Mini NetWars 3

In March, SANS launched a new series of virtual, hands-on Capture-the-Flag (CTF) events and have since been delivering weekly cyber challenges to SANS students as well as the larger cybersecurity community for free.
@SANSNetWars #mininetwars #netwars
May 14 - May 15 2020

Mini NetWars 3

My first NetWars event! This was a qualifier for the Jupiter Rockets Pen Test range at PenTest HackFest and Cyber Range Summit in early June. Ed Skoudis and the team created an early SANS Holiday Hack, so we're helping out Santa and the Elf University with security flaws in their video games.

This was the first of four SANS CTF events I participated in over May and June. My sense of these games was that they reuse these scenarios and public writeups are unwelcome, so just some highlights for these events...

The challenges were an interesting mix of relatively simple path traversal, more complex manipulation of websockets and DOM variables, and some neat progressive challenges using tshark for packet analysis and the scapy library for packet crafting. This was a great place to start trying out my newfound JavaScript skills! I also discovered that Wireshark can easily decrypt encrypted streams using captured secret keys.

FINAL RESULTS

Final Score: 1200/1225
Final Rank: 169/3000+

 That's in the top 400, which qualifies me for a spot in the Global Cyber Range Competition at the PenTest HackFest and Cyber Range Summit!