I’m a bit late on this but I wanted to make sure that my braindump on the topic was committed before it went out of my mind. The mantra of CCDC had been to prepare thoroughly but know that you’re going to be compromised. That’s probably the most apt thing to remember. Everything fell over, things were not what you expected and your training will likely not be enough.
That being said, there’s a bunch of things that can be really useful in getting you farther. When training focus on systems building and understanding where to look when it’s not quite as it should be. What I mean is that you should build a web server with Apache, then one with Nginx. Go full LAMP and LEMP stack. Install some web apps and then find the configuration files and error logs for all of those. Make note of ‘em.
You’re going to be passed the baton on some really broken systems, or maybe not. It’s hard to say but you’re going to inherit something you might not know. If you don’t, don’t stress too much. There’s an internet-connected computer available for you to do some cursory research about config files and error logs.
You’ll also want to get some detection techniques going. Monitor your processes and prepare for things to go missing. Fortunately, they’re usually not deleting everything, just moving them around to stall you from taking action. Sort files by time modified and see what’s been done lately! ‘ls -1rt’ can do something like this.
Finally, bring cheat sheets! The moment can get you out of your element and all of the things that you’ve done before can be gone from your mind. Things like the MySQL cheat sheet or other commands that you know you’ll need information on can be really handy in a pinch.
If you’re reading this, good luck to you. Just build your essential services and focus on what’s important. You got this!