Every year, a two-day event known as The CyberMaryland Conference is hosted in Baltimore by the National Cyber Security Hall of Fame and Federal Business Council (FBC). Many organizations are involved, from academia, government, and even the private sector. This year’s theme is “Leading the Cyber Generation”. CyberMaryland consists of speaker-led sessions performed by industry leaders in cyber security. With topics that range from cyber education to threat intelligence, there is something for everyone.
CyberMaryland also hosts a CyberChallenge, where professional, collegiate, and high-school teams compete against each other in a tiered Cyber Exercise. High schools will compete in a network defense based event, while college and professionals will participate in a capture-the-flag competition. The capture-the-flag event tests offensive security skills, pitting teams against a wide array of hosts, ranging from hardened and secured to old and outdated. As teams compromise the hosts, they can plants flags for points. In contrast, the network defense event provides the team with a set of insecure system which they must secure and harden.
At WraySec, we have extensive experience not just running, but also competing in Cyber Exercises at various levels. In fact, many on our team have competed in and won at the Cyber Maryland competition, and we would like to share some strategy and tactics for the competitors in this years upcoming challenge. This applies to all formats; high school, collegiate, and professional.
Practice: Competitive Cyber Exercises are more than a technical challenge; they test your ability to think outside of the box. Make sure you focus on the technical skills required for the event, but also practice critical thinking. Things will go wrong. Your plans will hit roadblocks. Your competitors, much like the cyber criminals and APT you will face in the real world, will be experienced and have developed tools and techniques that give them advantages. You must have experience and practice coming up with on-the-fly solutions for these unexpected hindrances before you even walk in the door.
Patience: Patience is more than a virtue, it’s a requirement for successfully winning a cyber competition. It’s very easy in today’s weaponized exploitation world, with tools like Metasploit, to think compromising a system is as simple as pointing and shooting. The reality is exploiting a vulnerability is, by definition, something that is unintended. No matter how reliable an exploit is, things will go wrong, especially in an environment where dozens of people are trying to exploit the same target. Have a plan for how you’ll handle these target stability issues, and how you’ll maintain access once you are in.
Persistence: In the past, the CyberMaryland Challenge hasn’t allowed for teams to remove access from other participants. Still, have a contingency plan. This is a competition, and even if most teams are following the rules, you must be prepared for anything. Get in, but make sure you can stay in!
Automation: Critical thinking aside, these are computers we’re talking about. Script and automate everything you can. Speed is very important in a cyber exercise. There are plenty of tools out there to help you automate your process; find and utilize them.
Aggression: Like in any game or sport, properly timed aggression is a crucial factor in success with cyber competitions. Make quick and logical decisions, and practice to ensure you don’t freeze up in a critical situation. It’s usually better to make the wrong decision than to do nothing at all!
Creativity: Don’t be a robot, use your brain! Brainstorm ideas ahead of time and come up with unique and effective plans. There is almost always more than one way to solve a problem. Many tools and projects that our team developed were as the result of competitions such as CyberMaryland. We practiced, noticed an area where there was room for automation or ease of use, and developed tools towards solving that problem. Even if the event has rules against using what you create, hold on to it. Just because a tool doesn’t fit for an immediate need doesn’t mean it won’t have use outside of that competition or exercise.
Leadership: The leader of your team has an extremely important role. This person must ensure everyone is performing their functions and communicating properly. The team leader must make important decisions at crucial moments, and anticipate problems before they become critical. Establish a working command structure, and if time and team dynamics allow for it, practice with one member missing, or moving a team member into a leadership role. Remember, it’s important that critical decisions are made as quickly as possible. Failure to efficiently make decisions means no momentum, and this can often be worse than the wrong decision.
Communication: Effectively communicating with your team is an absolute must! Communication is the key! Ensure that you are all in sync, and redundant work is not being performed. Everyone should know not only their specific roles, but also each other’s strengths and weaknesses. This comes from time spent practicing with each other as a team.
Train, Train, and Train Some More: WraySec is launching a Closed Beta for our Cyber Exercise Engine at this years CyberMaryland Conference. While it will not be available for the participants to use before the current Maryland Cyber Challenge, it’s never too late to start training for next year, or even one of the many other cyber competitions throughout the year. Our product will give you the opportunity to train with a realistic scoring engine, and it’s affordable too! Learn more about CyExNg and the Closed Beta at the event. We hope to see your there!
If you happen to be in the Mid-Atlantic area, we encourage you to come on out to the CyberMaryland Conference and have a chat with us. At WraySec, we’re dedicated to finding and building creative solutions to a wide variety of challenges and needs almost universally faced on today’s hostile internet. Our unique experiences lend a helping hand to combating even the toughest adversaries you face.