Last month, I took part of my first CTF: SANS Institute’s Core NetWars 11. I’ve been learning a lot as a member of the SANS Technology Institute’s cyber academy immersion program, but I’ve been looking for ways to practically (and legally!) test the skills I’ve been building the last year and a half.
As I don’t have the opportunity to use these skills at work, and the CTFs through SNHU’s cybersecurity club require purchasing admission, I could only do so much with my extremely-low-cost lab. The invite to SANS’ CTF was a pleasant surprise, and I jumped into it feet first.
As I cannot do a proper write-up for the challenges and what I did to solve specific challenges, instead I’ll be writing this more general listicle-bait post instead!
For my background:
Education (formal): I’m a third-rate WordPress admin who can make fourth-rate web 1.0 sites (thank you, journalism degree). Currently working on a computer science degree, and I’d finished a Python course and just started a Java one. I’d also taken and gotten certified for SANS’ Foundational Cybersecurity Technologies (GFACT) and Security Essentials (GSEC) courses, and was most of the way through the Certified Incident Handler (GCIH) course.
Education (less formal): I worked through the Google Cybersecurity program on Coursera and self-studied to take/pass the ISC2 Certified in Cybersecurity (CC) and CompTIA Security+ (Sec+) exams. I sure did start various Codecademy courses (until I hit paywalls) and made some Python webscraping scripts to help with my writerly tasks.
Professional experience: Most of what I can do is policy and human-risk-management based, which, while something I greatly enjoy, is not something you ever see the cool hackers doing in the movies.
Hardware: A decade’s-old PC that has been Ship of Theseus’d into it’s current incarnation: a 6-core mid-range AMD Ryzen CPU, a medium-high tier AMD Radeon GPU with 8 GB VRAM, 32 GB regular RAM (bought in the Before Times), running Linux Mint on two monitors. I started doing things in a Kali VM via VirtualBox, but you’ll shortly see why I abandoned that.
Now, for the first thing I wish I’d done…
1. Set Up mp PC Better
Kali has all the tools already in it, how handy! But I don’t run it on bare metal for all the obvious reasons, and I don’t like signing into my accounts with it (for also obvious reasons), or letting the clipboard allow stuff in/out…so you can see why this was an issue. Add to that how virtualization inherently limits the “machine” to less than the full power of the meatspace hardware…so I was tackling the challenges with the host OS.
I had some tools installed, but quite a few that I didn’t. So I was spending time searching for something I can use on Linux, downloading it, making sure it worked. It was time I could have been spending elsewhere, and time is oh-so limited.
But I did have a comfy workspace, my Linux/bash reference desk mat, and a huge water bottle, which leads to the next point.
2. Handle Bio Stuff Better
I knew I’d be locked in for 3 hours straight, so I had water and some snacks, but I needed more. [The brain is one of the most calorically-needy parts of the body], so, despite not leaving my chair, I was tearing through my resources at a rapid pace.
This is something I already knew, and take into account when studying or buckling down to get writing/editing work done under a looming deadline. But those are also situations where I can stop what I’m doing, take 10 minutes to walk to Peet’s and get a pretty big drink and some refined carbs. If I need a whole meal, I can make that time.
After the two periods each day, I did get up and walk around a little, but I really needed to do more. I needed to give my eyes/hands/wrists a break. Once the event was over, I was so utterly exhausted the next day that I struggled with any tasks that required mental bandwidth. And it wasn’t until I had a Liquid IV that I started to really feel better.
A big part of this is sleep. I think I got enough, but it was everything else around it, because what I really needed to have done was…
3. Adjusted my Schedule
That week, I had a ton of work to do for my Java class due on Sunday, and studying for the GCIH I had to make progress on, and I had my writing critique group on Saturday, and the submission support group I would lead on that Sunday. I had to put aside my editorial tasks for the anthology to the side because I just did not have the bandwidth for tasks that didn’t have immediate due dates.
