RMCCDC 2016

A blog that will never be seen by anyone

Rocky Mountain Collegiate Cyber Defense Competition

RMCCDC is a cyber defense competition hosted by Regis university annually. CSU’s security club ‘Hashdump’ sends a team to compete each year. This post describes the competition and the accomplishments of CSU this year.

The Game

The participants are from Kansas, Utah, Wyoming, Nebraska, New Mexico and of course Colorado. Each year they are put into a different simulated environment and told to defend all of the infrastructure against attackers called Red Team. In 2016 that environment was a ‘city’ that had several services used by citizens that needed to be secure, but kept up at all times. Red team is made of industry professional penetration testers. They document their attacks, and if they compromise a team (and they always do… a lot) that team looses points. The team gains points for services uptime, and recovers lost points for discovering breaches and repairing/reporting their damage. Teams also have to keep up with ‘injects’ from upper management that are usually questions about recent breaches, new technologies, current technology trends, and recent events (like the Ashley Maddison hacks, or Heartbleed, etc)

Hashdump

CSU’s computer security club, hashdump, competes each year. For the past 4 years (2012-2016) I have gone as one of the teams members. Each year CSU does very well in “technical points” meaning that they do a good job of maintaining service uptime, identifying breaches, and securing the services. The problem is that we usually do poorly on the writeups part. In 2016, however, CSU managed to place second out of around a dozen teams. It is by far the best we have ever done. It was quite exciting to finally place among the teams who were professionally prepared since we are only a self taught club.