CPTC 2017 - Regional Review
CPTC, aka The Collegiate Penetration Testing Competition, is in it's third year, and this is the first time we've held three concurrent regional events, to separate out a national bracket. Two weekends ago (8/2/2017), we had a total of 22 teams compete in the regional event, with only 10 teams progressing on to the national level. The competition was so large, it was split into three separate regions, an Eastern, Central, and Western region. The top two teams from each region were selected, as well as the following top four scoring teams. Ultimately, the Eastern regional winners were UCF and RIT. The Central regional winners were DSU and MST. The Western regional winners were SU and CCSF. Finally, the top four of the remaining teams were PSU, CPP, UNH, and UB. For any descrepency, just check the national CPTC website! Due to some last minute complications we rolled a linux only environment for the regional, consisting of more than 9 targets and 7 jump boxes for each team. Even though this network is substantially smaller than the national environment we are rolling out, it was still a significant amount of hosts considering the amount of teams.
Building out the hosts and report grading was a blast, but for the teams it all comes down to practice in my opinion. You need to practice on live fire environments. This year, Alex wrote a tool called Laforge to help generate game environments, that I highly encourage students checkout, so they can build their own environments as well. The tool works by consuming YAML files that describe network and host configurations, then scaling these out based on the number teams competing, into terraform scripts that create the ephemeral game environments. I can’t encourage people enough to use this tool to design game and firing range networks, it’s really excellent and allows software defined network dev to scale to a concurrent team effort.
Finally, many of you may remember the OSINT factor of last year’s game. OSINT wasn't in scope for the regional events, despite many of you reporting on tons of OSINT findings already. That said, OSINT is now in scope and will remain in scope until the national competition! So please go forth and find the flags as they exist and appear over the next several weeks. Make sure to checkout the main website, www.gothamelections.com, and any associated social media accounts / posts. Good luck and godspeed!
