// This is my first post so I am still getting the hang of it :) // ====== Cyber Conquest @ DakotaCon 10.1 ====== A purple team (offensive and defensive) cybersecurity competition that I designed, planned and lead a team to build. **Start:** 2023/01 **Competition Date:** 2023/03/25 {{ :cyberconquest2023-laptop.jpg?nolink&600 |}} ===== Overview ===== What is Cyber Conquest? > Cyber Conquest is a purple-team cybersecurity competition (that is, it combines both offensive and defensive skillsets) into one king-of-the-hill contest. Teams are tasked with defending their own infrastructure while attacking other team’s infrastructure to gain points. Defensive points are gained by keeping your services up and keeping other teams off your systems, and offensive points are gained by planting your flag on opponent’s systems. - [[https://defsec.club/doku.php?id=cyberconquest|Computer Club Wiki]] / [[https://cyberconquest.org|Cyber Conquest website]] For this year's competition I went with a DC comics/city theme. Each network had a network with 8 systems on it. ^ System Name ^ Operating System ^ Type ^ Important Services ^ IP ^ | Krypton | pfSense | Virtual | //Firewall// | 192.168.0.1 | | Atlantis | Windows Server 2012 | Laptop | Water Tower | 192.168.0.11 | | ArkhamAsylum | Windows Server 2012 | Virtual | DNS / Domain Controller | 192.168.0.15 | | Starlabs | Raspbian(( Yeah I know its Raspberry PI OS now but thats such a dumb name and makes it way more difficult to google. Wth was wrong with raspbian??? )) | Raspberry PI | Wind Turbine | 192.168.0.22 | | LexCorp | Fedora | Virtual | ssh, Web, DB | 192.168.0.25 | | Metropolis | Ubuntu 18.04 | Laptop | Traffic Light | 192.168.0.33 | | TheHiddenCity | Windows 10 | Virtual | //Client system// | DHCP | | HallOfJustice | Kali | Virtual | //Haxzors// | DHCP | ===== Physical Systems ===== A few of the systems were on physical laptops that teams were given. These physical systems were controlling actual //ICS// like systems. ==== Atlantis ==== Atlantis was a Windows Server 2012 with a node based webapp which talked to a MCP2221 and controlled the mock water tower. The water tower had a small fountain pump pushing water into a cup. It would fill up to a water sensor and then turn off in 1 second cycles. This caused the water level to oscillate up and down but never overflow or empty. This system was scored using 2 water sensors, one at the bottom to make sure that there was water in the water tower and the other at the top to make sure that the tower was not overflowing. * [[https://www.adafruit.com/product/2264|FT232H]] GPIO Breakout * [[https://www.adafruit.com/product/4546|Water pump]] * [[https://www.adafruit.com/product/4965|Water sensor]] Thanks to [[https://github.com/pythondude325|pythondude325]] for writing the webapp! ==== Metropolis ==== Metropolis was an Ubuntu 18.04 Server system that we loaded a desktop environment onto. It used a FT232H to control 2 neopixel strips to act like a traffic light. The light was controlled by a python/flask based webapp that allowed setting individual pixels as well as changing the 'microcode' that it was running which scheduled when and how the lights blink. * [[https://www.adafruit.com/product/4471|MCP2221]] GPIO Breakout * [[https://www.adafruit.com/product/1426|Neopixel strip]] Thanks to [[https://github.com/Doodleman360|Doodleman360]] for writing the front end of this webapp! ==== STAR Labs ==== STAR Labs was a raspberry pi 3 with a motor controller hat. We were donated a large amount of old peristaltic pump(([[https://en.wikipedia.org/wiki/Peristaltic_pump|Peristaltic Pumps]] are so neat!)) motors which I repurposed to spin a 3d printed windmill blade((I love the irony of having a windmill that uses power to spin)). I used a variable power supply to power the motor controller, allowing me to dynamically set the max speed to something reasonable. The controller for the windmill was a very simple python script that checked for a file called ''spinny_speed.avi''((avi = Air Velocity Input)) setting the speed accordingly, then outputted the power it had generated to ''buzzzt.exe''((exe = EXact Electrons)). These files were then scored via an SMB share. I had initially intended this to be on windows to have a scored SMB share, but some last minute changes caused it to be on the Ubuntu box. * [[https://www.adafruit.com/product/2348|Motor controller hat]] * [[https://www.adafruit.com/product/1150|Pump motors]] ===== Infrastructure ===== The virtual systems were hosted in the DSU [[https://ialab.dsu.edu|IALab]]((My favorite vCloud cluster, And also the largest one in the state of South Dakota)). There were two main competition networks, a 'Blue' network connecting all the teams' networks and a 'Red' network with the scoring engine as well as virtualized kali boxes