BSLV2021 Pros vs. Joes - Closing

good evening i'm dichotomy i am here to tell you all about the pros v joe's game that we just had in besides lv 2021 camp stay at home uh with me is a few of my staff there's a lot of people who couldn't be here today unfortunately but we have some good representation from the red and the blue sides we have buzzsaw who is here from the blue side we have tectonic who is another blue captain who played this year and we have end game who is one of our red fellows again we have so many people who build and run our games through the year and i can't even name them all here i

encourage you to go to pros versus joes.net to check that out but for the next little while we're going to tell you about the game we just ran with all the joes that we had and the amazing time we had with this virtual game uh which is our ninth besides lv if i'm not mistaken uh so with that and without further ado we'll get started i'll give you a quick rundown on what the game is what it is we're all about and then more importantly i'll let our good friends here buzzsaw tectonic and end game talk about the game and their experience uh and the the the joes that they helped and the experiences that had were had in

this game so pros versus joe's is an educational experience it is all about the training of those the joes who are looking to grow their experience and their capabilities in the cyber security realm uh we're part of the hacker community and we try and teach those joes through direct uh involvement with the pros that we have on staff and some of the pros that we might be able to recruit from the wild world we do several games a year besides they'll be as our crown jewel as we like to say it is the premier game that we run we're proud to be here we love the besides lv people and we are so privileged to be part of that community

in our game it is again a combat based game where our blue joes defend a set of network assets that they are given to uh by us uh each there are four teams of joes typically and two of our captains from this year are here buzz on tectonic uh there were two other captains there were two other teams captained by spike roche and zero decay and overclock uh but all these teams faced off to uh basically defend themselves against the red in our environment the red teams are given early access to the environment to emulate those advanced adversaries who have that advantage uh and they are deeply persistent they have all kinds of c2coms they have means

to maintain control of the assets and the whole point of the game is for engagement between those blue joes and the red pros who then are going to give them grief for two days uh there's a series of events that happen through the day which we'll get to but from uh now let me stop talking and turn it over to our people to quickly introduce themselves with a little bit more uh depth i'm going to pan it over to end game for start from the red team and then we'll take it over to our blue brother one so end game sure thing yeah so i'm representing our red cell we've got a great team of just some of the

best professional hackers that i've ever worked with i learned a lot from these guys every year it's just a privilege to be able to work with them and execute a lot of those ttp's dichotomy was mentioning so this year in particular was a lot of a lot of fun uh going through and for me i personally i work a lot more on the linux side and i'm our web weenie so that's kind of my role on the team make sure all the web shelves are deployed i make sure all our typical persistent scripts are backdoored and up in there uh and it's just it's a ton of fun uh watching the blue teams kind of

wiggle around and it's also even more fun going and teaching and showing them where we can uh some of these techniques benefits everybody excellent thank you very much uh busa how about over to you sir um sure so this is a little into my second year with pvj as a staff member i head up our storyboard working group and decided to captain one of the blue joe's teams this year um kind of what i've been doing the times when i've played hands on keyboard in the game is kind of sitting there being abused by end game on the linux boxes um just constantly learning more and more things from them um from the other players who are on the

team or in the team my captain this year it it really is just a constantly ongoing great environment and great tribe to be a member of to be able to learn and expand our knowledge fantastic thank you tectonic how about you my friend uh how you doing tectonic uh this is my fourth year uh with pvj third time captaining and uh you know i could echo everything um always learning every time it's a learning experience the game just keeps getting better and better uh and like buzz saw uh you know trying to wriggle around uh end games uh web webshells he's good at getting them in there and uh but he's also very good at uh

at teaching you know um that interaction between the blue and the red uh is also a massive learning experience and getting to see some of their side and get that interaction is fantastic very good thank you guys um so with that we'll get into it i mean it it this is a little bit of a public hot wash we had a private hot wash just uh 20 minutes ago it ran almost two hours with our joes uh that's kind of the the apex of our game right you know the the blue joes and their captains two of whom you see here who are not here are besides those i've already mentioned nina mulligan is not

here uh but so i think you only have a stock yeah a watchdog of course could happen i'm tired it's been a long time uh very long game um but in either case thank you yes absolutely watchdog he's been fantastic all this time uh but these guys they captain their individual joe teams and they each you know the scoreboard was up there you can find it on the twitters on the uh besides lv and the crosby joe's uh hashtags uh they're all out there but at the end of the day we're gonna go down a little bit of what red team did uh how blue defended and what this game is all about so end game why don't you tell us a

