Columbia's Information Security Group

A free and informal gathering of information security professionals and enthusiasts in Columbia, South Carolina at the USC/Columbia Technology Incubator on the 3rd Tuesday of every month at 6:00 PM.

@Cola_Sec, #ColaSec, @USCColaInc

Image credit: Zach Pippin

VPN Iniltialized

On Friday (Dec. 14th), Clay helped us setup a DigitalOcean droplet for a simple OpenVPN into the Battlegrounds environment. We also setup a connector on one of the Ubuntu servers in the server rack to connect it all up. We tested it and all seems to work nicely!

The next step is to move the OpenVPN to PFSense on the Barracuda, that way we can run 24/7 on minimal power requirements. After that, we'll need a way to use WOL so we can, in theory, remote in, fire up the server we want to work on, then shut it back down and log out. 

June 2018 Update

4 more hosts rebuilt to 2012; MD1200 DAS attached to 1 host; updated inventory; Next steps: Need to share MD1200 with all hosts so VM data can live on MD1200, then start building VM’s; Need to finish building PFsense and work on firewalling.

Long time, no update.

Much progress has been made. Hyper-V has been chosen as the hypervisor of choice. Hardware has been racked. Much thanks for those that came out last week (Feb. 1) and this week! We currently have 6 servers configured and ready to roll. Network config is up next on the to do list. Below are some pictures of the progress. Look forward to some information about the teams and additional info.

The ThinkTank gathers to perform the hardware resurrection chant.

The ThinkTank gathers to perform the hardware resurrection chant.

Have you tried turning it off then back on again?

Have you tried turning it off then back on again?

Switch configuration.

Switch configuration.

Tiny laptop. Yes, it really is a tiny laptop.

Tiny laptop. Yes, it really is a tiny laptop.

It's alive!

It's alive!

Now with more server.

SCBG has received another donation! We have added 2 Dell 1950s to the ranks; one of which has 32 GB of RAM. I will be scheduling a meetup soon to begin work on cracking the Dell KVM and setting up the servers and VPN tunnel. Look for that invitation sometime soon.

​​​​​​​What is the Soda City Battleground?

The Soda City Battleground (SCBG) is a city-sec lab environment that is meant to resemble an enterprise environment as closely as possible. It is meant to allow newcomers to the Information Security field to have a place where they can make mistakes and not adversely impact a production environment. It is our hope that this lab environment will provide much needed hands-on training for those that do not have an opportunity to gain the experience they need to qualify for an Information Security job.

How are you going to do that?

SCBG will be comprised of of three teams: Red, Blue and Purple. The Red team will be responsible for attacking the environment, Blue team will be responsible for protecting the assets and Purple team will be responsible for upkeep and advisement of the two groups. Red and Blue teams will contain people that are new to information security. Purple team will contain experienced professionals.

Red Team

Acts as an external threat actor to the environment. Their purpose is to infiltrate the environment and gather as much information or intellectual property as possible. It is also possible that the red team may choose to simply disrupt operations. Any findings or actions that the red team makes must be recorded so that it can be presented as a report later.

Blue Team

Acts as the security team within the environment and is responsible for securing and monitoring the assets. It is blue team's mission to keep the business running as smoothly as possible while keeping assets as secure as possible. Much like red team, blue team will have a requirement to document any anomalies or changes that are made to the environment.

Purple Team

Depending on the current phase of the battle purple team will fill one of two roles: advisement/business leader or administrative. During an attack/defend cycle purple team will act as a guiding hand for the red and blue teams. The teams will be free to consult with members of the purple team while not actively attacking/defending. Additionally, the purple team will act as the business leaders for the blue team and referees for the red team.

Once a phase has come to close the teams will be gathered under the banner of the purple team to share findings and present their reports.

What are cycles and phases?

A phase is comprised of a number of cycles. A cycle is a set amount of time that one team has to prepare then execute a plan. For example, during the planning stage of red team's cycle they would want to collaborate about the best way to go about attacking the environment and where to focus efforts. Once the planning stage is over (this will be a set amount of time) the execution stage will begin. During this time red team will need to execute the plan that was developed during the planning stage. A cycle is similar for the blue team except that it is the inverse of red team. This means that while red team is planning an attack blue team is bolstering their defenses.

A phase will be considered complete when it has reached the set amount of cycles. There is not currently a set number of cycles that a phase must contain to be considered complete. The number may vary from phase to phase to provide a better chance for each team to develop stronger attack/defense mechanisms and techniques.

Once a phase is complete the environment can be torn down and started new or persist to allow for an extended battle.

How do you know who wins?

For fear of sounding like a block of sharp cheddar... EVERYONE WINS!!!! Seriously though, at the end of a phase the teams will gather to share experiences and hopefully some "Ah ha!" moments. If you recall from earlier each team will have comprised a report/document that shows what they accomplished. This will provide purple team judges with a way to fairly decide a winner. If red team executed an attack that blue team didn't stop or catch then hats off to the blue team. If blue team successfully defended a red team attack then blue team will have won.

To infinity and beyond!

As you may have gathered by now this project is a rather large undertaking. There are plenty of questions left unanswered at this time but rest assured that they will be answered in time. In the future we will look to take the members of ColaSec that have participated in SCBG to competitions in the hope of winning prizes, fame, and much swag. It is also a dream that other city-secs will start similar projects so that we can connect and face off; battleground vs battleground. We hope that you can find time to participate in some form or fashion.

The Story So Far

Welcome to the first post about the Soda City Battleground! I am proud to announce that we are trying to get this project off of the ground. This blog will be used as a means of record keeping and to provide updates about the project as it progresses.

If you missed the first meeting about the Soda City Battleground (SCBG) then shame on you. ;) We have compiled an inventory of the hardware that we currently have. It has been discovered that we need more RAM; and lots of it! If you have questions feel free to post in the ColaSec Google group and someone will respond. If you are interested in donating hardware, time, kind words or other resources please let us know! 

A signup can be found on the cover page for the SCBG. This signup will be used for new people that want to participate in the project. Please keep in mind that SCBG is not operational at this time but we are still taking signups. There is a lot of work that needs to be done ahead of time before we are ready to truly begin battle. Additionally, signups will have to be processed manually so please be patient as this means that we have to have a real live actual human prepare accounts and such.