What a year this has been. C3X2018 "Genesis" just wrapped up on October 24th and I couldn't be happier (and happy that it's over because I forgot what real sleep feels like).
For those of you who have no idea what I'm talking about, the Canadian Collegiate Cyber Exercise or C3X is an event that Ben Wells (@1StealthMove) and myself started working on in 2016, and brought into reality in 2017 with a beta run of the event. You can watch the trailer from last year here:
So why did we create C3X at all? Sadly, Canada doesn't have too many red vs. blue, cyber war game type events (at least to my knowledge) and as far as RedBlack is concerned, that's a shame. We have a lot of CTF's and the like, but there's no shortage of those already. We've also come to learn that many students do not get the required and needed exposure of learning about defending Windows environments, ActiveDirectory and being able to put what they've learned in school to the test before going out into the world.
If you have ever heard of the CCDC (https://www.nationalccdc.org/) and the CDX (https://www.cyberscoop.com/inside-nsas-cdx-high-tech-competition-pitting-cadets-elite-attackers/) (better link?) they were both a source of my inspiration. Having helped out in the CCDC red team a couple times, I really was bothered that we didn't have anything similar up here. So, like Field of Dreams (ugh I'm getting old) "If you build it, they will come" :)
The first run of C3X was hosted at George Brown College in Toronto, Ontario. It involved student teams from Lambton College and George Brown College. 10 students per team, a white team made up of a few mentors to help the students along and aid in coordinating the whole event, plus a 5 person red team.
The students walked into an environment I had built for them with zero knowledge of it and had 7 hours to defend it as best they could. We designed the game around an essentially mini, scaled down Windows enterprise environment, consisting of 10 desktops, 5 servers, AD, and then to help them out, some defensive appliances like Security Onion, Microsoft ATA, and a custom ELK stack - along with various scripts and tools for hunting I personally utilize , on their blue team virtual machines.
We paid for everything out of pocket, asked for no money from anyone including the sponsors, other than their time and some sent us swag to give away on top. We love and appreciated all of your help.
That being said, the situation described above limited what we could do in terms of size, scale and complexity of the game. So, in preparation for the following year we decided to change up our approach.
This year we decided to beef things up a bit.
We created a builders team and formed a meetup with about 20 individuals, who again generously volunteered their time and energy to make this new iteration happen. We gave this year a theme and a scenario, as well as heads up information, technical specs, diagrams and topologies and video demos I created for the students on how to hunt down the red team using the provided environment.
We increased the game complexity up to 30 desktops, 10 servers, ATA, Security Onion and HELK, Windows event forwarding with selected logs of interest and aggregated them into HELK (https://www.invokethreat.actor/2018/09/leveraging-wef-and-helk.html) for the students to have more tools at their disposal.
The red team was made up of 11 individuals this year. We opened up the event to more sponsors and funding, invited 3 schools with teams of up to 20 students each, and added business inject cases into the game to add context for the students
What I'd like to do is break down and thank the various teams, volunteers and sponsors for all their efforts:
Student Blue Teams - George Brown, Sheridan and Seneca
First off, this is all about you and built for you. I wish I had something like this when I first started out - so it really does warm my heart so much (I'll be honest, I get a little water in the eyes thinking about it) to see you all come out to C3X.
Some folks had harder days, some days things break and don't work, some teams get hit harder than others; but that's the whole point. We design this to try and take you out of your comfort zone and dial up the stress and intensity of defending against an aggressor. Given that, all participants showed tremendous determination and energy. It was inspiring.
Watching team members communicate with each other was another heart warming thing to see; Teamwork is under-appreciated and sometimes not enough weight is put on how important it is to be able to work together cohesively, especially in a pressure cooker situation.
My hat is off to every single one of you.
The white team was a mix of our simulated upper managers and executives, blue team mentors and volunteers helped with everything from setup and tear down, to making all three days happen overall.
Without you, C3X would also not be possible. The fact you took the time to hang out in school for 3 days for 10-12 hours in some cases is just incredible and I don't think I can put into words how much that means to all of us.
I value every one of your efforts and input for the game. I hope you all wish to be involved for next years build and execution.
You are all wonderful people.
Oh my sweet red team :)
Thank you all for being there and doing me the honour of being evil for 3 days. I wish I was able to be your captain again this year, but as you could see, it was important I be available to help everyone else as needed - you all did a wonderful job without my full attention.
The students, facial expressions excluded, appreciated all the pwnage you brought upon them. So many laughs and fun times throughout the whole exercise and like everyone else, this would not be possible without your efforts. We almost managed to unlock the blue team door with a hook. So close. Video forthcoming.
It was a privilege and pleasure to have you there. Love you all.
A Special Thanks
It's easy for everyone to look at the part I played in designing and building the game as a massive effort (don't get me wrong, it was) due to the technical nature of everything I needed to implement. But let me be very clear here, none of C3X would have happened in the slightest, if it weren't for Ben Wells (@1StealthMove) from our company essentially organizing and coordinating the entire event.
Without his time, sweat and energy there would be no C3X. If there's anyone you should be thanking, it's him.
Thank you sir.
The Final Thanks
I cannot wrap up this post without some name dropping and very heartfelt thanks to our contributors, sponsors and other mentions that made this all possible. Please follow the folks below since they're all such awesome people. If I've missed you from the list or incorrectly referenced you please let me know :)
An epic sized thank you to:
o Ragnarok Digital Security
· George Brown Staff
§ As always, you accommodated beyond our expectations
§ Thank you for all your assistance with the lab
§ Thank you for helping with issues and playing a role on our white team
§ Thank you for everything you continue to help us with each year. Means a lot.
o Thanks for the 5am troubleshooting help @cyb3rward0g :)
· White Team
o Cheryl Biswas - @3ncr1pt3d
o John Perea - @SecBustersInc
o Fréderic Dorré - @orange_logger
o Alp Tanatmis
o Quang Tu
o Don Mallory - @MonochromeAttic
o Rick Mahadeo
o Chris MacPhee - @Drag0nFox
o Ryan Boroumond
o Kim Crawley - @kim_crawley
o Jeff Lubetsky
· Red Team
o Jose Sanchez - @el_infector
o Brendan Hohenadel - @bhohenadel
o Paul Lariviere - @dcept905
o Alana Staszczyszyn - @cubes_n_spheres
o Amadeus Konopko - @AmadeusKonopko
o Corey Chambers - @OratorioNumber8
o Nadia Hassaan
o Dave Storie - @seeonedave
o Harun Fetic - @SnkyBruslSprout
We'll see you next year!!