So, I spent last weekend redteaming one of our student competitions.

nerdpr0f@infosec.exchange

So, I spent last weekend redteaming one of our student competitions. I ended up spending most of the time helping student teams, since access was good for most of the event.

One of the things that most stood out to me was the use of LLMs specifically for debugging/triaging tended to make things harder for students. By the end of the competition, I think they broadly recognized this and were rethinking their gameplans.

A good example - one team was stuck on a DNS problem they were trying to solve. They were just dumping their DNS logs into an LLM, which wasn't getting them anywhere. When they finally looked at the logs themselves, they figured out the issue reasonably quickly.

nerdpr0f@infosec.exchange

Also, I have my new best story from the event. Context - students are allowed to attack each other and tool development in advance is allowed.

One of the teams brought their own ransomware. Red team found it, analyzed it, realized it probably wasn't going to work. We fixed it and then I tricked them into running it on one of their own boxes.

They were then given the executable and told that if they could get 5 other boxes to run it (with some rules to keep things fun; no DCs, use once per team), we'd give them their systems back.

By day 2, they weren't meeting their KPIs fast enough, so we started selling their ransomware to other teams.