and work together to as effective as possible. While good offense informs defense, good defense also informs offense. |
| - | Teams will consist of at most six members. The specific composition of each team will be left up to the teams. A good team should have a mix of defenders and attackers. | + | ==== Defense (Blue) ==== |
| - | ==== Defender Objectives ==== | + | Each team will be given console access to systems that they are responsible for. Similar to defensive competitions like CCDC, each of these systems will be running a set of services that must be maintained in order to gain defender points. Defenders are tasked with securing these systems while maintaining service uptime. A large part of securing these systems will consist of seeking out and destroying enemy persistence. All teams will start with nearly identical systems, so as a secondary objective, defenders should look for vulnerabilities in their systems which their attacker teammates can exploit on other teams. |
| - | Each team will be given console access to six systems that they are responsible for. Similar to defensive competitions like CCDC, each of these six systems will be running a set of services that must be maintained in order to gain defender points. Defenders are tasked with securing these systems while maintaining service uptime. A large part of securing these systems will consist of seeking out and destroying enemy persistence. All teams will start with nearly identical systems, so as a secondary objective, defenders should look for vulnerabilities in their systems which their attacker teammates can exploit on other teams. | + | ==== Attack (Red) ==== |
| - | ==== Attacker Objectives ==== | + | Each team will be given a token. To earn attacker points, the team must hit the scoring engine with that token (via curl, wget, etc). The goal is not to destroy systems but rather to stealthily gain access and plant persistence. Therefore, offensive and defensive points are only awarded if a system’s services are online and functioning. |
| - | Each team will be given a set of binaries or flags to plant on an enemy’s systems. The objective is to gain access to enemy systems and plant your persistence flag. To earn attacker points, the team’s binary must be periodically run to check in with the scoring system. The goal is not to destroy systems but rather to stealthily gain access and plant persistence. Therefore, offensive and defensive points are only awarded if a system’s services are online and functioning. | + | === Persistence Points |
| - | ===== Scoring ===== | + | |
| - | Services are scored every 2m+-30s | + | Hit the scoring engine with an HTTP GET request at where here TOKEN is your team token that we've given to you, and that IP is the scoring engine. < |
| - | Persistence must have checked in at least once since the last service check to count | + | < |
| + | curl http:// | ||
| + | </ | ||
| - | For each system: | + | Or on Windows |
| - | * Points are generated by each service on the system | + | < |
| - | * Points are divided between all teams on a system | + | Invoke-WebRequest -Uri http://10.30.0.100/ |
| - | * Point formula: T is the number of teams, S is the number of services alive and functioning on the system, R is the number of other teams on the system (persistence): | + | </ |
| - | * Each team (red and blue) on the system gets: (T*S)/(1+R) points | + | |
| - | * Note: This assumes that each system has the same number of services on it | + | |
| - | * Example: | + | |
| - | * With 5 teams, for a system with 3 of 3 services up and 2 red teamers on it | + | |
| - | * Blue team (owner) = (5*3)/(1+2) = 15/3 = 5 points | + | |
| - | * Red team 1 = 5 points | + | |
| - | * Red team 2 = 5 points | + | |
| - | ==== Resets ==== | + | See the [[https:// |
| - | Teams may revert a system to its original state once every 10 minutes. Each system has its own separate cooldown. Teams may also power on, power off, or restart any system in their network including their router. | ||
| - | ---- | + | === DakotaCon 10.1 Cyber Conquest === |
| - | + | * [[https://blog.gael.in/cyberconquest|Infrastructure write up by Gaelin]] | |
| - | ===== Cyber Conquest | + | |
| - | ==== Definition of Terms ==== | + | |
| - | | + | |
| - | * White Team – Competition officials tasked with running the competition, | + | |
| - | * Purple Team – Competitors tasked with defending systems against other teams, and with attempting to compromise the systems of other teams | + | |
| - | * Team Captain – Team member of a Purple Team acting as the primary liaison between the Purple Team and the White Team | + | |
| - | + | ||
| - | ==== Eligibility ==== | + | |
| - | * Eligibility, | + | |
| - | + | ||
| - | ==== Competition Conduct ==== | + | |
| - | + | ||
| - | * Questions will be directed to the White Team or competition organizers. | + | |
