How to Win CCDC

Press 's' to show speaker notes…​


At Nationals and at each Regional things will be different, however the thing you’ll hear repeated at every event is "Do your injects!". Effective teams identify what tasks create the most amount of points for the least amount of effort.

Obtain Mentors

In Zak Thoreson’s blog post he mentions reaching out to industry professionals for help preparing for the competition. DO THIS! Invite the Red Team to come talk about / perform / demo attacks and their defenses.

Everyone has a plan…​

Mike Tyson

Until they get hit in the mouth — Mike Tyson

Year(s) in Review

What Blue Teams do wrong…​

  • Get frustrated

  • Think that injects need to be 100%

  • Don’t ask enough questions

  • Leave default credentials

  • Patch too much

Common misconceptions of the Red Team

  • You use 0days! - Not usually

  • You have a head start! - Nope

  • You have advanced tools!

    • sure.. if you call RDP advanced..

Practice and Preparation

ugly red book
  • Create a play-book

  • Automate everything you can

  • Have a copy for every member

    • Even if it’s not their focus area

  • Have a list of shortened / easily typed URLs for everything

  • Password sheets of easily typed, long, passwords

  • Cheat sheets of useful commands

  • List of known / standard users per OS

  • List of known / standard services per OS

Know your team

Roles and Chain of Command

  • Team Captain

    • Gopher

      • Firewall Admin

      • Linux Admin

      • Windows Admin

      • Web Admin

      • Incident Responder

      • Client Services

Team Captain Responsibilities

  • Make sure everyone is focused on the most important tasks

  • Coordinates interdisciplinary requirements

  • Focuses on maximum completion of injects

  • Answers to CEO

  • Insures that nothing distracts other team members


  • Get/Download anything needed

  • Backup for when Team Captain isn’t present

  • Backup for one of the base billets

Firewall Admin


  • RAISE SHIELD Mr Sulu!!

  • Egress and Ingress filter quickly

  • You are the point that traffic can generally be trusted. Help your other team members with identifying malicious traffic

Linux Admin

Windows Admin

Web Admin

Client Services

Incident Response

Physical Space

  • Go into blackout


Know your network


Know your defences


Know your enemy


Regional Specific Notes


Down Arrow…​

Pacific Rim Region

Western Region

North-Central Region

Rocky-Mountain Region

At-Large Region

North-East Region

Mid-Atlantic Region

  • Scores are ordinal (1st in category get 1 point, 8th, 8)

  • Team Captains that go into CEO meetings with statistics like # of services online, # of injects competed, usually have better meetings

South-East Region

South-West Region

Red Team Debriefs