The students of the Meadow Bank TAFE’s NSI Degree of Network Security decided to register two teams for the Cyber Security Challenge Australia 2013 event, CySCA 2013’s Website. This page contains a write-up of my experience participating in the challenge which was my first iCTF event. I was asked to be a team leader for one of the teams entered into the challenge.The scenario of the we were given for the event was the following:
A company named Synergised Cyber Cloud Pty Ltd which are the creators of a new protocol, Very Secure Transfer Protocol (VSTP), the team has been charged with the mission to perform a penetration test of the corporate network to determine the potential risk of stolen intellectual property as well as perform a penetration test of the web applications to determine potential vulnerabilities and impacts. We were also charged with the task to perform an application code review to identify software vulnerabilities in the new protocol which is currently in a state of RFC. We were also required to perform a forensics analysis of a memory dump of the CEO’s laptop as well as a forensic analysis of a network traffic capture and reverse engineer the exploitation.
The team got together a couple of times a week lending up to the challenge to practice the skills which were required to know for the tasks in the challenge:
- Penetration Testing – Web Applications, Corporate Network, Database
- Forensics – Memory, Network, Reverse Engineering
- Application Code Review
- Fixing Vulnerabilities – How to best mitigate
- Secure Design
Using the NSI Network Security Practise Lab which was built by my group, different group to the challenge team, for our group major project for a subject within the degree course as our training network, this network was built specifically for using a learning tool for students in the degree to safely practice skills required for network security careers. Using the lab we attempted to learn how to cover as much of the skills as were going to need in the challenge event, in a hands-on environment.
This was the first CTF event that anyone in my team participated in and we were not sure sure what to inspect. Once the event started and we were given access to the event network and the passwords to decrypt the network trace file and the memory dump, the group began working on the various questions. At the end of the challenge the group was sitting on 12 points at rank 35 out of 43 beating the second NSI team which finished at rank 39 on 10 points. My team finished the first question of the web application and network forensic sections and the entire secure design section of the CTF events.
After the event had finished I began writing blogposts about the challenge questions I attempted after the event: