Press 's' to show speaker notes…
At Nationals and at each Regional things will be different, however the thing you’ll hear repeated at every event is "Do your injects!". Effective teams identify what tasks create the most amount of points for the least amount of effort.
In Zak Thoreson’s blog post he mentions reaching out to industry professionals for help preparing for the competition. DO THIS! Invite the Red Team to come talk about / perform / demo attacks and their defenses.
Until they get hit in the mouth — Mike Tyson
Think that injects need to be 100%
Don’t ask enough questions
Leave default credentials
Patch too much
You use 0days! - Not usually
You have a head start! - Nope
You have advanced tools!
sure.. if you call RDP advanced..
Create a play-book
Automate everything you can
Have a copy for every member
Even if it’s not their focus area
Have a list of shortened / easily typed URLs for everything
Password sheets of easily typed, long, passwords
Cheat sheets of useful commands
List of known / standard users per OS
List of known / standard services per OS
Make sure everyone is focused on the most important tasks
Coordinates interdisciplinary requirements
Focuses on maximum completion of injects
Answers to CEO
Insures that nothing distracts other team members
Get/Download anything needed
Backup for when Team Captain isn’t present
Backup for one of the base billets
RAISE SHIELD Mr Sulu!!
Egress and Ingress filter quickly
You are the point that traffic can generally be trusted. Help your other team members with identifying malicious traffic
Move or disable the SSH port if it isn’t scored
Go into blackout
Injects are IMPORTANT. Do not fail to turn in SOMETHING for them. Partial credit is way better than nothing.
Scores are ordinal (1st in category get 1 point, 8th, 8)
Team Captains that go into CEO meetings with statistics like # of services online, # of injects competed, usually have better meetings