Palmetto Cyber Defense Competition 2023 High School Kickoff Meeting - February 2023
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Palmetto Cyber Defense Competition 2023
High School Kickoff Meeting
February 2023
PCDC X High School Day is
scheduled for
15 April 2023
Scott Bell PCDC Director
Naval Information Warfare Center Atlantic (NIWC Atlantic)
For PCDC Planning Purposes Only
Venue
PCDC will be in person this year at Trident Technical College
located at 7000 Rivers Ave, North Charleston, SC 29406
(https://goo.gl/maps/BvWM46WSmxifbYJF7).
Saturday, 15 April: High Schools
Sunday, 16 April: Colleges
Monday, 17 April: Pro Day: Gov’t and Corp
2
Our Goals
Science, Technology, Engineer and Mathematics (STEM) Outreach: This competition
is intended to energize students, high schools & colleges to focus on curriculum
development for the type of technical skills that we need in today’s fast paced &
challenging cyber environment. This will include cybersecurity technical skills that
are often taught only at the post graduate college level but need to be introduced at a
much earlier age. Valuable practical experience is gained by students in a sector that
needs more talented workers to meet growing cybersecurity challenges in the business
environment. We need to develop our future cybersecurity workforce.
3
2023 High Schools Palmetto Scholars Academy – 1st place 2022 Swofford – 2nd place 2022 Home School STEM – 3rd place 2022 Qualified through CyberPatriot: AAST Academic Magnet Ashley Ridge Clover East Cooper Silver Bluff Stratford
The Competition
▼High School Blue Teams will be responsible for operating a small network while
protecting the network infrastructure from Red Team (hackers) attacks. Blue
Teams will be scored for accomplishing administrative and business tasks while
maintaining network/service availability (such as mail, database and web servers)
as well as their ability to detect and respond to threats. Students must be able to
configure and protect their network. Teams must also be able to respond to business
requests such as the addition or removal of services, and balance security needs
against business needs.
▼Competition scenario this year: Teams will be operating the Palmetto’s Choice
Diamond Commercial Airline. The previous IT staff was fired for leaving the
network insecure and poorly configured, though operable. You will have 90
minutes to secure the network before hackers attack.
5
TStatement A: Approved for Public Release. Distribution is unlimited (8 June 2017). 6
Saturday, April 15
High School Competition/Hack Warz Schedule (Draft)
7:45 am – 8:15 am: Connectivity Checks (PCDC Network)
8:15 am –8:30 am: Blue Teams Briefing/Opening Ceremony
8:30 am –10:00 am: Competition begins/Initial Injects/Secure the Network
8:30 am – 8:50 am: Hack Warz continuity checks
8:50 am – 9:00 am: Hack Warz opening ceremonies
9:00 am – 2:30 pm: Hack Warz at PCDC competition
10:00 am – 3:00 pm: Operate PCDC Network Under Hacker Attacks
3:00 pm – 3:15 pm: Red Team members visit Blue Teams?
3:15 pm – 3:30 pm: Break
3:30 pm – 4:10 pm: Blue Team Presentations
4:10 pm – 4:20 pm: Gold Team Debrief: Common Mistakes
4:20 pm – 4:30 pm: Red Team Debrief: Common Mistakes
4:30 pm – 4:40 pm: Speaker: SSC Atlantic Leadership
4:40 pm – 5:00 pm: Awards / Closing Ceremony (Hack Warz & PCDC)
TStatement A: Approved for Public Release. Distribution is unlimited (8 June 2017). 7
Preparation
▼Each team should be prepared for:
Operating Systems - ex: Debian, CentOS, Ubuntu, Red Hat, Windows
Email Services - ex: Zimbra, MS Exchange, Sendmail
Databases: - ex: SQL, MySQL, Maria
Web Services: - ex: Apache, IIS
Enumerating a network
Scan tools: - ex: OpenVAS, Nessus
Command line shells - ex: BASH, KSH
▼Complete and submit Consent/Registration form
Team Registration form due back early March.
Must be typed and signed, indicating you have read the Preparation Guide,
including rules.
