Hivestorm

Hivestorm is a collegiate cybersecurity competition under the CIAS Competition system. The competition involves the practice of system administration and configuration. For instance, we had to remove malware, configure user access, and set up different services. Competitors worked on both Windows and Linux systems, provided through virtual machines. For this year’s competition, we were tasked with two Windows Server 2022, Linux Rocky, and Linux Mint. Each system also had a difficulty, ranging from Easy to Hard. Points were accumulated through “correct” actions dictated by the instruction sheet. In contrast, losing points were possible for not following instructions or due to penalties (like disabling a service). It is important to note that not every task was listed and some had to be figured out through inference, which was a part of the challenge.

I participated through GreyHats and was a part of a team of 4. Because there were four systems and only one person could access a system at a time, the 4 of us split into one system each. I decided to do the Easy-Windows Server 2022 as I was not used to the Linux system. Some tasks I did were managing user and admin access as well as managing programs on the system (deleting unnecessary or updating outdated programs). I also set up services such as RDP (remote desktop protocol) through the Server Manager and creating a FTP (File Transfer Protocol) using IIS. Lastly, I had the opportunity to practice forensics by investigating a backdoor and removing it.

This was my first ever cybersecurity competition and it was a great learning experience. I only had foundational knowledge about cybersecurity through my highschool classes and I learned new concepts through the GreyHats lectures. Through this competition, I was able to put some of these teachings into practice and get a taste of managing a system.