CyberPatriot National Finals this week

CyberPatriot National Finals this week

n2c6fw-b781279339z.120140312113222000g6k1is0g2.1This weekend marks the end of CyberPatriot VI with the National Competition at the Gaylord National Convention Center in National Harbor, MD. It has been an amazing journey these last few months guiding and training these brilliant young minds at Troy High School. As my responsibilities and duties conclude for this season of CyberPatriot VI, I reflect upon the joys, the frustrations, the highs and the lows. And yet, I can not help but smile and experience joy at every moment. Honestly, I felt like I got the better end of the deal. I gained so much more and grew in so many ways that I think my mentees’ do not even realize.

I want to say it’s easy being a cybersecurity mentor, but it is almost like a full time job. Thankfully my fellow colleagues at Net Force has been gracious enough to allow me some leeway to make up some hours in the evening during mentorship sessions. Thank you to my colleagues for the flexibility and patience on my ever changing schedules.

I am extremely proud of each member of this year’s CyberPatriot VI team at Troy High School. I kept throwing more at them and they kept rising to the challenge.

I encourage everyone to consider mentoring a team or a few students next year. It is extremely rewarding emotionally, spiritually.

To next year’s mentors:

  • Care for your mentees. Make that emotional investment. There is nothing more rewarding when they see you and their faces light up. Especially in victories, when they see you and they will come running to you and hugging you. You will in many ways become an older brother/sister figure in their lives.
  • Be patient. Be compassionate. Be merciful. Be full of grace and forgiveness. Mentees will drive you crazy. Mentees will make mistakes. This is all part of the learning process. That is why they are here: to learn, to grow.
  • Be accessible. Be available. Students hear the word mentor and they automatically put distance between themselves and you. Close the gap and engage them. Engage all of them. Even that shy mentee in the corner. Get to know who they are.
  • Encourage your mentees. Build them up. It is easy to become discouraged. Each student has unlimited potential. We as mentors need to teach them how to harness that potential.
  • Everything matters. The technical skills. The soft skills. The behavior. Who they become as an individual. Help them to become better men and women. Groom them to be polite, respectful, honorable young men and women. They will adopt your behavior, your good and bad habits. Chivalry is not dead. 😉
  • It is okay to not know everything. I will be the first to say I don’t know everything or anything. Don’t be afraid to ask for resources, help, guidance and wisdom. I attribute much of my success with my group of mentees this year was not of my own knowledge or doing, but going out and asking questions, and seeing how my professors and other coaches/mentors approach things and actively listening to them. Everyone will share with you a small bit of information which will tell you what worked, and what didn’t work for them. Focus on your strengths. Identify your weaknesses. Let those who have strengths in your weaknesses help you.
  • Most importantly: what you do matters. By being a part of their lives, you will shift their lives in ways you will never know or understand. Positively influence them. You will inspire them to achieve great things.

1606205_593625814873_615704767_oTo my mentees/protégés/future colleagues/friends/brothers in cybersecurity:

  • If you happen to win this week, awesome, but give it your all. Have no regrets. At the end of the competition, walk away with your heads held high knowing you did your best at that moment in time.
  • Be confident in your skills. You know your stuff. You have been preparing this entire academic year. You are ready. Remember, this is a journey of a lifetime. This is only the beginning of something amazing. Not the end. Tomorrow is and will be another day. This is the time of your lives right now. You’re never going to forget it. It will be all over in a moment. No sad faces. No regrets. Just go out there tomorrow and have a blast. Live it. Carpé Momentum. (Seize the Moment). Have fun.
  • I have complete confidence in each of your abilities, talents, skills, knowledge.
  • I’m extremely proud of each and everyone of you. Each of you have grown so much and I can not stress that each of you are amazing individuals.  You’ve won my admiration, my respect, and I look forward to the day each of you join the ranks in this industry full-time. Each of you have accomplished much this year, and to the senior class that is leaving high school, I hope all of you will return and mentor future CyberPatriot teams and individuals. I hope you also look at being part of the US Cyber Challenge as well

If you are in the National Harbor, MD or DC Metro Area this week, I encourage everyone to come out this Friday, March 28 and check out CyberPatriot VI. Tours will be given all day at the competition venue (Gaylord National Center)

2014 Western Regional Collegiate Cyber Defense Competition (WRCCDC) Analysis

2014 Western Regional Collegiate Cyber Defense Competition (WRCCDC) Analysis

Last Saturday marked the beginning of the 2014 Western Regional Collegiate Cyber Defense Competition Season with the successful completion of qualifiers. Over the past four years, I have watched this competition expand and grow so much that there are now fourteen universities and colleges across California, Nevada and Arizona vying for a chance to compete at the National Collegiate Cyber Defense Competition with several more schools looking to assemble teams in coming months to compete in the 2015 season.