little bit about those things from the red perspective absolutely so as we kind of uh let off a big part of the game is the fact that red cell has access already so there are assets within the environment that do have things we can exploit there's a lot of out-of-date software a lot of default credentials stuff like that but the general idea is that red's not really there to play the game we're we're there to facilitate a conversation we're there to drive the game direction build up some banter between the teams and give the blue team something to defend against and um so with that we do have a fair amount of access prior to game start

where we really get to play around and experiment with what exactly we want the blue teams to be defending against and on the windows side that looks like a lot of really scary things we have a digital flame building some crazy windows malware crazy persistence mechanisms and we're not shy about c2 usage we'll have at least no on the windows side three different c2 programs that we use and just fire them all back and whatever stick sticks and that's where we run with it so we play around with some new tooling here and there and uh from game to game change up the tactics but that on the window side it's it's a lot of login established persistence

default creds mess a lot as where we can with assist internals to make sure we're staying there and uh for us in particular on that side clear text credentials anyway we can get those dumping your lsas processes same databases and just funneling it back to our channels that's that's what we're doing on the windows side and then on the linux side it's similar it's the same kind of over overarching idea we have that access we'll set up ssh keys we'll set up passwords and backdoor accounts very simple stuff but then we'll also drop our c2 tools and our implants and that can range from everything from a typical c2 tool that you'd see or use out in the wild if you're a red

tumor or it can be crazy things like back dooring a whole library for a particular system or even just trying to uh set suit binary so we can prove esk easily once we're back in uh so that's kind of what in a nutshell what we're doing and what it looks like and from that perspective when i when i go into the game and when i play i'm looking at all of the ways we can really manipulate linux and even bsd as operating systems and one of my most fun things to do that typically last most of the game is web shells i've joked about being the webweeny but that's it's useful because and it's it's

particularly useful because of those additional persistence mechanisms those suited binaries there's other ways to get root that don't require exploitation so we can get in easily reroute the box and then deploy the rest of our persistence all back over again and just keep cycling so as long as we have one way in we have five and it works out really well exactly so now having said that buzz sun tectonic you and your teams the two of the four had faced off against endgame and his brother and thoughts on that perspectives from your side of the fence yeah uh i mean one thing that i'd like to point out is uh you know um that through three or three or four

weeks or so that uh red team has prior uh access um really does give uh uh you know an angle of that that uh uh that apt effect right but um what we're also doing on the blue side is we have our teams we draft our teams and we go into training mode um so you know we're prepping we're learning where we're teaching we're having different working groups and different sessions to kind of lead up to the game time to try to get our team as prepared as possible um you know we don't give away too much uh because we want them to be a little bit uh excited and and shell-shocked a little bit um but we

we lead them in the right direction um so you know yet we once the game starts it's all hands on deck boxes come out and uh we're digging in and like uh like endgame was saying there's multiple levers look persistent so it's not just about patching the boxes or putting rules on the firewall right it's about getting them in uh uh doing the threat hunting getting them out getting their persistence out and trying to keep them out uh because like endgame said they're gonna if they have one way in they have five so that's that's the whole aspect of it right exactly no i couldn't agree more but how about your perspective um yeah i mean i'll kind of

keep digging into where tektronik left uh left off there um you know perspective of the idea yeah you get into threat hunting um so it is starting to try and identify where the mis configurations are where the weaknesses are in the system um and you know again being on the linux cli the entire time over the last 30 odd hours and last year as well you start off with the easy things right we start off looking who are the users who looks weird who doesn't look like they belong on this box you know setting rsa keys if you're going to leave those or cleaning those out setting backup accounts then you start digging deeper down into that hardening and

configuration role i i work in grc that's my day-to-day job and configuration management and knowing what you have and what it's supposed to do is really where i try and focus helping our clients out um and i tried to carry that in here tried to get you know my team that we led and our prep our couple weeks of prep tried to get them into the idea of all right learn focus in here's cis benchmarks which you can go sign up and grab for free start looking through these right start studying you'll i'm sure you'll talk about it more mitre attack framework to see what is that flow into a persistent state and how can we find

