Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

Just got back from this “Red Team” volunteer event. Man, it was so fun! There were nine student teams from all over the northwest, and I’d guess that each team had around 10 people. Today’s red/attack team was another 10 or so people. Add in the support staff, and you can tell it was a pretty big event.

The rules are described at the link below, but in summary, each of the nine defense teams was responsible for maintaining a set of network resources including a router, switches, and a mix of Windows and Linux boxes. Most were pretty well patched by today, but the red team still found plenty of fun!

Indeed, it’s kind of scary how fun it is. I found a few good ones: default “enable” (admin account, basically) passwords on a Cisco router and a switch (two separate teams). And a default MySQL password on a third team. Other red team members found cross-site scripting vulnerabilities, a cracked SAM database or two, and a few other compromised routers
and switches.

We managed to show moderate restraint in terms of exploitation, except that we kept the compromised router and switches until the end, then reset them to the factory settings with 10 minutes left in the competition. Ok, maybe that was kind of mean …

Permalink |

7 Comments »

  1. Didn’t get us!

    Go vandals!

    Comment by Kris — April 28, 2008 @ 10:30 pm

  2. As a student team member I can say it would have been nice for the red team to have taken any notes, and given them to the teams. We lost points for getting hacked by the read team, but we still don’t know what you did to us. What does this mean? It means we did not learn anything from it. Anyhow, just a thought.

    Comment by team member — April 29, 2008 @ 11:08 am

  3. “team member” - there should have been a feedback form submitted by the red team following every successful hack - I take it you didn’t receive those? If you contact me directly (info is elsewhere on this site), I’ll either answer your questions or find someone who can.

    Comment by dan — April 29, 2008 @ 11:15 am

  4. As the captain of a team, I thought the event was very challenging and lots of fun. It was nice to learn what areas were weak in our team and put our strong skill to the test.

    Comment by Whatcom Bryan — April 29, 2008 @ 12:38 pm

  5. I know it was the first anual event, and I think it was a great event. I also agree with both of the previous posters. It was fun and challlenging. I also agree with the lack of feedback. Our team (team 2) did not get any feedback forms from the red team. At the end of the event, because we had different judges both days, the feedback from them was a little lacking as well. One of the judges acctualy had no team specific feedback at all. I do understand that more information is still supposed to be coming to the teams though, as information is colected. And I do still think that no matter what flaws there were this was still a great event. Just wanted to give a little feedback, as you don’t know what we are thinking if we don’t tell you.

    Comment by Ray — April 29, 2008 @ 5:29 pm

  6. I am quite disappointed with the red team skills, I was hoping to see more “quality” attacks rather than a bunch of sql inj,xss, spamming etc.

    Comment by noname — May 1, 2008 @ 11:38 am

  7. This was by far the most entertaining competition I have ever been a part of. A great learning experience and so much fun.

    Comment by Casey — May 1, 2008 @ 2:41 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment