Assumptions
You’re a college student looking at completing in a blue team competition.
What You’ll Learn
- What’s Blue Teaming?
- What’s the goal of all this?
What’s Blue Teaming?
Overall, being on the “blue” team is to defend a computer network from a “red” team that performs attacks on the network similar to how real-world adversaries might attack real systems. As a blue teamer, you have to try stop the hackers on red team from hacking your stuff, manage a network, configure systems, and learn stuff, all at the same time.
Yeah, that’s a lot, but its all to give you a rapid-fire, action-packed, and short-term taste of real-world defensive cybersecurity activities. Real-life defending may not usually happen as fast as what happens at a competition (real hackers act slowly so as not raise the alarm), but it’ll give you an intense boot-camp of what to do while working alongside your peers. This can give you new perspectives on computer security, and is a great experience, even if you don’t end up defending networks yourself. It could give you ideas to program new defensive tools, communications skills for teams in high-pressure environments, or even help learning the other side, the red team (like me!).
So What am I Learning?
Blue team competitions give you a taste of a few different cybersecurity jobs, here’s some of them:
- Incident Response - Incident response is what happens when something malicious has happened on a network, and a incident response team is called in to identify the issue and help fix the vulnerabilities. This is basically what happens when you first arrive at the event. The red team is usually given an initial advantage, with pre-placed vulnerabilities and backdoors that give them easy access to your stuff, and your job is to clean up the mess as best and as fast as you can. For more info: https://www.forcepoint.com/cyber-edu/incident-response
- Systems Administration - This is a big chunk of the competition, you have a bunch of systems, and you need to keep them running. You might be even asked to add new systems and services to the network. System administrators (or sysadmins) do this all the time in the real-world, configuring and maintaining systems while ensuring they stay up and available. Sysadmins must be careful though, because changes like as patches and security configurations could cause problems, making applications and systems to go down! It’s a delicate balance.
- Threat Hunting - This is pretty self explanatory, you’re looking for the bad guys on your network. This kind goes along with system administration, as it’s finding the abnormal stuff, the suspicious activities and connections that might lead you to red team actions. Although the real-world might have tools to help you look for bad stuff, your best tools are a sharp eye, good investigation skills, and knowledge of the system and services running. You’ll follow clues to see if something is bad or harmless. Again, drastic and rapid responses may do more harm than good, so you must be careful what you do.
So What Should I Do?
I wrote an article that helps with this here
What Should I Keep in Mind?
- Don’t give up! You won’t learn anything that way.
- Blue team involves a lot of awareness. Be aware of what’s on your systems, what’s running, and what’s going on. Find tools that can help you do this.
- Ask questions of the red team (usually after the event…). Ask what they did and what you could do better. They may now give you the details (a magician never gives away his secrets), but you’ll get an idea of what to prepare for next time.
- Back up your stuff. Make sure you have something to fall back to if you accidentally mess stuff up (it happens!) or red team messes something up (we’ll do that!).
- Be kind to your event coordinators and event staff (usually called white team and/or black team). They’re doing a lot to make the event happen. Be mean to them and you might have red team taking vengeance upon you and your team.
What’s the Red Team Doing?
The goal of the red team is to emulate what hackers in the real-world might do to your services. Hackers are sneaky and stealthy, so the red team uses clever tactics to hide their tracks and activities. Hackers might use multiple paths for attacks, so the red team doesn’t just use a single method to attack blue team systems.
We’re here to help you learn, so be sure to communicate with them to make the most of your experience.
Who am I?
My name is Jacob Hartman. I’ve been in the professional cybersecurity field for 3+ years, with 3 years in collegiate cybersecurity competitions while studying in college. Now I’m usually on the red team for CNY Hackathon and help out with the cybersecurity club at SUNY Polytechic Institute. The content here is based on my experiences on both sides of this type of competition.
| Navigation | ||
|---|---|---|
| Home | Ch 1 > |