The Soda City Battleground (SCBG) is a city-sec lab environment that is meant to resemble an enterprise environment as closely as possible. It is meant to allow newcomers to the Information Security field to have a place where they can make mistakes and not adversely impact a production environment. It is our hope that this lab environment will provide much needed hands-on training for those that do not have an opportunity to gain the experience they need to qualify for an Information Security job.
How are you going to do that?
SCBG will be comprised of of three teams: Red, Blue and Purple. The Red team will be responsible for attacking the environment, Blue team will be responsible for protecting the assets and Purple team will be responsible for upkeep and advisement of the two groups. Red and Blue teams will contain people that are new to information security. Purple team will contain experienced professionals.
Acts as an external threat actor to the environment. Their purpose is to infiltrate the environment and gather as much information or intellectual property as possible. It is also possible that the red team may choose to simply disrupt operations. Any findings or actions that the red team makes must be recorded so that it can be presented as a report later.
Acts as the security team within the environment and is responsible for securing and monitoring the assets. It is blue team's mission to keep the business running as smoothly as possible while keeping assets as secure as possible. Much like red team, blue team will have a requirement to document any anomalies or changes that are made to the environment.
Depending on the current phase of the battle purple team will fill one of two roles: advisement/business leader or administrative. During an attack/defend cycle purple team will act as a guiding hand for the red and blue teams. The teams will be free to consult with members of the purple team while not actively attacking/defending. Additionally, the purple team will act as the business leaders for the blue team and referees for the red team.
Once a phase has come to close the teams will be gathered under the banner of the purple team to share findings and present their reports.
What are cycles and phases?
A phase is comprised of a number of cycles. A cycle is a set amount of time that one team has to prepare then execute a plan. For example, during the planning stage of red team's cycle they would want to collaborate about the best way to go about attacking the environment and where to focus efforts. Once the planning stage is over (this will be a set amount of time) the execution stage will begin. During this time red team will need to execute the plan that was developed during the planning stage. A cycle is similar for the blue team except that it is the inverse of red team. This means that while red team is planning an attack blue team is bolstering their defenses.
A phase will be considered complete when it has reached the set amount of cycles. There is not currently a set number of cycles that a phase must contain to be considered complete. The number may vary from phase to phase to provide a better chance for each team to develop stronger attack/defense mechanisms and techniques.
Once a phase is complete the environment can be torn down and started new or persist to allow for an extended battle.
How do you know who wins?
For fear of sounding like a block of sharp cheddar... EVERYONE WINS!!!! Seriously though, at the end of a phase the teams will gather to share experiences and hopefully some "Ah ha!" moments. If you recall from earlier each team will have comprised a report/document that shows what they accomplished. This will provide purple team judges with a way to fairly decide a winner. If red team executed an attack that blue team didn't stop or catch then hats off to the blue team. If blue team successfully defended a red team attack then blue team will have won.
To infinity and beyond!
As you may have gathered by now this project is a rather large undertaking. There are plenty of questions left unanswered at this time but rest assured that they will be answered in time. In the future we will look to take the members of ColaSec that have participated in SCBG to competitions in the hope of winning prizes, fame, and much swag. It is also a dream that other city-secs will start similar projects so that we can connect and face off; battleground vs battleground. We hope that you can find time to participate in some form or fashion.