Podcasts
Special Editions
Ep 34
Special Editions 12.15.19
Ep 34 | 12.15.19

Capturing the flag at NXTWORK 2019

Show Notes
Transcript

Oliver Schuermann: [00:00:02] The real challenge with these events is that you can't make it so easy you can do it in two minutes and you can't make it so hard people get frustrated and leave. It's just a way to challenge and learn. 

Jeff Fry: [00:00:11]  So it's like maybe stuff that you haven't done or don't deal with in the real world, and you get a chance to go try it and learn it. 

Cody Jencks: [00:00:16]  All three of us admitted right at the beginning that we're not really security-focused. So we kind of just had to make sure we teamed up and, you know, worked on it together. 

Unidentified Person #1: [00:00:24]  We've hacked our own server. So, you know, we gleaned some good insights from that. 

Jason Forcer: [00:00:32]  I was a little bit nervous going in. I wasn't sure what to expect. But with the JSA and automation, this made things surprisingly easy. 

Unidentified Person #2: [00:00:38]  It's worth the effort because it - I mean, it's a partner and customer summit. 

Dave Bittner: [00:00:52]  Hello, everyone. This is Dave Bittner from the CyberWire. Capture the flag competitions are an increasingly popular and valuable way for both cybersecurity students and seasoned professionals to test their skills, stay sharp and maybe even put a bit of swagger on display. When I speak with people in hiring positions, many of them say that capture the flag experience is something they look for on a resume. It can demonstrate technical skills, teamwork, creativity, grace under pressure and determination. So with all that in mind, we set out to capture the excitement of a capture the flag event to share with you what it's like to take part. 

Dave Bittner: [00:01:29]  As luck would have it, our sponsors at Juniper Networks were hosting a capture the flag hackathon at their annual NXTWORK conference in Las Vegas, and they invited our CyberWire team to join them to experience it for ourselves and capture some of what it's like for you. So thanks to Juniper for organizing the event, inviting us to witness it and for sponsoring this CyberWire Special Edition. 

Dave Bittner: [00:01:59]  Hello, everyone. This is Dave Bittner from the CyberWire, and we are live in beautiful Las Vegas at the fabulous Caesars Palace. We are here at NXTWORK 2019. This is Juniper's big event, and I am attending the hackathon. And joining me is Oliver Schuermann. Oliver, great to have you here. 

Oliver Schuermann: [00:02:18]  Hi. Good morning, Dave. Glad to be here. 

Dave Bittner: [00:02:20]  We've got quite a day ahead of us - lots of activities. We are going to be doing kind of a play-by-play with this hackathon. Why don't you set the stage for us? What can we expect from this competition today? 

Oliver Schuermann: [00:02:31]  Sure. This is kind of our third year of doing the hackathon, and it continues to grow a good bit. Really, the objective here is not to be a giant Juniper commercial, although we do know who we work for, so there will be some Juniper components to it. But really, it's about the convergence of both network security and automation in how do we stop some of the more sophisticated things that are out there today? 

Dave Bittner: [00:02:50]  So looking around the room here, for folks who are listening at home, the physical setup of the environment here - we are in a big hotel ballroom, but it has been divided into two sides. Explain to us what's going on with that. 

Oliver Schuermann: [00:03:04]  So really, the intent, and we've kind of done both versions of this, but this is a red team and a blue team capture the flag exercise. The point of the red team, obviously, is to capture the flag and make as many moves as possible. There's actually four goals here to get through the event - or four milestones. Now, the blue team's objective is completely the opposite. It's to stop the red team from getting to - it's actually an "Ocean's Eleven" theme. We figured we were in a casino, so we have them trying to get into the casino vault. And once they get the combination through various different techniques very similar to the movie "Ocean's Eleven"... 

Dave Bittner: [00:03:34]  Very nice. 

Oliver Schuermann: [00:03:35]  ...And you'll see that actually come out, and they get a - they get cash and prizes. 

Dave Bittner: [00:03:38]  Right, right. So... 

Oliver Schuermann: [00:03:39]  Well, maybe not cash. 

Dave Bittner: [00:03:40]  So looking at the room itself, we've got multiple tables set up for multiple teams - much more red teamers than blue teamers. What's the dynamic there? 