I could have moved the sub group to another week, or worked ahead in my Java class, or prepped my pages for the crit group ahead of time…I was still able to completely block out the time just for the CTF, and everything else got done in time. It left me absolutely haggard, so it’s not a mistake I’ll make again.
4. Taken Better Notes
At a minimum, I should have been keeping track of which flags I’ve already submitted. If I’m doing a (very wide) search on a machine, I might find something I’d already used, or not supposed to use yet. Everything is being handled so fast and there’s so much data that I can’t keep it all in short-term memory, and I risk wasting time (and points) re-using a flag.
Even if I can’t post a write-up, I can still do a post-mortem for myself on what worked, what didn’t, which tools were actually helpful and which got in the way, and what skills I need to work on. The scorecard at the end of the event is helpful, but it doesn’t have all the data I want to sharpen my skills, both for the next CTF and as a professional.
5. Learned More PowerShell by Now
Here is my pro tip to you: do not post about PowerShell on Bluesky. You will get reply guys in your comments telling you how PowerShell is quite easy, actually, and way better than anything else. It’s all the negative stereotypes you hear about Linux users, but. For Microsoft.
I do have it installed on Linux, but, without cmdlets like get-process, the registry, or other things that make Windows Windows, there isn’t a ton I can do that has practical, enterprise application. The only true Windows computer I “have” anymore is my work laptop, and I don’t think IT would like it if I locally elevate my privileges so I can run PSh as an admin and futz with the registry, so either I got to find another computer in a dumpster or start breaking things in VMs.
And now, for the one thing I shouldn’t have done:
Underestimate Myself
I’ve only been learning cybersecurity for a year and a half, I have never held a technical job title (let alone an IT/cyber one), so my journey has all been very, “he built it in a cave with a box of scraps.” (If you’re looking to offload some equipment: hi.)
So, when I go to BSides or hang out with the local DEFCON group, I feel like I don’t belong. I don’t have a degree, I don’t have professional experience, and there’s just so much I don’t know, so what can I possibly achieve?
My goal with this, like it is with most competitions, is “not get last place.” I have so far achieved this, technically, with a series of contests in one of my writing communities (because there are people who participated less and therefore did not have the opportunity to score many points). What would the equivalent be for the CTF? Get one thing done? Five? I had no idea, but I knew I would (technically) not be last place if I scored any points at all (hopefully).
Then the host said that, if you did at least 5% of it, you could earn CPE credits. So, okay! Let’s try to do that! And I soon found I had reached that goal. Some of this was pretty easy, and some was a level of challenging I knew I could figure out with enough time, so I focused on what I could achieve.
By the end of the first window/day, I saw I was in 21st place. Which is kind of nuts, since there were over 400 people who registered, and I don’t think it’s possible all 380 of them no show’d. If you put me in a room of 400 cyber professionals, I’d never believe I’d even be in the top 50%.
So my goal going into the second day was, “try to get as much done as possible” and, “try to stay in the 20s.” As time was running out, I saw my score was in the mid-900s, so my final, “maybe, maybe not, but I should still try!” goal was to score 1,000 points.
Which I did! 1,003 points.
And I even got 19th place! Which is not good enough for a challenge coin, but that’s still way better than I thought I could ever do. I also managed to complete more medium-level challenges than the easy ones, while easy and introductory level were quite even.
When I reflected on my performance, I realized I wasted a lot of time on intro-level stuff that I couldn’t get to work, for whatever reason. I absolutely could have jumped ahead to the “harder” stuff and gotten it, which means I might have gotten more done overall
And For a Nice Conclusion…
I learned a lot! I had a ton of fun! And I really like DFIR!
My next CTF is this week, the Core NetWars 12, where I’ll be a part of a team, which is another new thing for me! I don’t know what position we’ll get, but I know I’ll be a much better participant because of all the things I’d learn from my first CTF, and I’ll definitely be looking forward to my third! I’ll update this post when I have my results and do a quick paragraph on how it went.