those persistence mechanisms in some way shape or form even if just the behavior what can we look for within a generic centos system or ubuntu system what can we look for in a win 12 dc um you know things like that so that's where our team went to prep was down that route um i did kind of want to bring up it crossed my mind while tectonic was speaking there our team really had a good gamut of i would say early career security folks down to the true joe's you know a couple kids who were still in college and a lot of them weren't really hands-on cli this year which was okay they were all at least for you know a good chunk

of the time involved watching over people's shoulders um we set up a discord server we had multiple chat channels going on where we were using those to kind of do our documentation about what we were doing to our boxes we had a couple of the video and audio channels available so people could share screens talk about linux talk about windows when purple teaming turned on this morning we had a channel kind of devoted just to that so we have our three or four people who had some offensive experience started diving down there and started working out how can they get around to finding vulnerabilities on other team servers how can we exploit them how can

we get in and send up the flares that red team had been uh kind of running roughshod all over us for the last 24 hours so yeah that's my statement there excellent so there's a couple of comments concepts there that you threw out that i want to draw out and make sure that our viewers understand and one is the purple time right so as i said um and no that's great that you brought it up don't get me wrong um you know it's blue joe's who are defending assets you know web servers mail servers dns uh desktops windows linux the like against you know uh end game and his like and uh but you know and on the

other hand about midpoint of the game this purple time we speak of is where blue gets to go red and they get to have some fun with the offensive side and i think that both you and tonic would agree that joe's really looking forward to that right who doesn't love a little bit of offense uh and so that's what uh our our good friend buzz saw men when he was talking about that purple time uh and then lastly oh what was that other thing you were talking about oh the players the beacons um that you mentioned right so in our environment we have a scoring engine that looks at health and welfare time and it makes sure that those services

web dns all those other things mail are up and running we also check for remote services remote access services like ssh and rdp because of some game mechanic things but also just to make sure that you know these things are running and that's how teams accumulate their points in our game so what what a red team can do or a purple blue team can do in the second half of our game is when they have control of an asset of a given defending team like buzzsaw's team or tectonics team or whoever's they can set up a flare and they can basically call back to the scoring engine a simple transmission to say i'm in control of

this asset and so the scoring engine will acknowledge that we'll deduct some points and it's just kind of a way through the game mechanics to acknowledge that this team hasn't quite expunged all of the offensive elements whether they be true red or the purple blues that happen in the second half of the game um so with that uh tectonic any thoughts on that before we go back to endgame for some of his uh deeper views of the offensive side of things yeah absolutely i mean one thing that you you just said is you know a lot of the joes like like that aspect and the one thing i can say is i know this from experience and even

earlier today uh someone that obviously doesn't do this every day for of their life got their first web shell uh uploaded to a box and got um a call back and he you know a good exclamation oh my god it worked you know right on the zoom channel and and having that feeling and being able to experience because i remember when i did that in my in my first pvj right um it's it's unlike any other ctf i've experienced you got your your hack the boxes you got your other um jeopardy style ctfs and you have walkthroughs or it is a single state box there is so much going on with the pvj game that you're not you're pivoting

back and forth from um you know uh defending a box maybe a firewall windows linux and then being able to go offensive and use potentially use some exploits or maybe even some rss rs ssh keys that you pulled that red team was using on other other machines it's it's an experience unlike ever uh uh anything else i've experienced so you know that aspect of the game is fantastic fantastic so end game it's about time to get back to you and you're then the red side of life uh any thoughts or any maybe things you'd like to start sharing about your ttps and so forth your tactics techniques and procedures yeah so my favorite part of this game was

a hundred percent the firewalls so towards the end of the game this is always a red cell strategy because this is how we make the fireworks happen when scorched earth comes as long as we can maintain control of the firewalls uh towards the end of the game or at least the majority of them will make the scoreboard go red immediately and it just spooks everybody for a minute it's tons of fun so that's always a priority of mine working on the linux side but before we dove into that and really start focusing on on sinking our teeth further than we already had there was a fun idea to um and this may sound more like a troll

than it is a tactic but it ended up being a really great surprise tactic um i think it was uh found it or another red cell member who uh suggested that we throw party parrot into uh the bash prompt right uh normally we have we have a destructive payload for scratched earth that just completely wipes your console and party pair it all day but we wanted something safe uh really simple it was just a curl call but where we what we did is we put it in with the rest of our bash persistence so i'll allude to some of the bash persistence with this uh inside your bash rc uh we have stashed quite a few things uh anywhere

