Starting in 2023 I have created and lead a team to build and run the Cyber Conquest competition at Dakota Con. I introduced “physical services” which are services which have a real world component similar to industrial control systems. A few highlights include windmills, cranes, traffic lights, water towers, a drawbridge. We start planning in the fall planning out what systems, services, and physical services we are going to have, and organizing a team to build them.
Most recent writeup: Cyber Conquest 2025
Previous write ups:
Also called Dakota Conquest when run at Dakota Con
Cyber Conquest is a purple-team cybersecurity competition where teams defend their systems while attacking other teams' systems utilizing both offensive and defensive skill sets!
In Cyber Conquest, each team is assigned a small network of systems, simulating a mock company. These systems run a collection of websites, file servers, and other business critical services that must remain online and operational throughout the competition to earn defensive points. All services are functional by default and many services (and systems) are intentionally vulnerable. A large part of securing these systems will consist of seeking out and destroying enemy persistence. All teams will start with nearly identical systems, so as a secondary objective, defenders should look for vulnerabilities in their systems which their attacker teammates can exploit on other teams. Teams earn points maintaining service uptime while keeping other teams out of the network.
Teams can also earn offensive points by demonstrating remote access to other teams' systems via code execution, maintaining persistence, exfiltrating flags, and planting flags on other teams' systems. The attacking goal is not to destroy systems but rather to stealthily gain access and plant persistence. Therefore, offensive and defensive points are only awarded if a system’s services are online and functioning.
More information is available at Computer Club Wiki / Cyber Conquest website
Every March Dakota State University hosts the Dakota Con cybersecurity conference with 2 tracks of FREE talks, and 2 days of paid trainings. dakotacon.org
Blue (Team) — Defense, securing boxes and kicking Red out.
Box/System — A single system; vm, laptop, or raspberry PI, normally running scored services, but also a general term for computer.
IALab — Dakota State University's Information Assurance Lab. A collection of servers that host all mock networks for classes at DSU, as well as all virtual systems for our cyber competitions.
Kali — Kali Linux, an operating system that is a toolbox of offensive network security tools, a favorite of Red Team.
PF — pfSense, a free opensource firewall.
Physical System — A laptop, raspberry pi, or other non virtualized system.
Physical Service — One to the mock infrastructure services in the competition. (crane, traffic light, draw bridge, etc..)
Purple (Team) — A team which does Red Team and Blue Team actions.
Red (Team) — Offense, gaining access to Blue Team systems.
VM — Virtual machine; a server (or sometimes client system) which is completely virtual, normally hosted in IALab.
White (Team) — Competition organizers and admin. They setup/fix the environment and resolve scoring disputes.