CCDC - The Competition My Career Stands On: Year 1

A Quick Note

I will not be using names in this since I do not have the consent from the members involved, but I remain good friends with many of them today and some of them may actually read this.

My History with CCDC

I joined my university’s CCDC team in the 2018-2019 school year. I was looking into a scholarship that was offered by the National Science Foundation to my university and saw that participation was a requirement to obtain and continue to obtain the scholarship. So in the fall semester, I found the student club directory and sent an email to the Team Captain, and asked if there was a place available. He said there was and to meet him and the rest of the team in a dingy room in a building I thought was all but abandoned on campus. I met them, and we started getting to work.

Scrap Ops

Prior to doing CCDC, I had an Associates Degree in Computer Networking from a local community college. Additionally, the curriculum at the university I attended was next to useless. Out of the whole 3 years I spent there, there were 2 classes that had useful information delivered to me in them. The rest was either out of date by at least 5 years, or flat out wrong. So, CCDC was where I would go and actually learn. I made it a weekly habit to meet those guys in the dingy room for a few hours a week to just absorb any and every bit of information I could. It was a very scrappy operation. We were using donated servers and networking equipment provided by the students and half working VM on laptops as the school refused to provide any funding or useful training to the little fledgling operation. We didn’t even have a coach, just a bunch of dudes in a room trying to figure things out. Attending CCDC practice was my weekly ritual, and apart from a month or so I didn’t attend due to the extremely untimely death of my mother, I was always there.

Go Time

My first competition was towards the end of the fall semester of 2018. Before entering the competition I double checked with the Captain if he wanted me to attend due to me being so new to the team. I was initially to be put on the reserves for the day, but instead I wound up being put in charge of watching a packet capture from Wireshark for any attacks due to someone being sick. I was able to see a few attacks on the wire, and tons of vuln scanning (nmap scripts), which was all reported up through the incident report injects. That year the team ended up taking 3rd in the fall competition, which was an invitational and ultimately was mostly practice using the state environment from the year before. Once we got back from winter break however, we hit the ground hard, and we were running fast. I took as much time during break as possible to learn as much as possible about some intricacies of how Linux worked as possible. That endeavor was not as successful as I had hoped.

Winning State, The First Time, Somehow

Come February 9th, I would be put in for my first real competition. The Captain finally found someone we could use as a coach. We got up way too early to drive an hour away to the community college the competition was hosted in, on a Saturday nonetheless. Drinking coffee in the school van that we had to pry from their cold dead hands just to use for the day. After an hour of notifications, announcements, sponsorship plugs, and more coffee, we had been assigned to our rooms after having a team picture taken by some stairs. When we got into our rooms, each of us was given a station with a desktop, access to the scoring engine page, netlab, our notes, and the team packet. Then, before we knew it the welcome inject was dropped and we were on our way patching what we could, firewalling off what we couldn’t. The team writer assigning inject work and keeping us on task. It was 8 solid hours of beautiful competition with busting lots of ass and getting things done. I was once again sitting on a Windows 10 box trying to find incidents to report, sending evidence to the Writer, and doing what I could to keep a MySQL server up and running on top of that. The MySQL server eventually got shifted off to another person who understood it better, and then I was left to threat hunt. At the end, we did lose the SQL server. The red team ran rm -rf / --no-preserve-root against it, and it was lost for the last hour or two of the competition.

Aftermath

We left the room, I felt defeated. While things went mostly well, losing that SQL server kept our Prestashop instance down for a while meaning that I had caused the team to lose significant points towards the end of the competition. The Captain reassured me that this was amongst his better attempts seen at the state level competition and that we should not count ourselves out of the podium. I didn’t believe him, but took those words into mind as we went back into the auditorium. From then on, we had another presentation from the event organizers, tips and notes from the Red Team, grilling the group of students for crappy incident reports, you know. The usual. They then called out the 3rd place team. I thought then and there we didn’t make the podium, thinking there was no way we did better than 3rd. When they called the 2nd place team, I didn’t even pay attention thinking there was no way we were going to be mentioned at all. Then I heard my school called out as the 1st place team. At first I thought it was a mistake, surely there is no way right? Then the rest of my team cheered while I was confused for a moment, before I cheered too. We walked up, collected our plaques, then mingled with other teams, had dinner, and then got back in the school van and went home.

Prepping for Regionals

Upon getting home, we had to meet with the Dean in the following week. He congratulated us on the win, and we started trying to figure out a plan for regionals. The school still intended initially to refuse to allow us to travel, citing that we did not have an advisor or an official club. It was when I pointed out that I found the team through the student club directory and the Captain told him that we had an individual who was our Last Minute Coach at that point a miniscule amount of money was offered to compensate for travels and the cheapest hotel we could find. Normally things that would be handled by the Advisor, but in this case was done by the Captain because the Advisor was minimally involved. Otherwise, it was back to the old grind. Suffer through our pointless classes, and look forward to CCDC on Wednesdays. Rinse and repeat until we went to the regional competition in March.