from three to five mechanisms and they look nice and happy safe they look like a normal bash profile it's because they are and they make a call reference to whatever you were expecting after executing our stuff so it's kind of hard to walk through and really find them unless you know something isn't supposed to be there so it's hiding in plain sight well the parrot party pair is really easy to spot because it's called parrot.live uh but what that did was we had a delay after so you had to watch party parrot unless you knew to cancel out you had to watch party parrot for at least five seconds me as a red teamer i know you

have to do that so if i know you're getting back in your box and i'm not quite done with my persistence yet and you keep kicking me out we've been going back and forth if i can get that in there that's five more seconds i have that you don't to go for malware that's all i need um so that was a great ended up being a troll that turned into a tactic for me anyway i used it a lot that was just supposed to be fun and in a similar vein i couldn't get uh because the pf sense boxes are so old you can't curl things like you normally do hard to install packages so what it

did is i took my birthday cake malware that i'm sure some of you guys saw and i just edited it in manually and did the same sleep technique on the firewalls too to buy myself time and that again proved worthy uh because once we had we had all the firewalls back door already but they kept changing the credentials which i didn't like very much um so one of the techniques that we used is i made a backup of the master password file and i set all the corrects back to the default admin pf sense or root psense uh and anytime the credits would get reset uh and we couldn't ssh back in well i had a webshell and i would just

go drop the master password database and i can get back in with that in pf sense that worked all day yesterday started getting caught on to us towards the the morning of today uh so children of the net had the great idea let's just drop ssh keys nobody thinks about ssh keys on pfsense and sure enough no one noticed we had ssh keys on psn the entire time on top of that all the web shells that i had at the start of the game and weeks prior we only had one we had one backup web shell and when we started to notice some more activity people really defending their pf sense boxes um i dropped two more in

inconspicuous locations uh but i didn't even need to we had sh keys and that that one starting web shell the whole time that let us maintain persistence on the firewalls up until the end of the game where we could shut them down and make the scoreboard go to red so that was that was probably my favorite part in some of the insights to the ttps through that that i got out of this game personally nice so bus on tectonic any thoughts on that all his levels of persistence and belts and suspenders all the way down kind of thing i was just here for the giggles man it was it was tons of fun i swear i found one of your rsa keys on

pf cents this afternoon but probably not all of them i think i think you're right i think you did because there was one team i had to kept echoing it back in but that was what the web show was for and if you're not aware uh the web shows on pfsense run as root so i get a root shell in the browser and it's just all right yeah i need to look into the website it's another thing i got to look into from the defensive side you know we talked about it on the other hot wash too you know file integrity things um checking the binaries it's there's constantly going to be something for those of us who play

full-time blue or even part-time blue again diving back to the purple side um there's never going to be an end to our learning and you know red you guys are the great teachers for it exactly tectonic any thoughts to add to that yeah i mean i i i after the game finished i i uh i had a sidebar with uh uh needs a mulligan and i just said i'm for the next game i'm learning you know um bsd and regular shell because i hate maneuvering around that bf sense you know so it's gonna force me to learn something so that i know it for the next game and just dive deeper and and add to

the toolkit um and i was fighting the end game for a while in our uh uh in our pf sense and finally he went to go uh shut up or reboot it and i just canceled the reboot and i locked him out and he couldn't get back into his stuff so the firewall was still past traffic at the end of the game but it was just not in a good state so that was that was fun it was fun nice very good um so i guess uh from the blue side what are some of your tactics in general what are some of the things that you saw that red team did that really caught your attention

oh good good tectonic now you you go um i mean i'll so i've talked a lot about linux um i now do my best to remember what all the teams said about the windows side and you know end game you could probably speak for digi and some of his his teams that side of the team um there was something running and i for everything you know i use windows on a day-to-day basis it's just chrome and excel and word but you know i'm not digging into powershell i'm not an ad admin the amount of persistence and when in the private hot wash maybe it was pookie disclosed the number of mechanisms he had it just shocked

