10th at Cyberforce Competition

Myself and other CCDC members competed in Cyberforce and ranked 10th out of 100+ teams!

For the competition, we were the technical team at a distributed energy resource management company, DER8.9. We were responsible for the integration, maintenance, and security for all internal system infrastructure and remote client management software, including a fully integrated ICS.

Before the official start of the competition, we were given access to the infrastructure we would need to defend. I created the below network diagram, and we searched for vulnerabilities. There were ample misconfigurations and vectors for attack like backdoors, corrupted files, suspicious users, privilege escalation via superuser binaries, and much more. We wrote appropriate security documentation, and also recorded a security analysis briefing to present to DER8.9 ’executives'.

On competition day in Chicago, things went differently than I had expected. I thought it would be a similar active attack-defend competition like CCDC, but it was instead mostly an assigned red-teamer asking us to investigate and report how they had compromised a certain machine. The majority of my time was spent solving anomalies, which were like CTF challenges.

Despite this, I had a great time with the team and still learned a lot.