Volunteering for C3X2019 - Red Forest
Over the past weekend, I had the privilege to volunteer for Red Forest’s annual C3X event held at Trend Micro research facility here in Toronto. C3X is a two-day, attack and defend cyber exercise for college students. This event places students (blue team) against security professionals (red team) in a controlled simulated environment.
The event sponsors certainly gave students and volunteers a boost of encouragement and motivation. Having them physically there participating and giving advice throughout the event shows how caring the security community is to one another.
The four colleges participating in the event are: Sheridan College, Seneca College, George Brown College, and Fanshawe College. Each college has 15 students, each with a predefined role and assignments prior to the event. Along side them, they have their professors and mentors to help facilitate the pgoression throughout the event by providing feedback to the students and organizers.
Each team will need need to:
- Define and assign roles and responsibilities to invidiual team members
- Identify and analyze suspicious events
- Hunt down and evict identified threats
- Submit evidence and detections and successful defensive actions
- Maintain and defend systems from further attacks
The security professionals assist the C3X organizers for scoring points. They plan a successful and unsuccessful attacks for Red Forest. The overall goal is to execute sophisticated attacks ensuring the opposing team can identify, plan, and defend attacks, vulnerabilities, and risks.
There are roughly fifteen-ish security professionals on red team, discussing the attacks and points system. There is very close collaboration between all the professionals. We can see how engaging they are into ensuring the students get the most out of this event.
Consultants / Executives
Soft skills is a crucial aspect in the field of security. Being able to speak to technical or non-technical people in a clear and concise manner is important. Throughout the two day event, two people from each team will talk to consultants and executives one-by-one about their progress. Imagining you are in a company and something critical happened. This is the time the team will need to work together, analyze the problem and come up with a remediation plan.
Here is a little meeting area where two students of a college talk thorugh their progress, problems, and resolutions with consultants and executives. They judge and provide feedback to further help them improve or steer them in the right direction. Having this unique experience makes this event outstanding. Getting real professional feedback from real world problems helps the students prepare themselves for the real wold.
THANK YOU - TREND MICRO
Trend Micro was generous enough to allow Red Forest host their annual C3X event at their research facility here in Toronto. The modern and state of the art facility made this event have spectacular feeling to it.
Volunteers, sponsors, and some students were all nice enough to write thank you sign for Trend Micro for hosting the event.
As a nice addition to the event, Red Forest was able to get a professional lock picker to show everyone how to lock pick. We got a basic introduction to how lock picking works, and got real hands on experience with it.
It was nice taking a break from pwning boxes. Spending two full days away from the computer and engaging other like-minded individuals about security was a nice get away and refresher.
This event was AMAZING. Its too bad its not open to the general public or other security enthusiasts that would like to try this simulation. As a general volunteer for this event, I certainly learned a lot from observing. I had a lot of freedom and spare time to walk around, engage the both teams. With the amount of effort put in, the feel of this event feels like its been running for decades.
I cannot wait until the next C3X event next year, as a volunteer or maybe be on the red team.