and some laptops. Both networks were connected together through the [[https://defsec.club/doku.php?id=ialab:networks|DefSec Router]] where traffic could be monitored by white team. Each team had their own virtual network holding their router and a few virtual systems. Each of these networks had its associated vlan trunked to the competition room and split out to physical ports on a switch in the room. Each team then had a switch at their table to connect the laptops and raspberry PI, which was connected back to the main switch. Each team had two laptops which were scored and in scope (Atlantis and Metropolis) plugged directly into their team's switch. Each team also had two laptops which were on the competition wide ream team network. All of the team tables were arranged in a circle around a center table that had the actual physical systems (traffic lights, water towers, wind turbines). On the center table I had a scoring PI that used multiple MCP23008 GPIO expanders to get enough GPIO ports to support the 2 water sensors per team for scoring((Ironically not actually necessary with the 6 teams we had competing but still)). ===== Building and Testing ===== == Water tower == {{ :watertower-wiring-final.png?nolink&200|}} The most complicated system to wire was the water tower. It had a water sensor and a pump which was controlled via a relay. I wanted to make sure that teams could not just lower the speed of their pump and disable the controlling program, so I used a relay to ensure the pump speed was constant. ---- == Improving the wind turbine == {{::windmill-safe-shutoff-3-relay.png?nolink&300 |3 relay wind turbine design}} My original design for the wind turbine had it being controlled by a single relay. After testing it for a bit I thought that it would be cool to make it spin forwards or backwards so I added a second relay. This design however is very bad for the motor. When the 1 relay design shuts the motor off, it just disconnects it and it spins out on its own, however when the 2 relay design shuts the motor off, it shorts the contacts causing the motor to jerk to a stop which causes unnecessary wear and tear to the motor. This effect is even worse if instead of stopping it switches speed. Then the motor has power applied in the opposite direction forcing the motor to stop even more abruptly and potentially back driving too much power to the board and damaging something. The solution to this is to add a third relay that disconnects one lead on the motor for a short time as it changes state. The problem with doing something like that for a competition setup is that when a malicious team gains access to the system they could remove the safety code to keep it from jerking and force it to constantly switch directions fast and break the motor. After trying to solve this problem for a while I realized that there was actually a very easy solution all along of just switching to use an actual motor controller hat. The motor controller was actually designed to change motor speed meaning that if you gave it a really drastic speed change like full forward to full backward it would slow it down gently((Gently is relative. It happens over fractions of a second but has a noticeable impact on the amount of jerking from sudden speed changes)) and not cause as much thrashing. ===== Lessons Learned and Final Thoughts ===== I loved this project. It was very stressful and a lot of work but it is also one of the most enjoyable projects that I have worked on. I got to work with cyber security (intentionally making systems vulnerable), blinky lights, motors, wiring, networking and of course infrastructure setup! I enjoyed figuring out how to wire up all of the physical components and learning about how things like the FT232H and MCP23008 work. One of the coolest things I learned about was [[https://fritzing.org/|Fritzing]]. It is a FOSS wiring diagram creator which is such an awesome piece of software. I really wish I had known about it for [[https://www.firstinspires.org/robotics/frc|FIRST robotics]] in High School. I realized that I need to work on planning things out ahead of time better. If I had been more organized and started things earlier it would have meant less stress and fewer very late nights. ===== Acknowledgements ===== I could not have done this without the support of my operations team. They have been tirelessly working alongside me the past two months to make this happen. Everyone who helped with the initial soldering day where we soldered headers onto the GPIO breakout boards as well as the motor controller hats. The amazing on campus faculty who helped with acquiring resources((Beacom Wizard Tom)), 3d printing((Filament Pharaoh Tyler)), and network infrastructure setup((Cloud Master Eric)). {{ :cyberconquest2023-room.jpg?nolink&600 |}}