Sans Core Netwars Tournament of Champions Europe

By Red Siege | August 9, 2021

From Justin Palk, Security Consultant:

I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team working the same environment? Both trying to reach the same goal, being able to see how close you are to the end, trading places back and forth on the leaderboard? That adds a little something extra. That’s what a good CTF gives you. All that, and doing it in an invitation-only tournament where everyone else is a CTF winner in their own right? That feels amazing.

This past week it was my honor to be on the winning team — ZombieProcess (aka QuePasaZombies) at this year’s Core NetWars Tournament of Champions (ToC) Europe. We’ve been working toward this moment since we met at the first ToC Europe in Berlin in 2019, and seeing all the hard work since then pay off is incredibly satisfying.

The Game

The tournament ran a total of six hours over back-to-back evenings at Pen Test HackFest Europe. In the first four levels, you’re hunting flags across a provided VM, and then a simulated corporate network. Level Five is castles, a king-of-the-hill battle where competitors get a pair of servers loaded with vulnerable services they have to defend while attacking those belonging to other players.

Every year, SANS invites the winners from each Core NetWars event to compete against each other in two Tournaments of Champions, typically held in Washington DC at the Cyber Defense Initiative in December, and in Berlin at the Pen Test HackFest Europe in the summer. Playing here means you’re going up against the best of the best.

I can’t say too much about the current IoT-themed version of NetWars, since it’s brand-new and will be running for a bit, but I can give some general pointers for this and other CTFs.

  1. Find yourself a team.
  2. Communicate with your team.
  3. Save your work
  4. Get up and move around every now and again.

Find Yourself A Team

This is the most important tip, and I can’t stress it enough. It’s very rare these days that one person can know it all when it comes to information security, and NetWars in particular tends to spread out from read team into blue team, especially in the early levels. That said, there are some people on the individual scoreboards who blow my mind with what they can do. For the rest of us, if you have someone who knows how to attack web apps, someone else who knows how to attack networks, someone else with some blue team skills, and maybe a crypto person means you’re going to have good coverage and will probably be able to do anything they throw at you. It also means you can work in parallel for large chunks of the game, advancing simultaneously on multiple fronts.

Communicate With Your Team

Once you’ve got your team, communicate. Keep each other informed of what you’re working on and bounce ideas off of each other or ask for help if you get stuck. There are times a specialist is going to shine, and other times where someone working outside their comfort zone is going to have a critical insight that gets you all through a roadblock. Make sure you have a way of sharing info with each other, whether that’s Discord, Slack, Etherpad or something else.

Save Your Work

Save your answers and key steps you had to take to unlock new areas of the game. If you need to go back and reference something from earlier in the game, good notes will save you actually having to hunt it down again. Taking notes also helps you remember what you’ve learned playing the game. Notes are particularly important for NetWars, where they run the same game repeatedly for a year and a half or so. Saving your work means you can quickly get back to where you were and push deeper into the game.

Get Up and Move Around

Stretch. Move around. If you’re on-site, go to the snack bar, get up and look over a teammate’s shoulders for a minute or just dance in the aisle. At home, grab a snack from the kitchen or do a few jumping jacks. Visit the bathroom occasionally. Whatever you need to do to unhunch your back, get the blood flowing and snap out of the tunnel vision you’ll inevitably get trapped in. You think better when the blood is flowing.

One More Thing

The last thing I have to say isn’t a rule, so much as a request or a suggestion. Get to meet your fellow competitors. Beyond even my teammates – who I met for the first time at the pre-game social in Berlin in 2019 – I’ve made some great friends and connections at CTFs in general and NetWars in particular. Find that team you were locked in a duel with for the past few hours and go grab a late-night snack after the competition ends. Follow them on twitter, look them up at the next conference. Take that intense energy from the competition and build on it, don’t just let it fade away.

QuePasaZombies is Justin Palk (@jmpalk), Coen Ramaekers (@wuher), Dave Andrews (@the_ghosteh), Savio Jossi (@SavinoJossi), and (@NOP_0x90v1). Eva van der Valk (@nemesis09) is a founding member of the team who has left playing NetWars to follow the path of becoming a SANS instructor, but still plays with us in other CTFs.

Subcribe now to join our email list and continue getting up to date information on all of the live events, discussions, educational webcasts and giveaways

Adventures in Shellcode Obfuscation! Part 1: Overview

By Red Siege | June 17, 2024

by Mike Saunders, Principal Security Consultant This blog is the first in a series of articles on methods for obfuscating shellcode. I’ll be focusing on how to obfuscate shellcode to […]

Learn More
Adventures in Shellcode Obfuscation! Part 1: Overview

Fun With JWT X5u

By Red Siege | May 30, 2024

by Senior Security Consultant Douglas Berdeaux On a recent web application penetration test engagement, I came across a JSON Web Token (JWT) that contained an x5u header parameter. I almost […]

Learn More
Fun With JWT X5u

Extend Your Browser

By Red Siege | May 9, 2024

by Ian Briley, Security Consultant In my last blog, I discussed using only a browser for web application testing, emphasizing how useful built-in browser tools like the Inspector and Console […]

Learn More
Extend Your Browser

Find Out What’s Next

Stay in the loop with our upcoming events.