RU Security Takes On MACCDC

blog-image

This weekend was filled with a ton of action, and we faced several obstacles along the way. As it was the first time, we had ever reached this stage of the competition, we were unsure of what to expect. The RU Security club traveled to Prince George Community college in Maryland to participate in the regional Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC). The room was filled with a mixture of excitement and fear. On the first night, we gathered as a team to discuss our strategy and the overall layout of the competition.

(Left) Team Captain Elizabeth Laub leads team strategy meeting.

(Left) Team Captain Elizabeth Laub leads team strategy meeting.

LAYOUT OF THE COMPETITION

Each team comprises 10 members, with two serving as alternates and one appointed as the team captain. As the blue team, each member is responsible for securing the machines and services assigned to them, which includes web servers, database servers, workstation endpoints, and more.

To succeed in our defense, we had to bring up these services whenever the red team (the adversaries) successfully took them down using forms of ransomware, deleting backups, stealing ssh keys, and other tactics. The simulation replicated real-world attacks at a speed that kept competitors on their toes, rushing to bring services back up and knocking the red team out of a session while understanding their infiltration methods and persistence strategies.

Following each incident, team members wrote an incident report documenting all evidence related to the attack. The accuracy of this documentation, including IP addresses and other relevant information, could lead to the arrest of a red team member and their disqualification from the competition for 45 minutes.

Red Team member getting arrested

Red Team member getting arrested

The team captain played a unique position as they simulated a team leader on a SOC team, giving team reports to executives and being the face who presented executives with information regarding incidents which have occurred. This simulates a team leader talking with possibly non-technical people, making the right choice. Someone calm, collected and good social skills. Our team captain Liz fit all those points!

The competition lasted 2 days, operating from 9 -5 the first day, and 9-4 the second, pushing our members to the absolute limit with an almost 16-hour competition time. Here’s some photos as our members battled through the day.

Left->Right (Matthew Bixby, Elizabeth Laub, Rajat Patel, Arnav Lakkavajjala, Adam Paulina) Reviewing a Red Team attack in Real Time

Left->Right (Matthew Bixby, Elizabeth Laub, Rajat Patel, Arnav Lakkavajjala, Adam Paulina) Reviewing a Red Team attack in Real Time

Heat of Battle

Heat of Battle

One of the factors for a successful team is the support system they have. Philip Okoh, Yousef Attia, and Michael Barzarsky were not competing, but they were willing to help the team. They brought the team food and water during their lunch break, ensuring that they operated at full capacity.

Five Guys is the best

Five Guys is the best

INTERVIEW WITH THE COMPETITORS

Elizabeth Laub – Team Captain

Elizabeth Laub – Team Captain

What was the most challenging aspect about the competition?

“The most challenging aspect was being pulled away from my team during the competition, between executive meetings, interviews and talking to other competition officials, it was difficult to keep in touch with what was going on with the machines.”

Did you feel prepared entering the competition? After the competition concluded, how did you feel about your chances of winning?

“On paper, we were armed with materials and manuals to refer to; however, we needed more active practice. This competition required us to know what we were doing without referring to resources, the internet, or paper. I expected 3rd place at best and 5th at worst. Other teams had more balance within the scoring system while we were dedicating most of our time to scoring highly in Injects, Executive, and Incident Reports. That left the other 50% of the points in jeopardy since we were struggling with the sheer volume of machines and needed a clear Orange Team strategy.”

What got you interested in cybersecurity? What aspect of cybersecurity are you most interested in to work in the future?

“I started pursuing cybersecurity in middle school because my parents put parental controls on my computer. I really disliked having a curfew since I was a child with a voracious appetite for information, and the internet was the new frontier for learning. I started researching and scrolling through posts, threads, and YouTube videos until I eventually found a terminal command that allowed me to promote my account to administrator and reset the password for the account that held the parent controls. I remember running to my parents’ room before dinner to show them what I did, and it was pretty surprising that they brushed it off. Since then, I continued to tinker with the Windows command line, leading me to choose computer science as a degree in hopes of learning more. In terms of where I’m interested in working, I gravitate toward Security Architect, where I would focus on designing the systems and security measures for an active defense team to monitor.”

Matthew Bixby

Matthew Bixby

What was the most challenging aspect of the competition?

“To me, the most challenging aspect of the competition is the sheer scale of the network. With over 30 machines and no diagram, it was very difficult to understand the layout of the network. Factoring in the stress and speed that everything needs to be done, I never completely understood the network topology. Attempting to secure it is much more difficult without a good understanding of the network topology.”

What got you interested in cybersecurity? What aspect of cybersecurity are you most interested in to work in the future?

