Red versus Blue, more commonly referred to as RvB, is an event held by SWIFT every semester. During this competition, you, the player, can sign up with up to 3 other people to form a squad of 4. With your squad, you are given a network of X amount of boxes to secure and defend as an active red team attempts to break in and take down your services. Meanwhile all of this chaos is brewing, the manager of the event is also handing out tasks called injects. It’s pretty fun and I recommend people to take part in it if they ever get the chance.
Team Composition
Entering RvB, I wanted to win first place. This was not my first rodeo and I wanted that first place spot. I’m fairly familiar with the competition as I’ve gotten the chance to participate in the Fall 2021 RvB along with 2 other mini rounds during preparation for NCAE. So here’s about how much thought I put into the team composition:
Zero
Looking back I should have been more careful when trying to put together a championship roster. The team I put together was pretty much just running it back with some of the people who I managed to reach out to first from NCAE. For the sake of anonymity, no names will be dropped.
First one up on the block is my buddy I’ve been running things with for a bit now. He and I got our start into security at roughly the same time and through previous RvBs, hes always had my back. He covered the spots I’ve left open. He’s probably the teammate I trust the most since the beginning.
Second person showed interest in learning, but when the competition rolled around, did not end up doing anything really. They got caught up with some technical issues and ended up watching what me and my partner were doing in an attempt to learn.
The third teammate was just MIA the entire time. I’ve attempted to contact him multiple times, all of which were in vain. Nice.
The team composition ended up looking a bit like:
| Team Member | Role | Responsibilities |
|---|---|---|
| Me | Captain | Team oversight + Windows and business |
| J | Ops Team | Linux security |
| W | Spectator | Nothing |
| A | Bro was missing | Nothing |
The Preparation
As much as I wanted to win, the fact that ITC, another competition, took place on the same day as RvB. Since I was more familiar with RvB, I dedicated most of my time up until that point into the other competition. I sort of winged RvB when it really comes down to it. All I really had were a few rudimentary checklists to follow. Regardless, I was confident enough when we entered the competition.
The Strategy
The plan was pretty simple, do the basic defenses and just camp the leaderboard. As a team of two, its better to focus on the short-term solutions as long-term ones require too much attention and dedication. The competition went on for about only 5 hours which is not that long relative to CCDC so we would be better off in the short-term. Change passwords, firewall, set up an antivirus, and disable useless services. That’s all we really planned to do.
The Showdown
As we take our seats in the back of the room, the event coordinator, Abe Woz takes the podium. He gives us a speech regarding the state of the factory and how he is aware of an APT group planning an attack and that it was up to us to defend their network. Towards the end of the speech, he gets an emergency call and screams to us that we are under attack, signaling to us that that is our cue to begin the event.
Immediately my partner and I divide up the work. He gets the 3 Linux boxes and I get the 3 Windows boxes. We did have a router that was also in scope but none of us knew how to configure a pfSense router so we just sat back and prayed nothing would happen to it. I secured the basics of my first windows box within 20 minutes as they were all just low hanging fruit. I had to rush since one of us needed to work on the business task that was assigned to us. My duo worked tirelessly and quickly to secure the remaining linux boxes.
By the time I submitted the first inventory report, I had realized that none of us went up to do the presentation, costing us a severe loss in points. Too many tasks to juggle between just the 2 of us caused us to get lost in the sea of tasks. Regardless of the outcome, I continued working on my next task of the audit report.
Snippet of the audit report
While working on the business side of things my partner noticed that after all that, we were barely outside of the top 3 in the event. With the high quality of our injects, I knew we actually stood a chance of winning the competition. Every time we saw one of our services go down, we would immediately try to trace the root cause of the issue and bring back up our service as soon as possible. Due to our quick reactions, we eventually cracked the top 3 in terms of service points.
Some time during the event, we failed to notice that one of the red teamers swung by and stealthily took a picture of our screens. My partner conveniently had a text file with all of our passwords to the environment on it. The red teamer came by 30 minutes later and teased us in a roundabout way by asking these super specific questions about our password as he inched closer and closer to it with each subsequent question. It was a pretty funny moment when he revealed the pictures he had taken of us.
The Results
The awards ceremony announced the teams who did best by category before moving onto the overall winner of the event. The 3 categories went as follows:
- Most Inject Points
- Most Service Points
- Most Overall Points (The Winner)
The team that got the most inject points.. was not us. I was surprised as I was quite confident that our reports were really well made. The team that got the most service points was also not us. Things aren’t looking too great right now. My doubts were quickly suppressed as to my surprise, our team did win the most overall points.
Despite only having a team of two members, we managed to defeat every other team of 4 in the event. A pretty nice crowning achievement if I do say so myself.