Mid-Atlantic Collegiate Cyber Defense Competition 2024#
This past weekend I had the privilege of competing in the Mid-Atlantic CCDC regional competition. The Penn State team and I had previously qualified for this regional in early January, placing 4th out of 26 other teams. After being graded on our service uptime, inject responses, and red team defenses, we placed 2nd out of the 10 teams who advanced to qualifiers. The first place team, UVA, received an automatic bid to National CCDC, while the Penn State team and I will need to win the wildcard round to gain a bid of our own.
Some Context#
I have competed in CCDC since my freshman year at Penn State, making 2024 my third time participating in the competition. However, this year’s MACCDC qualifiers looked quite different from the past two years. Due to an unforeseen circumstance (aka I have no clue what happened) both the qualifier and regional MACCDC were run on the Mid-West CCDC’s infrastructure and organized by the MWCCDC team.
My role walking into qualifiers was “Miscellaneous services and Incident Response Lead”. Basically the gameplan rolling into the competition was that I would tackle things like Splunk, Mail Servers, and anything that did not fall into the Windows, Linux, and web apps roles. In past competitions this role was meant to flex across the systems as needed, so that is what I was prepared to do. I was also ready to write incident response reports pending any red team activity. In past years you could not block an IP address of a malicious actor unless your team submitted an incident response report; a pretty important job I would argue.
Lessons from Qualifiers#
My “Misc. Services” role was thrown out of the window around 15 minutes into qualifiers. Because the MWCCDC setup was not nearly as robust as the previous MACCDC topologies, the white team (organizers) decided that they would make up for the lack of complexity with MUCH more injects than the team and I were expecting. Injects are various business taskings that require you to respond in a business memo to a technical or non-technical audience depending on its subject matter. These injects began to come in much faster than our team captain could handle, so I passed off my misc. services and began my inject grind. That grind continued from about 8:15am to when the competition ended at 2:00pm. I think the shear quantity of injects overwhelmed both me individually and my team as a whole. This was reflected in our final scores as injects was the worst category the team had. Additionally, there was very little red team activity compared to the past two years. This meant I was only given enough evidence to complete one incident response report, and barely at that.
It was clear that the team and I went into the qualifier with not enough consideration of the changes using the MWCCDC competition structure would throw at us. Realistically, we were ready for the technical changes that needed to be made, but not enough of the team was ready to help with the business writing required of injects. Even those who were prepared to write were not ready for the overwhelming amount of injects that were received. It had a clear effect on our communication and ability to get the injects completed by their due dates. With this in mind, the team and I began our preparation for regionals.
Preparation#
With injects established as our biggest weakness, the team and I dedicated the first few