This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
cyberconquest [2023/03/31 20:11] – created gaelin | cyberconquest [2024/02/06 14:11] (current) – gaelin | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | // This is my first post so I am still getting the hang of it :) // | ||
====== Cyber Conquest @ DakotaCon 10.1 ====== | ====== Cyber Conquest @ DakotaCon 10.1 ====== | ||
A purple team (offensive and defensive) cybersecurity competition that I designed, planned and lead a team to build. | A purple team (offensive and defensive) cybersecurity competition that I designed, planned and lead a team to build. | ||
+ | |||
**Start:** 2023/01 | **Start:** 2023/01 | ||
**Competition Date:** 2023/03/25 | **Competition Date:** 2023/03/25 | ||
- | + | {{ : | |
- | + | ||
- | ===== Materials ===== | + | |
- | * Python | + | |
===== Overview ===== | ===== Overview ===== | ||
+ | What is Cyber Conquest? | ||
> Cyber Conquest is a purple-team cybersecurity competition (that is, it combines both offensive and defensive skillsets) into one king-of-the-hill contest. Teams are tasked with defending their own infrastructure while attacking other team’s infrastructure to gain points. Defensive points are gained by keeping your services up and keeping other teams off your systems, and offensive points are gained by planting your flag on opponent’s systems. - [[https:// | > Cyber Conquest is a purple-team cybersecurity competition (that is, it combines both offensive and defensive skillsets) into one king-of-the-hill contest. Teams are tasked with defending their own infrastructure while attacking other team’s infrastructure to gain points. Defensive points are gained by keeping your services up and keeping other teams off your systems, and offensive points are gained by planting your flag on opponent’s systems. - [[https:// | ||
- | For this year's competition I went with a city theme. Each network had a network with 8 systems on it. | + | For this year's competition I went with a DC comics/city theme. Each network had a network with 8 systems on it. |
- | ^ System Name ^ Operating System ^ Type ^ Scored | + | ^ System Name ^ Operating System ^ Type ^ Important |
- | | Krypton | pfSense | Virtual | firewall | + | | Krypton | pfSense | Virtual | // |
| Atlantis | Windows Server 2012 | Laptop | Water Tower | 192.168.0.11 | | | Atlantis | Windows Server 2012 | Laptop | Water Tower | 192.168.0.11 | | ||
| ArkhamAsylum | Windows Server 2012 | Virtual | DNS / Domain Controller | 192.168.0.15 | | | ArkhamAsylum | Windows Server 2012 | Virtual | DNS / Domain Controller | 192.168.0.15 | | ||
- | | Starlabs | Raspbian (( Yeah I know its Raspberry PI OS now but thats such a dumb name and makes it way more difficult to google. Wth was wrong with raspbian??? )) | Raspberry PI | Wind Turbine | 192.168.0.22 | | + | | Starlabs | Raspbian(( Yeah I know its Raspberry PI OS now but thats such a dumb name and makes it way more difficult to google. Wth was wrong with raspbian??? )) | Raspberry PI | Wind Turbine | 192.168.0.22 | |
| LexCorp | Fedora | Virtual | ssh, Web, DB | 192.168.0.25 | | | LexCorp | Fedora | Virtual | ssh, Web, DB | 192.168.0.25 | | ||
| Metropolis | Ubuntu 18.04 | Laptop | Traffic Light | 192.168.0.33 | | | Metropolis | Ubuntu 18.04 | Laptop | Traffic Light | 192.168.0.33 | | ||
- | | TheHiddenCity | Windows 10 | Virtual | Client | DHCP | | + | | TheHiddenCity | Windows 10 | Virtual | //Client |
- | | HallOfJustice | Kali | Virtual | Hax | DHCP | | + | | HallOfJustice | Kali | Virtual | // |
+ | ===== Physical Systems ===== | ||
A few of the systems were on physical laptops that teams were given. These physical systems were controlling actual //ICS// like systems. | A few of the systems were on physical laptops that teams were given. These physical systems were controlling actual //ICS// like systems. | ||
- | ===== Atlantis | + | ==== Atlantis ==== |
- | Atlantis was a Windows Server 2012 system | + | Atlantis was a Windows Server 2012 with a node based webapp |
* [[https:// | * [[https:// | ||
Line 36: | Line 35: | ||
* [[https:// | * [[https:// | ||
- | ===== Metropolis | + | Thanks to [[https:// |
- | Metropolis was an Ubuntu 18.04 Server system that we loaded a desktop environment onto. It used a FT232H to control 2 neopixel strips to act like a traffic light. | + | |
