MEI’s Capture The Flag @ BASC 2017 recap

In recognition of October being National Cyber Security Awareness Month MEI Security supported an Attack & Defend CTF at OWASP Boston’s BASC at Microsoft in Burlington (MA) Saturday, 10/14/17. We fielded 7 Defender workstations with multiple VM’s and IoT devices on the network as additional targets courtesy of Pwnie Express.  Attacking Teams brought their own laptops and attack tools to infiltrate the Defender network resources.

The day began with a participant briefing at 9am.  Competing teams were given descriptions of the network, scoring methodology and the active VM schedule. Defending Teams were given credentials for the stations and resources they were to defend.  Scoring went live at 10am and continued until 4pm.  Early in the session Team Skadi jumped out to lead in both Defensive & Offensive points, leads which they built upon throughout the challenge.  The middle of the day was briefly marred by failure of a formerly trusty switch – but MEI quickly tracked down the root cause and deployed a replacement.  Along the way, MEI issued advisories to simulate real-world information breaches, requiring adjustments by both Defenders & Attackers. In the last hour of live scoring, Attacking & Defending Teams came together and shared their strategies & experiences making for a productive and fun conclusion for all participants.  At 4pm, Scoring was halted and Team Skadi claimed the Best Defender & Best Attacker crowns.

Thanks are due MEI’s volunteers & many others for providing guidance & support along the way.  Without their thoughtful & generous contributions of time & materials, this successful workshop event would not have been possible.  Cheers to OWASP Boston for sponsoring the annual Boston Application Security Conference and for providing a cadre of highly skilled & eager volunteers.  Thanks also to Microsoft for their courteous staff and use of their facility. #OWASPBOSTON #NCSAM #CyberAware