Archive for March, 2014
As you may know, I’ve been involved with red teaming all levels of the CCDC, but I’ve also taken part in a number of CTF competitions. CCDC is one of a number of defense competitions growing in popularity, including the high-school level Cyber Patriot and military academy CDX. These stand in contrast to the longer-running Capture-The-Flag competitions commonly found at hacker conferences and elsewhere, which tend to focus on finding exploits for pieces of software. Defensive exercises have come under harsh criticism in the past few years, so are they really doing any good?
One of the most outspoken critics of CCDC has been Chris Eagle. He compares his significant experiences in the Defcon CTF, which his team has won twice, and defensive competitions, primarily with CDX….
Chris Eagle (surprisingly honestly) said “I have pigeonholed myself into the binary software analysis arena.” He continued to explain how NPS has developed many tools that make them really good at the Defcon CTF but aren’t applicable to the real world, since they’re tailored to alert on Defcon flags and those specific types of binaries, and would be unlikely to alert on real attacks. As he said, “It’s really kinda focused on the game” and “We’ve gamed the game a lot” since “We’d seen the same kind of game three times.”
We have also seen a number of students at CCDC develop their own scripts and tools to use at CCDC. The difference I see is that so far, all the custom tools I have seen students employ could be used on real networks as well to harden systems or detect & disable real malware. This is another indication that CCDC, as opposed the Defcon CTF finals, is not teaching students how to “game the game” it’s teaching them how to defend a real network.
March is Pass-the-Hash Awareness Month! It’s not as simple as you might think, but to break it down, I did a guest post on the passing-the-hash blog: http://passing-the-hash.blogspot.com/2014/03/guest-post-lets-talk-about-pass-hash-by.html