Oliver Schuermann: [00:03:48]  Well, I mean, that's really real world. You know, we have automation. You have a ton of things that come at you. If you look at denial-of-service attacks and botnets, you have a lot more attackers or things that are attacking you out there than there are defenders. And that's also indicative of the shortage we have in cybersecurity as far as professionals that know this. So this is very much a real-world scenario where you have - you know, we're heavily weighted towards the red team, maybe less so than in real life. But actually, this is what people will experience. We also have some automated noise and attacks that are in the background as well. So really, the blue team will be feeling the pressure today. 

Dave Bittner: [00:04:22]  Tell me about the teams themselves. How did these teams get formed? Who are they composed of? 

Oliver Schuermann: [00:04:27]  The teams are formed of a mix of both folks with programming backgrounds, meaning that, you know, programming, scripting, Python, et cetera. You have some networking professionals that are more on the traditional networking side, as well as security professionals. And we created teams that were kind of a mix of all of them, as we find that's a good blend of skill sets to really give you what you need, and also replicating what we really see out there in the real world. 

Dave Bittner: [00:04:48]  What's the importance of an event like this for Juniper to support a thing like this? My understanding is that these capture the flag events - not only are they great exercises for the people, but a lot of people who are hiring these days, they're looking for experience of these sorts of events from folks who are looking for jobs. 

Oliver Schuermann: [00:05:06]  Well, I think it's a culmination of a lot of things. But quite frankly, yes, it's folks that have real-world experience. There's a lot of ways you can get cybersecurity knowledge from books or from certifications, et cetera. But the real-world application of that, using some of the folks like we have on our team to really show, you know, what's really out there and demonstrate, you know, kind of what's there. So that really helps folks up-level their skill set. And, yeah, it does help people get jobs. 

Dave Bittner: [00:05:28]  All right. Well, we are just a few minutes away from the competitors coming into the ballroom here. It's certainly going to be an exciting afternoon, and we're happy that all of you are here to listen along as we go. It's going to be a lot of fun. Again, this is the NXTWORK hackathon, courtesy of our friends at Juniper Networks. 

Dave Bittner: [00:05:50]  Now let's get into the background story behind today's hackathon. 

Unidentified Person #2: [00:05:53]  It's just about a disgruntled employee who got laid off from Acme Casinos, and he put out a contract to any hacker that can breach that casino's data center in the world. So you come in as the hacker. This is from the red team, I'm talking. While you're doing reconnaissance at the resort casino, you notice the model of the IP cameras that they used. And then you kind of want to go in there and load malware on those cameras. So that's done for you already. Those cameras are calling out to the command and control servers that you, as the red team, own. 

Unidentified Person #2: [00:06:26]  And what's going to happen is the red team would have two ways of getting into the blue team's environments. The blue team's environment consists of a casino and a data center. The casino has cameras and the data center has web servers and the vault. The red team, essentially, has two ways of getting into the blue team's environment, of capturing the flag and getting into - getting the safe code for the vault where the cash is at. And if you are able to exploit any of the two vulnerabilities, the first one being the IP cameras and the second one being the web servers through which you can go to the database and the vault, you essentially win the hackathon. 

Unidentified Person #2: [00:07:05]  We don't need any more rules. We're all hackers. We're in here to win it. We're in here to be rich. So we don't need no more stinking rules, right? Enjoy. Happy hacking. 

Dave Bittner: [00:07:17]  So, Oliver, we have begun. The blue teams and the red teams are off and running. Give me a description of what's going on now. What are each of the teams doing? As they get started, what are the types of things that they're working on? 

Oliver Schuermann: [00:07:30]  Well, the blue team is getting started learning their tools and their environment, where the red team has got a couple lessons they have to complete to kind of understand what some of the hacks are and some of the vulnerabilities. Also, we've just given them, you know, the instructions on kind of what they're looking at, getting on in their environment. 

Oliver Schuermann: [00:07:45]  Plus, as you can see on the screen here, we have a treasure map that has four different goals that they have to achieve to win this game. So that's the objective of the red team is very much capture the flag. You know, it's a big challenge for these guys because they have to be - or they have to throw a bunch of stuff at this, and the blue team's trying to defend, and they're a little bit ahead. So we'll see what happens today. It's going to be interesting. 

Dave Bittner: [00:08:07]  So a component of this exercise being educational, you mentioned that they're doing lessons before they really set off. What kind of things are they doing? 

