Lockdown v009 Apr 2016
I had the pleasure of red-teaming at Lockdown v0 today along with a crew of UB and RIT students. Lockdown is a cyber defense competition hosted by NetDef at the University at Buffalo that aims to ease beginners into cybersecurity competitions. In prior years, the event was a small internal event at UB, and this year it was scaled up to support more blue teams and teams from other schools. I had a ton of fun red-teaming and sharpening my exploitation and persistence skills. It felt great to share my knowledge with students who were eager to learn, and be a part of such a conducive environment. My take-away points from this event were:
- It’s important to keep the intended audience of the competition in mind.
Many of the students on the blue teams were in computing majors that didn’t involve security, and this was their first exposure to a security competition. Some students were from non-computing disciplines who were simply interested in learning more about security. Some of the red team’s attacks were too advanced for this level of competition, and overwhelmed some of the teams while they were trying to juggle injects and get acquainted in an unfamiliar environment.
- Meeting with the blue teams is super important.
When I went to visit some of the teams I had been attacking, they were relieved to have support while working through the problems they were facing. Many teams benefited from a walkthrough of security competition fundamentals such as changing passwords and auditing connections. Learning is the main goal of the event, and being available to explain things and answer questions is key for accomplishing it. It felt great to receive the question “how can I learn more about this stuff?”.
Huge props to UB for putting on such an awesome event! Scaling a competition like this is no easy task, and you pulled it off beautifully. I had an amazing time, and look forward to next year’s competition.