For the schools that advanced, congratulations. See you at the end of March where you will face off against some members of our own Net Force Red Team.

For those who were unable advanced, and walked away disappointed, don’t. This is just merely the beginning of your journey.

I encourage you to continue pursuing this field, this challenge and don’t give up! Failure only happens if you walked away and gave up. No one becomes good in this field or any other field without hard work, and practice, practice, practice. There is no secret to success.

Furthermore, WRCCDC itself has increased in challenge, difficulty, and it will continue to be that way. It’s not meant to kick you out of the competition because we don’t want you there. We honestly do. Rather, the adversary is getting better every day and we need to get the good guys to be stronger, faster, better, in terms of being to do analytics, analysis, triage, and incident response. Truthfully, we are far behind where we should be. The adversary is becoming stronger each and every day and we are too. We simply have not overtaken them yet.

Lessons Learned:

wrccdc-2014-qualifers-topologyHere are some notes that you most likely experienced and areas to work out. Note not everything will apply, however after watching four seasons of teams compete, there are always a few items that will always stand out that affects all teams.

  • Know your environment. Know your network. We always provide a topology as a snapshot and a baseline reference. It always gives you an idea of what is possible to expect. It is also like real life. Network topologies are highly inaccurate and always inconsistent, especially in real life. But moreover, the network topology is also an indicator of where there may be potential single points of failure. For example, in the qualifiers, the central point of failure was the PFSense Box. If it went offline, it took everything offline.
  • Know where the low hanging fruit is. It’s important to know that what hurts the most in long term is going to be the low hanging fruit. It’s always the easiest fruit and tree branch that an adversary will grab onto first. If they successfully pluck the tree of its fruit or grab onto a tree branch, it’s hard to shake them off. Low hanging fruit consists of the most CRITICAL patches, as well as those pesky user credentials, among other things.
  • Know your game plan. Five minutes of planning is better than spending fifty minutes running around like a chicken without a head. The first five minutes should quite literally be all muscle memory to the point where you can come in running and know what to do without asking what needs to be done. Constantly strive to optimize your processes, and find ways to shave off a few seconds. There is always someway, a method, a technique, something that allows you to do things faster, quicker, better, smarter and expend less energy. Saving a few seconds here, and there will add up to minutes and possibly hours of savings when keeping the red team out.
  • Know the services, and know what makes them tick. Every service, whether it be web, mail, FTP, Active Directory, DNS, all have a certain combination of ports and components that make them function and tick. For example, you can always assume that Active Directory box is also a DNS box. Or that if there is an eCommerce box, it’s likely powered by some sort of database. Know what ports each service use too.
  • Know your role. Know where your single point of failure is. It’s important to be able to spread the workload and be able to know when someone is being overwhelmed. Everyone should have their specialty, but everyone should have some of the basic knowledge of how to do some of the basics or get a subject matter expert to the place where they need to be where they can do what needs to be done. Too often teams have a single expert in one area, and unfortunately teams underestimate where their single point of failure is. When it does happen and something fails, things tend to go horribly wrong.
  • Know more than simply technical skills. Brush up and polish up your soft skills. WRCCDC is simply more than a technical competition. It is a business competition. It is about people, processes, and technology.

    At WRCCDC, and any other CCDC, it is a test of your ability to manage stress, your project management skills, your leadership skills (remember everyone can lead, not everyone has the authority), your skills as a team member, investigator, communicator (with each other and with management), a writer, and your wisdom to know when you need to ask for help when you’re simply overwhelmed. There are simply so many soft skills that leads to a successful team. Yes I know you may disagree with me on this, however, successful teams know their limits, and identify weaknesses. They work together to overcome those weaknesses or ensure they cover the weaknesses with their strengths. They work together to find compensating controls and processes. Leaders are encouraging and they help build their team members up.

WRCCDC is an interplay of people, processes and technology. It tests the dynamics and personalities between people. It tests your processes. It tests your technical skills and know-how.

I look forward to seeing each and every one of you compete in the coming months. Remember, this is only the beginning of an amazing journey, not the end.

4.6 Million SnapChat Username’s and Passwords Leaked

4.6 Million SnapChat Username's and Passwords Leaked

2013 was the year of data breaches, and before the year ended, there was one last data breach.

4.6 million Snapchat customers had their phone numbers and usernames leaked onto the internet on December 31, 2013. While the group removed the last two digits of the phone numbers, it was willing to make the full version of the database available under certain circumstances. The database itself is highly incomplete as it targeted well known metropolitan areas however not it missed several suburban area codes.

