Category Archives: Regionals

Red Star, Schmed Star

 

In MACCDC 2015 Regionals the network started out with the VMs outlined in our team packets. Our team captain was away from our tables handling other administrative duties. An ‘inject’ came through which required us to use “Office Software” to create something, I can’t recall if it was a power point or ‘word’ document, to explain something that was going on with the network or systems. Along with the inject a new VM appeared in our vSphere console. It was a linux system labelled “Red Star”. We quickly launched it and realized this flavor of linux has a GUI vs just a console, but everything was in a different language, a language that our system administrators couldn’t read. We all left our seats and surrounded our teammate to see if it was something maybe we could read but, it wasn’t 😦 We tried carelessly clicking around trying to change the language to English but were failing at doing so.

Redstar3

Our team captain came back from her assignment and needed an update on what we were doing. We explained that we can’t read the language on the new system and were struggling to complete the new inject we received. She was standing over the shoulder of one of our system administrators and looked down at the new linux box. Her eyes focusing on the foreign letters on the screen she exclaimed excitedly “I can read this! Its Korean!”. It was a eureka moment for all of us. It was like when Lex Murphy realized it was a unix system. (https://www.youtube.com/watch?v=dFUlAQZB9Ng)

Our team captain is of Korean decent.

The linux system that was injected into the game was: https://en.wikipedia.org/wiki/Red_Star_OS

It’s not the hard things that trip you up, it’s the small stuff you waste time on.

 

 

Meet the Red Team

I collected these from my crontab during MACCDC 2015 regionals, running phonehome_script -h [hacker_handle]

This list is not comprehensive. This list is not meant to frame or outline who-is the “enemy”, the Red Team in not the enemy.

Instead, it is a list of excellent hackers you should be following on twitter and read their blogs. Use this as a resource. These guys & gals will keep you up-to-date on the latest security trends, exploits, and politics. They might even drop a dime about CCDC once in a while.

You can also use this as a resource for incident reports by tying a person to a handle through social media profiles.

dlcowen: @HECFBlog – http://www.hecfblog.com & https://github.com/dlcowen
mubix: @mubix & http://www.room362.com
darkwolf:
jess@jessevarsalone
r00t0v3rr1d3: @r00t0v3rr1d3 – http://cevincere.com
gaz_:
m0r3sh311s: http://m0r3sh3lls.blogspot.com/ & https://github.com/m0r3Sh3LLs
cmcc:
rade:
jofo: @jofo
sapling:
veritas:
RustyB:
pasv:
skolor: @skolor
hal3001:
genxweb: @genxweb – http://www.digitaloffensive.com
Yeti:
phat32: @phat32http://www.social-engineer.org
recompiler: @recompilerhttp://death-merchant.blogspot.com
mechlovin:
wik:
cylus@cylussec & http://cylus.org/blog/
_cg_:
mstaint: @mstaint
Marqo09: @marqo09
mads:
rsmudge2015: @rsmudge & @amitagehacker
slicerfox:
warezjoe: @warezjoe

cat /etc/crontab
cat /etc/crontab