For those of us privileged to have been invited to the 4th annual SANS Netwars tournament of champions, held in the ballroom of the Grand Hyatt hotel in the centre of Washington D.C. last week, the sight of the massive display screens towering over the rows of competitor’s tables was an inspiring start to the event. Each of the tables had several rows of seats for the attendees of the SANS Cyber Defence Initiative, the competitors being made up of people who were attending one of the many concurrent SANS courses and people invited to the Champions Tournament, with my invitation having come from my top scoring performance in the Cyber Academy in Cardiff in October.
In order to keep a reasonably level playing field the tournament was separated into 3 categories with the winner of the ‘first timer players’ being able to win an iPad, the winner of the ‘seasoned players’ also able to win an iPad, and for the winner of the ‘previous champions’ category, a rather attractive drone was on offer.
A NetWars competition is split up into five difficulty levels, and at the start of the tournament you are handed a disk image of a system with a rather tongue-in-cheek themed backstory (this years was Lord of the Rings). The task at hand is to make your way through the five levels using your cyber security knowledge and analytical skills, pick apart the information being presented and then answer a series of questions which become increasingly more difficult as the levels progress. The central server, which logs your answers, tabulates all of the competitor’s scores and presents a live league table on those massive screens at the front of the room.
The five levels of this year’s tournament were:
Using the system disk image that you given, your task was to determine fundamental properties of the operating system which was effectively a test of your knowledge of the Linux operating system and its command line interface.
In order to progress on to level two you were required to obtain escalated privileges on the system and gain root access to the OS. Once achieved, the rest of level two required navigating through the various complexities of Linux with root access and answering a further set of questions.
For me, this is where the really interesting stuff started. By completing level two you obtained the SSH credentials of a mock company’s DMZ and to progress through this level you had to exploit a variety of systems on the company’s infrastructure ranging from android to PHP backend web control systems.
For the fourth level you were required to exploit the company’s servers by pivoting from the operational systems you attacked in level three to the private internal network of the fictitious company. It was at this stage that most of the competitors (me included) reached their limits, with a large proportion of this section requiring custom built hacking tools.
For the fifth and final level the competition progressed to a player vs player scenario, with the contestants required to capture and defend sections of the company’s internal systems, known as ‘castles’, with points being awarded for how long you could hold each of the respective systems whilst your fellow competitors battled to take control of those same systems.
The Tournament was split over 2 days, and on the second day a lunch was provided for the champions group at which the future of NetWars was discussed, with discussions revolving around the potential to include teams instead of just individual competitors, and to dramatically change the format of the game making it a more like the SANS Christmas challenge of 2015 where the interface resembles an old school 2D role playing game (like original Zelda) where you’ll be able to speak to other players, and have to sift through a potential mire of misinformation.
All in all it was a pleasure and a privilege to attend this event, and it was truly a tournament of champions.