Welcome to the CyberPatriot Training page. The Modules below provide an introduction to cybersecurity, and are intended to help teams prepare for CyberPatriot. If you have any questions or comments, please feel free to contact us.
CyberPatriot V Rules Book
New Training Materials
Archived Training Materials
Goals in Competition
During competition, these objectives must be met:
In the past, CyberPatriot has competed with these images:
-
Windows 2000 Server
-
Windows 2003 Server
-
Windows 2008 Server
-
Windows 2008 R2 Server
-
Ubuntu
In our images, CyberPatriot scores with a CyberNEXS client (the Ubuntu Learning Image does not include CyberNEXS). When you first log into the image, the CyberNEXS client will present you with a registration page. Upon successful registration, CyberNEXS will create a Get_My_Status.html file. This file reports the score during competition. In Windows, it will be under C:/Get_My_Status.html. In Ubuntu, it will be under /Get_My_Status.html
Due to the CyberNEXS client, there are parameters that must not be tampered with:
-
Do not modify, disable, delete, or change the password of the CyberNEXS users. This user enables the CyberNEXSClient service to connect to the scoring system. Tampering with this user may cause your system to stop reporting updates. This includes changing permissions, changing the group, disabling the user, expiring its password, etc. Any users referring to CyberNEXS in the name or description should not be modified.
-
Do not uninstall CyberNEXSClient or delete or modify any files in C:\SAIC. The CngClient program runs as a service that constantly evaluates your system health and configuration.
-
Do not delete the Get_My_Status.html file. This file appears after successful registration and contains a link personalized to your registered Target. This link redirects you to your team’s status page. If you are in a shell only environment, you will need to install a browser such as lynx to view the file.
-
Do not delete or modify the CNGCLIENT_CONFIG_HOME environment variable. This variable is used within the CyberNEXSClient program.
-
Do not disable, stop, or modify the CyberNEXSClient service parameters. This is the main service that communicates with the scoring system at SAIC. If this service is not running, you will not receive a score.
Learning Ubuntu
Ubuntu is the GNU/Linux variant used during online rounds of the CyberPatriot competition. There are a variety of guides, books, and a forum with offer an introduction to Ubuntu for CyberPatriot participants. Teams may find it helpful to download a clean (no pre-configured vulnerabilities) image of Ubuntu with which to practice (the link can be found below). You can also check out www.distrowatch.com for practice images of, and information on, other Linux distributions such as Fedora, Mint, Debian, etc.
To create an Ubuntu 10.04 image:
-
-
Download the ISO
-
Open VMware Player. Select "Create a New Virtual Machine."
-
Select "Installer disc image file (iso)." Browse to the ISO you downloaded. Click "Next."
-
Enter a name, user name, and password. Click "Next." Name the Virtual Machine. Click "Next."
-
Unless you wish to assign more hard drive space to the image, click "Next." Click "Finish."
-
Wait for Ubuntu to install in the Virtual Machine. Log into the Virtual Machine using the credentials you created.
Learning POSIX
There exist many different flavors of 
GNU/Linux, and it is a subset of Operating Systems (OSes) known as Unix-Like, or *nix, OSes. This group of OSes posses common attributes, and that is called "Portable Operating System Interface for Unix", or POSIX. One shared trait is that all have a command line, or shell. The Bourne Again Shell (Bash Shell) has become the de facto standard in *nix. One of the most attractive features of the Bash shell is its ability to be 
scripted. A couple of network config commands to be familiar with are:
The POSIX directory structure is another unified structure, but it is much different than the Windows directory structure. Some important filesystem components to look at are the /proc and /etc/init.d file system.
If you have any issues with *nix OSes, the best resources are man page, documentation, forums for that Distribution, the IRC Channel for that OS, and Google. Almost any problem that you have had, someone else has most likely had the same issue and has solved it. However, please remember to ask questions in a smart way.
Learning Windows
The Windows family of OSes encompasses Desktops, Servers, and Embedded systems. Although Windows OSes heavily use Graphical User Interfaces (GUIs), Windows all have a shell. The XP-based OSes (Windows XP and Windows Server2003) only have the Command Prompt (cmd.exe). The Vista and 7 based OSes (Windows Vista, Windows 7, Windows 2008, Windows 2008 R2) also have the Powershell. We recommend looking at the Microsoft TechNet site for learning more about these OSes. Here are some important parts of Windows we recommend looking at:
Learning about the Internet
We all use the Internet on a daily basis and we certainly use it in the CyberPatriot competition, we highly recommend possessing technical knowledge of how the Internet works. Some important concepts to learn include:
Cyber Defense
The US Computer Emergency Response Team (US CERT) is a great resource on learning about cyber defense. They release a lot of material on how to stay safe online and how many computer defenses work. Comodo also has a great resource on understanding many cyber threats and how cyber defense work. SAIC also has two videos on how to secure *nix and Windows Systems. Some concepts to be familiar with:
Learning Security Programs
There exist many security programs to look at and try. Below are some of our recommendations:
- Network Analysis:
- Rootkit Detection
- Intrusion Detection Systems (IDS)
- Firewalls
References
Other Resources
- Stanford Engineering Everywhere offers some free online classes on Computer Science and Engineering
- The CyberPatriot winning teams have compiled tips to help out other teams:
End Note
Though we have given you several resources to look at, this is not an exhaustive guide. The best thing you can do to educate yourself is to keep asking questions and figure out how things work. Feel free to look up resources on your own, and never underestimate Google. Also, if you feel you have a new or better link for us to post, feel free to send us a message.
Last updated 14 Sept 2011