The Department of Energy (DOE) develops unique cyber-focused scenarios to engage collegiate teams in securing operational technology. The CyberForce Competition provides hands-on opportunities, awareness of critical infrastructure administration, and an understanding of cybersecurity application within a real world scenario.
Our team was provided 7 machines in AWS. The machines varied between Windows, Linux, CentOS and OpenSuse. 4 of the machines required hardening while 3 of the machines were assumed breach machines required to be left untouched. Points were scored in 5 categories. Red points were awarded for identifying and responding to red team attack chains on the assumed breach machines, and results of external automated pentesting on the traditional machines. Blue points were awared for the successful defense, maintenance and operability of the 7 services throughout the competition. Green points were awarded for green team members survey scores of our systems according to a rubric. Orange points were awarded for a C-Suite panel brief video and security documentation. Anomaly points were awarded for performing, solving, and completing a variety of tasks ranging from business injects to CTF challenges.
This was my first team-oriented blue teaming competition. I learned how to ask good questions, understand and appreciate team member contributions, communicate my ideas effectively, coordinate as a team, problem-solve as a team, and collaborate on multiple tasks in a prioritized order. I was initially placed as the Database Administrator. This role included creating backups of the MySQL database; configuring firewall rules that enabled cooperation between the database and our other services but defended against external threats; removing users that shouldn't exist and removing privileges of users that did not require elevated privileges; and various anomaly challenges required extensive queries and navigating the database to discover hidden flags. Later in the competition, I began helping with the Windows web server. After many unsuccessful attempts at configuring our server in a PhP environment, we decided to shift over to HTML, CSS, and JavaScript. We developed our landing page, a login system, admin page, and user pages according to the green rubric. After resolving the issues with the web server, I solved more anomalies. These included digital forensics such as recovering corrupted PNG files; nexing attack vector documentation with OSINT to determine the location of the next attacks; and hash cracking using HashCat and John the Ripper. At the end of the competition, we were instructed to harden our assume breach machines to defend against the final attack. I configured the firewall on the Linux machine using iptables.
Database Administration
Firewall Configuration
Network Infrastructure
Web Development
Windows Administration
Linux Administration
CentOS Administration
OpenSuse Administration
Security Hardening
MySQL
Iptables
HTML
CSS
JavaScript
Digital Forensics
OSINT
Hash Cracking
HashCat
John the Ripper
Communication
Coordination
Cooperation
Problem-Solving