Wednesday, March 19, 2014

MACCDC 2014: Virtual Quals Lesson Learned


MACCDC 2014 - Virtual Qualifier Round

Some found my MACCDC 2013 write-up helpful, and more information is always better, so here's this year's lesson learned for the virtual qualifier round.

Choose a later time slot

This lesson is pretty subjective and I don't mean for it to sound negative or whiny, so please keep that in mind.  

We chose one of the first time slots available this year in which to compete, and right after we were told "go!" we saw problems with the game infrastructure.  The external IP addresses listed on the Flags tab were different than those listed on the Assets tab.  

Here's a modified view of the Assets tab:


And here's the modified view of the Flags tab:

Struggling for Control

We connected to the external IP addresses on the Assets tab according to what team member was tasked to a respective system and tried to start the system hardening.  Within the first 10 minutes, we noticed odd behavior that wasn't attributable to red team activity.  We saw multiple sessions on Linux boxes and there were RDP battles on Windows.  We then found out that our assets were swapped with those of another college!  Once the game masters were aware of the issue, they started working on the fix.

In the mean time, all teams retained access to the systems to which they were connected.  This meant that teams could still scour the systems to look for flag values to be submitted once the assets were re-aligned, as well as continue hardening their boxes.  At this point, injects weren't assigned, so they weren't a concern.

Access Restored?

Once all machines were fixed in the scoreboard to be assigned to the correct teams, the games masters graciously reset the game clock.  However, they did not reset the machines or the flags teams may have already captured.  Of concern on that point is that according to the rules, whichever team submits flags first wins in the event of a tie.  Well, with the start and end times now adjusted, we quickly went back to work.

Nope, Still Broken

Even after the game was reset, when we tried submitting flag values, they were not accepted by the scoreboard.  The problem was that when you click on a flag to submit the value, although the main entry in the list was re-mapped correctly, the pop-up flag submission prompt still reported the old system.  We had to take screen caps to prove what we were saying, as the game masters didn't believe us.

Conclusion

Now that you have a sense of the issues we were facing, I would recommend not choosing an initial time slot for fear of the game infrastructure being "buggy".  The thought process behind this is that if your team chooses a later slot, then maybe by then the issues will be resolved and the game experience will be smooth.  From a practical perspective, the time spent having to converse with the game masters about what is broken and why takes away time from your focus on system hardening, etc.

Something we found interesting is that not a single team from our round progressed to regionals...