Oliver Schuermann: [00:08:15]  These lessons are really designed to demonstrate the kind of hacking environment they're in and what kind of hacks they can use. We do that in order to ensure we level-set folks that come in. We are not targeting professional hackers. That would be a different show. These are generally folks that know a little bit of code, understand networking, understand a little bit of security. And we're trying to up-level them, so to speak, as far as this environment. So this gets some level set with folks that may know a little bit more. 

Dave Bittner: [00:08:40]  And then over on the blue team side, what are they up to? 

Oliver Schuermann: [00:08:43]  The blue team side is just learning their defenses, what they have to work with. There are really no rules except you can't mess with each other in this particular event. So if the blue team gets together and decides they have a particular toolset they like that we haven't provided, they can download whatever they want. But same goes for the hacking team. If they don't like the toolset they have and they have something that's going to really get them ahead, they're allowed to do that as well, which will make this really interesting. 

Dave Bittner: [00:09:05]  At what point do they actually set off against each other? When do the two networks connect and the clash begin? 

Oliver Schuermann: [00:09:12]  They're connected now. The - everybody can see everybody. They're able to do whatever. So it's just a matter of who gets up to speed first and who gets started. 

Dave Bittner: [00:09:20]  So I'm here with Dwann Hall, and we are on the blue team side of the room, and we've really just kicked things off. We've just gotten started. So describe for me where are we now? What are the blue teams working on? What sort of tasks are they set off on? 

Dwann Hall: [00:09:35]  So one of the challenges coming into an event like this is that people need to get - they're sort of coming in cold. So what they're doing now is getting acclimated to the environment. We ran a few synthetic attacks. We reviewed the tools that they have with them. And now they're sort of dividing and getting, really, just acclimated to the environment, learning - log in to the tools, looking at the dashboards and dividing up responsibilities. 

Dave Bittner: [00:09:58]  So let's dig into that a little bit. I mean, on the individual teams, how does it work in terms of them organizing themselves? Do they take - each take on particular tasks depending on which team they're on? 

Dwann Hall: [00:10:09]  This is a self-organizing event, so they are encouraged to divide the work up and assign different roles. For the most part, it looks like they're actually doing that. And you can see people are pretty much heads-down, looking into their tools, right? And the attacks haven't even started yet. So the intensity is going to pick up very shortly. 

Dave Bittner: [00:10:28]  When the attacks start, how does that signal happen? How do they know? Is there - are they monitoring the network, right? Could those attacks happen at any time? 

Dwann Hall: [00:10:37]  Yeah. Well, we're going to give a thumbs-up. So the other thing is with the red team's side, we can't assume that people have hacking skills. So they're starting off and learning how to hack into the type of web servers that we're running on the blue team. So we're going to give each other a thumbs-up, and then it'll be red team versus blue. 

Dave Bittner: [00:10:57]  So I want to try to set the scene as we look around the room for what's going on here. We are in a hotel ballroom, and there are round tables set up, between three and eight people sitting at each table, all of them with laptops. And they are plugged in. They are head-down in their laptops. 

Dave Bittner: [00:11:17]  One side of the room is the red team. There's probably twice as many red teamers as there are blue teamers. And there is a divider between the two sides, so they can't see each other. They can't hear each other. And at this point in the competition, they are preparing for the actual attack and the defense. Probably about a hundred to 150 people total, wide variety of folks - different ages, different ethnicities, different backgrounds, mostly men, a handful of women. We've got a variety of systems. I see Macs. I see PCs. At this point, you can tell that the teams are starting to form. They're communicating amongst themselves, and they're dividing up the task. It looks as though different team members are taking on different responsibilities. 

Dave Bittner: [00:12:06]  What is your sense so far for how it's going in terms of everything that you built - the architecture that you put together here? Does it seem to be playing out the way that you imagined that it would? 

Dwann Hall: [00:12:16]  It is. Obviously, every time you do an event like this, there are some, you know, connectivity issues or whatever with people's laptops and VPN connections. But by and large, I mean, this is going very well. We're about an hour-plus into the event. Everyone's still super engaged. For the most part, the infrastructure's holding up. Again, there's one or two teams that are having some issues, but it is playing out like we expected. 

Dave Bittner: [00:12:42]  Now, you've been over here on the red team's side for most of this competition. What is your sense of how the teams on this side have been doing? Have they been making progress? Have they been running into roadblocks or frustrations? How's it going? 

