Another one down

Every year I start writing a debrief for WRCCDC, and every year something comes up and I never seem to finish. This year is going to be a bit different, so bear with me as we travel down the rabbit hole.

Getting Started

Before I get to far in, some house cleaning: Huge thanks to the whole WRCCDC staff. Dr. Dan and his team once again did a phenomenal job in putting on this shindig...

What is WRCCDC

The Western Regional Cyber Defense Competition is a 2 day Cyber Defense challenge putting collegiate Blue Teams in the role of business trying to survive while being attacked by a Red Team compromised of various industry professionals. Throughout the event, students are asked to perform various business tasks, all the while fending off the attacking Red Team. Each year follows a specific scenario, and a unique network topology; introducing the teams to the real life rigor of jobs in the information security space.

Who is the Red Team

Quite frankly, a group of 20 or so professional information security practitioners who all are not only seasoned but each provide a unique talent to the group. I've had the luxury of being on this team in one form or another for the last 5 years.

The Game This Year

This year had a scenario centered around a Managed Service Provider supporting multiple cloud based customers. Unlike in years passed, this year featured a topology that actually changed mid game. As the MSP onboarded new clients, the game landscape changed - new vectors were introduced, as well as different technologies. This departure was well received by the Red Team, as it kept the game relevant -- even at hour 30. Previous years saw stronger teams rush to lock everything down in the first hours, only to coast through the rest of the game as the Red Team was focused on the weaker teams.

The Good, the Bad, an the fugly

Huge fucking thanks to Joe Luna an co for their logistical work in organizing the red team. Managing a team of 20 or so professional bad guys can be a bit of a chore. Alex Levinson deserves a shout out as well for all his work on our internal tooling, comms, and the constant evolution of our own back end infrastructure.

Onboarding

I came in during the afternoon on Day 1 (work stuff) and was pleasantly surprised...We actually had switches. Previous years past have left the Red Team to fend for themselves when it comes to Layers 1 and 2.