About the course
The cyber defender foundation capture the flag (CTF) has been designed to test and teach those responsible for detecting and defending an organisation against a cyber-attack. The QA cyber lab offers a safe environment for IT and security teams to develop their cyber defence skills and put to them to the test against the clock.
This is not for your elite 'hackathon# champions, this foundation CTF provides a learning platform for your multi-discipline technical teams to work together collaborating as they would do in a real cyber-attack. During the event challenges are released which requires the participants to navigate through systems, seeking vulnerabilities, exploiting, decrypting, whatever it takes to find the flag. Talented individuals working in isolation can't defend an organisation successfully. Learn the necessary cyber defence 'trade craft' skills, in our state of the art cyber lab, a fully immersive learning experience, harnessing the talent within your teams to solve the challenges together before you have to do it for real.
There are no explicit predefined prerequisites required for the challenge event as the instructor will lead the delegates through the event from the introductory modules to the more advanced tasks. However we recommend that delegates have experience of Windows and Linux operating systems in a networked environment. CLI skills, which include the navigation of file directories for both Windows and Linux. The ability to interrogate network systems for basic information such as IP address and MAC address. Knowledge of network fundamentals (IP addressing, subnets, routing). Familiarity with TCP/IP stack and the OSI Model and knowledge of common internet protocols.
Delegates will be able to demonstrate the following:
How to work as a team during complex technical tasking
Use numerous Penetration testing tools such as; Wireshark, SQLMap, ZAP, NMAP, Metasploit and more to perform tasks and gain flags.
Cyber defence 'tradecraft' problem solving activity
System, network and service enumeration
Application enumeration and profiling
How data is encoded, decoded, encrypted and decrypted using various algorithms as a means of evading detection
Day one will cover all the technical disciplines required to complete the CTF challenge rounds on Day 2. The CTF is broken up in to five rounds, each round covering the following topics.
Round 1 - General Linux Capabilities
Delegates will learn the commands needed to navigate around a Linux System, from being able to locate a specific file to killing running processes. Gaining the necessary skills and knowledge to not only know how to look but were to look for signs of an attack, which will come in very useful as they progress through the rounds and are able to respond swiftly to an incident. Knowing where to look is a key element in finding a flag for your team and delegates will be shown the key places that a hacker may leave clues behind.
Round 2 - Kali Linux Defensive Skills
Delegates will be taught the foundation elements of the Kali Linux environment and will be taught a subset of the many tools available within the Kali Linux suite. Including the more advanced tools of Kali Linux distribution which will form the building blocks for later modules.
Round 3 - Encoding and Decoding
Malware and other types of backdoors use encoding and encryption to hide what they do and to help avoid detection. Delegates will be taught how strings and data can be encoded and decoded using Base64, Hexadecimal and Binary and how this data can be decoded. Delegates will also be taught ways in which data can be encrypted and decrypted using various cryptographic algorithms and ciphers. This will teach each of the learners the foundation skills and knowledge needed to reverse engineer malware and backdoors which use these types of tricks to avoid detection.
Round 4 - Incident Response
After a cyber-attack it is important to determine how a cyber breach occurred, what the attacker did and what information the attacker managed to access. Delegates will be taught some of the ways in which systems can be compromised and the purpose of log files and how to analyse those log files for signs of breach allowing them to build a picture of how the attack happened and what the attacker achieved during the compromise. Delegates will be shown how to find backdoors installed by attackers and how to safely remove these backdoors.
Round 5 - Penetration Testing
Penetration tests allow system administrators and security professionals to identify vulnerabilities and weaknesses in their systems and platforms which could be exploited by an attacker. Delegates will be taught how to conduct a penetration test, testing for weak authentication, scanning remote services for vulnerabilities, exploitation of vulnerabilities and patching those vulnerabilities.
Day Two – CTF Challenges
Round 1 - General Linux Capabilities – CTF Challenge
Round one will require the delegates to use the commands learnt on the first day to navigate their way through a Linux system finding all the flags in question, they will need to remember the command line to use to find what they are looking for. This could be anything from the architecture to the operating system or even more specific hardware and software elements to form a level of confidence when using Linux Command Line.
Round 2 - Kali Linux Defensive Skills – CTF Challenge
Round two will cover the various aspects of Kali Linux where delegates will be asked to perform a number of tasks, in their team, all of which can be found using the expansive suite of tools with the Kali Linux environment. This round engages both novices and experts covering tasks with varied difficulty. Each task requires the submission of a flag, the goal being to submit maximum number of flags in the allocated time.
Round 3 - Encoding and Decoding – CTF Challenge
Round three will cover various types of encoding, decoding, encryption and decryption where delegates will be asked to encode/decode messages and solve a number of cryptographic puzzles which include alphabetical and numerical shift ciphers and transpositions. Delegates score flags for entering the correct encoded/decoded message in each of the tasks. This simulates the ability to detect and respond quickly to an insider attack and gain an understanding on an attacker's covert communication mind set.
Round 4 - Incident Response – CTF Challenge
Round four will require each delegate to perform a number of tasks to clean up after a cyber breach. This requires delegates to find backdoors installed by an attacker, identify compromised systems and services and modified user accounts allowing the attacker to regain access to the environment. Establish a timeline of the cyber-attack and determine how the system was compromised.
Round 5 - Penetration Testing – CTF Challenge
Round five explores the detail behind a penetration test of a compromised system where delegates will be asked to identify vulnerabilities and exploit those vulnerabilities ranging from weak authentication all the way to remote command execution in both web and system applications. Delegates will be able to review the more basic SQL injection to the more complex process of privilege escalation by exploiting buffer overflows.
Each of the five CTF challenge rounds will cover a number of tasks ranging in difficulty engaging both novices and the more able delegate, in various aspects of Linux, networking, cryptography, incident response, penetration testing and exploitation of various types of vulnerabilities. Flags are awarded for successfully completing each task in each round. Each task is worth one flag and the team at the end of the five rounds with the most flags wins. Time will be used as the tiebreaker.