Daily Blog #748: National CCDC 2025

 

 

Hello Reader,

For over 15 years, I’ve had the honor of serving as the red team captain for the National Collegiate Cyber Defense Competition (NCCDC). Since its inception in the early 2000s, NCCDC has evolved from a  a handful of schools into a premier, nationwide event that now attracts teams from over 180 institutions across the country. This competition is more than just a contest—it’s a rigorous, real-world simulation where our nation’s next generation of cyber defenders learn to tackle emerging threats head-on (us).

At NCCDC, we simulate live attack scenarios, leveraging the very tools and techniques that threat actors use in the field. Every year, I bring together the most effective strategies and custom tooling I've encountered in my real worfk, challenging collegiate teams to defend against sophisticated, dynamic cyber engagements. The environment is intense, and every engagement is a testament to the creativity and resilience of our future security professionals. Don't feel bad for these college students they train all year long to have a chance of locking us out.

What truly sets NCCDC apart is its lasting impact on participants. Many past competitors have gone on to become leaders in the cybersecurity world—working with top-tier companies, federal agencies, and innovative startups. Our alumni network is a vibrant community of experts who continue to shape our nation’s cybersecurity landscape, using the skills honed in these competitions to safeguard our digital future. 

Now, as we gear up for another exhilarating season, I’m reaching out to all skilled individuals ready to step into one of the best cyber simulations on the planet. Ever year I put out a call for the limited number of volunteer spots for our red team—those with a knack for thinking like an adversary. If you have a proven track record demonstrated by a robust GitHub portfolio, innovative custom tooling, and a passion for making our digital world more secure, we want to hear from you.

This is your chance to:

• Challenge Yourself: Engage in realistic simulations that push your skills to the limit.
• Inspire Future Defenders: Share your expertise with tomorrow’s cybersecurity leaders.
• Be Part of a Legacy: Join a community whose alumni have gone on to make significant impacts in cybersecurity nationwide.
• Be Destructive: We are one of the few competition that allows the red team to take down blue team infrastructue and forces them to rebuild and defend.
  

If you believe you have what it takes to survive in one the best cyber simulation engagements, please email your resume and GitHub portfolio to dlcowen@gmail.com.

Also Read: What I look for when reviewing external ips

Read More

Daily Blog #662: Forensic Lunch 4/3/20 - Discussion on WinSCP, Linux Forensics Course, SANS DFIR, and More

Hello Reader,
   Today we had another episode of the Forensic Lunch!

On this episode:

• Mari Degrazia (@MariDegrazia) discussing her research into WinSCP and later movement, you can read more here: http://az4n6.blogspot.com/2020/02/detecting-laterial-movment-with-winscp.html
• Hal Pomeranz (@hal_pomeranz) talking about his new Linux Forensics course that you can download here: https://ia801406.us.archive.org/6/items/HalLinuxForensics/HalLinuxForens ics_archive.torrent
• Alex Levinson (@alexlevinson) Gave an update on the National Collegiate Cyber Defense Competition which as gone all virtual this year
• Matt Seyer (forensic_matt) talked about our upcoming SANS DFIR presentation and tools he's working on
• Sarah Edwards (@iamevltwin) gave colorful commentary and meaningful insights 

You can watch the show below:

Also Read: Daily Blog #661

Read More

Daily Blog #556: NCCDC Red Team Call for Volunteers

Hello Reader,
         It's coming around to CCDC competition time for much the of the United States, some schools are already in invitationals. This is the yearly call for volunteers for the NCCDC red team. If you have the following to bring to the table:

• Custom malware
• Custom command and control 
• An active Github repository 
• The ability to lay low and persist with an active defender

If so, email your cv to volunteer@nccdc.org Spots are limited each year for volunteers and we hope to hear from you. 

Also Read: Daily Blog #555

Read More

National CCDC 2018 Redteam Debrief

Hello Reader,
       Another year of CCDC is over and another winner has been crowned.

For those of you just here for the presentation, here are this years debrief slides:

https://www.dropbox.com/s/o2fkwbjsefq1ixk/NCCDC2018.pptx?dl=0

For those of you looking for more:

This year at Nationals we had a lot of success as a red team From 0 knowledge (Except ips in scope) to plain text credentials in 3 minutes ensured that our initial load of persistence was successful. However like in all great pursuits it was not perfect. This year we attempted different delivery and propagation techniques that need to validate our malware was successfully implanted to make sure all systems are talking to us.

