Pros V Joes CTF

Bsides LV 2017

Game Overview

The Pros V Joes CTF gives players a venue to practice their offensive and defensive Information Security skills in a hands-on, live-fire combat environment. Pros work with the Joes to teach them defensive skills and the art of offense in a two day competition. The event is conducted in a private network, accessible only via a VPN (credentials required).

Joes are members of the Blue Teams. Pros are members of either a Blue Team or Red Cell. Volunteers are part of the Gray Team. Competition administrators are members of Gold Team.

On Day One, teams of Joes compete against each other, each captained by a Pro. These Teams defend themselves against the Pros on the Red Cell.

On Day Two, Blue Teams are authorized to conduct offensive activities against other Blue Teams. Red Cell continues with their prior responsibilities, but Blue Teams can rent out consulting hours from one Red Cell member.

Game Play

All about the flow of the game, what happens when, and what the responsibilities of each team are.

Pre-Game

Before the start of the game, all players connect with their VPN clients.

Blue Team players log into their assets and ensure they have control of all systems listed in their handouts. Blue Team is forbidden from making any changes in its environment.

Red Cell players confirm they have connectivity and can ping Blue Team networks Red Cell conducts no other activity until Gold Team gives explicit signoff that the game has commenced.

Gray Team logs into Blue Team assets to ensure they have access. Gray Team is forbidden from making any changes in the environment.

Gold Team readies Scorebot for game play, assists players having difficulty, and fixes technical issues encountered during checkout.

The last 30 minutes of pre-game will be for Red Cell early access. During this early access, Red Cell will be fully authorized for all offensive operations allowed by game rules.

Game Time

When Gold Team announces the start of the game, all teams authorized to attack are free to do so, and all make any desired changes to their environments.

Day One

Within the given amount of time, Blue Teams are expected to maintain Scored Services, secure systems, and protect the network and their own flags. Blue Teams are prohibited from any offensive actions.

Within the given amount of time, Red Cell is expected to compromise Blue Team assets, plant beacons, steal the flags, and increase their joecoin account at the blue teams’ expense.

Within the given amount of time, Gray Team is expected to act as user in the environment, accessing systems to perform tasks, validating closed tickets, opening up new tickets as necessary, and calling the Blue Teams as needed for support of issues they encounter.

Gold Team will monitor and maintain the gaming infrastructure to ensure continued play. Gold Team will monitor all teams and players to ensure things are going smoothly, providing assistance as necessary.

Day Two

Within the given amount of time, Blue Teams are expected to maintain Scored Services, secure systems, protecting the network and their own flags. Blue Teams are also expected to attack the other Blue Teams networks, compromise their systems, and steal their flags.

Within the given amount of time, Gray Team is expected to act as user in the environment, accessing systems to perform tasks, validating closed tickets, opening up new tickets as necessary, and calling the Blue Teams as needed for support of issues they encounter.

Gold Team will monitor and maintain the gaming infrastructure to ensure continued play. Gold Team will monitor all teams and players to ensure things are going smoothly, providing assistance as necessary.

Post Game

At the end of each day of the game, the Pro’s and the Joe’s will review what happened. Red Cell members will reveal how they breached the Blue Team environments, and the all players will discuss better ways to defend.

During the Day 1 hotwash, Red Cell may withhold any information they choose to, in order to continue the game on Day 2.

During the Day 2 hotwash, Red Cell will conduct full disclosure.

Scoring

Blue Team

Blue Teams compete against each other for the highest number of points. Points are are obtained by the following:

Points can also be lost, through these events:

As Blue Teams lose their flags, this will be posted on the Scoreboard for all to see. As beacons are transmitted from a Blueteam's environment, these may or may not be displayed on the scoreboard, per Red Cell’s discretion.

Ticket scoring will be conducted as follows:

Flag scoring will be conducted as follows:

Beacon scoring will be conducted as follows:

Blue Team points can be positive or negative.

The Blue Team with the highest points at the end of the competition is the winner.

On Day Two, Blue Teams have the option of conducting offensive operations against other Blue Teams, but not against any other game entity or area. On Day Two, points can be gained and lost for all activities on Day One, with the following additions:

Red Cell

Red Cell members gain credit for stealing flags and compromising Blue Team assets.

Upon submitting stolen flags, Red Cell team members will also get individual credit, with Scorebot displaying their loot on the board for all to see.

Upon compromising assets, Red Cell team members have the option to send beacon to Scorebot and prove pwnership. Beacons can either be advertised on the scoreboard, or hidden from view. Different point values will be given for each, the values of this will be disclosed to Red Cell.

Gray Team

The Pros V Joes volunteers will be assisting Gold Team in the capacity of Gray Team. The role of Gray Team is to play the part of users in the environment. Each of them will have accounts in each of the Blue Team's Windows network. It is expected that they will have access to the Blue Team systems so that they can continue to do what they need to do. If they cannot access the environment, they are authorized to open up trouble tickets, which count against the team in question.