everybody um you know it's my team was rooting through stuff they were trying to find process chains they were trying to find executables that were doing things that were constantly respawning you know the matt damon the spider-man accounts jane whoever else you know we sadly did not see the resurgence for kyle this year maybe next year maybe next game we'll save them a couple months matt damon i think right that happened yeah we'll leave that discussion between matt damon and jeremy renner to twitter um and i i really you know probably should have put damon back in normandy after we found him but no no so you know from the window side the team definitely spent a lot of time over

there um investigating and learning they you know one of the things we stressed in our prep was google will be your friend your cr your browser and google will get a workout over this 36 hour period and it definitely sounded like it for all the chatter that i was overhearing among that side of my team um they were looking they were trying to find out trying to find explanations for what was causing this constant resurgence of 100 matt damon accounts or this that or the other over on on you know the windows side and very similarly on linux side right you know alluded to some of your binaries there end game that would constantly spawn back out and

just let you back in on route um you know it's it's constantly looking for that it's like all right what what's doing this um you know i've looked through the common places i would know for uh for ssh keys i would do a find trying to find text for an rsa key i just you know all through the directories and got lost at a certain point and that's where the limit of my knowledge was over the weekend so now it's okay i see where the next steps are and hopefully the rest of the team as they learned they heard from the private hot wash anybody going to watch this they're hopefully going to start seeing

you know a little bit less of that fog of war ahead of them and their knowledge and they can start picking that up and going from there doing whatever else more pbj in the future other ctfs learn more see what else is out there cool very good very well said um back to you on the red side what were some of the interesting things you saw blue do to defend detect expunge your team things like that yeah so one of the the things that really really put a put a stick in things i can't remember which team but not only pretty much any linux boxes that blue teams could legitimately removed some of the baseline persistence the fake users the

ssh keys items like that that didn't have some kind of service exposure other than ssh maybe it was the dns server maybe it was just a puzzle box or something like that those systems were a lot easier for them to lock down if they got rid of the base persistence because then our only way back in was our c2 which did last most but i did notice one or two boxes did get completely removed and that could have been network controls because even if you can't mitigate uh the removal or even if you can't fully remove every single binary and process we have in your system if you cleaned up your bash profile if you remove the back

torque accounts or remove the ssh keys even if we have rogue binary still living if you're monitoring that traffic and killing those connections manually that's all you have left to do and that's you know it's a mitigation but it's a mitigation that works pretty effectively and i did notice that on at least one team there was for most teams we maintain access to at least 80 percent of the linux boxes the whole time except for one towards the end we only had like four or five left okay here's a question for you do you think patching is a value for blue teams and pros videos certainly in the real world is a value but in our game do you think

it's a significant factor um only if you have time because at least on the linux side patching will spawn more shells for us there's a lot of stuff like psense which you couldn't patch or update either sure sure and i would say the the one benefit patching does have is it removes our last ditch efforts at getting uh a privileged access which we often don't ever have to use i think there's been one game about two years ago where i actually had to like exploit dirty cow to get rude again i had like one web shell left there were no other ways back on the route so from a web shell i had kernel exploit back into but most of the

time our persistence our sewed binaries all the backdoor binaries we have to just elevate the root are still there so we we don't use uh any exploits most of the time which makes patching kind of like probably the last thing you should do if in my opinion i would clean up your configs first that's going to matter a lot more excellent anything from the blue side on that point i i just think that you know i think that was brought to light um across my team uh this year you know the the objective even speaking to the entire team was you know let's go in let's harden the boxes let's patch let's make sure everything's up to date um and

you know jumping in and then starting uh to actually have to react and see all these different things um you know it was it became more of well how is he's continuing to spawn um you know we stopped this process how's this happening and it becomes a um you know a deeper dive into the configs rather than just you know let's update this and and mitigate this vulnerability it's not just about patching for vulnerabilities it's about hunting the threat and rooting them out excellent okay so real quick actually here's a thought let's kind of take it back to blue but ask blue about offense tell us about your purple time right you know so the joe's were chomping at the

bit i kept getting requests when's purple time when's purple well okay so tell us any do you have any stories for us about the the blue joe's experience doing offensive action um our team didn't really get into much of the offensive stuff especially any any sort of effectiveness until probably noonish one o'clock um which point uh one of the teams still had some exposed hosts and i think one of them they forgot to update a couple of the newest hosts default cred so we were able to get in i don't remember if they had a persistence that we dropped in there or what it was but we were able to be sending up a couple flares here and there

