# First 15 Minutes Checklist

## THE GOLDEN WINDOW

> The first 15 minutes set the tone for the entire competition. Execute this checklist with precision.

---

## MINUTE 0-2: ORIENTATION

### Captain Actions
- [ ] Receive competition packet from White Team
- [ ] Confirm team roster with White Team
- [ ] Identify emergency contact procedures
- [ ] Set up Captain Status Board

### All Team Members
- [ ] Log into assigned workstation
- [ ] Confirm VPN/network connectivity
- [ ] Open communication channel (Slack/Discord/whatever approved)
- [ ] Have templates ready (digital and paper)

---

## MINUTE 2-5: NETWORK DISCOVERY

### Network Lead
- [ ] Obtain network topology diagram (if provided)
- [ ] Document network ranges: `________________`
- [ ] Identify gateway: `________________`
- [ ] Identify DNS servers: `________________`

### All Technical Leads
Run simultaneously on your assigned systems:

**Windows:**
```powershell
# Quick system identification
hostname; ipconfig /all | findstr /i "IPv4 DNS"
```

**Linux:**
```bash
# Quick system identification
hostname; ip a | grep inet; cat /etc/resolv.conf
```

### Document All Systems Found
| Hostname | IP | OS | Role | Owner Assigned |
|----------|----|----|------|----------------|
| | | | | |
| | | | | |
| | | | | |

---

## MINUTE 5-8: SERVICE IDENTIFICATION

### Identify ALL Scored Services
- [ ] Web Server (HTTP/HTTPS): `________________`
- [ ] DNS Server: `________________`
- [ ] Email Server: `________________`
- [ ] Database Server: `________________`
- [ ] FTP Server: `________________`
- [ ] Other: `________________`

### Quick Health Check
```bash
# From any Linux box - check common services
for port in 22 25 53 80 110 143 443 3306; do
  nc -zv TARGET_IP $port 2>&1 | grep -i "succeeded\|open"
done
```

### Confirm Services Responding
| Service | Status | Notes |
|---------|--------|-------|
| Web | [ ] UP [ ] DOWN | |
| DNS | [ ] UP [ ] DOWN | |
| Email | [ ] UP [ ] DOWN | |
| DB | [ ] UP [ ] DOWN | |
| FTP | [ ] UP [ ] DOWN | |

---

## MINUTE 8-12: CREDENTIAL INVENTORY

### Document Provided Credentials

**DO NOT CHANGE PASSWORDS YET** - First document what you have.

| System | Account | Initial Password | Type |
|--------|---------|------------------|------|
| | | | [ ] Admin [ ] Service [ ] User |
| | | | [ ] Admin [ ] Service [ ] User |
| | | | [ ] Admin [ ] Service [ ] User |
| | | | [ ] Admin [ ] Service [ ] User |
| | | | [ ] Admin [ ] Service [ ] User |

### Verify Login Works
- [ ] Domain Admin login works
- [ ] Local Admin logins work
- [ ] Service accounts identified
- [ ] Root/admin Linux access confirmed

---

## MINUTE 12-15: ASSIGN AND COMMUNICATE

### Captain: Assign Ownership
| System/Service | Primary Owner | Backup |
|----------------|---------------|--------|
| Domain Controller | | |
| Web Server | | |
| DNS Server | | |
| Email Server | | |
| Database | | |
| Firewall | | |
| Linux Server 1 | | |
| Linux Server 2 | | |

### Announce Priorities
Captain announces to team:
1. **IMMEDIATE:** `________________________________`
2. **NEXT:** `________________________________`
3. **AFTER THAT:** `________________________________`

### Confirm Communication Rhythm
- [ ] Status updates every: _____ minutes
- [ ] Incident escalation procedure confirmed
- [ ] Inject notification procedure confirmed

---

## POST-15 MINUTES: BEGIN HARDENING

Now transition to the "First Hour" hardening phase:

### Priority 1: Change Critical Passwords
- [ ] Domain Admin
- [ ] Local Administrators
- [ ] Root accounts
- [ ] Service accounts (carefully!)

### Priority 2: Quick Wins
- [ ] Disable Guest accounts
- [ ] Enable firewalls
- [ ] Start logging

### Priority 3: Service Verification
- [ ] All scored services still functional after changes
- [ ] Scoring engine checks passing

---

## RED FLAGS IN FIRST 15 MINUTES

Alert Captain IMMEDIATELY if you see:
- [ ] Unknown admin accounts
- [ ] Services already compromised
- [ ] Unexpected network connections
- [ ] Missing critical systems
- [ ] Credentials not working

---

## 15-MINUTE CHECKPOINT

Before moving to hardening phase, confirm:

| Checkpoint | Status |
|------------|--------|
| All systems identified | [ ] YES [ ] NO |
| All services documented | [ ] YES [ ] NO |
| All credentials documented | [ ] YES [ ] NO |
| All owners assigned | [ ] YES [ ] NO |
| Status board active | [ ] YES [ ] NO |
| Team communication working | [ ] YES [ ] NO |

**If any NO:** Stop and fix before proceeding.

---

## CAPTAIN'S 15-MINUTE REPORT

_Fill this out at minute 15 and keep for reference_

**Systems Online:** ____/____

**Services Confirmed:** ____/____

**Team Status:** [ ] Ready [ ] Issues

**Immediate Concerns:**


**First Hardening Target:**


---

_Template by CCDC.x1000.ai - Elite Blue Team Training Platform_