Event Rules
Event Rules Overview The code of rules governs the participation in and attendance of the 2010 Tiger Trap event. Tiger Trap is a 503c non-profit organization whose governing committee is comprised of the members of the InfraGard Alliance. In order to protect the participating members, all prospective participants must apply for and receive clearance through InfraGard. Additionally, participants must attend 3 of 5 pre-event team meetings and training sessions. This will be a multi-day event across several 'shifts', so team members will cross-train each other to ensure continuity of effort throughout the exercise. Team meetings and training sessions will occur November 2009 - February 2010. The event will culminate with a FREE half-day training session in May 2010 for all participants. Please see our Schedule page for details. Please visit our Contacts page to apply.
We recognize that cyber-security and IT professional participants seek to attend and learn from these events under professional rules and conduct. Tiger Trap officials reserve the right to deny access or remove any participant found to be violating the event rules. Please note that specific team assignments may be modified to meet the learning needs of the entire group.
Each team will be lead by two co-Captains. These members will be responsible for liaising with the White Team officials, ensuring team member participation, attendance & rule adherence and directing team efforts.
Each team will be staffed with a team auditor(s). The auditors will chronicle team activities, successes, failures and serve as White Team official liaisons.
Auditor notes/reports will be instrumental in creating training content for delivery at the end of event training session.
Each team will be staffed by security professionals from various backgrounds and industries. Participants can and are encourgaged to bring their own laptops and portable devices to the all sessions, including the Capture-The-Flag event.
AND, for the 2010 event we are proud to announce that participants may act as a mentor and bring one non-active observer.
This offers a great opportunity for you to expose new and/or aspiring security professionals to a crash course in cybersecurity.
In the 2010 event scenario, the White Team (officials) are the owners of a distributed, publicly traded beer manufacturing company (Tiger Trap Ale). The management of Tiger Trap Ale(TTA) suspects a breach of sensitive information has occurred and retained the services of Blue Team Consultants for incident response, containment, defense and consulting. In addition to the loss/compromise of sensitive data, TTA fears that any public exposure of the compromise or black market sale of their 'secret formula' could result in brand damage and loss of revenue. It is up to the Blue Team to determine if a breach has occurred, what happened and whether or not to pay Red Team ransom! Due to the nature of various types of sensitive information that may have been compromised, TTA also has regulatory concerns such as PCI, SOX, GLBA, etc.
Red Team attackers are actively hacking the TTA network to obtain sensitive information ('flags') such as SSNs, account numbers, financial data and the 'secret formula'. Furthermore, the Red Team has the opportunity to extort captured TTA data or compromised systems for ransom. In this scenario, the extortion may be real....or it may be a clever bluff to blind/confuse Blue Team defenders. At the midpoint of the final day, the Blue Team must decide whether or not to advise their TTA client to pay the Red Team ransom. The accuracy of their advice determines success or failure.
This scenario creates a game within the game.
Tiger Trap 2010 will be a multi-week event, culminating with the three (3) day onsite hacking challenge and half-day training events held in Baton Rouge, LA. Red Team members will be given 4 weeks to conduct remote probing and reconaissance efforts. Malware distribution or back-door coding is prevented at this time. The Blue Team will be given 5 days for remote analysis and planning prior to the onsite challenge event. Devices will be reimaged prior to the three day challenge phase, to ensure valid event configuration.
Capture Points (CPs) are awarded when the Red Team captures a uniquely identified 'flag' file. Each device will be seeded with 'flags', each with a defined point value based upon the server CMMI score. Device flag points are zero sum game, so a capture by the Red Team results in an increase for them and a corresponding decrease for the Blue Team.
Team Control Points (TCPs) are awarded daily when the Red Team compromises a device within a CMMI score-based security zone.
The Red Team recieves the full daily TCPs when they demonstrate successful command and control of a device at each daily debriefing.
The Blue Team recieves the full daily TCPs when they demonstrate successful defense of such attack at each daily debriefing.
NOTE: Limited Remote social engineering and Denial-of-service attacks will be allowed!
To mimic real-world scenarios, the Blue Team will be faced with operating within TTA service level uptimes. Blue team actions will be restricted by usage and service level type rules, typical in a consulting role. Servers and databases will be given defined criticality and access levels based upon the Capability Maturity Model Index. These levels will determine the required system uptimes.
Participants will receive a detailed rules package at their team meetings.