Speaking of talking to us this year teams got better at their egress filtering and locking down incoming services. This means we have to get better at backdooring existing services and work on techniques that don't require call backs that egress filtering will stop.

Lots to plan, lots to do for next year. 

Also Read: National CCDC 2019 Redteam Debrief

Read More

National Collegiate Cyber Defense Competition Red Team Debrief 2017

Hello Reader,
        I've been busy lately, so busy I didn't get around to posting this years red team debrief from the National CCDC. After just leaving Blackhat/ Bsides LV/ Defcon and running our first Defcon DFIR CTF I thought it was important to get these up and talk about the lessons learned.

The Debrief

First of all for those of you coming just to get the presentation its below:
here: https://www.dropbox.com/s/fy23c7wi35qe81b/NCCDCRedTeamDebrief2017.pptx?dl=0

For those of you who have no idea what any of these means, let me take a step back.

What is CCDC?

The National Collegiate Cyber Defense Competition ( CCDC ) is a now 12 year old competition where colleges around the United States form student teams to defend networks. CCDC is different from other competition involving network security as it focuses strictly on defense. Students who play are put in charge of a working network that they must defend, the only offensive activity in the competition comes from a centralized red team.

The kind of enterprise network students take charge of changes each year. Past years business scenarios have included:

• Private Prison Operator
• Electric Utility
• Web hosting
• Game Developer
• Pharma
• Defense Contractor
• and more!

The idea is that the last IT team has been fired and the student team is coming in to keep it running and defend it. While the students are working on making sure their systems are functioning they also have to watch for, respond to and defend against the competition red team. 

Scoring happens a couple ways. 

Students get points for:

• Keeping scored services running (websites, ecommerce sites, ssh access, email, etc..)
• Completing business requests such as policy creation, password audits and disaster recovery plans
• Presenting their work to the CEO of the fake company
• Responding to customers 

Students lose points for:

• Red team access to user or administrative credentials
• Red team access to PII data
• Services not responding to scoring checks aka services being down
• SLA violations kick in if the service stays down for a period of time

There are now 160 universities competing in 10 regions across the united states. If a student team wins their region they make it to nationals where the top 10 teams in the country compete for some pretty amazing prizes, including on the spot job offers from raytheon. 

If you are a student or a professor who would like to know more about competing you can go here: http://nccdc.org/index.php/competition/competitors/rules

What is the National CCDC Red Team?

The National CCDC Red Team is a group of volunteers who works to build custom malware, c2 and exfiltration and persistence strategies to bear each year to give the students the best real world threat experience. I'm the captain of the red team and have been for the last 10 years.

How do I get on it? 

When the call for volunteers goes out send a resume to volunteer@nccdc.org.

Be advised our threshold for acceptance is very high and we look for the following:
- Active projects on github or otherwise to show your experience
- Real experience in developing, maintaining and layering persistence
- Custom malware kits that are unpublished to bring to bear

We don't care about certs, years of experience or who you work for. We need people who can not only get in (the easy part) but to stay in over a two day period of competition while an aggressive group of defenders seeks to keep you out. 

Also Read: Daily Blog #381 National CCDC Redteam Debrief

Read More

Daily Blog #381 National CCDC Redteam Debrief

Hello Reader,
     The 11th year of the National Collegiate Cyber Defense Competition has ended, congratulations to the University of Central Florida for a their third consecutive win. I hope you make it back next year for another test of your schools program and ability to transfer knowledge to new generations of blue teams.

If you want to show your support for my efforts, there is an easy way to do that. 

Vote for me for Digital Forensic Investigator of the Year here: 

https://forensic4cast.com/forensic-4cast-awards/

However the team that won over the Redteam was the University of Tulsa who came with a sense of humor. Behold their Hat and Badges:

Also you have to check out the player cards they made here:
https://engineering.utulsa.edu/news/tu-cyber-security-expert-creates-trading-cards-collegiate-cyber-defense-competition/

Here is an my favorite:

You can download my Redteam debrief here:
https://drive.google.com/file/d/0B_mjsPB8uKOAcUQtOThUNUpTZ0k/view?usp=sharing

Also Read: Daily Blog #380: National CCDC 2016

Read More

National CCDC 2015 Red Team Debrief

Hello Reader,
              Here is this years Red Team debrief. If you have questions please leave them below.

https://drive.google.com/file/d/0B_mjsPB8uKOAWnY5ZERHX0RUWEU/view?usp=sharing

Also Read: Daily Blog #380: National CCDC 2016

Read More