School of Hard Knocks
The Red Cell's part in CCDC is quite a different experience than what the students endure. Red Cell has the goal of attacking the student environments by any means possible. Many of the Red Cell participants are professional penetration testers who donate their time to help the students learn what it takes to defend systems against a motivated and focused attacker. Having real penetration testers also helps the students identify the process and tactics an attacker may take in attempting to gain access to their systems.
While the Red Cell attackers are not competing, they do have a set of objectives. In this mock hospital environment, Red Cell's goal is to cause as much mayhem as possible on the systems they are attacking. This can be in the form of compromising systems, stealing or deleting patient data, stopping services, and even performing social engineering or physical penetration of student's environment.
The attacks performed by the Red Cell attackers teach a very valuable lesson: Compromises to sensitive computing systems in a hospital environment can translate into a real-life impact on lives!
Engage! Shields UP!
Laptops are fired up and hands hover over keyboards in anticipation of the start of the event. The Red Cell attackers look calm but are secretly anxious, as they know the first day of the event is almost always in their favor. Each member of Red Cell has been assigned a task, and each knows that the barrage of attacks that will ensue will happen much faster then the Blue Cell students will be able to defend. Within minutes of the starting bell, a large number of critical Blue Cell student systems are compromised. This isn't unexpected, as the Red Cell attackers have come prepared for the event.
Just as Blue Cell team members adapt and learn from each year's events, so does the Red Cell. This year's Red Cell is segmented into specific disciplines resembling those that a nation state may have when attempting to attack a large number of systems. Each team member is assigned tasks congruent to their strengths and abilities. Some team members are assigned to enumeration of systems and ports. Others are assigned to the specific task of exploitation of identified vulnerable systems. Even others are assigned to post exploitation and assuring that compromised systems remain under the control of Red Cell.
Tools of the Trade
While just about any tool can be used by the Red Cell in the course of game play, most Red Cell Attackers rely on common open-source software packages and personal collections of scripts. The OS platform of choice by the Red Cell Attackers is almost exclusively BackTrack, which arguably offers the best collection of open source security tools available in one package.
Another favorite amongst the Red Cell members is the Metasploit framework. Metasploit provides the platform for the Red Cell attackers to be able to not only compromise large numbers of systems simultaneously but also enable the team to pivot from one system to another effortlessly. Many team members bring their own personal Metasploit scripts known as .rc files, which string together numerous exploits, functions, and actions, allowing the attackers to dig deeply into a compromised system and quickly cover their tracks.
Other tools used by the Red Cell Attacks included specific tools for attacking wireless access points, mobile devices, and Med Kits (more on the Med Kits in a bit). One of the more popular tools that was used by Red Cell attackers was Gerix Wifi Cracker. The Red Cell used the Gerix tool set to "de-auth" connected wireless devices from their respective access points and to collect WPA four-way handshakes. This enabled the Red Cell attackers the ability to use rainbow tables of passwords to crack the passwords used for the wireless networks.