Two NetWars Coins in a Week?! //


"Lemon and Lyne"

Thanks to taking SEC504 in Summer 2020, I got to experience the joys of SANS' NetWars competitions. The crafted story lines, high quality challenges and fun progressions make NetWars completely unlike any other CTF available. We were lucky enough that the first run of Cyber Defense NetWars v2 was available to anyone taking a SANS course that summer, and I had an amazing time participating with my team "Lemon and Lyne" (a play-on-words based on our idol, James Lyne), where we won the challenge coin for that event. It was an exhilarating competition bearing in mind we didn't feel that blue team was our strong point, and being the only team to complete the competition after the first day was immensely satisfying.

Core NetWars Tournament 7

On the day of this event, someone from outside my team saw an advert for it on Twitter. To participate in a NetWars tournament one must normally either be taking a SANS course at the time or pay quite a high price to access it. However, because this was the first run of the new Core Tournament 7 it was open to everyone to sign up for. Needless to say, my team and I jumped at the opportunity to participate.

We had quite low expectations for our performance in this NetWars, as we had previously participated in Core Tournament 6 and not done as well as we had hoped. However, since this was a new competition, there weren't the issues of people with flags stored like we had faced in Core Tournament 6. This meant that all progression was completely organic, and we had a great time traversing the different challenges and levels.

By the end of the second day, we had achieved 447 points in total; 100% on Levels 1 and 2, 61% on Level 3 and 8% on Level 4. This put us in number 1 across the competition, which we were overjoyed about. It felt even more special to be the first team to win this exciting tournament. The areas covered in this tournament included DNS, Bash, Linux System Administration, Reverse Engineering, Network Forensics, Cryptography and Web Application Exploitation.

SANS/Dragos ICS NetWars

Another unfamiliar area, industrial control systems is a topic we had never studied before. In fact, when researching the topic before this competition started, we realised that we did not even understand almost any of the ICS acronyms! We had never heard of a PLC, Modbus, HMI or DCS yet we tried our best to quickly learn as much as we could about the field.

Thankfully, early on in the competition, our strong research skills paid off. We were able to quickly climb to the lead by using Google to the best of our ability even though we lacked some fundamental knowledge of the topics. However, later on, as some of the challenges became more and more focussed on the ICS problems, we ran into some major problems. It felt like we didn't know how to approach some issues, such as the binary exploitation challenge or that which required the use of an ICS schematic.

Eventually, we managed to successfully complete all challenges but not without losing some points along the way. However, an overall score of 394/400 was certainly not something we were unhappy with. This was an exciting and new genre of competition for us, one which we hope to play again in the future.

What's next?

My team and I have always found NetWars competitions really fun, and hopefully we can continue to play more of such challenges in the future. We are excited at the prospect of being invited to the NetWars Tournament of Champions for our performance in NetWars Core 7; I think this will be a different beast altogether! My collection of challenge coins is steadily growing, and they are a great reminder of how exhilerating it was to participate in these competitions.