ISEAGE CTF Competition Details

Competition Overview

Cyber

Drake's Cyber club is still new to the scene and was essentially founded within the 2024-2025 academic year. During this time, I was part of the small group that participated and brought Drake to its first attempt at ISEAGE in December of 2024. We placed fairly low in the field, but our goal was to learn and come back stronger. To start the 2025 year, we participated in the International ISEAGE CDC on February 22th, 2025. There, we placed in the top 20 out of 40 teams, competing with teams from Kosovo, North Macedonia, and Albania.

Cybersecurity Defense(Blue Team) Active Directory OPNsense Network Security Vulnerability Assessment Incident Response

Our Team's Achievement

Drake's Cyber club is still new to the scene and was essentially founded within the 2024-2025 academic year. During this time, I was part of the small group that participated and brought Drake to its first attempt at ISEAGE in December of 2024. We placed fairly low in the field, but our goal was to learn and come back stronger. To start the 2025 year, we participated in the International ISEAGE CDC in February. There, we placed in the top 20 out of 40 teams, competing with teams from Kosovo, North Macedonia, and Albania.

Key responsibilities and contributions:

Configured and hardened the OPNsense firewall to protect our network infrastructure
Implemented security policies on Active Directory to prevent unauthorized access
Monitored network traffic for suspicious activities and potential attack vectors
Responded to incidents and mitigated threats in real-time
Collaborated with team members to establish a comprehensive defense strategy

Featured in Iowa 132d Wing's Cybersecurity Competition Coverage

Video by Iowa 132d Wing

Video is muted by default

Technical Challenges

Our team faced several technical hurdles while defending CTF infrastructure:

Hardening legacy systems without compromising functionality
Balancing robust security measures with operational requirements
Securing web applications and authentication systems
Implementing effective network segmentation for critical services
Coordinating responses to simultaneous attacks across multiple systems

My Roll

For the competition, it is common to split your team up into different focus areas. Our team divided responsibilities to ensure comprehensive defense coverage where I was in charge of all things Active Directory Related:

Securing the Active Directory

Securing the Active Directory infrastructure was critical to our defense strategy:

Upgraded Windows Server 2016 security with latest patches and updates
Implemented enhanced Kerberos encryption (upgraded from RC4 to AES 128/256)
Reduced default key expiration times to minimize exploitation windows
Re-enabled and properly configured Windows Defender for additional protection
Conducted regular security audits to detect unauthorized access attempts

AD Attack Mitigation

Detected and removed Kerberos Keystealer malware from the domain controller
Eliminated malicious runtimebroker.exe impersonator running unauthorized processes
Implemented strict group policies to prevent privilege escalation
Established secure LDAP configuration to prevent credential interception
Configured detailed security event logging for forensic analysis

User Role Management

Established proper segregation of duties across user roles (CEO, IT Administrators, 3D Printing Technicians, HR)
Implemented least privilege access controls for each domain user
Created specialized security groups to control resource access
Configured time-based access restrictions for sensitive systems
Implemented strong password policies and multi-factor authentication

Domain Controller Hardening

Secured RDP access with network level authentication and appropriate firewall rules
Disabled unnecessary services and protocols to reduce attack surface
Protected against pass-the-hash and pass-the-ticket attacks
Implemented SMB signing and disabled insecure SMB versions
Secured domain admin accounts with enhanced monitoring and protection