“Red Teaming got me interested in Cybersecurity. I am interested in Red Team, but as I am new to Cybersecurity, this is subject to change.”

Adam Paulina

Adam Paulina

What aspects of cybersecurity did you study before that have nothing to do with the competition? How is that shaping your view on planning for the competition next year?

“Malware analysis and reverse engineering with Ghidra. These skills do not shape my view on planning for the competition at all, although I hope they might eventually be relevant, perhaps for an injection or some forensics or something.”

Did you feel prepared entering the competition? After the competition concluded, how did you feel about your chances of winning?

“I felt somewhat prepared before the competition. I thought that we hadn’t quite practiced enough, but I also felt that we’d done a lot of research and that there was a chance we could pull it off again. After it ended, I thought we had little chance of winning due to missing on Orange Team and Services, but I thought we had a good chance at somewhere between 6th and 3rd. I ended up being correct in my prediction.”

Emrah Yilgen

Emrah Yilgen

What was the most challenging aspect about the competition?

“Understanding the entire system, figuring out what each service used as far as network ports and protocols and the purpose of the services and their possible misconfigurations and vulnerabilities.”

After the competition concluded, how did you feel about your chances of winning?

“I felt that we had done well even though it was out first time at competing at this level but I was aware of the fact that we competed against teams that had much more experience and knowledge than us since they had competed at this event many more times before.”

What skills did you learn while competing?

“I learnt mostly about working in a team environment with the same goal of securing a system. Also, learnt a ton of new stuff related to computers, systems, security from my teammates, form the red team and other people who were involved. I now also have the experience of being a part of a blue team and fight against a very skillful hackers in a live setting.”

What got you interested in cybersecurity?

“I am changing my career from music to technology. When I fist started studying computer science at Rutgers, I did not know what I want to do in the field but carefully thinking through my options in the tech field, I felt security will suit me the best since I think it serves a higher purpose to help protect people online which I think it is an instinct remained from serving in the military. I also got hacked many years ago, so I want to help others to not to go through the same bad experience.”

What aspect of cybersecurity are you most interested in to work in the future?

“I am more interested in building secure systems and maintaining the security of these systems. I would like to have a career which involves both the software development principals that I learnt at school and security principles which I am studying on my own.”

Rajat Patel

Rajat Patel

What was the most challenging aspect about the competition?

“The most challenging aspect was definitely managing all of the different stuff going on; we had only 8 people spread across around 40 machines, and a bunch of other tasks like injects and incident reports that needed to be written up.”

What steps are necessary to improve the team in the future?

“We need to practice more, and we certainly plan to start practicing earlier next year.”

Did you feel prepared entering the competition? After the competition concluded, how did you feel about your chances of winning?

“I felt like we were somewhat prepared; we definitely could have done a lot more but I think we prepared about as much as we could in the time between qualifiers and regional finals.”

How does it feel being the first team out of jersey to compete in this competition?

“It definitely feels like something to be proud of; it goes to show we’ve come a long way in only 3 years.”

What skills did you learn while competing? Was there anything during the club meetings that you learned that you utilized during the competition?

“I think we learned most of all how to handle the stress/workload of having so much to do in such a short span of time. We definitely made use of a lot of the technical knowledge we gained during meetings; for me, working with Proxmox to set up our competition network ended up being very valuable since we had a Proxmox server in the competition as well.”

Where does the team go from here? What will change in training schedules, team philosophy, etc.?

“We are going to keep having weekly practice meetings until next year’s CCDC, and we are also looking at doing more similar competitions for extra practice.”

Rahulraj Rajesh

Rahulraj Rajesh

What aspects of cybersecurity did you study before that have nothing to do with the competition? How is that shaping your view on planning for the competition next year?

“I learned various Linux packages and commands that were later deemed unnecessary during the competition, as well as learning valuable tools that I never had the time to configure. After reflecting on the research I did for this competition, I realized that my fundamentals of network security were very minimal, something I plan to improve for next year.”

What skills did you learn while competing? Was there anything during the club meetings that you learned that you utilized during the competition?

“I learned various network configurations and methods of intrusion into our systems thanks to my teammates during the competition and club meetings.”

What was the most challenging aspect about the competition?

“The most challenging aspect for me was the fact that most problems that I had with the servers I was assigned to secure were very new to me. I found it challenging to figure out what issues I was facing during the competition.”

Where does the team go from here? What will change in training schedules, team philosophy, etc.?

“The team will have more learning to do over the summer and into the fall season in order to prepare for the next Qualifying round. In addition, we will need to practice much more in virtual environments in order to become well-versed in web servers.”

Arnav Lakkavajjala

Arnav Lakkavajjala

What was the most challenging aspect about the competition?

