Feb 22, 2025 • Cybersecurity / CTF

ISEAGE CTF Competition

Explore Project 132d Wing Video

Top 20

International CDC

Out of 40 competing teams

3 Nations

International Field

Kosovo, N. Macedonia, Albania

Blue Team

Defense Role

Active Directory lead

Featured

Media Coverage

Iowa 132d Wing video

Competition Overview

Drake's Cyber Club is still new to the scene — essentially founded within the 2024–2025 academic year. I was part of the small group that brought Drake to its first attempt at ISEAGE in December of 2024.

We placed fairly low in the field, but the goal was to learn and come back stronger. On February 22nd, 2025, we participated in the International ISEAGE CDC at Iowa State University. We placed in the top 20 out of 40 teams, competing against teams from Kosovo, North Macedonia, and Albania.

The team was featured in the Iowa 132d Wing's official cybersecurity competition coverage video. For the competition, we split responsibilities to ensure comprehensive defense coverage — my area was everything Active Directory related.

Cybersecurity Defense (Blue Team) Active Directory OPNsense Network Security Vulnerability Assessment Incident Response

132d Wing Coverage

Featured in Iowa 132d Wing's official cybersecurity competition coverage.

Technical Challenges

Hardening Legacy Systems Without Breaking Functionality

Balancing robust security measures with operational requirements on aging Windows Server infrastructure — each hardening step required testing to avoid dropping scored services.

Securing Web Applications and Authentication Systems

Identifying and patching authentication vulnerabilities across web applications under active attack, without taking scored services offline.

Network Segmentation for Critical Services

Implementing effective OPNsense firewall zone isolation for critical services while understanding legitimate traffic flows — written rules too tight break scoring, too loose let the red team move freely.

Coordinating Responses to Simultaneous Attacks

Prioritizing and triaging across multiple concurrent attack vectors while maintaining team communication under pressure with no defined playbook going in.

My Role

Securing the Active Directory

Upgraded Windows Server 2016 security with the latest patches. Implemented enhanced Kerberos encryption, upgrading from RC4 to AES-128 and then AES-256. Reduced default key expiration times and re-enabled Windows Defender. Conducted security audits to detect unauthorized access attempts.

AD Attack Mitigation

Detected and removed a Kerberos Keystealer from the domain controller and eliminated a malicious runtimebroker.exe impersonator running unauthorized processes. Implemented strict group policies to prevent privilege escalation, secured LDAP configuration against credential interception, and configured detailed security event logging for forensic analysis.

User Role Management

Established proper segregation of duties across all domain user roles: CEO, IT Administrators, 3D Printing Technicians, and HR. Implemented least-privilege access controls, created specialized security groups to control resource access, configured time-based access restrictions for sensitive systems, and enforced strong password policies.

Domain Controller Hardening

Secured RDP access with network level authentication and appropriate firewall rules. Disabled unnecessary services and protocols to reduce attack surface. Implemented protections against pass-the-hash and pass-the-ticket attacks, enforced SMB signing, disabled insecure SMB versions, and established enhanced monitoring on domain admin accounts.

OPNsense Firewall

Configured and hardened the OPNsense firewall to protect network infrastructure. Monitored network traffic for suspicious activities and potential attack vectors. Responded to incidents and mitigated threats in real time while collaborating with teammates to maintain a comprehensive defense strategy.

Lessons Learned

One ISEAGE competition taught more about Active Directory attack surfaces than any course had. The red team doesn't stop while you're reading the documentation.

Defense-in-depth is not optional. Layered security across network, host, and application levels is what holds when any single layer fails under a coordinated attack.

Proper documentation enables efficient incident response. Without clear records of system state and changes made, triage becomes guesswork.

Continuous monitoring is the only way to catch threats early. Periodic checks miss the window where an attacker establishes persistence and covers tracks.

Clear team communication during active security events is a force multiplier. Two people solving the same problem wastes the same time the red team is using to open new fronts.

Effective prioritization under pressure separates teams that place from teams that scramble. Knowing what to fix first — and what to leave — is a skill that only develops under real stakes.

Project Resources

ISEAGE Competition

Official competition website

→

ISU ISEAGE

Iowa State program

→

132d Wing Video

Competition coverage

→

All Projects

Prev Project Bank Failure Prediction

Next Project ISEAGE Fall 2025 CDC