Oh My Damn once this competition was over with. It lasted an 8 grueling hours. There were 6 of us on the team. There were 3 Windows 2003 Servers, 2 linux boxes, and 2 clients. We had to keep up a DNS server, exchange server, FTP server, Secure POP, POP, SMTP, web server, and SNMP. We were the blue team. We were defending our services from the red team which was the hacking team. We had 15 minutes, yes you read that right 15 MINUTES to get our systems ready to be hacked. It just is not feasible lol
15 minutes FLEW by. I really don’t think we even got 15 minutes you ask any of us. We SORT of had directions regarding the machines as we were the team hired to fix the machines after they fired the entire last IT team. We had the passwords for the windows boxes and I quickly got the clients firewalled, antivirused, and malwared up. My choice for firewall was Vipre but I couldn’t get the damn thing to let me bypass the registration. Come to find out if I had used my school email right off the get go I’d have had it but the clients were negligible as they didn’t really count towards the scoring engine.
We had Comodo on a couple servers but the hackers were getting through. We had to find a way to get Vipre and one of the other team mates figured it out so we started loading it on all the machines. In the meantime, the linux people were freaking out because there were no passwords for those machines in the directions. 20 minutes later someone rolled by and said check under the printer. We were like WTF? Sure as shit there was a password list there and they went to town and quickly discovered how messed up their machines were lol All the machines were essentially messed up. That was the point. We had to fix them to get them to run properly without being hacked. I had to repair one of the servers and the linux guys just reinstalled with a different version of linux because they couldn’t even get the packages to uninstall due to the corruption.
It was fun watching the red team trying to come through on the windows machines as we had Vipre running and found their subnet and blocked it. We were like, okay that’s done now to set up all the services which we did and we’re looking at the board which had green for up and red for down. Everything was red. We were like WTF? Nothing we did changed that. After all was said and done we found out that when we blocked the hackers entire subnet we also blocked the scoring engine which happened to be on the same subnet. We weren’t told that in the meeting we had. We were pissed needless to say. Did I also mention we only had 1 month to prepare because we got invited that late into the planning?
At the very end everybody gave their little synopsis of how you did and what went right or wrong. We immediately brought up the fact that all the computers we used were laptops but there were no effin mice!
The red teams presentation was entertaining to say the least. There were webcams on the laptops. We used our badges to cover the cameras. We weren’t sure if they were getting access to that or not but we didn’t want them to see us. We also didn’t want them to hear us and uninstalled the audio drivers. That kept popping up on the server I was working to install and I kept hitting cancel so I knew they had access at one point to my machine (this was before Vipre).
Anyway, the red team had snapshots of other team members from the webcam. Screen shots of some of their laptop screens on what they were working on as well as other screens shots after they loaded a text file onto their machine, and not to mention them changing some of the machines wallpapers lol. NONE of that happened on our machines. We did see they tried to inflict some viruses and trojans at one point and Vipre shot that all to hell. We laughed. We also put up our own notepad which said “HIPS ….. suck don’t they” just in case they could get a snap shot of our screen.
Overall, it was fun and a very good learning experience, not to mention a great thing to place on your resume. We are invited back next year and I’ll be damned if I don’t register for at least once class next spring just so I can go back into it and get all the green lights for our team. The only draw back was that we could not try to hack the red team since we knew what their IP address was lol. I’m not sure if any of the other teams figured it out but we did.