So, all the schools were penetrated, and the 1st and 2nd place was a difference between scores of 59% and 57% ?
way to celebrate mediocrity!

(just kidding though - it's nice to see students having these kinds of training competitions. I'm sure the Red team could easily break into most professional installations as well.)

Im sure the red cell guys had the private key hashes of all their security certs anyway....these guys were NSA.....encryption means nothing to them, unless you are using OTP.

Super combative terminal jokey from the winning team is on camera saying he can't close IE On a system that is supposed to be secure ... I'm guessing CTF at DEF CON would wipe the floor with these folks.

Claiming to have "won" against the NSA at the end, more like failed less than the others.

These exercises are fine in themselves, but anybody who knows what they are doing and has been tasked to comply with NIST security controls ( the ones the US Gov requires) will notice that many of the requirement unambiguously reduce the security of the system, and the folks who audit these projects don't care how bad it is as long as it's checked on the list.

The problem for the military is that regimentation, "sailor proof" instructions and other necessities of running a massive organization that has to assume the lowest common denominator just don't work in computer security. If people don't know what they are doing no amount of check-listing is going to solve the problem.

Anybody who really knows what they are doing -- as some of these students may one day -- will realize that you have to choose one or the other optimal security or regulation compliance.

disclaimer: my rant may be excessive, I just wasted 18mo building a server cluster that needed to pass gov audit - so I'm bitter

Moving this video to kulpims's personal queue. It failed to receive enough votes to get sifted up to the front page within 2 days.