Unidentified Person #2: [00:12:55]  I'm seeing them running into everything - roadblocks, frustrations. Whenever I see someone get a beer, I understand that either they're pretty happy or they're disgruntled. But, yeah, I mean, it's a good flow I'm seeing here. They obviously need some hand-holding here and there 'cause it's so vague. And that was what the idea was. But that was expected 'cause, I mean, coming into a completely new environment and with not much info about the deployment itself, we were expecting that they're not going to - they're going to come back to us for hints. And that's what we're trying hard - we're trying to help them out, just pointing them in the right direction. And that's what our hackathon is all about. 

Dave Bittner: [00:13:34]  Why is an event like this important at a conference like the one you're holding here? There's a tremendous amount of work that goes into something like this. So why is this worth the effort? 

Unidentified Person #2: [00:13:44]  It's worth the effort because it - I mean, it's a partner and customer summit. So obviously, we want to bring everyone together. We want to show them that - I mean, it's just a fun start-off event, I would say, because, I mean, just adds to the energy. And most of them are engineers here, I suppose, so hackathons just get everyone excited in general. I mean, there's prizes and swag - free swag they can take along. 

Dave Bittner: [00:14:12]  So you guys are over here on the red team side, and this is Victor (ph) I'm speaking with. You're off and running. Where do you guys begin? 

Victor: [00:14:20]  So we're trying to do IP scans and trying to use the enumerate tool to see if we can find a vulnerability and exploit it. 

Dave Bittner: [00:14:28]  How have you guys organized your team? 

Victor: [00:14:30]  Somewhat. We issued out usernames when... 

Unidentified Person #3: [00:14:33]  Chaos. 

Victor: [00:14:33]  ...A little bit of chaos. But we've been working together, trying different, you know, subnet scans. For instance, you know, if EP (ph) finds one of the IP addresses, then we all start maybe working on it a little bit, then move on from there. 

Dave Bittner: [00:14:48]  All right. Terrific. Good luck, gentlemen. 

Dave Bittner: [00:14:53]  The attack has begun, yes? The red team has started in on your network. Can you just describe to me, in this initial stage, what sorts of things are you guys seeing? 

Unidentified Person #4: [00:15:02]  We're not entirely sure (laughter). We're - we've seen - we're seeing, you know, port scans. We're seeing, you know, some other potentially nefarious behavior. But we're still trying to wrap our head around exactly what it is we're looking at as well. 

Dave Bittner: [00:15:16]  How have you organized your team? Have you organized your team? 

0:15:20:(LAUGHTER) 

Unidentified Person #4: [00:15:22]  We've identified a few things that we think we can each contribute and some roles that we wanted filled. And we've done our best to fill them. And now we'll just see how effective we are. 

Dave Bittner: [00:15:38]  Can you give me an idea of how it's going so far? What kind of stuff are you guys doing? 

Unidentified Person #5: [00:15:44]  We've got - I think we found two promising IPs that we're looking at, and we've been blocked twice now from those IPs. But we've been able to run one of our wordless (ph) on it to try to obtain the password. So overall, going not too bad. 

Dave Bittner: [00:16:01]  I'm looking around the room, and I'm seeing that one of these things is not like the others, and that's you. 

Unidentified Person #5: [00:16:05]  Oh, yeah. 

Dave Bittner: [00:16:07]  (Laughter) What - is this a typical experience for you being the only woman on a - in a room or on a team? 

Unidentified Person #5: [00:16:12]  Oh, yeah. I went to an - just strictly STEM school. And so the percentages was about 13% female versus 87% male. And so for me, many of my classes, it was myself as the only female or one other girl. But honestly, it doesn't bother me. It doesn't bother me at all. It's just - we're just people. We're all learning from each other. And as long as everybody treats each other the same, which I've experienced for the most part, then there's nothing I find difficult about it. 

Dave Bittner: [00:16:43]  So I have Jeff Fry. First of all, let's just - so big picture here, how's it going so far? 

Jeff Fry: [00:16:49]  Good. It's an entertaining time, good team building, learning a lot, having fun. 

Dave Bittner: [00:16:54]  What about the structure of the event itself? Are you enjoying that? How well do you think they've done in setting it up? 

