2026 CCDC Season Active

Elite Blue Team
Training Platform

Master the art of enterprise cyber defense. CCDC is not about who hacks best—it is about who keeps the business running under fire.

200+
Schools
10
Regions
1,500+
Competitors
20
Years
// Understanding CCDC

This Is Not CTF

CCDC is the largest collegiate cyber defense competition in the United States, testing real-world enterprise security operations.

Enterprise Simulation

Teams inherit a live corporate network—web servers, email, databases, Active Directory—and must keep it running while under attack.

Red Team vs Blue Team

Professional penetration testers attack your infrastructure in real-time. Your job: detect, contain, and recover—without losing business continuity.

Business Injects

Complete CEO requests, compliance tasks, and incident reports. Technical skills alone will not win—you need operational excellence.

“CCDC is not about who hacks best—it is about who keeps the business running under persistent attack.”

— The Core Philosophy

// Scoring Model

How Teams Win

Understanding the scoring model is the first step to strategic competition.

Total
100%
Service Uptime (~50%)
Business Injects (~50%)
Red Team Penalties
Score = Services + Injects − Red Team Damage

The Scoring Breakdown

  • Service Points

    Automated checks verify your services every few minutes. Keep web, mail, DNS, and databases running—downtime costs points.

  • Inject Points

    Business tasks from the CEO, Legal, HR. Write policies, investigate incidents, implement changes. This is half your score.

  • Red Team Penalties

    Successful compromises deduct points. But high-quality incident reports can reduce penalties—documentation matters.

// Competition Structure

10 Regions to Nationals

Win your regional competition to advance to the National CCDC Championship and compete for the Alamo Cup.

NECCDC
Northeast
2025: UMass Lowell
MACCDC
Mid-Atlantic
2025: UVA
SECCDC
Southeast
2025: Tennessee Tech
MWCCDC
Midwest
2025: Indiana Tech
SWCCDC
Southwest
2025: UT Austin
RMCCDC
Rocky Mountain
2025: BYU
WRCCDC
Western
2025: UC Irvine
PRCCDC
Pacific Rim
2025: Oregon State
ALCCDC
At-Large
2025: Dakota State
WILDCARD
Wildcard
2025: UCF
// Hall of Fame

National Champions

Two decades of excellence. The teams that reached the summit.

2025
🏆 UC Irvine
First UC system national championship
2024
🏆 UCF
UCF's 6th national championship
2023
🏆 Stanford
Stanford's first national championship
2022
🏆 UCF
UCF's 5th national championship
2021
🏆 UVA
UVA's 3rd consecutive championship
// Blue Team Doctrine

The Eight Iron Rules

Battle-tested principles that separate champions from competitors.

01

Service Priority is Public

Every team member knows which services are Tier 0 (never die), Tier 1 (protect), and Tier 2 (sacrifice if needed).

02

No Lone Wolf Changes

Any change affecting auth, network, AD, mail, or DB requires two-person confirmation. Most disasters are self-inflicted.

03

Identity Over Surface

With limited time, don't make things look secure—control high-privilege accounts, unknown users, and management interfaces first.

04

Logs Are Not Decoration

If you can't see it, it didn't happen. Centralize logs, protect them, and actually watch them.

05

Every Anomaly Gets a Ticket

No documentation = no incident. In CCDC, incident reports can reduce penalties. Record everything.

06

Contain First, Explain Later

Don't wait for complete analysis. Stop the bleeding, isolate the threat, then investigate.

07

No Scorched Earth

Blocking everything breaks scoring engines. Use surgical containment, not carpet bombing.

08

Injects Are Not Side Quests

Business tasks are half your score. They're not optional—they're the main event alongside services.

Ready to Level Up?

Dive deep into training frameworks, case studies, and playbooks that have shaped championship teams.