Category Archives: Uncategorized

2019 ISU2 Spring CDC Release Announcement

Howdy Blue Teams!
My name is Daniel Limanowski and I am your director for the 2019 ISU2/Spring Cyber Defense Competition. I work for the ISEAGE security research lab under Dr. Doug Jacobson. My awesome team of student staff members who’ve worked endless hours to prepare this CDC for you are *queue jazz and SNL intro voice*: Logan Woolery, Alex Young, Sean Hinchee, Joel Wacker, Jacob Moody, Joel May, and William Rickert.

Scenario Introduction

The scenario for the 2019 ISU2 CDC is brought to you in part by John Deere. Its title: “Connected Farming.” This year’s Spring CDC throws Blue Teams into a local farm’s network with webservers, connected farming equipment, and plenty of cross-box/application (proprietary) communications.

Remote Setup

Remote setup is now officially open. Please head to https://signup.iseage.org/ and create an account. You’ll be able to make a team, look for team members, and/or join an existing team. Then, you’ll be able to access vCenter and IScorE. If you have trouble finding a team, please send us an email at cdc_support@iastate.edu

Where to start/how to get help

If you’re completely new to Cyber Defense Competitions, create an account on signupand view the Scenario documentation linked in that application. Read through the entire document first, then…
…if you still have questions, please email us at cdc_support@iastate.edu
…also, you can get support on our support chat system at https://setup.iseage.org

Lab Jams

Lab jams are two-hour blocks where Blue Teamers (you) can come in to get in-person help, guidance, and advice from ISEAGE staff during the remote setup phase. You may come and go as you please during the lab jams. The following dates/locations for the lab jams are:

ALL LAB JAMS ARE LOCATED IN COOVER 2222

  • Wed| March 6 | 7:00PM – 9:00 PM
  • Sun | March 10 | 6:00PM – 8:00 PM
  • Wed | March 13 | 7:00PM – 9:00 PM
  • Sun | March 24 | 6:00PM – 8:00 PM
  • Wed| March 27 | 7:00PM – 9:00 PM

Dates

Below are some important dates to be tracking:
1) Scenario released, begin remote setup (NOW!)
2) Remote access goes down for a half-day (March 28th, 2019…hours TBA)
3) On-site Setup Phase in Ames, IA (March 29 at 12:00PM – March 30 at 8:00AM…TLA open ALL night!)
4) On-site Attack Phase & Debrief in Ames, IA (March 30, 2019…8:00AM – 5:00PM)

Now get some country queued, fire up those tractors (yup, you can do this), and fill those silos!

Cheers,
Daniel Limanowski

NCDC 2019 — Scenario Release Announcement

The moment you’ve all been waiting for is finally here — remote setup has officially opened! At this time, you may begin accessing our environment and setting up your systems. 

Blue team folder link:

https://drive.google.com/drive/folders/1T7kvbxd7u7RUacCkfY-TG-jHWhVLiD8G

Remember, you can always contact us for help by email at cdc_support@iastate.edu or over chat at setup.iseage.org or on the public IRC server, soon to be announced!

NOTE: please put your school/university in the ‘organization’ field on iScore. 

Have fun getting started!

Cheers,
Sean Hinchee

NCDC 2019 — Kickoff and Scenario Release Announcement

*NCDC LODGING DISCOUNTS AVAILABLE HERE*

Hello,

My name is Sean Hinchee and I am your director for the 2019 Iowa State University National CDC (NCDC). This page details everything your school needs to know about signing up for the NCDC, so be sure to read through it all!

Scenario:

Note that this video is NOT representative of the official scenario document and may be subject to change.

Important Dates: The following list contains dates relevant to the NCDC.

  1. Approximately, Friday, January 5th: Remote setup will open (it may open sooner or later)
  2.  12:00 Noon – 10:00 PM, Friday, February 1: On-site setup at Iowa State
  3. 7:00 AM, Saturday, February 2: Doors open before attack phase
  4. 8:00 AM – 4:00 PM, Saturday, February 2: Attack phase
  5. 4:10 PM, Saturday, February 2: Awards and debriefing

Signing up: All 4-year universities in the U.S., a select number of community colleges, and all of the top three teams from the Fall ISU CDC are all invited to sign up and compete in the NCDC. ISEAGE is placing a firm cap of 25 teams for this competition. The list of teams competing is generated on a first-come, first-serve basis with respect to the time your school signed up.

Each school, whether it be 4-year or community college, is allowed to send exactly one team of up to eight student competitors to represent their school. Extra teams under the same school will be removed if extra teams signup.

Once signup closes, an email will go out (and we will post on cdc.iseage.org) with the exact list of teams competing.

Each competitor needs to sign up and join their school’s team, which the captain can create. Please be sure to label your “Organization” as your school’s name upon team creation. Signup closes on January 3rd, 2019 at 11:59PM. Head to https://signup.iseage.org/ to get started.

Lodging/Travel: The competition takes place in Coover Hall on the Iowa State Campus in Ames, Iowa. A separate email will be sent out in the next two weeks regarding hotel event/conference discount rates. ISEAGE does not accommodate for lodging or travel and it is the responsibility of teams to handle this themselves.

Livestream: ISEAGE will be livestreaming the on-site setup and attack phase of the NCDC on https://twitch.tv/iseage – feel free to share the link with anyone who wants to tune into the event.

Questions: Any and all CDC-related questions must be sent to cdc_support@iastate.edu

We will be detailing ISEAGE staff support methods in further emails just before the remote setup phase begins.

ISEAGE is proud to present the 2019 Iowa State University National CDC and we hope to see your school competing.

Cheers,
Sean Hinchee

NCDC2016 Super Anomaly

 

Download tarball

As promised, here is a master tarball of everything that went in to the long, CTF-inspired challenge anomaly. This anomaly was inspired by 1o57’s Badge Challenges at DEFCON. You can find write-ups http://potatohatsecurity.tumblr.com/post/126411303994/defcon-23-badge-challenge, http://elegin.com/dc22/, http://elegin.com/dc21/, http://elegin.com/dc20/.

Some notes:

Each tar seems to extract differently with different tar implementations.

The phone numbers only worked on ISEPhone. Wav files are included for what the phones would play. The “Synthesized Voice” stage read off the given data in hex.

On the competition network, 199.100.123.123 served the password binary. verysecret.isucdc.net served the initial breadcrumb tarball.

There was an access point in the Armory. The phone number lead to the SSTV wav.

The AP had a captive portal. In the captive portal, there were HTML comments giving instructions to submit the answer on red paper.

-Jake

 

— Spoilers below —

The password binary had an unused function in the function table. Calling this function gives extra clues, and the name was a clue as well.

The first PDF could be extracted as a tar.gz. its_dangerous_to_go_alone was also a tar.gz.

verysecret.space is the “very secret.space”