and it seemed to make those folks happy again i i threw one in at the end i fork bombed somebody uh during scorched earth um just for the heck of it right i was like what can i do to make this real fun i'm done trying to send flares uh so a fork bomb somebody nuked the server um no no so yeah the couple of folks who were in it um who were actively hands on keyboard doing and had fun and like i mentioned earlier right we had discord up um we had some of the folks who wanted to see how it was done observing and then i know we haven't talked really about the storefront element to pvj

either um but this is a good one too you know we at two o'clock pulled the trigger and said hey we're gonna get a red cell person just to help us simply for the offensive side for the most part really um like hey you know we help our guys out teach them enumeration teach them what to do once they've found a vulner because we didn't really have anybody on our team who'd had a wealth of offensive experience or gone through an oscp cert exam or practice or anything like that so enumeration wasn't really uh an intimate concept to them um even the how to's let alone just what the concept of it was but i think they

learned i think they had fun excellent uh so real quick tectonic i do want to get back to you on your purple experience but because buzz saw you brought up the question of red team consulting and do let me also take a moment to dwell on the storefront that you brought up which is an outstanding thing to bring up that's an element of our game um for those who have not played our game before we have a storefront a a basically a little zen card that's gold team run the game administrators and blue teams can spend points they earn through their uptime to buy advantages it could be another asset that they get scored for that if they

maintain up time they can drive up their score even faster uh there's a number of other things founded this way has been the maintainer and the developer of that storefront technology uh but what they the blues can do is buy consulting hours from the red team so like endgame here i know took a couple hours here and there to help the blue teams and game i remember you talking in slack about uh the experience you had with consulting with the blues yeah absolutely the the from the red team's perspective and i think brimstone uh would also echo this it's just a lot of fun to get in and see how see exactly where the blue

team's at because they're coming to you with a specific question about a specific service or problem usually and then they're able to go from there i i was working i believe with buzzsaw's team um and at one point uh sitting on the the blind box is what we were there to kind of diagnose and walking through but we also had another teammate that was working a completely different box and they were kind of connecting the dots things were clicking like oh this is the same on both of these and i want to look for these things here i'm like yep it's it's all the same you can almost call it a tactics techniques and procedures for the blue

team to be identifying these things and it's just a lot of fun to be able to get in there and help teach and observe exactly what's going on and see those light up moments because i i get those from the red team all of our all of our captains all of our senior members children of init had me running through building all kinds of crazy versions of bsd trying to get some mail order to compile it was a whole thing so i learned from that way and so my way to pass it on is through stuff like the consultation for the blue team it's just awesome to see that because i know how i feel when i learn something

jump in with a real quick question for endgame there so you're mentioning that it wasn't our team that you were consulting with i think we had dig or maybe it was brimstone it was it was you guys tectonics yeah but so you may yeah so you mentioned though that you know you were consulting on the box and the blue team was observing the similar things on the other box is it something and this is more a question for any blue observers is it a trap that red team starts falling into about a similar behavior or at least within our game environment do you guys have such a wealth of tooling available to you that you typically

aren't getting caught in that i'm used to doing it this way i'm going to continue yes so you'll you'll notice not only in the way that we conduct activities on the box but also in the way many of our team members speak when when conducting hot washes we're vague on purpose about certain things and those are things that work across all games however the stuff that we burn that we share that is the same thing first off they tend to still work pretty well too but when they don't that gives red team opportunity to grow so there are things we purposely want to burn so that way we can improve our tooling it gives us an excuse to build better tools

try new tactics i know ditch is going crazy with with minor attack framer it's awesome what he's doing and um so that that's that's kind of our perspective on it we we withhold to ourselves what we know we want to keep and we're willing to share whatever else and we kind of trial and error we'll keep it through the same some games like we pretty much use the same toolkit from the may at home game that we did here with some minor modifications everything still worked as long as everything continues to work we don't care that we we told you because we'll try it again and once it stops working once you get once the blue

team really start picking up on those ttps we'll switch them out yeah and if i could jump in right there you know having that experience because it was myself uh and uh uh two other people uh first started which was just me and one other person working on the blind box and then he was working on the mail in the samba box at the same time um and two things one we we wanted to be vague in our questioning because we didn't want answers we wanted direction right and i think that that helped us but also even when we were saying even with that guidance if we were like hey is this it you know it was they don't just give you