Gray Team is also responsible for creating, deploying, and maintaining Flags in the environment. They are the only team authorized to do so, except for Red Cell, who is authorized to steal the flags.

Gray Team will be authorized to call the Blue Teams on the VoIP phones, to send emails within the game email system, and to approach players directly.

Part of Gray Team's responsibilities will be to make calls on the VoIP infrastructure to the Blue Teams to give them clues to flags and sometimes to give them flags. This information will only be available by receiving a VoIP call.

Flags

Throughout the course of the game, each Blue Team is responsible for protecting the Flags in their environment by preventing Red Cell from gaining access to their infrastructure. Flags are globally unique in exact content, but each Blue Team will always have the same quantity and type of flags.

Tickets

Tickets are an important aspect of the game. The following rules outline what is acceptable and what is not.

In the event of a violation of these rules, the following penalties will apply, assessed and implemented automatically by Scorebot. Gold Team reserves the right to add new and undocumented violations during game time, in the event that unforeseen violations occur in either the letter or spirit of these rules. Please note that these penalties are designed to be punitive in nature.

CTF Economics

As a new part of this year’s game, we are introducing an economic overlay to the game. What the fuck is that, you might be asking yourself? Well, let us explain.

In the real world, defenders and adversaries are both commonly limited by resources. It is not possible to deploy infinite amounts of defensive hardware and software, nor is it possible to devote infinite amounts of time to developing exploits and compromising a given host.

As such, we’ll be introducing an economic system into the game. Points earned by Red and Blue can be exchanged for Joe or Red Coins, which can be used to buy resources for the game.

This exchange and purchase system will be achieved through a Gold Team managed ZenCart that interfaces with Scorebot. Each team will have their own account in ZenCart to make purchases. The current exchange rate of points to coins will be advertised on the scoreboard. All transactions will be considered final and non-refundable.

The following are examples of what might be in the store for purchase by Blue Teams include, but are not not limited to:

The following are examples of what might be in the store for purchase by Red Cell include, but are not limited to:

Red Team will be authorized to add items to Zencart for sale to the Blue Teams. The following are examples of what this might include, but are not limited to:

Game environment

The CTF gaming environment consists of a network for each Blue Team, with multiple servers and desktops running varying OS and services. Each Blue team has a dedicated firewall they can use to defend their network. Each Blue Team possess and is in control of an authoritative DNS server that services their network to the rest of the Gaming Grid.

Firewalls

Use of Firewalls comes with certain restrictions in this game, due to the nature of trying to simulate real-world hacking adventures in a compressed timeframe. These rules cover both network and host firewalls, all protocols, and any alternative means attempted to achieve the same effect through alternative means such as routing, DNS, or other means.


Note the following definitions:

The following rules must be followed at all times:

Protips:

In-game Communications

Email

To facilitate Gold Team communications with the Blue Teams, an in-game email system exists. This in-game email system is only to be accessed via in-game computers. Each Blue Team has their own dedicated email server, and at least one email client already configured at the start of the game.

Ticket System

To help with the assignment and tracking of tasks, Gold Team hosts a centralized Ticket system in its network. Each Blue Team has an account on this system, and will receive tickets during the game for tasks they must complete. Upon completion of a task, the Blue Team should write a clear description of what was done to accomplish the change, fix the issue, etc, and close the ticket.

Scorebot monitors this ticketing system and will automatically update the scoreboard as tickets are closed.

VoIP phones

Each Blue Team will be equipped with a VoIP phone. This phone, and its supporting PBX infrastructure, is for them to use and defend. To get some flags and points, players will need to answer the phone when it rings and may need to use the phone to make calls. The phones and their supporting infrastructure are in scope for Red Cell.

Changes

During the course of the game, Gold Team reserves the right to deploy new assets for the Blue teams to defend. The Blue Teams may or may not be notified of these changes during the course of play. Any such notifications will be sent out via one of the following means:

Blue Teams may request changes to their environment (new hosts, SPAN ports, etc) via the Ticketing System. Gold Team will accomplish these tasks as time permits and will update Blue Team through the ticketing system and/or email. Blue Teams may make use of email in addition to the ticketing system, but any request without a corresponding ticket will be ignored.

Scorebot

Central to the game is the Scorebot scoring engine. This is a homegrown application that will track all aspects of the game and score players and teams accordingly.

During the game, Scorebot performs the following actions:

The following list of actions are expressly prohibited until Day 2

The following list of actions are expressly prohibited until the final combat phase.

Tips to the Joes

Look to the Pro's, your team captains on both days, and the Red Cell members that join you on Day Two. In addition, here's a few tips.