As many of you have heard, Iowa State is moving to online only from March 27th to April 3rd. During this time, the university is disallowing large, in-person events. This, of course, causes some problems for the CDC. We believe that the CDC is a valuable learning experience, and just plain fun, and so we have decided to move to an online CDC format for this event.
We are still working on exactly how this will look, and will be updating this page over the next few weeks with the relevant information. In the meantime, our normal services will remain online, however the lab jams are canceled going forward.
To keep up to date, check this page, and follow us on Twitter.
Howdy Blue Teams! My name is Daniel Limanowski and I am your director for the 2019 ISU2/Spring Cyber Defense Competition. I work for the ISEAGE security research lab under Dr. Doug Jacobson. My awesome team of student staff members who’ve worked endless hours to prepare this CDC for you are *queue jazz and SNL intro voice*: Logan Woolery, Alex Young, Sean Hinchee, Joel Wacker, Jacob Moody, Joel May, and William Rickert.
The scenario for the 2019 ISU2 CDC is brought to you in part by John Deere. Its title: “Connected Farming.” This year’s Spring CDC throws Blue Teams into a local farm’s network with webservers, connected farming equipment, and plenty of cross-box/application (proprietary) communications.
Remote setup is now officially open. Please head to https://signup.iseage.org/ and create an account. You’ll be able to make a team, look for team members, and/or join an existing team. Then, you’ll be able to access vCenter and IScorE. If you have trouble finding a team, please send us an email at firstname.lastname@example.org
Where to start/how to get help
If you’re completely new to Cyber Defense Competitions, create an account on signupand view the Scenario documentation linked in that application. Read through the entire document first, then… …if you still have questions, please email us at email@example.com …also, you can get support on our support chat system at https://setup.iseage.org
Lab jams are two-hour blocks where Blue Teamers (you) can come in to get in-person help, guidance, and advice from ISEAGE staff during the remote setup phase. You may come and go as you please during the lab jams. The following dates/locations for the lab jams are:
ALL LAB JAMS ARE LOCATED IN COOVER 2222
Wed| March 6 | 7:00PM – 9:00 PM
Sun | March 10 | 6:00PM – 8:00 PM
Wed | March 13 | 7:00PM – 9:00 PM
Sun | March 24 | 6:00PM – 8:00 PM
Wed| March 27 | 7:00PM – 9:00 PM
Below are some important dates to be tracking: 1) Scenario released, begin remote setup (NOW!) 2) Remote access goes down for a half-day (March 28th, 2019…hours TBA) 3) On-site Setup Phase in Ames, IA (March 29 at 12:00PM – March 30 at 8:00AM…TLA open ALL night!) 4) On-site Attack Phase & Debrief in Ames, IA (March 30, 2019…8:00AM – 5:00PM)
My name is Sean Hinchee and I am your director for the 2019 Iowa State University National CDC (NCDC). This page details everything your school needs to know about signing up for the NCDC, so be sure to read through it all!
Note that this video is NOT representative of the official scenario document and may be subject to change.
Important Dates: The following list contains dates relevant to the NCDC.
Approximately, Friday, January 5th: Remote setup will open (it may open sooner or later)
12:00 Noon – 10:00 PM, Friday, February 1: On-site setup at Iowa State
7:00 AM, Saturday, February 2: Doors open before attack phase
8:00 AM – 4:00 PM, Saturday, February 2: Attack phase
4:10 PM, Saturday, February 2: Awards and debriefing
Signing up: All 4-year universities in the U.S., a select number of community colleges, and all of the top three teams from the Fall ISU CDC are all invited to sign up and compete in the NCDC. ISEAGE is placing a firm cap of 25 teams for this competition. The list of teams competing is generated on a first-come, first-serve basis with respect to the time your school signed up.
Each school, whether it be 4-year or community college, is allowed to send exactly one team of up to eight student competitors to represent their school. Extra teams under the same school will be removed if extra teams signup.
Once signup closes, an email will go out (and we will post on cdc.iseage.org) with the exact list of teams competing.
Each competitor needs to sign up and join their school’s team, which the captain can create. Please be sure to label your “Organization” as your school’s name upon team creation. Signup closes on January 3rd, 2019 at 11:59PM. Head to https://signup.iseage.org/ to get started.
Lodging/Travel: The competition takes place in Coover Hall on the Iowa State Campus in Ames, Iowa. A separate email will be sent out in the next two weeks regarding hotel event/conference discount rates. ISEAGE does not accommodate for lodging or travel and it is the responsibility of teams to handle this themselves.
Livestream: ISEAGE will be livestreaming the on-site setup and attack phase of the NCDC on https://twitch.tv/iseage – feel free to share the link with anyone who wants to tune into the event.
Questions: Any and all CDC-related questions must be sent to firstname.lastname@example.org
We will be detailing ISEAGE staff support methods in further emails just before the remote setup phase begins.
ISEAGE is proud to present the 2019 Iowa State University National CDC and we hope to see your school competing.
As promised, here is a master tarball of everything that went in to the long, CTF-inspired challenge anomaly. This anomaly was inspired by 1o57’s Badge Challenges at DEFCON. You can find write-ups http://potatohatsecurity.tumblr.com/post/126411303994/defcon-23-badge-challenge, http://elegin.com/dc22/, http://elegin.com/dc21/, http://elegin.com/dc20/.
Each tar seems to extract differently with different tar implementations.
The phone numbers only worked on ISEPhone. Wav files are included for what the phones would play. The “Synthesized Voice” stage read off the given data in hex.
On the competition network, 18.104.22.168 served the password binary. verysecret.isucdc.net served the initial breadcrumb tarball.
There was an access point in the Armory. The phone number lead to the SSTV wav.
The AP had a captive portal. In the captive portal, there were HTML comments giving instructions to submit the answer on red paper.
— Spoilers below —
The password binary had an unused function in the function table. Calling this function gives extra clues, and the name was a clue as well.
The first PDF could be extracted as a tar.gz. its_dangerous_to_go_alone was also a tar.gz.