the answer and it makes you think about it and makes you find uh the path dig in deeper and really learn why it is a certain way so he it the red team might show you where the road starts but you have to travel down it yourself to figure it all out outstanding and with that actually why don't you go ahead and tell us about your team's purple time if you had anything a note to share that with the audience yeah so unfortunately we we ended up losing a couple of people um so we were a little light so um a few of us that wanted to go red myself including didn't have the chance but like i said

earlier there were a couple of people that did and two people got shells uh we didn't end up popping beacons because we ended up executing that later in the game um but they got shells and i it was their first shells in a live event like this you know so being able to even to get that far uh and seeing the excitement and and them getting engaged and then talking to each other well what did you do and oh where'd you put the webshell how did you create the account oh did you get the privilege escalation yet and you just you see the chatter you hear it you look it's just it's a that's why i do this that's why i keep

coming back being able to see that being able to be a part and help facilitate that and that teamwork and that uh that action it's it's yeah absolutely very glad you do and both of you and all of the staff and i'm glad for all the joes that come in that's awesome thank you uh so we're running down on time i got around the clock here let's start talking about scorched earth that last thing of the event yeah yeah so for those who don't know the scorched earth is the last hour of the game and that's a tradition we've had for a number of years now and basically as i say in the game smoke them if you got

them there's a number of requirements and restrictions that red and the offensive blues when they go purple cannot do because it would break the game you know it's not a whole lot of fun if someone locks you out of your box and you can't do anything um but in that last hour after they spent 30 some hours in this uh you know in this hackathon that we do virtually or the two days that we do on site in places or even one day we give everyone a chance to blow off some steam and red and blue alike who have content grabbed assets they are in that last hour at liberty to do whatever they want to those boxes so

brimstone got to start with you on the red side what are some of the scorched earth experiences where you just blew things up for the funsies oh man uh so on the linux side of things so so i was i was first and foremost uh supposed to uh shut down all the firewalls like i mentioned so i i was on that but i was told to wait which was the most infuriating thing ever because of course i want to shut everything down there was a reason for that the reason is so we could deploy our um all of our the rest of our scorched earth tools so we have a couple of different things uh

some we deploy throughout the game that are trolls such as we have a missy elliott payload that everybody seems to love anything that any output you have display to the terminal is up down flipped and reversed great to work with uh then of course there's the birthday cake troll there's the party parrot there's uh no more secrets which will do the uh decrypting text just like um from the movie and uh the big thing though is our party parrot destructive payload and that'll take over your entire tty for all your consoles and just party parrot loop forever and you can't log in so we get all that deployed first then we shut down the firewalls and make

everything go red and if you can come back up you get just nothing but parent consoles so that's what it looks like from the linux side from the windows side we're deploying uh the anger goose we're deploying uh rickroll in your task manager where all your processes are just the lyrics to the rickroll song we're neon cat backgrounds wiping your console that's what it looks like on the windows side so it's a lot more visual on the on the windows side for sure and of course benefit for the folks who have never played our game we give console access to the hypervisor proxmox that we use for so even though their firewalls down they have full view of

all these wonderful glorious trolls that red deploys uh real quick buzzsaw and tectonic what are your perspectives on scorched growth there so literally six minutes into scorched earth i i i start i am end game because i knew he was in the fire when i was like six minutes really six minutes and he was like i didn't even want to wait that long but yeah i mean it's um that board goes red you know it's the firewall right away and you got to try to fight with them to get it back i ended up getting getting it back you know when we were fighting with the rest of the boxes but it's uh once you play the game a couple of times

you look forward to it because after a 36 hour event getting to see what the the red team is actually capable of i mean we're these are some of the smartest guys i've ever worked with um and dealt with and just to be able to see what they can do really and how far they can take it at the end of the game after the end of the 36 hours it's a ton of fun everybody gets a laugh out of it so even though the boards are going red at that point it's it's it's awesome to witness outstanding but so how about you yeah mostly the same here um i know this year i kind of well it happened my wife

