About

The NECCDC tests each team’s ability to operate, secure, manage, and maintain a corporate network. This competition creates, as closely as possible, a realistic corporate administration and security experience – giving the competitors a chance to compare their education and training against their peers and prepare for the real world challenges that await them.

The 2019 Northeast Collegiate Cyber Defense Competition (NECCDC) will be hosted by Champlain College in Burlington, Vermont during the weekend of March 15-17, 2019.  A qualifying round will be held in January to select the schools that will be invited to participate in regional competition.  For more information, contact neccdc@champlain.edu.

The winner of the NECCDC will go on to represent the Northeast region at the National CCDC.

Regional Competitors

The following teams have advanced from the NECCDC Qualifiers and will compete at Champlain College in March, 2019

  • Champlain College
  • Harvard University
  • Northeastern University
  • Rochester Institute of Technology
  • St. John’s University
  • SUNY Albany
  • Syracuse University
  • University of Maine
  • University of New Hampshire
  • Westchester Community College

Competition

The competition qualifier will occur in January with the regional final being held in March.  There are a number of activities that need to taken this year to register for and prepare for the event.  The following draft schedule reflects our current plan.
Please come back frequently for updates.

Continue reading “Competition”

Sponsors

NECCDC would not be possible without the generous contributions and support from our sponsors.  Please consider supporting the next generation of cyber defense professionals with your involvement, gifts or contributions.

Continue reading “Sponsors”

Cybersecurity: The Next Generation – Symposium at Champlain College

A one-day symposium on emerging trends in CyberSecurity.  Open to the public and held in conjunction with the NECCDC Regional Competition at Champlain College in Burlington,VT

When: Friday March 15th from 10:00-4:30pm

Where: Champlain College, Burlington, VT

Registration:

Registration is free and open to the public.  Lunch is included.

Please register through the following form:

https://goo.gl/forms/hR5Jbfbs216YPlMw2

Details on parking and other logistics will be e-mailed to registered attendees

Program:

Agenda

10:00 – 10:20 Welcome and Overview of NECCDC

Scott Stevens, Dean, Division of Information Technology and Sciences, Champlain College

10:20 – 11:00

Incident Response: Eviction and Re-entry Lessons Learned

The cyber security community has morphed into intelligence driven response. No longer do the days exist of simply pulling the plug and reimaging. Threat actors are able to gain footholds within the environment by placing multiple backdoors, stealing credentials to use with remote access software (Team Viewer, VPN, Citrix, etc). These threat actors often remain in the environment for months and in some cases years. This activity requires an intelligence drive response and an eviction plan. The Secureworks IR team will discuss some of these threats and the methodologies used to evict threat actors from an environment. Eviction is not a simple task and often, if not followed properly, will result in re-entry by the threat actor.

Presenters: Jason Shafferman & Ryan Cobb, SecureWorks

11:00-11:40

Incident Response Decision-Making

Good incident response requires smart decisions made in a timely fashion. Yet under the pressure of an active intrusion, decision-making is often rushed, panicked, or paralyzed. The secret to making smart decisions under pressure is not to make any! All your key decisions should have already been made well ahead of time when the pressure is off and everyone is thinking clearly. This session will discuss some of the key types of decisions that are frequently made during incident response as well as how to make (and plan for) these decisions.

Presenter: Matthew Harvey, Senior Consultant, Crowdstrike

11:40- 12:20

Taking Down 3ve: The Mechanics Behind the Malware & Tales of a Digital Arms Race

The 3ve (pronounced Eve) botnet was the most complex and sophisticated fraud operations seen to date. At the peak, there were over 1,000,000 compromised IPs and approximately 700,000 active concurrent infections. The 3ve botnet used Kovter to drop a custom built Chromium based browser which spoofed system and browser details to diversify the traffic. This malicious browser directly targeted White Ops in an effort to remain under the radar. I will be speaking on the mechanics of the malware including tag evasion techniques, browser patching, and anti-forensic techniques.

Presenter: Ian Palleiko, Reverse Engineer, White Ops

12:30-1:30 Lunch

After Lunch Welcome and Comments by Don Laackman, Champlain College President

1:30-2:00

Threat Hunting w/The Elastic Stack (ELK)

Come join two of the Leahy Center for Digital Investigation’s Security Operation Center (SOC) Analysts as they present a short walk-through of the Elastic Stack’s functionality and the benefits it can bring to hunting evil.

Presenters: Zach Burnham and Jonathan Castro, SOC Analysts, Leahy Center for Digital Investigations

2:00-2:30

Rethinking Cyber Security: A Paradigm Shift is Needed

Digital Transformation vs. Cyber Security and a critical reflection: Where we stand with Cyber Security (in enterprises) and where we should be in relation to Technology, Organization and Processes.

Presenter: Markus Geier, CEO, com|code (Germany)

2:30-3:00

Head in the Clouds: Information Security in a Cloud-first World

Now-a-days the cloud is on everyone’s mind, with more and more critical services being offered as SOMETHINGaaS. Vendors promise the world: better, faster, more reliable services, but is it more secure?  Usually not. But the cloud doesn’t have to mean the end of your security program. This presentation will explore ideas, technologies and experiences reflecting on how to get your ‘head in the clouds’ and maintain the effectiveness of your security program in a cloud-first world.

