Capture The Flag

This year's DEFCON Red Team Village CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network in search of a lost TPS report. Wouldn't be lost if it had the right cover sheet...

Initech.business (https://initech.business/) is interested in hiring a skilled red team for an upcoming engagement scheduled for 8 August 2020. The goal of this full scope engagement is to see if teams can access the 'crown jewels' and best of all, NO REPORT REQUIRED! Unfortunately, with so many skilled applicants in the marketplace, the offensive security personnel will need to be vetted during a qualification period. Only the top teams will advance to the immersive scenario.

Initech.business is interested in hiring a skilled red team for an upcoming engagement scheduled for 8 August 2020. The goal of this full scope engagement is to see if teams can access the 'crown jewels' and best of all, NO REPORT REQUIRED! Unfortunately, with so many skilled applicants in the marketplace, the offensive security personnel will need to be vetted during a qualification period. Only the top teams will advance to the immersive scenario.


Schedule

Qualifying Round: 6 Aug 2020 16:00 UTC -> 7 Aug 2020 16:00 UTC (Jeopardy board style ctf)

Finals Reconnaissance Round: 7 Aug 2020 16:00 UTC -> 8 Aug 2020 16:00 UTC (Finalist conduct recon)

Finals Round: 8 Aug 2020 16:00 UTC -> 9 Aug 2020 16:00 UTC (Hack)


Registration

eventbrite

Skills Required

Advanced Pentesting/Red Team Techniques

Scripting/Programming

Web Exploitation

Reverse Engineering

Binary Exploitation

Exploit Development

Computer Exploitation

Privilege Escalation

Network Pivoting

Security Product Evasion

Windows Enterprise (AD) Exploitation

Ability to Operate as a Team

General movie and meme knowledge


MITRE ATT&CKĀ® mapping:

T1003 - OS Credential Dumping

T1007 - System Service Discovery

T1012 - Query Registry

T1016 - System Network Configuration Discovery

T1018 - Remote System Discovery

T1021 - Remote Services

T1033 - System Owner/User Discovery

T1039 - Data from Network Shared Drive

T1040 - Network Sniffing

T1046 - Network Service Scanning

T1068 - Exploitation for privilege Escalation

T1069 - Permission Groups Discovery

T1078 - Valid Accounts

T1082 - System Information Discovery

T1083 - File and Directory Discovery

T1087 - Account Discovery

T1110 - Brute Force

T1135 - Network Share Discovery

T1190 - Exploit Public-Facing Application

T1555 - Credentials from Password Stores

T1259 - Determine external network trust dependencies

T1262 - Enumerate client configurations

T1266 - Acquire OSINT data sets and information

T1267 - Identify job postings and needs/gaps

T1269 - Identify people of interest

T1271 - Identify personnel with an authority/privilege

T1273 - Mine Social Media

TA0005 - Defense Evasion


FAQ

What if I'm a beginner?

Good news, there are a ton of challenges at all skill levels available during the qualifiers. Also, after we identify the top teams at 16:00UTC on 7 August 2020, we will leave the scoreboard and challenges up throughout DEFCON.

What if I can't stay up that long?

Take a nap

What if I haven't seen the movie?

Highly recommended, go watch it: https://decider.com/what-to-watch/office-space/

Will there be prizes?

Yes!


Team

Follow our team on twitter! We will be providing updates and dropping hints!