brought me dinner right about scorched their time so i kind of sat back know what was going to happen um let somebody else kind of who wanted to play on the firewall some more play on the firewall and i swear by saying you happy birthday on the command line i don't know if you saw it um full full full four layer full four lines i did i promise um but it's like tectonic said right it's you know everything starts going haywire um we're still running beacons and that was the nice thing to excuse me flares is our term now um we're still running flares we still have access to some of the other blue teams hosts and

it's it is kind of fun dropping one of them you know seeing it go full fully offline from a fork bomb or from rmrf uh you know whatever it may be um it was but i had to remind my team like hey it is okay now to burn them completely by all means and expect it to be done to us you know don't just be sending flares um but it's it's a fun last little hour to see just how crazy things get and just how well you might be able to pull out a last-ditch defense yeah that's outstanding uh so i want to take a hot minute here to real quick name the pros v joe's staff who make this happen i'm

going to name the people who directly participated and supported this besides lv this year i would encourage people to go to prosversjoes.net and look at the full staff listing but at the end of the day these are the people who we listed for credit for supporting lv this year i need to give them props because this game does not happen without them these three people you see plus me are just the tip of the iceberg and i'm just the schmuck who says a lot of things and does a lot of whatever these foots are the people who make it happen so captain opsec veloce ventura gave the engineer huzzar old school noise phantasm mater zero bit smith

misfit uplink watchdog zero decay buzzsaw needs a mulligan overclock spike roche starling whisper imposter malware mama dmfr tectonic quicksand tevo promena founded this way i digital flame niden noob end game children of init huffy brimstone and mark gentlemen did i miss anybody off my call thank you okay um we have also another big thanks to give to our sponsors gigamon has been a fantastic sponsor who has supported us tremendously with cash donations and with all kinds of other support their threat inside was deployed in this game and they did a great deal for the blue teams and we cannot thank them enough for all the things that they have done for us rapid7 is a late edition sponsor

who has also helped us and we are very thankful for their efforts there have been other sponsors over the years in fact i should call out wilmington university who has hosted all of our l uh b-sides games from the beginning of time and continues to be a strong silent partner with our hacker tribe and we thank them all for their tremendous support uh and with that let me turn it back to this crew here and ask if anyone has any final thoughts or things they want to close with uh huffy let's start with red team and then close with our blue friends yes sir end game i'm so sorry you calling me huffy that's a compliment

all right i called

more or less uh just the learning experience on all sides you learn something and that's why i keep coming back i started playing pvj as a blue joe uh under awe was my team captain and that just sky i i got more experience i say like 20 years of experience playing the game than i have in any on the job training i've done and every time i play red cell i bring these back to my day job i'm a pen test strat my day gig all of the tools we use i can bring back and use that work and i learn something every time i play beautiful lovely uh buzzsaw how about you sir um that's kind of echo what ngame said

you know it this is absolutely a bi-directional learning environment and it's it's been superb for me um you know it's been hopefully superb for the team i was with last year that came out with this year and i mentioned it on the private hot wash mention it again here um anybody wants a career in security find some time to dabble in both areas as much as you can because both sides will help you to better your knowledge better your abilities and become a better all-around security professional outstanding one more you that's broad exactly always david's pride always tectonic about you sir uh just echoing a lot of the same you know and i've said it uh earlier too but um

one thing i will say is i i fully believe that um you know participating in this a few years ago has by no means um i mean by every mean help me get to where i am in my career um it was a huge part of it it's like endgame said 20 years of experience in a matter of you know days or or over the last couple of years and uh being able to give that back to the teams that i can now captain and seeing them uh grow and have that same experience is it's it's fantastic and i'm proud to be a part of this family outstanding and i i can't thank you guys

enough all the pvj tribe and staff you guys are a tremendous hacker family i love you all i do want to give a shout out and a thanks to besides lb for having us as you ever do now uh pablo our silent producer here caspian head of contests and events and so many people on the pro on the b-sides lb staff that those of you watching this enjoying the b-sides lv virtual conference please take a moment to thank a staffer enjoy the conference learn grow if pros videos interest you we invite you to any of our future games we try and do this as often as we can we want to give back to the

community and help out you've seen some of the amazing people that we have on staff and so many more you couldn't get to meet but we want to thank you for your time we want to thank everyone who played the joes the reds the blues the golds everybody uh this has been tremendous and we are so excited to continue to support the community all the b-sides that we play at and we are just very thrilled to be part of it all so with that thank you this is dichotomy signing off game over have a good night