Presenter: Sean McNamara, Associate Director- Information Security, Dartmouth College

3:00 – 3:10 Break

3:10 – 3:50

IPv6 in the Modern World

IPv6 was first introduced in the late 90s, but if we fast forward 20 years to today not every operator can up and talk about IPv6 the way they can IPv4. What has happened during those 20 years? Why has IPv6 taken so long to become ubiquitous, and is 20 years really that long of a time for this type of protocol? I would argue that we’ve made great strides towards IPv6, but there are still obstacles to overcome in the future. In order to overcome these obstacles it’s going to take everyone to be as knowledgable in IPv6 as they are in IPv4.

Presenter: Joseph Patenaude, Network Engineer, University of Maine

3:50 – 4:30

Using Zeek for Network Investigations

Many of today’s intrusions don’t just appear on your network out of no where, but they are either the act of a malicious threat actor inside your organization, or a threat actor that has crossed network boundaries to reach your environment. This presentation is to discuss the importance of network investigations and about Zeek. The presentation will explain the main features of Zeek and how an investigator could benefit from such a system to run their network investigations.

Presenter: Dr. Ali Hadi, Assistant Professor, Champlain College

Presentations will include the following and additional sessions may be scheduled.

Incident Response: Eviction and Re-entry Lessons Learned

The cyber security community has morphed into intelligence driven response. No longer do the days exist of simply pulling the plug and reimaging. Threat actors are able to gain footholds within the environment by placing multiple backdoors, stealing credentials to use with remote access software (Team Viewer, VPN, Citrix, etc). These threat actors often remain in the environment for months and in some cases years. This activity requires an intelligence drive response and an eviction plan. The Secureworks IR team will discuss some of these threats and the methodologies used to evict threat actors from an environment. Eviction is not a simple task and often, if not followed properly, will result in re-entry by the threat actor.

Presenters: Jason Shafferman & Ryan Cobb, SecureWorks

Head in the clouds: Information Security in a Cloud-first World

Now-a-days the cloud is on everyone’s mind, with more and more critical services being offered as SOMETHINGaaS. Vendors promise the world: better, faster, more reliable services, but is it more secure?  Usually not. But the cloud doesn’t have to mean the end of your security program. This presentation will explore ideas, technologies and experiences reflecting on how to get your ‘head in the clouds’ and maintain the effectiveness of your security program in a cloud-first world.

Presenter: Sean McNamara, Associate Director- Information Security, Dartmouth College

Using Zeek for Network Investigations

Many of today’s intrusions don’t just appear on your network out of no where, but they are either the act of a malicious threat actor inside your organization, or a threat actor that has crossed network boundaries to reach your environment. This presentation is to discuss the importance of network investigations and about Zeek. The presentation will explain the main features of Zeek and how an investigator could benefit from such a system to run their network investigations.

Presenter: Dr. Ali Hadi, Assistant Professor, Champlain College

IPv6 in the Modern World

IPv6 was first introduced in the late 90s, but if we fast forward 20 years to today not every operator can up and talk about IPv6 the way they can IPv4. What has happened during those 20 years? Why has IPv6 taken so long to become ubiquitous, and is 20 years really that long of a time for this type of protocol? I would argue that we’ve made great strides towards IPv6, but there are still obstacles to overcome in the future. In order to overcome these obstacles it’s going to take everyone to be as knowledgable in IPv6 as they are in IPv4.

Presenter: Joseph Patenaude, Network Engineer, University of Maine

Incident Response Decision-Making

Good incident response requires smart decisions made in a timely fashion. Yet under the pressure of an active intrusion, decision-making is often rushed, panicked, or paralyzed. The secret to making smart decisions under pressure is not to make any! All your key decisions should have already been made well ahead of time when the pressure is off and everyone is thinking clearly. This session will discuss some of the key types of decisions that are frequently made during incident response as well as how to make (and plan for) these decisions.

Presenter: Matthew Harvey, Senior Consultant, Crowdstrike

Rethinking Cyber Security: A Paradigm Shift is Needed

Digital Transformation vs. Cyber Security and a critical reflection: Where we stand with Cyber Security (in enterprises) and where we should be in relation to Technology, Organization and Processes.

Presenter: Markus Geier, CEO, com|code (Germany)

Taking Down 3ve: The Mechanics Behind the Malware & Tales of a Digital Arms Race

The 3ve (pronounced Eve) botnet was the most complex and sophisticated fraud operations seen to date. At the peak, there were over 1,000,000 compromised IPs and approximately 700,000 active concurrent infections. The 3ve botnet used Kovter to drop a custom built Chromium based browser which spoofed system and browser details to diversify the traffic. This malicious browser directly targeted White Ops in an effort to remain under the radar. I will be speaking on the mechanics of the malware including tag evasion techniques, browser patching, and anti-forensic techniques.

Presenter: Ian Palleiko, Reverse Engineer, White Ops