tldr; It was fun and very similar to CyberPatriot. Don’t expect all the answers to the images.
Overall Thoughts
On 10/9/21, I competed in Hivestorm 2021. I guess this is becoming an annual series, so I decided to keep the same format as last year. Once again, I was on Linux team for this competition, but this time my team were full of my previous year’s CCDC team. Our goal was not to score the highest scores, but to ensure that our newer CCDC team members got a taste of what a cybersecurity competition may look like. Many of the same expereiences I had last year repeated itself. I am pretty sure that this year’s Hivestorm competition images were the exact same as CyberPatriot 2021’s Round 4 images. Although we did little worse placement-wise than last year as a team, we ended up scoring essentially the same number of points but with much less effort which is a testament to our improvement of both ourselves the rest of the teams competing.
“Would you compete in Hivestorm again?” Yeah, probably. Since the rules page doesn’t seem to have restrictions against students from different schools competing together, I might try again with different friends, but who knows. I know I said that last year, but next year maybe I actually will.
The Ubuntu Image
Even though I was mainly focused on the Ubuntu image this year, I want to make it abundantly clear that I was not competing to win this year.
First, this year the Ubuntu image had a Samba server running that needed to be secured on top of the OS itself. A couple of the forensics questions were concerning the Samba server as well. This was pretty refreshing since the typical image in Hivestorm is just a LAMP stack. From what I gathered, many people struggling to work with Samba since they are more familiar with SMB shares running on Windows. One thing that most people hopefully look up was the Samba config file: /etc/samba/smb.conf. This is where you can configure all of the Samba settings and shares. For example, you can list the allowed users for each share. Some of the vulnerable settings in Samba included anonymous/public shares and writable/browseable shares. Sometimes having writable and browseable shares are important, but in this case the directory that was being shared did not need them, so I disabled those settings. For one of the forensics questions, the goal was to find the intersection of users allowed to access a certain share and existing Samba users. As previously mentioned, you can find the allowed users in the smb.conf file. To find the list of existing users you can use:
sudo pdbedit -L -v
Once you have the two lists of users, you just need to see which users are in both lists. As a rule of thumb, you should always check up on your critical services to make sure other configurations not stated here are in line with your security best practices.
Second, a large number of points (~15-20) came from updates, removing packages, and update settings. Some people may think that for a security competition, this weighting is bad because updates are so simple. In the real world, however, updating and maintaining systems and their software is a very serious responsibility of sysadmins. Vulnerabilities and exploits are being released every day, so it is very important to stay up-to-date with the latest security patches.
Third, as always, password configuration and user authentication are always free points up for grabs. Since PAM was installed, you could just configure it there.
Of note, I got totally trolled by one of the forensics questions and was stuck for half the competition because there was more than one of the same file with one modification. Since I found the first file, I assumed it was the correct file, but as it turns out - it wasn’t. Hate it when that happens.
At the end of day, we got 68 points on Ubuntu.
The Debian Image
The Debian image this year was fairly tame. Nothing that we hadn’t see before, so I was mostly hands off. I was able to score some points while configuring various system configurations like password policy and sudo configurations. Also, got a number of points for securing the Linux kernel, so that’s a good place to research if you ever get stuck. Simple things like firewall, updates, user auditing, and the like should always be on your checklists because they are always worth points. Obviously, points represent a real-world objective, so don’t take them lightly.
For Debian, we ended up getting 78 points.
Advice
If you’re looking to compete in a future Hivestorm event, I highly recommend it if you’re just getting into cybersecurity or just want to try your skills. If you competed in CyberPatriot, you should have a good idea of what to expect. Honestly, even CyberPatriot competitors can use these tips. See my post from last year.