Connor Gadbois
About Blog Contact
My Experience At UB Lockdown Fall 2024

October 27, 2024 | Connor Gadbois

Competitions

    UB Lockdown is a defense only competition hosted by the University of Buffalo. It is setup in a Red vs Blue format, meaning, the red team attacks boxes and tries to take down their services, while the blue team defends them and tries to keep the services running. 

    Our team was made up of 5 people: 1 for injects, 1 for PFsense, 1 for Windows, and 2 for Linux. I was one of the two working on Linux. The network looked like this: we had our main Linux, Windows, and PFsense machines we would connect through a remote console to. There were also 3 other Linux servers separated by a DMZ. 

    When the competition started, we got access to our machines with default usernames and passwords. The first thing I did was to start changing passwords on all of the Linux machines. We kept a password sheet to make sure we wouldn't get locked out of a box from forgetting the password. Since the red team would walk into the room where we were to taunt us, we wrote the passwords in white text and would highlight the row to read the password. This way they could not get the new passwords from looking over our shoulder. 
    I also made a fake password sheet that I would purposely leave open when they red team was around. However, I'm not sure if this actually worked to slow them down.
    In the days before the competition, red team had the opportunity to deploy their tools on the machines. This meant that we didn't just have to worry about keeping our services up, we also had to make sure they couldn't maintain access. A large portion of time during the competition was spent looking for and cleaning up and backdoors the red team left. One of the pieces of malware we found in all of the Linux machines was a bash script that would connect back to a c2 server hosted on Digital Ocean. 
    At one point I caught red team logged into a machine, running commands via Ansible.
    Overall, the competition was a lot of fun. The red-teamers from UB and RIT did a great job at making fun and challenging problems for us to solve.