As I wrapped up my final exam and went to the Green Turtle with a classmate I was introduced to some people who were interested in playing CCDC in 2016. They knew I participated in the 2 previous years and wanted to know how they should be doing to prepare over the summer before join the CCDC club in the fall. I forget what I actually told them but after thinking about it, why didn’t I have a long list of items prepared to tell them? Hence this post.
Summer really is a great time to start preparing for the next years CCDC. Most people have off in the summer which normally means a little more free time. Think about what role you might want to play in CCDC then steer your training towards it. You should naturally gravitate to something that interests you. You will always put more into something if it interests you. Here are some ideas:
- Firewall administration: Cisco ASA, pfSense, iptables
- Windows Server Active Directory
- Database: MSSQL, MySQL, postgres
- Webserver administration: Apache, IIS, NGinx
- Mailserver administration: owa, squirl mail
- Forensics: memory analysis, pcaps, log analysis
- Windows Sys-Admin: firewall, users, services
- *nix sys-admin: iptables, pf, users, groups, services
Find something you like and dig-in. Summer break is time for you to really explore, because when school starts you won’t have the same freedom in your schedule.
Start or join a CTF team. People who are naturally good at team-based CTFs will often be good at CCDC, since they are similar.
CCDC takes alot of time. Practicing takes time. Setting up environments takes time. Just because CCDC limits you to 8 players doesn’t mean you can only have 8 people in your CCDC club. The more people to spread responsibility on the more time you’ll have.
Treat CCDC like a sports team. You have to show up for practice or you can’t play in the big game. Doing CTFs and CCDC rehearsals will weed-out who is willing to commit and who doesn’t have time for it. It will also help resolve personality conflicts sooner rather than later.
Create VM’s on flash drives and trade them with each other. Seem if you can figure out what is mis-configured and what needs to be done to harden that system. This is also a good way to practice forensics. As you guys work on hacking each other’s VMs capture the traffic in pcaps and do memory dumps give those to the forensics person/s and see if they can identify what is going on without telling them. You can never have enough practice standing-up, configuring and securing a LAMP server. Make sure you know how to test and patch heartbleed and shellshock.
Challenge others to write small scripts to automate things. As you perform repetative task you’ll see where you can use scripts and where you can’t. Don’t try to automate everything, that plan will fail. Writing scripts will help you practice working at a command line, troubleshooting and regex. Start with log files:
tail -f /var/log/auth.log | grep Failed
Summer time is for learning. Fall is for practicing. Spring time is for performing.
In closing: find a group of friends you can get together with and have fun solving challenges together. You’ll find your groove, have fun.
Teams who win CCDC stay sharp all year.
How do you plan on staying sharp this summer? Do you have any advice for would be competitors? Leave a comment below.