Securing a Machine | Nathaniel Good

This is a guide to securing a machine based on my experience in CCDC competitions.

1. Backup

This matters because if Red Team gets in and encrypts or deletes important data, you still have a clean snapshot to recover from.

sudo tar -czf /root/web_backup.tar.gz /var/www

sudo tar -czf /root/config_backup.tar.gz /etc

mysqldump -u root -p --all-databases > db_backup.sql

robocopy C:\inetpub C:\backup /E

Change defaults early because once Red Team finds a weak or default credential, they can often move quickly across the environment.

This includes:

List users:

getent passwd

Change a password:

sudo passwd USERNAME

List users:

net user
Get-LocalUser

Change a password:

net user USERNAME NEW_PASSWORD

Once the obvious front door is closed, reduce attack surface by shutting down services the machine does not actually need for scoring.

Start by identifying the host’s intended role from the team packet, then compare running services against the expected role baseline:

After that, close ports and disable services that are not required.

After unnecessary services are disabled, the remaining exposed services become the primary attack surface. I break service review into four buckets:

Start with internet-facing services first, then move inward to internal-only services.

Once exposed services are reviewed, continue with broader host checks: