A Tale of Adversity and Success at the 2023 Marine Corps Cyber Games

“An in-person event? What’s that?”

That was my first reaction when asked if I’d be interested in putting together a team for the 2023 Marine Corps Cyber Games in Charleston, SC. Having not been on any work travel since 2017, the concept of getting on an airplane and going somewhere for work seemed quite foreign.

The hesitancy quickly turned to excitement when I realized it was a capture the flag style event. Having participated in a few of these virtually, I was already hooked (a big thank you to the Maveris Red Team for introducing me). Being able to do it in person would be a whole new level of awesome. Or would it be?

It turns out that the event was to take place in a SCIF with no outside connectivity. That means no phones, no texting, no researching, no Google. Just the team and the lab. We were going to need to put together a great team if we hoped to compete. And so we did. Six employees in total were recruited, across multiple contracts and different teams, all with critical skill sets to ensure maximum success of the team.

When the day finally came to make the journey to Charleston, I was more than ready. Months of anticipation and the time had finally arrived. Going to a beautiful city to do something fun and meet some co-workers that I’d never met before but worked with frequently was a welcome change to the scenery at the home office. I had plenty to occupy my thoughts as the flight left Washington and headed south.

As the first member of the team to arrive in Charleston, I started to plan out logistics to get to the base where the CTF would be hosted. We were permitted to begin the exercise at 0800, so an arrival at the base between 0700–0730 was in order to get through the gate and badging office with time to get seated in the lab. My notebook was already filled with blue team manual material. I felt relaxed and ready. When the second member of the team arrived in town, we headed across the street for dinner and drinks at a local brewery. All was right with the world. And then adversity struck.

One of the team members called me. He had missed his flight due to circumstances outside of his control. The thought of being down a critical member of the team was a difficult thing to process. Then just as soon as he broke the bad news, he immediately stepped up and offered to make the 12 hour drive. Driving through the night, he would arrive just after 0400 local time. His dedication convinced me in that moment that everything was going to work out well for the team. After the rest of the team got into town, we headed out for a late night dinner and to talk strategy. Some greasy food and nerdy conversations were had, and the team was ready to capture some flags.

We assembled the next morning at breakfast, everyone anxious to get on-site and start knocking out challenges. After getting loaded up with calories and ample amounts of caffeine, we headed over to the base. Arriving in three separate vehicles, we worked through base access and badging in order to get into the cyber range. There were a few snafus, but we all finally arrived at the cyber range fashionably late (closer to 0900 than the 0800 that we were aiming for). Our hosts were patiently waiting for us.

Phones placed on the entry table, we headed into the SCIF and into the lab testing room. Our hosts graciously welcomed us and ensured that we were comfortable in the testing room. After a brief walkthrough of the lab architecture, we dove into the CTF scenario. 13 flags total that would require varying techniques and concepts to find. After the in-brief, our hosts turned us loose on the lab and the exercise began.

We initially divided up the challenges based on skill set and got right to work. Flags were falling fast. By mid morning, we were knocking out challenges like Derrick Henry rolls through would-be tacklers.

Lunch time had arrived and we were spinning our wheels on a few challenges. We felt pretty close though and decided to power through and try to finish on the first day as quickly as we could. This was maybe not the best decision, as a break to refuel and collect our thoughts could have helped avoid what happened in the afternoon. We hit a wall. Progress came to a screeching halt. Only two challenges remained:

• Reverse engineer a binary to find a hidden flag within
• Locate a webshell that had been loaded on a webserver and extract the flag

With the entire team focusing on these two challenges, we should be able to get them finished quickly, right? This logic didn’t hold up and by the time 1700 rolled around, we hadn’t come any closer to getting the two remaining flags. We left the cyber range that day feeling very defeated, despite having two full days to complete the exercise. We knew we could regroup and come back the following day to finish, but it still felt like a loss given how close we were. That night at dinner, we did a little game planning but mainly just tried to hang out and enjoy the evening. Good food, good beer, good company, good times.

The next morning, we headed back to the cyber range determined to make quick work of the remaining flags. One of the team members had to step out of the SCIF to make a call. The rest of the team was so engaged in the CTF, we didn’t realize how long he had been gone. Two hours later, he returned and the team had a few laughs at his expense. Apparently after stepping outside to make a call, his badge no longer worked to get back in the building. He took a scenic walking tour of the base before finally making it to the badge office and getting his access fixed.

After some initial failure, the team located the webshell and extracted the flag. Only one more. Now the entire team was engaged. After some clarifying questions from the cyber range staff, the team was able to extract the final flag from the binary and complete the challenge just before lunch. At the time, the Maveris team was only the second team to complete the entire exercise.

But wait, we still had an entire afternoon to do .. something. Should we go celebrate? Go back to the hotel and sleep? Our hosts had a better idea. They told us to go have lunch while they spun up another CTF for us just for funsies. We headed to a local and very good BBQ joint (https://southernrootssmokehouse.com/) and gorged on some hard earned smoked meat.

Arriving back at the cyber range, our hosts had the new CTF ready to go. And so we dove right in. This time, there were 40 total challenges. A daunting task, but also no pressure since we weren’t expected to finish in the four hours that we had left. Apparently nobody on the team got the message that we were supposed to be casual about it, and the team proceeded to capture 34 flags before our visit came to an end.

Overall, the format of the CTF was very engaging. It was a Jeopardy-style challenge themed around a USCG expeditionary force in a foreign location, with names and scenarios fictionalized. The challenges were largely blue team focused centering around tactics involving analysis of log files, packet captures, intrusion detection system alerts, and some reverse engineering of binary executables. While the challenges varied in difficulty with points awarded based on the difficulty of each challenge, the Maveris team found most of them to fall into the easy to medium range in comparison with other challenges experienced in previous CTFs from providers like Hack The Box. During the challenge, there was a chat feature which provided communications with the lab admin team for any questions. The Maveris team leveraged this feature for clarifying questions and issues (and maybe a hint or two).

After our final evening in Charleston which we spent celebrating with drinks, we all returned to our hotel in good spirits and thankful for the opportunity to step outside the norm. Thankful for meeting co-workers that we’d never met before and putting faces to names and voices. And very thankful to our hosts at the National Cyber Range Complex for welcoming, hosting, and accommodating us in every way that they did. We had a great time and look forward to going back in the future.

This event served as a great team building exercise. Though we had worked together for years within Maveris, many of us hadn’t met in person due to working remotely and being in different parts of the country. The CTF gave us a chance to come together for work, get the job done, and then get to know each other. A welcome change-up from the day-to-day, and a great way to boost morale for any employers out there looking for team building opportunities.

Maveris is an IT and cybersecurity company committed to helping organizations create secure digital solutions to accelerate their mission. We are Veteran-owned and proud to serve customers across the Federal Government and private sector. Maveris Labs is a space for employees and customers to ask and explore answers to their burning “what if…” questions and to expand the limits of what is possible in IT and cybersecurity. To learn more, go to maveris.com