Jeff Fry: [00:17:00]  Yeah, it's a pretty good setup. They gave us good documentation. I mean, before the event, we got a query from them - how familiar with different tools? And I think that may have helped divide the people as to the familiarity. If you've used this tool, then, OK, you might be on this team. If you haven't, maybe on the other team, where they haven't used it. 

Dave Bittner: [00:17:18]  It seems as though maybe there's a little more collaboration and information-sharing going on on the blue side. I hear cheers coming from this side and maybe sensing some frustration on the other side. 

Jeff Fry: [00:17:30]  That's a good thing 'cause we're defending. 

0:17:31:(LAUGHTER) 

Jeff Fry: [00:17:32]  That's how it's supposed to be. 

Dave Bittner: [00:17:35]  What's the importance of an event like this? I mean, why - what draws you to it? Why do you like to participate? 

Jeff Fry: [00:17:40]  I think it's 'cause you get to meet people you may not have normally been able to meet. So it's a way to meet people at the conference that - why would I talk to half the other people walking in the hallway? But this kind of brings us together. Plus, it's a way to challenge and learn. So it's like maybe stuff that you haven't done or don't deal with in the real world, and you get a chance to go to try to learn it. 

Dave Bittner: [00:18:08]  Oliver, we are how long into this - a couple hours in so far. How are things tracking so far with our red team, our blue team? Are we - how's everybody doing? 

Oliver Schuermann: [00:18:18]  It's been pretty interesting. The red team is starting to get stuck on a couple of things, right? They're still kind of sitting at the first flags. We've kind of let out the next clues, which is a positive sign. These aren't easy things to accomplish. The blue team has started to collaborate, which really is, I think, one of the things that's making it a little bit harder to get through to the blue team. So we're starting to let out some more clues for the red team so they're able to kind of be more efficient in their hack. We've also encouraged them to collaborate, although it is a competition, so sometimes that's hard to do when you're in competition. It's hard to balance - do I want to win or - do I win on my own or do I want to win as a team? So that's kind of what they're going through right now. And we'll speed this up a little bit 'cause we like to give out clues. 

Oliver Schuermann: [00:19:00]  The real challenge with these events is that you can't make it so easy you can do it in two minutes and you can't make it so hard people get frustrated and leave. We seem to have achieved the right balance here, and I think everybody is pretty engaged and having a good time. 

Dave Bittner: [00:19:16]  So just like that, in the blink of an eye, the three-hour time limit is reached and the game is called. It's hands off the keyboards, eyes off the screens. Let's listen in. 

Oliver Schuermann: [00:19:26]  All right, ladies and gents. About ready to wrap this up. I guess the most important question is who had a good time? My boss is, like, three things over, so everybody clap, scream, do something. 

0:19:35:(APPLAUSE) 

Oliver Schuermann: [00:19:38]  So really, kind of the star of the show today - what you guys were interacting with, at least in the blue team, was policy enforcement (ph), which is a component of our connective security strategy. Now, again, I'm told this wouldn't be a Juniper commercial. There's one architecture slide. But the point is being able to block this as closest point the end user would generally use a network (ph), which is an advantage we see. And I ask you to, you know, judge on your own, right? I've been drinking the Kool-Aid; now I'm making it. 

Oliver Schuermann: [00:20:01]  So I think with that, you know, here's a couple call to actions, right? Here's all the different security stuff our team is putting on. Some of the folks you've interacted with in the room, like Ken O'Kelly and Krystle Portocarrero, will be actually doing these events, as well Dwann and I will do the Dwann and Oli show, which is - be entertaining, maybe educational. We'll see what happens. And then, of course, Mounir Hahad, who's our threat labs guy that's actually a Ph.D. - very smart guy, very interesting to watch and understand those key obstacles into this stuff. So that's kind of the quick commercial on what to do. That's - I'll leave you with that. Now, really, we'll talk about who won. I'll let Dwann talk more about this. With that, I'll turn it over to the mastermind behind the project, Mr. Hall. 

0:20:40:(APPLAUSE) 

Dwann Hall: [00:20:43]  The mic's too high for me, Oli, but thank you. Hey, guys, if I could have team four and team two from the blue team come forward. On the blue team side, we had an open source pfSense firewall. We had Juniper products as well. And we were trying to show integration and security (inaudible). There were much more - many more of you folks than there were of the blue team. 

Dwann Hall: [00:21:05]  Now, it sounds like I need to apologize to some of the red team because I didn't make it as easy as it should've been to capture some of the flags. So whoever made it the furthest on the red team will be the red team winner. 

