Getting Started

Welcome to the Cyber Defense Competition!

These documents will help you get your servers up and running, as well as explain some of the peculiarities of the ISEAGE environment.

Other Documents

  • Competition Rules - The general rules for the CDC
  • Scenario - Explains the servers you are required to have, and what they are required to do
  • Competition Scoring Guide - The points breakdown of the CDC
  • Remote Setup Guide - How to access and configure your servers leading up to the Attack Phase
  • Setting Up a Server - The initial steps needed to get a scenario VM alive and some advice for where to go from there.

Glossary

CDC
Cyber Defense Competition
VM
Virtual Machine, either provided by the scenario or created by your team
vCenter
How you can access and manipulate VMs
IScorE
The CDC Scoring System
Management Network
A network safe from red team attacks that you can use to manage your VMs. To access the Internet the management network you must use the proxy.
www.teamN.isucdc.com
Example server address used throughout documentation. Replace N with your team number. The www part depends on the specific server and is specified in the scenario.
Red Team
The bad guys. They can attack your VMs and can use social engineering to try to steal information from Green Team. They cannot attack Green Team, White Team, or you
White Team
The ISEAGE Staff running the competition. They are here to help you and make sure the competition goes well. Try to help them back.
Green Team
Your legitimate users. The purpose of the CDC is to protect your servers from Red without hindering Green.
Blue Team
You!
Anomalies
Bonus challenges on top of the scenario for points. May or may not be directly related to the security of your boxes.
Remote Setup
The first month of the CDC. You have this phase to look at, understand, and fix things with your servers.
Local Setup
On-site Setup
All Blue Teams are gathered in the competition venue for “panic mode” the night leading up to the Attack Phase. Good for final tweaks and testing.
Attack Phase
When Red Team is attacking the Blue Teams
Doug
The guy who makes pancakes.

IScorE

IScorE, along with vCenter, forms the heart of the Cyber Defense Competition. IScorE scans servers to award points for uptime, manages flags and documentation, and gives out your team-specific passwords for scenario accounts.

Service Scanner

A portion of points go to “Service Uptime” as determined by the IScorE service scanner.

Flags

Download your Blue flags from IScorE, then place them on servers in accordance with the scenario. Red Team will try to steal these flags and submit them to IScorE, costing you points. Red Team will also download Red flags and try to plant these on your server.

Documentation, Intrusion Reports, and Earnbacks

Submit all three of these through IScorE when appropriate.

Team-Specific Information

Several of the scenario accounts, usually those with administrative power, will have passwords specific to your team. This information is available in IScorE. Green Team also has access to the team-specific information.

DNS Records

You must set the domain name (www.teamN.isucdc.com) to IP address mapping of your servers in IScorE before the scanner and Green Team will find your services.

Anomalies

Throughout the day, Anomalies will become available. These are additional tasks, puzzles, and challenges that you can complete for points.

Usability Reports

When Green Team tests your usability, the report will show up in IScorE. You can use this feedback to see what Green Team encountered issues with. If Green Team deducts usability points for a task, it means they couldn’t complete it either because the necessary service was down or locked out, or your documentation was too vague for them to figure out what to do.

Note

As you can tell, IScorE contains a lot of very sensitive information. IScorE is well-secured and out of scope of the Red Team, so they are not allowed to attack it directly. However, should Red Team obtain your IScorE password, they can and will put it to good use. Protect your IScorE credentials at all costs!

What You Are Given

At the beginning of each CDC, all of the teams are given an identical set of competition VMs. All of these machines are a basic template: they don’t know which team you are on, they don’t know what IP address they should have, and they don’t know anything about the competition network. The purpose of each machine is outlined in the Scenario document, as well as any default credentials you will need to finish the setup for each VM.

In addition to the scenario VMs, you have access to two separate network types: The Competition Network and 10 Team Internal networks. You are free to request additional internal networks, but 10 are more than sufficient for a functional and secure setup.

CDC Networks

Competition vs. Internal

The Competition Network is the “Real Internet” of the Cyber Defense Competition. The Team Internal network is completely yours; you can use it for whatever you want. IScorE doesn’t know about your internal network, and nobody can get to it from the Competition Network unless you set it up so they can. Using the internal network is completely optional, and many teams simply connect their servers directly to the Competition Network.

Isolation

The Competition Network is isolated from the “Real Internet”, and this leads to quite a few gotchas that can be confusing. No traffic can go directly from the competition network to the real Internet, or vice versa. However, several ISEAGE systems are connected to both the competition network and the real Internet and know about servers on both sides. The three that you will need to know about are the Proxy, VPN, and the RDP Hop. Directions for connecting to the VPN and RDP hop can be found in the Remote Setup Guide document.

The Proxy allows machines on the competition network, including your servers (and eventually Red, Green, and Blue Team’s personal machines during the attack phase), to load Web pages and download files from the Real Internet. Read the Setting Up a Server guide for more details on the Proxy.

The VPN is an easy way to get direct access to your systems as if you were on-site. The VPN places your computer on the “Management” network and allows you to remotely configure your systems without using vCenter.

The RDP hop is also aware of both sides. Once you have RDP’d into the RDP hop from the real Internet, you can make direct connections to your servers using any service you want. This includes HTTP(S), SSH, FTP, RDP, etc. This is the easiest way to test your servers, since the RDP hop sees them the same way as the service scanner, Green Team, and Red Team.

Once you are on-site for local setup, you will be able to put your laptop directly on the competition network, which is called the Management Network. At this point, you won’t need to rely on RDP or vCenter since you can directly connect to competition VMs. However, you will need to configure the proxy on your laptop’s web browser (Firefox is the easiest).

Attention

Ping will NEVER EVER work from the competition network to the Real Internet, so don’t even try. You will NOT be able to ping google.com, 8.8.8.8, or any other real-world site, EVER. Instead, try pinging the proxy at 199.100.16.100.