Getting Started

Welcome to the TracerFIRE 9 Competition!

You have been hired by Wheelbyte, an electronic skateboard rental company, as a security analyst to investigate security breaches over a week that led to the tragedies that beset the company. Some suspicion has been cast on Slyde, an electronic scooter company that is WheelByte's largest competitor, surrounding these breaches.

Accessing Tools

First you will need to ensure you are able to connect to the NUC at your table. You will need an ethernet port on your laptop or you may ask for a USB/Thunderport ethernet adapter from one of the organizers.

Once you have a network connection to the NUC, you will need to use Remote Desktop Protocol to initiate a remote session into the NUC.

Use one of the NUCs provided to you from here.

Once you have succesfully logged into the NUC, you should see a windows desktop. There will be a Shortcut to Flare VM tools and Recoil Tools that will contain most of the tools you will use.

A tool that you will use, that is not in the above folders, is Security Onion, which can be accessed at https://securityonion.tracerfire.net/ When asked for credentials, use tracerfire:f0r3ns1c (username:password)

Please note that attack data is between 11/01/19 - 11/11/19. You will need to modify the time window in Squert to see results.

Direct Link to Security Onion Services: Kibana | Squert | CyberChef

Artifacts

On the desktop you will find an artifacts folder (also located at C:\Artifacts) containing Disk and memory images, and email and pcap files that you will utilize during the competition.

You may also see references to Mastodon, which may be accessed at mastodon.tracerfire.net, which you may access using the credentials tracerfire@mailinator.com:f0r3ns1c (email:password).

You might find this Network Diagram helpful

Memory Image Profiles

Domain Controller: Win2016x64_14393

Clients 1,2,3: Win10x64_10586

Client 4: Win8SP0x64

Scoring

Scoring for TracerFIRE 9 is dynamic, meaning that points values are variable based on the problem's solve rate.

For example, all question are initially valued at 100 points. The first team to solve problem one will be rewarded the full 100 points, until another team solves problem one. Then both teams who solved problem one will have 90 points for having solved problem 1 contributing to their total scores. The next team to solve problem one will again drop the value of problem one. So, all three teams who have solved problem one will have 80 points contributing to their total score. This means that team 1 will have 80 points, team 2 will have 80 points, and team 3 will have 80 points.

In short, the more people who solve a problem, the less it will contribute to your overall score. So your score may go down as other teams solve problems that your team has already solved. Don't worry! This is not a bug - this is the intended scoring system for the competition.

Finally, enjoy the competition and don't be afraid to ask for help!