+ | ==== Metropolis ==== | ||
+ | Metropolis was an Ubuntu 18.04 Server system that we loaded a desktop environment onto. It used a FT232H to control 2 neopixel strips to act like a traffic light. | ||
Line 43: | Line 44: | ||
* [[https:// | * [[https:// | ||
+ | Thanks to [[https:// | ||
- | ===== STAR Labs ===== | + | ==== STAR Labs ==== |
- | STAR Labs was a raspberry pi 3 with a motor controller hat. We were donated a large amount of old pump motors which I repurposed to spin a 3dprinted | + | STAR Labs was a raspberry pi 3 with a motor controller hat. We were donated a large amount of old peristaltic |
* [[https:// | * [[https:// | ||
Line 51: | Line 53: | ||
+ | ===== Infrastructure ===== | ||
+ | The virtual systems were hosted in the DSU [[https:// | ||
+ | |||
+ | |||
+ | ===== Building and Testing ===== | ||
+ | == Water tower == | ||
+ | {{ : | ||
+ | The most complicated system to wire was the water tower. It had a water sensor and a pump which was controlled via a relay. I wanted to make sure that teams could not just lower the speed of their pump and disable the controlling program, so I used a relay to ensure the pump speed was constant. | ||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
+ | == Improving the wind turbine == | ||
+ | {{:: | ||
+ | My original design for the wind turbine had it being controlled by a single relay. After testing it for a bit I thought that it would be cool to make it spin forwards or backwards so I added a second relay. This design however is very bad for the motor. When the 1 relay design shuts the motor off, it just disconnects it and it spins out on its own, however when the 2 relay design shuts the motor off, it shorts the contacts causing the motor to jerk to a stop which causes unnecessary wear and tear to the motor. This effect is even worse if instead of stopping it switches speed. Then the motor has power applied in the opposite direction forcing the motor to stop even more abruptly and potentially back driving too much power to the board and damaging something. The solution to this is to add a third relay that disconnects one lead on the motor for a short time as it changes state. The problem with doing something like that for a competition setup is that when a malicious team gains access to the system they could remove the safety code to keep it from jerking and force it to constantly switch directions fast and break the motor. After trying to solve this problem for a while I realized that there was actually a very easy solution all along of just switching to use an actual motor controller hat. The motor controller was actually designed to change motor speed meaning that if you gave it a really drastic speed change like full forward to full backward it would slow it down gently((Gently is relative. It happens over fractions of a second but has a noticeable impact on the amount of jerking from sudden speed changes)) and not cause as much thrashing. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Lessons Learned and Final Thoughts ===== | ||
+ | I loved this project. It was very stressful and a lot of work but it is also one of the most enjoyable projects that I have worked on. I got to work with cyber security (intentionally making systems vulnerable), | ||
+ | |||
+ | One of the coolest things I learned about was [[https:// | ||
+ | |||
+ | I realized that I need to work on planning things out ahead of time better. If I had been more organized and started things earlier it would have meant less stress and fewer very late nights. | ||
+ | |||
+ | ===== Acknowledgements ===== | ||
+ | I could not have done this without the support of my operations team. They have been tirelessly working alongside me the past two months to make this happen. | ||
+ | |||
+ | Everyone who helped with the initial soldering day where we soldered headers onto the GPIO breakout boards as well as the motor controller hats. | ||
+ | |||
+ | The amazing on campus faculty who helped with acquiring resources((Beacom Wizard Tom)), 3d printing((Filament Pharaoh Tyler)), and network infrastructure setup((Cloud Master Eric)). | ||
+ | |||
+ | |||
+ | |||
+ | {{ : |