Cyber exercises “CyberCamp 2024” through the eyes of a Guest

A three-day cybersecurity championship took place in early October federal level.
You can read about what it consisted of in various media, for example, on RBC.

I won’t retell the news, I’ll only highlight the most important points for the article:
1) You can take one of the sides:
attacker (red), architect (yellow) or defender (blue).
2) You can participate in the team competition.
In my opinion, this is a story for specialized companies; it is clear that “site developers” do not pose a threat to information security.
3) You can participate in the individual competition.
Those. the participant acts as an independent unit and competes with others like him.
This is already more interesting and this is where the decision was made to apply.

As a result the author turned “blue”earning points (“saibas”) for your “blue faction” and competing with other participants.
It was fun, difficult, but educationaland all the details “through the eyes of a Guest” are described below 🙂

The first thing that greeted the guest was broadcast.
I will immediately note the high level of the speakers and the attempt to present the material in a way that is understandable to any listener, and not just information security specialists.

Although it was obvious that without minimal knowledge in the field of information security it would be difficult, but the speakers really tried to convey their experience to everyone.

The main topic of the speeches is Cyber Kill Chaini.e. chain of attack that needs to be interrupted.
Each of the elements was constantly highlighted in presentations in one way or another.

By the way, the most first task was on exactly this topic and was checking to see if you even know what it is.
This is how I managed to earn my first 40 “cib” coins 🙂

This is what the CyberCamp 2024 broadcast looked like

The accumulated cybs made it possible to buy various themed merch in the store.
Socks, sweatshirts, T-shirts, etc.

Personally, I liked the stickers that were given free of charge with any purchase, and the cat icon in the box – competition symbol.

It is worth noting here that the cheapest gift, which by coincidence turned out to be that same cat, cost as much as much as 500 saibs!
And in order to win it, you had to try, because one task on average gave only 40-50 saib.

There were several options to earn saib.
One of them was entertaining task in the style of “Snake”which gave about 20-30 saib per day.

And if at first it seemed to me that this would be a “simple walk”,
then it turned out that it was the most difficult task on reaction speed.

The essence of the task simple – a snake for a while,
we collect “vulnerabilities” (red crystals), hide from the defense (blue arrows) and go around the architects (yellow crosses).
However, at each stage either acceleration occurred, or walls appeared, or the snake began to blink/disappear…

As a result, completing it turned out to be quite difficult and only on 1 of 3 days I managed to get my winnings for it, having spent about 2 hours completing it.
It was a matter of principle 🙂

And if the presence of the game was obvious, then here is the presence “Easter eggs” at the Exercise Headquarters had to be searched daily.
Each Easter egg gives a standard task.
If you manage to answer the task correctly, you get coins.
No “freebies” 🙂

This is what the CyberCamp 2024 Headquarters looked like. If you wish, you can send your options in the comments, where they are hidden, and I will definitely answer :) — This is what CyberCamp 2024 Headquarters looked like.
If you wish, you can send your options in the comments, where they are hidden, and I will definitely answer 🙂

One of the tasks on the first day was to find “4 parts of code” in the broadcast.
And as it turned out later, at 18:00 the Headquarters’ working day ended and the employee left his desk chair, turning off the computer.
And this was a rather unexpected Easter egg element!
That's exactly how I feel managed to miss my first saibs already having 3 out of 4 parts in hand 🙂

In addition to the Headquarters, registered Guest-Participants had access to “Quest Board”.
And this is where the main brainstorming took place.

Even the first glance at the board is enough to understand that the tasks were compiled by different teams and in different directions.

Their “weight” was comparable, but the knowledge that was required for the solution was completely different.

All CyberCamp 2024 tasks can be divided into three types: architecture, pintest, incident investigation — All CyberCamp 2024 tasks can be divided into three types:
architecture, pintest, incident investigation

I would like to note right away that some tasks, for example, “Attack surface analysis. Hard”which was a search for vulnerabilities of a specially raised WordPress site, I was never able to solve – I simply did not have enough skills.
In the photo above you can see that the task gave 0 out of 70 saibs.

There were tasks to analyze logs that gave A LOT of saibshowever, they were complex even at the stage of loading data for analysis.
For example, the source of Windows logs from the task “We're in trouble!” Already at the entrance it weighed about 3.3 GB!
My skills were only enough for 14 saibs out of 210 possible.

At the same time, there were also simpler tasks, for example, finding errors in user security settings, as shown in the table above.
But also saibov for such tasks gave much less.

What other tasks were there?
Very different!
It will not be possible to describe everything, but I will try to highlight them at least by category.

This is just part of the tasks of just one day of the CyberCamp 2024 exercises

About 50% of the tasks were in the “choose 1 answer out of 4” format, but even Google/Yandex did not help with simply “guessing”.
The text is composed very competently.

