While the concept for this wargame was exceptional, the game could have been better explained. When the game began, we were told that the entire 192.168.1.0/24 network was off-limits, and that on the 192.168.15.0/24 network only the game server was off-limits but that there were other systems on that network for extra points. This was a bit misleading as the only address range the wargame operated on was on the 192.168.15.0/24, but we didn't find this out until it was too late.
There are other complaints, but I feel Altamira's recap captured the heart of it.
Log of our Fail
Our team largely consisted of new members who had not been to a wargame before, and so we chose a mostly defensive strategy of one experienced person on offense, one person operating the simulator, one person responsible for patching our systems, and two people auditing our network for unpatched vulnerabilities. Quickly we found a few keys on our server and began with a good start, but the services weren't vulnerable to anything we knew of, and throughout the exercise no team had remote access to our network.
Continuing in our audit we found an additional server on our network with some weird mafia website. This server distracted us for a good bit, because we did get root on the server but it lacked keys. So we then tried to see if the mafia website contained obscure clues or stego. It wasn't until we had accidentally firewalled ourselves out of the system (doh!), and ask the admins to reboot the server, did we find out that this was not part of the wargame and the VM had been started by accident. So, that was waste of time, but because we found it and got root, they did award some points for us.
We found nothing, no hosts, no ports. So I began scanning port 80 on everything but 192.168.1.0/24. Turns out this was a horrible idea as all the team networks were translated behind an address on the 192.168.15.0/24 network. This however does not mean I did not find other hosts...just that those hosts were probably someone else in the hotel (oops!). Again more wastes of time.
Finally, we focused on 192.168.15.0/24 network, but as we were very very late to the party though we were able to find an unused flag. The important hosts to own and pivot from had already been claimed by other teams.
Good pointsOur nuclear simulation operator (tarkiz) did a wonderful job of scoring points which helped us be out a team that had their router fail mid-game.
Needs workI wouldn't call this experience a failure. It could only be a failure if we didn't learn from it. Besides, that's the point of a lessons learned, and this wargame had so many lessons for us. We'll learn, we'll be ready.
In previous wargames, the teams I was on had used Google Drive to collaborate and communicate without being overheard. This time however, the Internet was so inaccessible it might as well not been on. So, one thing we need to work on is bringing our own collaborating system.
The other part I was weak on was fuzzying websockets with ZAP/Burpsuite. If I had Internet at the time, I probably could have figured out something, but as most services use RESTful architecture, I did not expect to encounter websocket.
Other teams that were there.