Dwann Hall: [00:21:16]  One of the things I really noticed is that the blue teams were working together. They started dividing up all the work, and they were working together to make this happen. The winner for the blue team was team four. They blocked the most attacks. They are - the blue team's definitely honorary mention, but team four is the one that actually won. They did the most blocks. Thank you. Hope you enjoyed the hackathon, and we'll see you next year. Cheers. 

0:21:41:(APPLAUSE) 

Dave Bittner: [00:21:50]  So I am here with the winning blue team. Which team number were you? 

Josh Barron: [00:21:54]  Team four. 

Dave Bittner: [00:21:54]  Team four. Let me just start up by get each of your names and where you're from or what organization. I'll start with you. 

Josh Barron: [00:22:01]  So my name's Josh Barron. I'm from Synoptek. 

Jason Forcer: [00:22:04]  Jason Forcer (ph) - I work with IT&E. 

Gui Yu: [00:22:06]  Gui Yu (ph) from University of Florida. 

Dave Bittner: [00:22:09]  All right. Terrific. So what was the event like for you? Give me an overview of what was the task that you were assigned to do here? 

Josh Barron: [00:22:17]  Our job was to basically protect our casino network and our casino data center network. We were told that the cameras would be exploited. We were told that, potentially, web servers and database servers would be exploited. There was connectivity between the data center and the casino that we had to watch out for, so there was potential for east-west traffic attacks. 

Josh Barron: [00:22:36]  We had some interesting rules that we kind of struggled with in the beginning. For some reason, our, quote-unquote, "CSO" (ph) decided that ICMP was - must be allowed, which is - in all three of our networks was not something that we would ever allow. So that was a bit surprising. And we struggled a bit with the fact that none of us, of the three members of our team, really had any experience with JSA. We had some experience with SRX, and switching to JSA was pretty new to us. Then somebody from our team, Gui, was complete C Cisco (ph). So we found that the JSA interface was really good. 

Josh Barron: [00:23:09]  Once we figured out how to automate the protection mechanisms, I mean, the red team was done, right? We basically, for the vast - probably the last 45 minutes to an hour, we just sat back and watched the blocks because there was very little that they could do to hit us. So overall, it was a lot of fun. I think the smaller group of blue team made it easier to collaborate with the different teams. There was only four teams - technically, only three. There was a lot more red team. But we realized that because we were outnumbered, we collaborated a lot, which indicates something that the industry has been doing and needs to get better at, which is collaboration among organizations against the bad actors of the world, right? 

Dave Bittner: [00:23:53]  What do you think it was about your team in particular that gave you this advantage to set you apart from the other blue teams? 

Gui Yu: [00:24:01]  We are small, and we work close, and we, like, make things more efficiently, yeah. And most of all, we get to know the automation tool, which makes things better and do the job. 

Dave Bittner: [00:24:19]  How do you think the overall architecture of the event was itself? In other words, was it fun? Did you enjoy yourselves? Was it technically challenging? How was the combination of elements? 

Jason Forcer: [00:24:30]  Definitely fun. I was a little bit nervous going in. I wasn't sure what to expect. But with the JSA and the automation, it made things surprisingly easy. Towards the end, we were kind of just looking for things to do because the system was basically doing everything itself at that point. But overall, it was a really good experience seeing, you know, a potential real-world type of scenario and how would you react against it? So, yeah, a great learning experience for us, for sure. 

Dave Bittner: [00:24:54]  Can you just say your name for me? 

Cody Jencks: [00:24:56]  Cody Jencks (ph). 

Dave Bittner: [00:24:57]  All right. So before we dig into the winning that you did here today on the red side, just give us a little description. What was the scenario that you were doing here? 

Cody Jencks: [00:25:06]  So we were one of the red teams, and we were trying to hack into a casino to get the code to a vault so we could get the money out of it, essentially. So the idea was to get past the casino and then get access to the data center, which is where the server was that had that information. And then there were some additional things, like the IP cameras. We had access to those because someone used social engineering to get them to reverse SSH back to a command and control server. So there was a couple things kind of in place before we even got started. And then we got the IP ranges for what we were trying to target, and we just had to use some tools and Kali Linux to try and identify what was open and then get in and try and find that safe code, essentially. 