Some of the tasks were related to assessing the attribution of attacks, for example, the task “Model Diamond”in which it was necessary to determine the hacker group based on the characteristics of the objects being attacked, the victims, the motivation of the attackers and the potential location of the base.

I managed to master working with the Diamond model thanks to CyberCamp 2024

There were also interesting incident investigations using logs.
Moreover, the tasks were for both Windows and Linix.
And the format ranges from full copies weighing 3 GB to simple txt with logs of 50-100 KB.

Obviously, even a simple txt was fraught with a number of pitfalls.
Specifically, in the example below, one of the parts of the assignment was:
“Find the moment when the user's account was compromised.”

At the same time, Failed login works for every user 🙂

Assignment from CyberCamp 2024. Can you find the moment at which the user’s account was compromised? :) — Assignment from CyberCamp 2024.
Can you find the moment at which the user's account was compromised? 🙂

Another interesting vector was study of real attack patterns.
A detailed description of incidents in the “.afb” format provides a significant amount of information, which means that studying such a file requires many times more time.

It is worth noting that the very presence of such files allows improve your skills for everyone:
1) “Blue” improve logging and incident analysis skills
2) “Yellow” assess architecture weaknesses
3) “Red” look at where they can be caught and how exactly the Blues will do it

The attack patterns from CyberCamp 2024 were so large that they did not fit even when the picture was zoomed out.

Every day there were entertaining tasks “for 5 saib” 🙂
In one of them I even managed to get into the TOP 3!
And for this they gave a significant 50 coins!

The task itself consisted of reviving a famous meme using any neural network.
The video had to be short, no more than 5 seconds.
Since my work tasks included experiments with neural networks, creating a promt did not pose any difficulties.

Example "tasks for 5 saib" from CyberCamp 2024 — Example of a “task for 5 saibs” from CyberCamp 2024

There were also tasks for DDoSon Honeypoton Knowledge of ransomwarefor understanding phishing and searching for real sources of sending letters.

There was work with Virustotalbecause it does not always give correct results and you need to evaluate other parameters of links/files.

Analysis detection ruleserrors system file configurations and recovery encrypted data.
Were assignments and management in information security, but not very much.

And of course 3 days of 8 hours of speaker presentationswho analyzed the cases in detail and tried to highlight important points.
It’s worth noting here that the “analysis” was structured in such a way as not to provide a ready-made solution to the problems, and that’s great!

What is the result?

Viewers of CyberCamp 2024 in the chat highly appreciated the skills of the presenter. I fully support their point of view! You have to try to maintain interest in the event for three days :) — Viewers of CyberCamp 2024 in the chat highly appreciated the skills of the presenter.
I fully support their point of view!
To maintain interest in the event for three days – you have to try 🙂

The victory in the team competition went to the attackers.
This time the “sword” won.
This means that the demand for the “shield” will become increasingly higher.

According to research,
That demand for information security specialists already 2 times higherthan the available offer.
And given that in the first half of 2024 (according to Positive Technologies specialists) Russia tops the list of leaksthe fact of further development of this direction towards improving protection becomes obvious.

What about Individual competition?
Did you manage to achieve anything other than winning the “memes competition”? 🙂

Rating dynamics in the CyberCamp 2024 leaderboard

All three days we managed to maintain a stable level in the ranking.
However, the place changed several times a day and the intrigue remained until the last moment!
In recent hours the location has changed almost every 10 minutes!

On the first day managed to take 565th place,
on second day rose to 533rd place,
but in the end third day I was “knocked out” to 575th place.

Conclusion:
1) Managed to get into TOP 10% best within the individual competition.
2) 574 people know the information security topic betterwhich means there is definitely something more to learn.
3) Managed to get ahead of 5,497 people…a small thing, but nice 🙂
4) Found out a huge amount of new and received information about where there are weak points in my knowledge.

It is worth noting that in the CyberCamp 2024 ranking, no one reached the maximum number of points.

Essentially I was able to do only 34% from possible tasks.
However, 90% of the participants in the individual competition did not reach this value.
Best from rating (hydr) got to 80%!

Here I would like to express my gratitude to the organizers for making it exactly competition with training elements, not a simple Hackathon!
No one managed to get 100 out of 100, which means everyone understood where their “growth zone” was!
It would be a shame to spend 3 days without learning anything new.

Is it worth participating in such competitions??
Definitely!
3 days of intensive will greatly expand your horizons.

Will it be difficult?
It will definitely be!
Don't expect all tasks to be easy to solve.
Some of them will require you to learn new approaches that you were not previously familiar with.

Does this take a lot of time?
Yes.
If possible, it is better to allocate vacation days for this.
This will help you focus on tasks and reduce your stress levels.
I had to look through some of the entries after work 🙂

And also this nice community And no toxicity.
Overall, my opinion about the event is:
“The game is worth the candle”!