▼Review PCDC Prep Guide (PCDC website)
▼Review the Blue Team Packet
Available on PCDC website approximately 24 hours prior to event
It has passwords and other essential information
8
Mentoring
▼ Each team will have a NIWC assigned mentor(s)
Weekly for approximately 1 to 2 hours
Face-to-Face and/or virtually
▼ Training Resources:
Great site for Linux images: http://www.osboxes.org/
Great training videos: pivotproject.org
NETLABs hosted at TTC. Sessions available 24x7
PCDC-SC.com Blue Team Area
▼ Suggested Mentoring subjects:
• Intro to IT Security
• Operating Systems Secure Configuration: Windows, Linux/CentOS/Ubuntu
• How to Mitigate
• Networking Fundamentals/Password Security •Virtual Firewalls
• Business practices/injects/scoring •Docker Containers
• Reviewing Blue Team and Preparation Guide with schools •Digital Forensics
• Database (CRM, Maria, MySQL)/firewall/etc back ups •Intrusion Detection
9
Important Concepts
▼ Topics:
Changing default passwords
Updating software, Patching
Stay focused, learn & have fun
Problem solving
Teamwork
Don’t block scoring engine
Don’t antagonize Red Team
Incident response
Crisis management
Intrusion detection
Stay calm
Social Engineering
Inject completion within time limits
Attention to detail
10Event Schedule
▼Prior to start of opening ceremonies, teams will receive their pre-brief.
▼Every student will get a SWAG bag. Additional SWAG is still being ordered so
check latest Enterprise PPT on PCDC web site to get the most up to date listing.
▼Competition is continuous, but teams may break for lunch.
▼Final inject: Each team must provide a short 5 minute brief at the end of the day
on what they liked, disliked and learned during the competition.
▼Winning team gets to keep a large “Stanley Cup” like trophy for one year and a
smaller matching trophy to keep.
▼Each member of top three teams get individual medals.
11Event Administration
Each team will consist of :
3-6 students
1 advisor (not allowed to help team unless brought in by NIWC mentor on a
case-by-case basis)
A NIWC Blue Team Mentor provided by NIWC (hands-off) to advise during
the event
No alternates can participate except in very extreme circumstances (and must
have a completed registration form)
Teams will use laptops to access Amazon workspace virtual desktops
You can trust:
Your Blue team mentor/White team judge(s)
Gold Team (networking/staff)
Anyone designated by the Director
Injects:
Points are scored for successfully completing injects on time
No credit for late injects
Teams will receive several initial injects, plus several injects across the day.
12Team Responsibilities
6 team members will use their own laptops running their
network
Secure/know your network/services, 90 minutes till Red
Team attacks, may be scanned from the beginning
Potential Services: Email, Web
Potential OSs: Windows, Linux
Protect PII (SSNs, credit card #s, etc)
Perform accounts management
Protect services
Complete injects/business operation requests
Identify malware & intrusions
React to Social Engineering attempts
Consider assigning a team lead to track and assign
responsibilities for injects and monitoring services
NO hacking attempts by Blue teams against anyone as this
will result in immediate disqualification!
NO cell phones are to be used to consult with others outside
your team during the competition!
TStatement A: Approved for Public Release. Distribution is unlimited (8 June 2017). 13Important Links
▼PCDC Website: pcdc-sc.com
▼PCDC Facebook:
https://www.facebook.com/PalmettoCyberDefenseCompetition
▼PCDC Twitter: https://twitter.com/PalmettoCyber
▼Cyber Patriot: http://www.uscyberpatriot.org
▼AFCEA: http://charleston.afceachapter.org/
▼#PCDC
▼Scholarship for Service: https://www.sfs.opm.gov/StudFAQ.aspx
14PCDC Primary POCs ▼ Scott Bell, NIWC - PCDC Director Email: scott.h.bell.civ@us.navy.mil ▼ Dennis Wilson, NIWC - Blue Team Mentor Lead Email: dennis.r.wilson18.civ@us.navy.mil
Wrap Up
▼ We are looking for motivated, enthusiastic students willing to
put in the time and effort to prepare for and compete in an
exciting, rewarding and challenging Palmetto Cyber Defense
Competition
▼ Questions?
16You can also read
