Skip to main content

CCDC documents

Complete guide to competing on Splunk (2023)

This guide was compiled after the Minnesota State CCDC competition. It covers what I consider to be the bare essentials for competing on the Splunk/SIEM box in CCDC. From CentOS 6 basics to Splunk configuration and SPL usage, this guide provides basic instructions and examples for new and returning students. At some point, more guides in this style will be made. The ultimate goal of this series is to provide an in-depth beginner's guide to all services and roles in the competition, with each year's team editing and revising the documents. Google Drive Link 


CCDC Script Guide

This document covers the usage of the scripts I've written that may be useful in CCDC. The goal of the document is to provide a catalog of resources for future teams, ensuring that scripts and knowledge are passed on. 


CentOS-SIEM Playbook

The playbook I made for myself when competing on the CentOS 6 Splunk machine in the 2022-2023 season of NCCDC.

CCDC Binder

This is a collection of all of the Windows Server knowledge I put together in the 2021-2022 season, along with some information on Splunk/CentOS. 

Comments

Post a Comment

Popular posts from this blog

Using PGPy to encrypt and decrypt files and messages

 PGPy is a library for python that enables the creation, storage, and encryption/decryption of PGP keys and files in python. Recently, in a small project to reacquaint myself with python, I used PGPy for key generation and encryption and decryption. That project can be found in my github at  https://github.com/lpowell . The goal of the project was to use command-line switches to control the program, and to provide basic encryption and decryption capabilities, along with rot13 and base64 encoding.  First, to load in a key use key, _ = pgpy.PGPKey.from_file(keyfilename) . This loads the key from either a binary or ASCII armored file. You can swap out .from_file for .from_blob , if you plan on using a key stored in a string or bytes object rather than a file. In my example code, I pull the key from a file, as I found it to be the simpler method.  Next, you'll need to open a file or create a string or bytes object that contains the message you wish to encrypt. We'll cal...
3 comments
Read more

Using the Ubertooth One to sniff and intercept Bluetooth packets

While researching for my individual video project I came across this tool which allows for the sniffing and interception of bluetooth packets. This article covers some of the basic functionality of an Ubertooth One.  It's really quite interesting to see all the possibilities with devices like these. The tech behind them is very interesting as well. Hopefully, I'll be able to integrate some of this technology into my project video and include a demo of some of the interesting things it can do.
Post a Comment
Read more

Huntress CTF Challenge Writeups: HumanTwo: MoveIt IoC Analysis Challenge

HumanTwo: MoveIT IoC Analysis Challenge The HumanTwo challenge is a malware CTF from the 2023 Huntress CTF. This write-up walks through the initial discovery, de-obfuscation, and solving of the challenge. The actual flag will be redacted from the document, but interested parties should be able to follow the steps and derive it themselves. While the write-up assumes a base level of knowledge regarding the command line and Linux. Most tools and commands will be accompanied by short explanations. Step 1: Initial Analysis To start off, we are given an archive with 1000 files named after their file hash. The hint we are given is that there are minor differences between each file. We also know that HumanTwo relates to the MoveIT vulnerability and exploit. The easy way to progress is to look up articles that tell you about the vulnerability and what stands out in each exploit script. However, I didn’t do that, so I’ll put the process I followed down instead. First, because I knew that...
Post a Comment
Read more