| - | * Printed reference materials (books, magazines, checklists) are permitted in competition areas and teams may bring printed reference materials to the competition. Digital resources are also allowed. | + | |
| - | * Throughout the competition, | + | |
| - | * Teams must not connect any devices or peripherals to the competition network unless specifically authorized to do so by White Team members. | + | |
| - | * Teams may not modify the hardware configurations of competition systems. Teams must not open the case of any server, printer, PC, monitor, KVM, router, switch, firewall, or any other piece of equipment used during the competition. | + | |
| - | * During a competition period, teams may not remove any provided equipment from the competition area unless specifically authorized to do so by White Team members. | + | |
| - | * Teams must compete without “outside assistance” from non-team members from the start of the competition to the end of the competition (including overnight hours for multi-day events). All private communications (calls, emails, chat, texting, directed emails, forum postings, conversations, | + | |
| - | * “Destructive” attacks that may adversely affect hardware or competition infrastructure are prohibited. These types of attacks are not allowed and are grounds for disqualification and/or a penalty assigned to the appropriate team. Examples include but are not limited to: Denial of Service attacks, ARP Poisoning, DHCP exhaustion, hardware side-channel attacks, etc. | + | |
| - | * Physical attacks/social engineering are strictly prohibited. | + | |
| - | * Attempts to reverse-engineer, | + | |
| - | * Teams must not modify the network configurations of provided systems. | + | |
| - | + | ||
| - | ==== Internet Resources and Usage ==== | + | |
| - | + | ||
| - | * All activity on competition networks must be related to the competition. | + | |
| - | * All network activity that takes place on the competition network may be logged and subject to release. Competition officials are not responsible for the security of any information, | + | |
| - | * While designing custom tools and scripts is allowed, only systems that are physically present at the event may be used to exploit and manage systems. Teams may not use external systems as part of their command and control mechanisms nor may they use external systems as staging points for their payloads. These and any similar activities must be done from systems that are physically present at the event. | + | |
| - | * It is permissible to use external chat and email applications for sharing information between team members as long as these are not used on provided systems (exception for provided laptop to teams that did not bring their own). | + | |
| - | * Paid tools are not allowed. Software that is freely available to all teams is allowed. Paid tools that allow for temporary use without a fee (such as a trial) are allowed. | + | |
| - | + | ||
| - | ==== Professional Conduct ==== | + | |
| - | + | ||
| - | * All participants, | + | |
| - | * No physical or verbal altercations between competitors and/or competition staff/ | + | |
| - | * Participants must also follow the conduct rules of the hosting event, such as the rules of the conference and/or physical venue. | + | |
| - | * These rules apply to all Cyber Conquest events involving its activities and/or participants. | + | |
| - | * Any and/or all violations may lead to a punishment as little as a warning, to disqualification from the current event, to an outright ban on participating in future events. Investigating possible violations and deciding punishment severity is the responsibility of solely the Cyber Conquest staff. All decisions are final. | + | |
| - | + | ||
| - | ==== Disputes, and Disclosures ==== | + | |
| - | * All data collected throughout the course of the competition, | + | |
| - | * Cyber Conquest is not responsible for data collected by other participants in the event. | + | |
| - | * All data collected by the hosting conference, sponsors, viewers, and/or physical venue is not under the control of Cyber Conquest. | + | |
| - | * Flash and or video photography may be taken of competitors by Cyber Conquest staff and/or its approved media, and consent is implied by participating in the event. Participants may request to not be photographed/ | + | |
| - | * We are not responsible for other entities that may take photos/ | + | |
| - | * Protests by any team must be presented in writing by the Team Captain to the White Team as soon as possible. The competition officials will be the final arbitrators for any protests or questions arising before, during, or after the competition. Rulings by the competition officials are final. All competition results are official and final as of the Closing Ceremony. | + | |
| - | * In the event of a team disqualification, | + | |
| - | + | ||
| - | //(Rules are subject to change at any time)// | + | |
cyberconquest.1636590725.txt.gz · Last modified: 2021/11/11 00:32 by Gaelin
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