“I feel like just the sheer scope of machines that we had to deal with, along with the number of services and existing misconfigurations that we just inherited before the competition even started, were a pretty large part of the challenge during the competition. Another thing was also figuring out how all of the ‘pieces’ fit together i.e. what services/machines were related to each other. For example, it took us a while to realize that the machine hosting the webpage for the inventory website was sending calls to the SQL databases on another machine to populate the list of inventory that the user should have been able to purchase. Understanding that would have been a big help in getting services back up, but part of the competition is dealing with unknown variables and figuring them out on the fly. Honestly, sometimes it felt more like we were working against our own misconfigurations more than Red Team haha.”

Did you feel prepared entering the competition? After the competition concluded, how did you feel about your chances of winning? “I personally felt slightly underprepared but that was mostly because I didn’t know what to expect from this round of the competition. I was still pretty confident in my basic abilities and the metric tons of documentation we printed out probably helped that confidence as well lol. For next year though, we probably should delegate research a little better rather than relying on brute forcing documentation during the competition. After it was over, I expected that we performed around the middle of the pack, since I did feel as though we were a little disorganized and were lacking in certain aspects, specifically service uptime.”

What skills did you learn while competing? Was there anything during the club meetings that you learned that you utilized during the competition?

“I learned that checking logs and filing IRs are probably some of the most important aspects of blue teaming. Along with this, since I was specifically on the Linux team, I feel like a lot of the Linux administration skills I picked up just from doing school projects/cybersecurity with the club came in handy.”

What got you interested in cybersecurity? What aspect of cybersecurity are you most interested in to work in the future?

“This club played a huge role in my interest in cybersecurity. I joined mainly because I watched Mr. Robot and wanted to learn more lol, but being in this club, ranging from when it was literally 4 people in a Discord call to today, as well as interacting with other people who are equally passionate about this as I am has given me a deep appreciation for the field and has shown me just how multi-faceted it is. I would be really interested to work on cloud security, especially if it is on the offensive side since that is what I feel the most intense parts of cybersecurity are (that and Mr. Robot obv lmao).”

Harris Ransom

Harris Ransom

What was the most challenging aspect about the competition?

“For me personally, the most challenging aspect of the competition was the amount of servers and services we had to manage. There was a wide variety of Linux, Windows, Cisco, and Unix servers that were all running multiple services (ex. DNS, SQL, HTTP). It was very challenging to keep tabs on every server.”

What aspects of cybersecurity did you study before that have nothing to do with the competition? How is that shaping your view on planning for the competition next year?

“I’ve always been interested in cybersecurity, particularly network security and embedded systems security. I’m currently studying networking and doing research in systems security, and I look forward to seeing what exciting technologies I get to work with in the future. Being a team member competing in CCDC, I’ve gained an appreciation for how intricate and complex our modern digital systems have become and the effort it takes to secure them.”

What got you interested in cybersecurity? What aspect of cybersecurity are you most interested in to work in the future?

“I’ve always been interested in cybersecurity, particularly network security and embedded systems security. I’m currently studying networking and doing research in systems security, and I look forward to seeing what exciting technologies I get to work with in the future. Being a team member competing in CCDC, I’ve gained an appreciation for how intricate and complex our modern digital systems have become and the effort it takes to secure them.”

POST COMPETITION ACTIVITIES

The weekend was filled with fun movements as well. From driving to several restaurants to find a place to eat, to watching movies together as a team, or visiting the University of Maryland, there was never a dull moment on the trip.

Arnav attempting phone hacking

Arnav attempting phone hacking

Post Competition Team Photo

Post Competition Team Photo

President Cyrus with club Advisor Lars Sorensen

President Cyrus with club Advisor Lars Sorensen

TGIF Dinner (2nd time that weekend)

TGIF Dinner (2nd time that weekend)

Visiting UMD

Visiting UMD

The Sunday after the competition members of the team took a quick trip down to DC to check out the monuments, viewing the Washington, Lincoln, Korean War, and Vietnam War memorials. Getting great food and viewing national treasures are always great with friends!

WHAT’S NEXT?

Over the past four years, I have seen this club reach new heights and I am confident that the next four will be just as remarkable. Moving forward, our focus is on enhancing our competition planning and strategy. To achieve this, we are dedicating ourselves to building our very own RU Security server. This server will allow us to simulate real-world attacks and defend against them, giving us a competitive edge. We are grateful to the organizations that generously donated to our team, enabling us to participate in the competition. We extend our appreciation to the Computer Science Department, the Department of Electrical and Computer Engineering (ECE), the Physical Sciences Offices, the School of Engineering (SOE) department, and SAS. Their support was instrumental in our success, and we are honored to have received their encouragement and confidence. Thank you for believing in us and helping us achieve our goals.