Getting Our Butts Handed to Us

Going to the regional comp in 2019, sucked. Hard. Incredibly hard for me at least. You see, I was an idiot and chanced myself on some questionable chicken. Then I got food poisoning. After a 15 hour day on campus, I went home and made some chicken, and I was starving when 40 minutes had passed. Normally 40 minutes was enough to get chicken cooked at 400 degrees, but little did I know, the oven was going out and was in fact cooking at 300 degrees. My meat thermometer was broken too. I couldn’t afford a new one since I was making minimum wage at the time, and I was a broke student with rent to pay and not enough income to make it. I thought the chicken looked pinkish but chalked it up to it being late and the crappy lighting in the kitchen and BBQ sauce falling into the bite mark. So, I got food poisoning before an 8 hour drive to the regional competition site, during the length of the competition, and got better the day after we returned home. It was misery.

2 Days of Suffering

Regional CCDC differs in a number of ways. First and foremost, the environment is larger and more complex. Secondly, it is a 2 day event, rather than 1. The competition is 13 hours spread across 2 days, and with most of the first day being relegated to sponsor worship, talks from speakers, and a job fair before the competition. We actually had (at least) 2 of our guys get jobs from the CCDC job fair. Anyways, after all the pageantry was over we started in the competition. This time around I was in charge of managing the Cisco 2960, and Splunk server. I actually learned a bit about what to do on the Linux servers from the failures at the State competition, although it didn’t end up being enough. Splunk server still had a lot of intermittent uptime issues. Until The Great Downtime.

The Great Downtime

Oh yes, we had the mother of all downtimes. You see, we didn’t get the firewall patched in time against a pretty nasty pre-auth RCE exploit (IronSkillet). So the Red Team got in, and sat for a long time. Then eventually removed all access to the firewall outside the API. The firewall guy attempted to recover it and at the end of the first night, had a plan to implement for day 2. Day 2 came along, and the plan to restore access was enacted by going into a pre-boot menu and trying a manual recovery. The idea here was that we would avoid the point penalty for reverting an environment. But it was so much worse. What exactly happened is a mystery to me, but I contend that the firewall guy accidentally ran shred or some equivalent on it. Even to this day, I have remained friends with the firewall guy and he says he doesn’t know what he did wrong. Alas, whatever happened caused us catastrophic downtime. And I have to give insane props to the Team Writer, because he had to field some absolutely brutal phone calls from Orange Team because of that.

“What did you set for the encryption key?” “What encryption key?”

The outage lasted about 6 hours total. Every single scored service down, including the new ones introduced via inject. We didn’t know what the scores were, but we knew we were in last place. Eventually, we called for a whole environment scrub because we couldn't figure out what else to do. The environment scrub was taking forever, and we were starting to get concerned. After about 45 minutes or so, we had White Team walk into our room and ask us if we set an encryption key on the Palo Alto, which led to the wonderful exchange I used as the header for this bit. After the Red Team guy who used the exploit came and asked some questions, he and White Team ended up replacing the firewall with a spare. We were given points back for the 45 minutes of downtime caused that was used by the scrub time, but in the end it didn’t matter. We were so far in last place all we could do was ride it out. After the awards and dinner, we went back to the hotel and then found the hotel bar. We stayed there and discussed what had happened for a few hours over some beer. I had to leave early though because I was trying to keep myself from throwing up on everyone else.

Pick Up the Pieces and Disbandment

We returned home, I got over my food poisoning, and then we had a final meeting. We held elections for next year’s Team Captain. After taking the least amount of votes out of the 3 candidates, I conceded and offered my vote to the guy who eventually wound up taking the position. That ended up being a good thing. He was better engaged, and had a lot more time to dedicate to it than I did since I was a full time student, working a part time job and had a significant other that I already felt I didn’t see enough, plus I spent just about all of 2019 in a bad headspace still in grief over the loss of my mother in the fall of 2018. He was in on a scholarship so didn’t work, and (as far as I know) was single. We disbanded. Some of us for good, others just for the summer. Out of that team, we had a bunch of us come back the next year. The Captain job hopped for a few years after graduating, but now works for an incredibly respectable company as a Pentester. We had a few guys work for the feds after graduating, and one guy that I have not spoken to or heard about since that last meeting. That summer I went on to intern at the company I work for today, then came back for my second and final year the following fall.

Changelog

2024-09-17: Reworded a few sentences and changed the 8th header.