Open Cyber Challenge Platform Demo

Overview of Demo

  • Blue Team will successfully update some passwords. However, they will not block or disable unused services or update TikiWiki.

  • Red Team will launch several attacks, one of which will deface the website.

  • Grey Team will act like normal external users, eventually reporting the website as defaced.

  • White team will adjust the scorer based on the success of Red attacks or the failure of Grey requests.

Network Defense Challenge

  • Red Team will launch 6 attacks against web-server
    • Brute force log-in using Telnet
      • If successful – counts against Blue Team, but does not result in any damage to the web-server
    • Login as 'root' user using rlogin
      • If successful – counts against Blue Team, steals the shadow password file, defaces the website, erases the system log, creates a backdoor user, and installs public key for root
    • Web application exploit on TikiWiki app
      • If successful– counts against Blue Team, and uploads a file that allows privilege escalation
    • Attempt to create connection to distcc
      • If successful – counts against Blue Team, but does not result in any damage to the web-server
    • Login as existing user based on stolen credentials
      • If successful – counts against Blue Team, uses privilege escalation file to become root, and shuts down the web-server
  • Grey Team will send valid traffic to web-server
    • If denied or website is defaces – counts against Blue Team
  • Launch time between attacks is configurable
  • Attacks are set to repeat in a cycle