Popping my Netwars cherry

So you may remember from earlier blog posts (before all the OSCP stuff) that I had started taking part in the Cyber Security Challenge UK contests. These are security related challenges that are aimed at providing cyber learning opportunities and possibly career opportunities to people with a passion for all things InfoSec related that aren’t currently working in the field.

I’ve signed up for a few of these but only submitted a couple due to the others falling right in the middle of OSCP time (which was more fun..). Now my aim for taking part was never to win, its just that I like doing these sorts of challenges and in the UK there is a distinct lack of CTF type things for a wannabe like me to take part in (more on that in later posts).

For both the challenges I submitted I scored OK, not 1st but not last either and like I said it was fun and I got to learn a few new things. Needless to say I was a bit surprised when I got an email inviting me to a special SANS Netwars event organised by Cyber Security Challenge UK, but as it had the word “Netwars” in it who am I to turn it down..

I arrived at the event this morning, with 29 other contestants, all various ages and background all of us with one thing in common, we all have a passion for InfoSec. The 8 highest scorers of the day would get a place on a “Masterclass” event in March 2013.

For those that don’t know what SANS Netwars is all about I suggest Google (we’ve talked about this before). Netwars events are “open book” which mean you can take whatever tools you want (Backtrack, Backbox etc. etc.) and the aim is simple, score points.

The actual Netwars was scheduled to run for 2 hours and you have to progress through 5 levels, the first 2 levels are achieved by using a bootable ISO image provided by SANS, level 1 is done as a normal user, level 2 is done with root priveleges. Both level 1 and 2 are more about forensics, things like “look at this pcap file and sha1 hash the IP address that made a DNS request to…” or “crack the password for root by using this backup file of the /etc folder”.

Now I like forensics but I suck at it, although I managed to get enough points for each level I did struggle with somethings, but I was surprised with some of the answers I managed to work out and a lot of that I think was due to doing the OSCP course. Level 3 is where (for me) the fun should start, attacking machines in a DMZ environment and finding the necessary “flags”, unfortunately by the time I got to level 3 I had about 20 minutes left so didn’t manage to score any points.

Just for information, level 4 is pivoting from the DMZ network to the “intranet” (again something I would have enjoyed and am well practiced at) and level 5 was “King of the castle” where you get to defend against other hackers.

The good and the bad:

1. It was fun, by now you should guess that I love this kind of thing and would rather be doing offensive than defensive security.
2. SANS organised and ran the event incredibly well, the instructor/guide James Lyne was funny, helpful and helped make the event great, although playing Gangham style was a bit of a distraction (and it’s stuck in my head still).
3. See point 1

1. It wasn’t long enough, yes I know it was free and I should be grateful but, like I said I love this kind of thing so it would have been nice to see how far I could have got with a few more hours.

On top of this I got to meet a few people, spread the word about B-Sides London, drink nice coffee and I think I managed to avoid the TV cameras for most of the day, although there are some photo’s of me somewhere…

Now SANS very nicely have said they will email everyone their scorecards from the event which once I have I will post, but in the mean time here’s a screenshot at the scoreboard at the end of the day…


So I’m through to the Masterclass in March, I have no idea what that means or involves but once I do I will let you know. Between now and then I have some areas I need to focus on to improve my skills but as we all know its a never ending process really.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s