Sans Core Netwars Tournament of Champions Europe

By Red Siege | August 9, 2021

From Justin Palk, Security Consultant:

I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team working the same environment? Both trying to reach the same goal, being able to see how close you are to the end, trading places back and forth on the leaderboard? That adds a little something extra. That’s what a good CTF gives you. All that, and doing it in an invitation-only tournament where everyone else is a CTF winner in their own right? That feels amazing.

This past week it was my honor to be on the winning team — ZombieProcess (aka QuePasaZombies) at this year’s Core NetWars Tournament of Champions (ToC) Europe. We’ve been working toward this moment since we met at the first ToC Europe in Berlin in 2019, and seeing all the hard work since then pay off is incredibly satisfying.

The Game

The tournament ran a total of six hours over back-to-back evenings at Pen Test HackFest Europe. In the first four levels, you’re hunting flags across a provided VM, and then a simulated corporate network. Level Five is castles, a king-of-the-hill battle where competitors get a pair of servers loaded with vulnerable services they have to defend while attacking those belonging to other players.

Every year, SANS invites the winners from each Core NetWars event to compete against each other in two Tournaments of Champions, typically held in Washington DC at the Cyber Defense Initiative in December, and in Berlin at the Pen Test HackFest Europe in the summer. Playing here means you’re going up against the best of the best.

I can’t say too much about the current IoT-themed version of NetWars, since it’s brand-new and will be running for a bit, but I can give some general pointers for this and other CTFs.

  1. Find yourself a team.
  2. Communicate with your team.
  3. Save your work
  4. Get up and move around every now and again.

Find Yourself A Team

This is the most important tip, and I can’t stress it enough. It’s very rare these days that one person can know it all when it comes to information security, and NetWars in particular tends to spread out from read team into blue team, especially in the early levels. That said, there are some people on the individual scoreboards who blow my mind with what they can do. For the rest of us, if you have someone who knows how to attack web apps, someone else who knows how to attack networks, someone else with some blue team skills, and maybe a crypto person means you’re going to have good coverage and will probably be able to do anything they throw at you. It also means you can work in parallel for large chunks of the game, advancing simultaneously on multiple fronts.

Communicate With Your Team

Once you’ve got your team, communicate. Keep each other informed of what you’re working on and bounce ideas off of each other or ask for help if you get stuck. There are times a specialist is going to shine, and other times where someone working outside their comfort zone is going to have a critical insight that gets you all through a roadblock. Make sure you have a way of sharing info with each other, whether that’s Discord, Slack, Etherpad or something else.

Save Your Work

Save your answers and key steps you had to take to unlock new areas of the game. If you need to go back and reference something from earlier in the game, good notes will save you actually having to hunt it down again. Taking notes also helps you remember what you’ve learned playing the game. Notes are particularly important for NetWars, where they run the same game repeatedly for a year and a half or so. Saving your work means you can quickly get back to where you were and push deeper into the game.

Get Up and Move Around

Stretch. Move around. If you’re on-site, go to the snack bar, get up and look over a teammate’s shoulders for a minute or just dance in the aisle. At home, grab a snack from the kitchen or do a few jumping jacks. Visit the bathroom occasionally. Whatever you need to do to unhunch your back, get the blood flowing and snap out of the tunnel vision you’ll inevitably get trapped in. You think better when the blood is flowing.

One More Thing

The last thing I have to say isn’t a rule, so much as a request or a suggestion. Get to meet your fellow competitors. Beyond even my teammates – who I met for the first time at the pre-game social in Berlin in 2019 – I’ve made some great friends and connections at CTFs in general and NetWars in particular. Find that team you were locked in a duel with for the past few hours and go grab a late-night snack after the competition ends. Follow them on twitter, look them up at the next conference. Take that intense energy from the competition and build on it, don’t just let it fade away.

QuePasaZombies is Justin Palk (@jmpalk), Coen Ramaekers (@wuher), Dave Andrews (@the_ghosteh), Savio Jossi (@SavinoJossi), and (@NOP_0x90v1). Eva van der Valk (@nemesis09) is a founding member of the team who has left playing NetWars to follow the path of becoming a SANS instructor, but still plays with us in other CTFs.

Subcribe now to join our email list and continue getting up to date information on all of the live events, discussions, educational webcasts and giveaways

Dumping LSASS Like it’s 2019

By Red Siege | March 4, 2024

By Alex Reid, Current Red Siege Intern   A long-time tactic of threat actors and offensive security professionals alike, tampering with LSASS.exe in order to recover credentials remains a highly […]

Learn More
Dumping LSASS Like it’s 2019

Better Living Through OpenSSH Config Files

By Red Siege | February 15, 2024

By: Justin Palk, Senior Security Consultant   SSH is an incredibly valuable tool for penetration testing. It provides us with a secure channel for administering machines, remotely executing tools, transferring […]

Learn More
Better Living Through OpenSSH Config Files

GraphStrike: Anatomy of Offensive Tool Development

By Red Siege | January 22, 2024

By: Alex Reid, Current Red Siege Intern Introduction This blog post accompanies the release of an open source tool called GraphStrike which can be found here. Those familiar with my […]

Learn More
GraphStrike: Anatomy of Offensive Tool Development

Find Out What’s Next

Stay in the loop with our upcoming events.