2024 Cybersecurity / Competition

ISEAGE Capture the Flag Competition

Iowa State International ISEAGE Capture the Flag / Cyber Defense Competition

ISEAGE Competition Arena
Team working on cyber defense
Network defense infrastructure
5th place award ceremony

Competition Overview

Drake's Cyber club is still new to the scene and was essentially founded within the 2024-2025 academic year. During this time, I was part of the small group that participated and brought Drake to its first attempt at ISEAGE in October of 2024. We placed fairly low in the field, but our goal was to learn and come back stronger. To start the 2025 year, we participated in the International ISEAGE CDC on February 22th, 2025. There, we placed in the top 20 out of 40 teams, competing with teams from Kosovo, North Macedonia, and Albania.

Cybersecurity Defense(Blue Team) Active Directory OPNsense Network Security Vulnerability Assessment Incident Response

Our Team's Achievement

Drake's Cyber club is still new to the scene and was essentially founded within the 2024-2025 academic year. During this time, I was part of the small group that participated and brought Drake to its first attempt at ISEAGE in October of 2024. We placed fairly low in the field, but our goal was to learn and come back stronger. To start the 2025 year, we participated in the International ISEAGE CDC in February. There, we placed in the top 20 out of 40 teams, competing with teams from Kosovo, North Macedonia, and Albania.

Key responsibilities and contributions:

  • Configured and hardened the OPNsense firewall to protect our network infrastructure
  • Implemented security policies on Active Directory to prevent unauthorized access
  • Monitored network traffic for suspicious activities and potential attack vectors
  • Responded to incidents and mitigated threats in real-time

Technical Challenges

Our team faced several technical hurdles while defending CTF infrastructure:

  • Hardening legacy systems without compromising functionality
  • Balancing robust security measures with operational requirements
  • Securing web applications and authentication systems
  • Implementing effective network segmentation for critical services
  • Coordinating responses to simultaneous attacks across multiple systems

My Role

For the competition, it is common to split your team up into different focus areas. Our team divided responsibilities to ensure comprehensive defense coverage where I was in charge of all things Active Directory Related.

Securing the Active Directory

Securing the Active Directory infrastructure was critical to our defense strategy:

  • Upgraded Windows Server 2016 security with latest patches and updates
  • Implemented enhanced Kerberos encryption (upgraded from RC4 to AES 128/256)
  • Reduced default key expiration times to minimize exploitation windows
  • Re-enabled and properly configured Windows Defender for additional protection
  • Conducted regular security audits to detect unauthorized access attempts

AD Attack Mitigation

  • Detected and removed Kerberos Keystealer malware from the domain controller
  • Eliminated malicious runtimebroker.exe impersonator running unauthorized processes
  • Implemented strict group policies to prevent privilege escalation
  • Established secure LDAP configuration to prevent credential interception
  • Configured detailed security event logging for forensic analysis

User Role Management

  • Established proper segregation of duties across user roles (CEO, IT Administrators, 3D Printing Technicians, HR)
  • Implemented least privilege access controls for each domain user
  • Created specialized security groups to control resource access
  • Configured time-based access restrictions for sensitive systems
  • Implemented strong password policies and multi-factor authentication

Domain Controller Hardening

  • Secured RDP access with network level authentication and appropriate firewall rules
  • Disabled unnecessary services and protocols to reduce attack surface
  • Protected against pass-the-hash and pass-the-ticket attacks
  • Implemented SMB signing and disabled insecure SMB versions
  • Secured domain admin accounts with enhanced monitoring and protection

Lessons Learned

Participating in the ISEAGE CTF competition provided valuable insights and learning opportunities:

  • Importance of defense-in-depth strategies for comprehensive security
  • Value of proper documentation for efficient incident response
  • Critical role of continuous monitoring for early threat detection
  • Significance of clear team communication during active security events
  • Necessity of effective prioritization under high-pressure scenarios

Project Resources

Official ISEAGE Competition Website Official ISU ISEAGE website 132d Wing YouTube Video
← Back to Projects
Next Project →