Dave Bittner: [00:25:50]  What's your impression of the overall event itself? Was it fun? Was it educational? What did you get out of it? 

Cody Jencks: [00:25:56]  It was fun and educational. I'm mostly networking, from my career standpoint. I know a little bit of security. So this was getting - definitely getting me a little out of my comfort zone, which is good. Same thing with Linux. I know enough to be dangerous, but, again, kind of pushed my limits on there, too. So they were good about, you know, giving us hints. And then, you know, using the Slack channel for all the red teams, we were able to kind of collaborate with the other teams, too. So we were sharing a little information here and there, which definitely helped because there's obviously all different kinds of skill sets in this room here. Definitely didn't want to leave people behind that maybe weren't as up to speed as others. So that definitely helped. 

Cody Jencks: [00:26:28]  But, yeah, it was - a lot of it was new to us. Some of the tools were new. So it was a good experience to kind of learn those and really kind of to challenge us a little bit 'cause, like I said, I think a lot of us were out of our comfort zone, and we really had to, you know, work to try and figure out what was going on 'cause they didn't just give us the information - just hints here and there. 

Cody Jencks: [00:26:45]  So, yeah, it was a really good experience. I thought it was pretty well put together. We had a couple of little technical issues at the beginning that they got resolved. But other than that, it went pretty smoothly. It just came down to the amount of time that we had to do it because that 3 1/2 hours flew by pretty fast. All three of us admitted right at the beginning that we're not really security-focused, so we kind of just had to make sure we teamed up and, you know, worked on it together and kind of put our minds together. 

Dave Bittner: [00:27:12]  So, Oliver, we have what I would say is a very successful capture the flag here in the bag. Give me your impressions. How did it go? 

Oliver Schuermann: [00:27:21]  I think it went very well. Like I said earlier, the blue team collaborated and was able to kind of stick together and figure out who was doing what, which is largely what you see some of the alliances that are out there in the community - that we kind of help each other figure out what's out there, right? It's not one company or one person that will solve this problem, whether that's a vendor or whether that's an alliance. We all need to band together and help that. 

Oliver Schuermann: [00:27:40]  The second piece is that the red team had a good challenge on their hands. I mean, it took them - it wasn't too easy to get through, which is a hard thing to judge for this, like I said before. They also started collaborating, and they had some folks that got through. And they learned something, and they all had a good time, so I think that's what counts. But, you know, we're here to replicate this again. If there's a partner or somebody wants to do this with us, we're happy to do that. We're talking to you guys about it as well. So I look forward to doing more of this. 

Dave Bittner: [00:28:07]  Did it play out the way that you envisioned that it was? Were there any surprises along the way? 

Oliver Schuermann: [00:28:12]  I think there were a couple of surprises because I think it took a little bit longer for folks to get through the initial lesson than we would have thought, which is really telling about the skill set out in the industry. It's - we had very talented people in the room. These are challenging things, right? If this were easy, anybody could do it. So once they got through it, they started moving along. And it still took some clues to move them along, which is good. So also, we proved that, you know, banding together, again, as a blue team really helped out. 

Dave Bittner: [00:28:38]  You know, one thing I heard as I was walking around and talking to people on the different teams was that one of the things that drew people to this was the ability to interact and meet other people that they otherwise wouldn't meet, especially as you're kicking off a multiday conference like this. It's an opportunity to get to know people that maybe you wouldn't cross paths with otherwise. 

Oliver Schuermann: [00:28:59]  That's been a big piece of this. It's about the community, about getting people together and having them have conversations. And this is why we do it in less of a Juniper commercial fashion than we do in a fashion of an open community. So folks have met. We do a lot with our partner ambassadors. They're here quite a bit. So that collaboration is also key because, again, it takes a community. 

Dave Bittner: [00:29:22]  And that's our CyberWire Special Edition. Our thanks to Juniper Networks for hosting us and for sponsoring this show, especially Oliver Schuermann and his team for putting together a first-class event and making it all look easy. Our CyberWire team was Jennifer Eiben, Kelsea Bond, Bennett Moe, Peter Kilpe, Tom Hanson (ph). And I'm Dave Bittner. Thanks for listening.

Special Editions
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Creator: CyberWire, Inc.
ADVERTISEMENT
Juniper
Juniper

Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. Our team co-innovates with our customers and partners to deliver automated, scalable and secure networks with agility, performance and value. Additional information can be found at Juniper Networks