FAQ
Will we be given the actual media on start for the installed software/OS upon entering the room?
Initial OS media will be in the room.
Will blank media, such as CD-Rs and/or a flash drive, be given to us upon entering the room? What types of media?
USB drive.
Will we be able to lock user accounts without giving the 15 minute advance warning, like for password changes, if we suspect a compromise of the account?
See rules
Are we being scored by DNS name or by ip address?
Both
What's the purpose of the admin workstation? Is it the machine that's connected to the internet? Can we use this machine to console to the networking equipment?
Admin is connected to internet – you should not connect it to your network
Can we get clarification on the FTP site we're allowed to have. When it says "Nothing is provided that could not be accessible through other free sites," does that mean we're not allowed to add our own tools/notes/etc, or is that just preventing people from having proprietary software on a public ftp server?
You must provide the other teams with access to your ftp site. This information will not be shared with the red team
Will we be getting any more details on the e-commerce application, ie: languages, what database is used?
No
By "managed switch", does that mean a $50 linksys/d-link type switch, or an enterprise cisco/juniper switch
When hardware is physically in my hands and tested I will give you more information on this.
Will we be given an actual router, and if so, will we be given model #'s/brand?
When hardware is physically in my hands and tested I will give you more information on this.
Will we have access to any sort of scoring engine to check whether or not services are up?
No
How many teams are officially competing total?
For the winning team(s), will it be one team chosen from everybody, one team chosen from each state, or two teams chosen from everybody, i.e. two Indiana teams/one from each/two Illinois teams.
Top two teams go on to regional – no consideration given for one from each state.
Will the scoring be stopped at the end of the first day and be resumed at the start of the second day, or will the scoring be continued throughout the night?
The consensus was that we would turn off scoring overnight.
Can we wipe boxes?
See rules.
Will we know what kind of hardware we're getting ahead of time, i.e.
PowerEdge 850/650/Whatever
No
Can you provide information on how the teams will be scored?
See rules
What can we bring into the room?
yourself, documentation – paper versions, any media given to you by the operations team, snacks, anything else that is specified in the rules (i.e. speakers, etc.) No cell phones.
Can we have a publicly accessible FTP server for our software?
See rules
Will we be able to use virtualization?
At this point we are saying yes.
Will the machine's already have operating systems installed?
Yes
- If so, will we be able to re-install the operating system?
See rules
- If so, is there a possibility of malicious software being
pre-installed?
Not our intent
Is there a chance that the media that we are getting compromised? Flash
drive compromised?
No
Is there a "safe" time where the red team is not allowed to attack, i.e.
passive scans but no actual attacking for first X minutes
do not count on this
Are we allowed to black list ip addresses?
See rules – you can do this – it will probably cost you points
Are all services weighted equally, or would something like HTTP be worth
more than FTP?
equal
Is physical security an issue? Do we need to guard rooms/notebooks/etc.?
physical security is not an issues – although I would not all leave the room with the door propped open
Can routers and switches OS be upgraded?
No – IOS upgrades required logins and permissions that are not available free to users.
Rule Questions:
Competition Systems:
b) area
j) restore would take it back to the original configs – none of your changes would remain
Scoring:
e) incident reports should be as clear and complete as possible
Internet Usage:
d) the team’s ftp sites that may be set up before the competition must adhere to all competition rules and must be shared with the other teams. This information will not be shared with the red team.
If you decide to allow us 2 NICs in one box, we would prefer it to be on a Windows box.
We would also prefer 2 4GB USB sticks, rather than 1 8GB stick.
Sticks are already purchased
Can we put encrypted files into our FTP? We would like to upload confidential files like password lists that we will be using on our networks that we would feel uncomfortable about allowing people outside of our team members access to.
no
Once we enter the competition room, are we allowed to change our physical network topology?
Your services will need to stay up for scoring – you are not allowed to remove anything from the room or physically change the configuration (hardware pieces) of the machines.
During the competition, can we get more network cables if we need them?
I suppose if you need more than is in the room
What brand and model is the printer?
Simple Lexmark lasers
What applications and services need to be open on the laptop?
Why must we keep the laptop online at all times?
You don’t have to unless you are being scored on something on the laptop
Are the users on the laptop local or domain users?
Could be both
Does the Windows “fileserver” mean a serving files via a web browser (HTTP/HTTPS) or netBIOS sharing?
Could be any of the above
What are the hardware specs of the PCs we are using?
You don’t really need this
Are you using USB or PS2 mice and keyboards?
usb
Can we change the SSID of the wireless network?
It may be a scored item – but you could change it and lose points if you like
Do we need to provide any sort of access to the wireless access point? If so, what sort of access?
yes
How will we be receiving injects? (email, printed out and delivered, some other way)
How can we authenticate that injects came from you?
Check the headers
How do we notify you that we have completed an inject and can be scored?
Email that information back in
How do we get an acknowledgement that we have been scored on an inject?
You won’t
How will you score the file servers?
How will you test Active Directory?
How will you score the wireless access point?
Can we get a copy of the scoring engine?
no
Which services will be scored and how?
See topology and injects
What percentage of our total points will come from uptime?
30
What percentage of our total points will come from business injects?
30 – injects include documentation
What percentage of our total points will come from documentation?
What percentage of our total points will come from the Red Team assessment?
40 – red team includes documentation
Can we get some idea of how you are planning on scoring uptime, injects, documentation, and Red Team attacks?
no
We would like to have some way to tell if our services are seen by the scoring engine as up. There are many ways that services could be scored and because we have no access to a way to check this externally for ourselves, we would like you to help us see if we are succeeding. In past competitions, we have run into the situation where we had services up and verified internally, but externally the service was not seen as up because of how the scoring engine was written. One example was when the scoring engine was scoring web pages served up by our web server. Our web server was returning a HTTP 304 response code, which says that the file has not been modified so it does not need to be redownloaded. The scoring engine was saying that our web page was down, when in reality it was not scoring us properly because the scoring engine was not RFC compliant. The only way that we were able to catch this error was by having some visibility into the scoring process and noticing that we were losing points for a service that we believed to be up and functional.
If yours was failing and it was a scoring engine problem, then every team should have the same issue
Get
the Feed
