My name is Sean Hinchee and I am your director for the 2019 Iowa State University National CDC (NCDC). This page details everything your school needs to know about signing up for the NCDC, so be sure to read through it all!
Note that this video is NOT representative of the official scenario document and may be subject to change.
Important Dates: The following list contains dates relevant to the NCDC.
Approximately, Friday, January 5th: Remote setup will open (it may open sooner or later)
12:00 Noon – 10:00 PM, Friday, February 1: On-site setup at Iowa State
7:00 AM, Saturday, February 2: Doors open before attack phase
8:00 AM – 4:00 PM, Saturday, February 2: Attack phase
4:10 PM, Saturday, February 2: Awards and debriefing
Signing up: All 4-year universities in the U.S., a select number of community colleges, and all of the top three teams from the Fall ISU CDC are all invited to sign up and compete in the NCDC. ISEAGE is placing a firm cap of 25 teams for this competition. The list of teams competing is generated on a first-come, first-serve basis with respect to the time your school signed up.
Each school, whether it be 4-year or community college, is allowed to send exactly one team of up to eight student competitors to represent their school. Extra teams under the same school will be removed if extra teams signup.
Once signup closes, an email will go out (and we will post on cdc.iseage.org) with the exact list of teams competing.
Each competitor needs to sign up and join their school’s team, which the captain can create. Please be sure to label your “Organization” as your school’s name upon team creation. Signup closes on January 3rd, 2019 at 11:59PM. Head to https://signup.iseage.org/ to get started.
Lodging/Travel: The competition takes place in Coover Hall on the Iowa State Campus in Ames, Iowa. A separate email will be sent out in the next two weeks regarding hotel event/conference discount rates. ISEAGE does not accommodate for lodging or travel and it is the responsibility of teams to handle this themselves.
Livestream: ISEAGE will be livestreaming the on-site setup and attack phase of the NCDC on https://twitch.tv/iseage – feel free to share the link with anyone who wants to tune into the event.
Questions: Any and all CDC-related questions must be sent to email@example.com
We will be detailing ISEAGE staff support methods in further emails just before the remote setup phase begins.
ISEAGE is proud to present the 2019 Iowa State University National CDC and we hope to see your school competing.
As promised, here is a master tarball of everything that went in to the long, CTF-inspired challenge anomaly. This anomaly was inspired by 1o57’s Badge Challenges at DEFCON. You can find write-ups http://potatohatsecurity.tumblr.com/post/126411303994/defcon-23-badge-challenge, http://elegin.com/dc22/, http://elegin.com/dc21/, http://elegin.com/dc20/.
Each tar seems to extract differently with different tar implementations.
The phone numbers only worked on ISEPhone. Wav files are included for what the phones would play. The “Synthesized Voice” stage read off the given data in hex.
On the competition network, 22.214.171.124 served the password binary. verysecret.isucdc.net served the initial breadcrumb tarball.
There was an access point in the Armory. The phone number lead to the SSTV wav.
The AP had a captive portal. In the captive portal, there were HTML comments giving instructions to submit the answer on red paper.
— Spoilers below —
The password binary had an unused function in the function table. Calling this function gives extra clues, and the name was a clue as well.
The first PDF could be extracted as a tar.gz. its_dangerous_to_go_alone was also a tar.gz.