My Experience At IRSEC 2024

November 07, 2024 | Connor Gadbois

Competitions

IRSEC is a red vs blue style competition hosted by RITSEC. This year's theme was Cold War, and every team got to choose a country to be. My team choose Arstotzka, a fictional country from the game Papers Please.

Similar to UB Lockdown the goal was to keep the services on all of our boxes running wile the red team attacks them. Each team was given 5 Ubuntu machines that we could use to access the console, scoring engine, and points shop. For our infrastructure, we had 3 Windows boxes, 3 Linux, and a PFsense router with console access. On our cloud network we had 2 more Windows and Linux boxes, which we had to SSH into it from one of the machines with console access.

At the start of the competition, I logged into the local Linux machines and started cleaning them up. In these red vs blue competitions, the red team will deploy their tools onto our boxes before we get access. I found all of the usual stuff they do to keep access: users with default passwords, cron jobs that connect back to a c2 server, and backdoored binaries. As much as we can try, we aren't going to be able to fully kick the red team out of a box, which is the point, but what we can do is make it more difficult for them to shut off our services.

To take down the SSH service on one of our boxes, the red team would just stop the service. We would restart it and, they would go back and stop it a few minutes later.