Red vs Blue CTFs in 2017

Wanted to take a moment to talk about some of the unique red vs blue hacking competitions I'm most excited for, this year. These are unlike traditional jeopardy based CTFs in that they usually have well defined roles between aggressors and defenders, and more closely mimic real world information security operations in my opinion.

First, there is CCDC in the beginning of the year, with invitationals already having commenced and regionals quickly approaching. Alex and I have already been putting in tons of Dev work. I expect this year to be highly competitive and hopefully we see some really novel tools used on the CCDC Red Team. So basing your detections on tools we've used previously might not be the best strategy. That said, only the best and brightest (10 out of more than 100 schools) make it to Nationals, so this is a shining example of the dedication and training it takes to succeed in this area.

Next, we have the highly anticipated Pros vs Joes at BSidesLV in August. This one is open to all ages and is an absolute blast. I highly recommend people participate in this, regardless of your age or role in infosec, as this will give you a very real world, hands on experience in incident response. The core team has been reworking the score bot this year and have been looking at introducing more ways to learn these IR skills into the game itself. So please try this at BSidesLV! If you played before I can promise that the game is changing this year. If you can't attend the other two events because your out of college or your school doesn't have a team, then attend this event for sure!

Finally I'm really looking forward to CPTC this year, as we will be looking at emulating SCADA and other embedded systems / networks. Last year's CPTC was a riot, couldn't have been more fun! This year we are looking to build even crazier networks and Bill is already exploring new IT partners that can provide some fun mock-SCADA networks to hack around in. I'm really excited for this competition because there is so much room for us as organizers to be creative, so if you plan on competing in this one expect to to see some really cool stuff.

I've written up tons of times in the past on why I think this is a great form of education and recently Alex wrote about a bunch of our experiences in relation to the sponsorship Uber provides us to do these competition. Like Uber's support of Passcode Cup, CPTC, or National CCDC this last year, they've really had an emphasis on supporting the security community and the workforce demand for more infosec professionals. I've included a video at the end that has nothing to do w/ these competitions, but has extremely valuable advice for all competing in these competitions this upcoming year: