Re: Best attack strategy for a Red Team?

[Scott <opiesan () gmail com>]

Thanks for the feedback Chris. The only problem with this approach
stems from what Brian mentioned above. The goal isn't to destroy the
student teams' systems because all that really teaches you is how to
reinstall HW/SW.  Consider it the softer side of attacking a system
where we're supposed to get in and disable services, maintain access
through installed backdoors, and generally exploit whatever
vulnerabilities we can. Afterwards we go through a detailed debriefing
with the student teams explaining the areas they were weak and strong
so they can benefit from the experience gained on both sides of the
fence.

Some examples of past attacks were to compromise the VOIP server and
reroute the team phones to the phone we had so that we could intercept
their business inject calls. We later offered to "fix" their phones in
exchange for 5 minutes of root access on one of their systems. Some of
them turned us into the LE reps that were working in the game, some
just flat out denied the offer.  Another example was installing a
program that, when launched, made it look like the computer was
installing Windows ME on top of their Win 2k3 server.  Those were the
fun ones to watch and everyone got a laugh about it later while still
learning something.

This is an educational game that let's both sides get a taste of the
real thing but through a controlled environment. As attackers we're
learning as much as the students.

Scott

On Tue, Mar 10, 2009 at 7:42 AM, Chip Panarchy <forumanarchy () gmail com> wrote:
> Hi
>
> Sounds like fun.
>
> Since you say that you are the least experienced, go for the unexpected.
>
> Once again, I must promote the use of Neodymium Magnets. These are
> very small magnets, that have the same power has industrial magnets
> (very cheap).
>
> So if you want to, destroy there network, the above way will do the
> most damage, with the least chance of them knowing the method used.
>
> Maybe go for a bit of Social Engineering, or as I prefer to call it,
> Industrial Espionage.
>
> This could involve distracting them for a little while then placing
> some Neodymium Magnets under the desk where they have there laptop,
> Computer or Server running.
>
> Nice and simple, and you'd be thinking outside the square.
>
> Good Luck!
>
> Panarchy
>
> On Tue, Mar 10, 2009 at 4:55 AM, Scott <opiesan () gmail com> wrote:
> > Howdy folks!
> >
> > I'm part of a Red Team for the Mid-Atlantic region CCDC competition
> > (Collegiate Cyber Defense Competition). There are some pretty talented
> > folks on the team and I'm arguably the least experienced (for now).
> > The short version explanation is that teams of college students are
> > tasked with operating and defending a "corporate" network of systems
> > ranging from web, email, DB, MS Domain servers, VoIP, and normal
> > workstations. They have to patch a wide variety of holes while keeping
> > designated services available for scoring. The team with the most
> > uptime wins. Meanwhile, the red team is busy attacking these services
> > along with anything else we can get into and create havoc for the
> > student teams.
> >
> > My question to all of you is what you would recommend for an attack
> > strategy here. In previous competitions it's been challenging to know
> > where to start as there are many options. Should I find a hole and dig
> > in with backdoors, create new user accounts, take over the admin
> > accounts and lock out the student teams??? Technically the red team is
> > supposed to bring down or deny access to the services the students are
> > scored on (primary objective). There's always more going than that
> > however. I'd like to stay focused when we go into the 3 day event this
> > month so I need a plan.
> >
> > How would you do it if you didn't know more than possibly what types
> > of systems you'll find on the target networks? Thanks.
> >
> > Scott