Net Force went through the database and was successfully able to validate the database’s authenticity.

SnapChat Customers are recommended to take the following actions:

  • If you used your SnapChat password anywhere else other than SnapChat, you are highly recommended to change it immediately. Assume the password also has been compromised.
  • If your SnapChat username is the same as any other website, it is highly recommended that you change your passwords there.
  • It is recommended that you enable two factor authentication on your email associated with the email address used for your Snapchat account.
  • Disable the ability for people to look you up by phone number on various websites, including Facebook.
  • Change also all your security questions that utilizes your phone number that was associated with Snapchat.

CyberPatriot VI Competition Begins – Round One – GO!

CyberPatriot VI Competition Begins – Round One - GO!

BZN4VnbCYAAmzXLast weekend officially marked the beginning of the 6th competition season of CyberPatriot. CyberPatriot is a middle and high school cyber defense competition designed to give hands-on exposure to the foundations of cybersecurity.

Over a 72-hour period, middle school and high school aged students from across the globe raced to triage and remediate security vulnerabilities inside Windows images. From Japan to Korea all the way to Hawaii, CyberPatriot is slowly becoming a crucial pillar in their education.

It is amazing to see how this humble high school cyber defense program has grown in a short period of six years. In many ways, I am quite jealous of the opportunities these students have. Having the technical theory and crucial hands-on time with Windows images, Linux images, Cisco equipment is a dream come true for any aspiring cybersecurity professional, and even more so for an aspiring student.

It is amazing to see not only knowledge these students are acquiring, but also nurturing the passion and crucial critical thinking skills any employer would value. These students have a community and camaraderie I wish I had when I was in grade school.

More importantly, I am continuously amazed to see how mere middle school and high school students across the globe are rising to the challenge of defending information systems. The scores reflect their knowledge in account policies, prohibited files, windows updates, password policies, malware, antivirus, access controls, services, and obscure windows security settings most system administrators do not even know about.

As a CyberPatriot mentor for one high school, I am proud to see my students rise to the challenge and I am looking forward to see them soar.

 

Round 1 Scores:

CyberPatriot VI Round 1 Scores – Open Division
CyberPatriot VI Round 1 Scores – All Service Division
CyberPatriot VI Round 1 Scores – Middle School Division

Fallout Continues on vBulletin Data Breach

Fallout Continues on vBulletin Data Breach

As news of the data breach at vBulletin.com and vBulletin.org made mainstream media news, it has left a lot of system administrators and forum administrators extremely nervous since almost one million usernames, emails, and passwords have been compromised.

Possible 0-Day?

Several news outlets have reported there is a Zero Day Remote Code Execution vulnerability affecting all iterations of vBulletin 4.x and vBulletin 5.x series that allows an attacker to execute arbitrary code on the server remotely.

The exploit is being sold for roughly $7,000.00 USD, payable only in virtual currencies Bitcoin and WebMoney. According to Brian Krebs at KrebsonSecurity, at least one individual has made the purchase.

As added proof of concepts, the following screenshots of the vBulletin database, sever shell, and tables have been released. We can confirm that the database information is indeed legitimate.

Historically when an exploit is sold, the exploit itself is, for the most part, tested and validated as a working exploit.

Several vBulletin forum communities, including the DEF CON Conference Forums, have been taken offline because of the vBulletin 0-Day in the wild and have chosen not to return until a patch is released.

Other forum communities have begun the massive task of migrating away from vBulletin as the issue appears to be growing exponentially.

Earlier yesterday, when confronted by vBulletin customers, it was unveiled that the attackers had access to the Magento customer database, which gave attackers access to customer billing addresses. Whether the access was utilized or not is still up for debate, however logs indicate that they were not accessed.

vBulletin Solutions, a wholly owned subsidiary of Internet Brands, denied the allegations of a real 0-day threat to vBulletin.

“Given our analysis of the evidence provided by the Inject0r team, we do not believe that they have uncovered a 0-day vulnerability in vBulletin.

“These hackers were able to compromise an insecure system that was used for testing vBulletin mobile applications. The best defense against potential compromises is to keep your system running on the very latest patch release of the software.” wrote Wayne Luke, vBulletin Technical Support Lead.

Whether this attack is related to the MacRumors.com data breach earlier in the month is still being debated among vBulletin customers given that MacRumors was running an older version of vBulletin.

Prepare for an attack?

For websites currently utilizing vBulletin, we recommend that all web application firewalls and defenses for servers hosting vBulletin be tuned to a much higher setting until the situation resolves. Server administrators are also encouraged to enable verbose logging to help with the incident response process.

Alternatively, vBulletin customers may choose to seek an alternative forum solution of their choosing.