Currently playing level 5. Highest rank so far is 2. Each week, up to 10 players can sign in to each little area, and we've had four every week, so far, so 2 isn't that impressive.
My first couple of weeks, I didn't put services up, I just kind of observed what what going on by setting up a sniffer. I poked around people's setup, especially the top guys to figure out how to configure my machine to be more secure than it would be had I not. I'm glad I did.
There's this one poor guy who I won't mention by name that probably has the best strategy. He keeps getting owned by a guy who's been playing for a while. He's been at the top slot in our little group since before I started level 5.
I can say that I'm getting a little better at reading pcaps. The traffic is steady, which makes anomalies stand out like a sore thumb.
Some of these attacks are pretty interesting. I have a limited view this way. Probably be best to take the strategy of the other guy and get pummeled. Would definitely make me a better defender if I can get the logs/pcaps to learn from.
I'm surprised that I've been able to fend off the attackers thus far. Wish I was better with attacks, though.
Update:
Exploited a vulnerability in one person's machine, rooted a poor guy's box a couple of weeks ago, and secured it against attack. Finally got rank 1. Maxed out the score I could get. 550-lost a couple of points somewhere in Levels 1-4. The max score is 552. Ended up finishing in place 51.
Wednesday, May 31, 2017
Monday, May 15, 2017
How I Got To Level 5 NetWars Continuous
Currently at Level 5 on NetWars continuous. I don't have much longer left on my subscription: I have a couple months left. They don't only do NetWars at SANS conferences; they are offered at other conferences from time to time. I got it for free by winning it in a raffle at the NetWars Tournament in one of the cyber security conferences. I lucked out because the NetWars Tournament at that conference just happened to be included with the price of the ticket at the conference that I had attended. I encourage people to look at the conferences offered near their area and attend if at all possible. Look for perks like this: where NetWars is included and take advantage of it. Some conferences offer scholarships to pay for the cost of a ticket if money is an issue. Some conferences allow tickets for people who speak and extra for family members as well. Speaking is good experience, so if you can come up with a good speaking topic, go ahead and do so. I haven't done so because I don't do well speaking in front of crowds. I plan to work on that. (It's odd because I used to sing solos in front of crowds-that feels like a lifetime ago. I haven't sang in front of a crowd for a while now. Someone should come up with some sort of topic: the musical. That would be different. :))
I can't give answers about NetWars Continuous, and I won't because it is unethical, and I happen to like the people at Counter Hack Challenges and appreciate the effort that they put into it. I can give tips though.
Don't think of it as a chance to prove that you are an elite hacker and that you can win. Competition is fierce, and chances are, someone will be better than you are.
Do Think of it as a chance to learn. If you need to take hints, don't berate yourself over it. The whole point is to learn something.
Don't take all three hints at once, chances are, the first hint will be enough. Just research whatever is mentioned in it, via Google, or another favorite search avenue.
If you see a service, website software, process, or something else you don't know, search those via Google as well, chances are, you'll find a vulnerability that way.
If you see source code, like php, look very carefully at it. Any methods/functions you don't understand, look them up.
Don't underestimate simple commands: Sometimes it isn't an exploit that gets the keys to the kingdom.
Don't underestimate low/informational vulnerabilities in vulnerability tools. Sure, the red, shiny major exploits look awesome, but how easy are they to exploit? Sometimes the informational ones give you what you need.
Visit the blogs of the people who work at Counter Hack and SANS Pen Testing blog. There are a lot of clues there to figure out how to solve stuff.
That's how I got to level 5. Good luck.
I can't give answers about NetWars Continuous, and I won't because it is unethical, and I happen to like the people at Counter Hack Challenges and appreciate the effort that they put into it. I can give tips though.
Don't think of it as a chance to prove that you are an elite hacker and that you can win. Competition is fierce, and chances are, someone will be better than you are.
Do Think of it as a chance to learn. If you need to take hints, don't berate yourself over it. The whole point is to learn something.
Don't take all three hints at once, chances are, the first hint will be enough. Just research whatever is mentioned in it, via Google, or another favorite search avenue.
If you see a service, website software, process, or something else you don't know, search those via Google as well, chances are, you'll find a vulnerability that way.
If you see source code, like php, look very carefully at it. Any methods/functions you don't understand, look them up.
Don't underestimate simple commands: Sometimes it isn't an exploit that gets the keys to the kingdom.
Don't underestimate low/informational vulnerabilities in vulnerability tools. Sure, the red, shiny major exploits look awesome, but how easy are they to exploit? Sometimes the informational ones give you what you need.
Visit the blogs of the people who work at Counter Hack and SANS Pen Testing blog. There are a lot of clues there to figure out how to solve stuff.
That's how I got to level 5. Good luck.
Friday, May 12, 2017
Indexing-For SANS Certs-Again
I took the GSEC exam back in April. I do not want a repeat of what happened with that index. I was working up to the deadline on that index because I was busy with other stuff and waited until about the last month to begin the index. I printed out the index the night before the exam. I ran out of printer ink, which meant a trip to the store to grab more, then my printer took a long time to print it because I printed it in landscape mode. I was up until 3 in the morning getting it ready. My exam was at 10 AM. I had trouble finding things in the index because it was so big. It was like 300 pages long. I used it, but not as much as normal. Fortunately, I seemed to remember most of the material, so I still scored really well. The lack of time management is not a normal occurrence for me. I usually prefer to have things done well in advance. That date just kind of crept up on me. Good news is that I learned a lesson about proper time management on that one.
I'm refining my technique for indexing. I'm working on my index for the GCIH exam. I've spoken to others who simply write a topic and page number. I wouldn't feel prepared doing that. I still take notes, but I've taken the module section out, though. I find that I don't usually use it anyway. Now my index is just a topic, book, page, notes. I add the lab notes as well. I've found that some of the commands in the labs are on the test. (Which, makes sense, considering they say that ANYTHING in the books may be covered.) I started to implement a new technique: Note: You probably need to schedule your exam earlier than the expiration date. Make sure to consider that in your calculations. I should've have done this to begin with, but this time around, since I have multiple things going on, I calculated the number of pages in my books, and the number of days left until my cert attempt expires, then I subtract 14-20 days-to give me a couple of weeks to 20 days to review the material that I'm weak on. Then I take the number of pages/re-calculated number of days to get how many pages I should do each day, minimum. If I can do more than that, great, if not, I at least know that I will complete the index ~14-20 days before the cert expires. The same can be done with the OnDemand content to watch the videos in time. Calculate Total Vid Time (in minutes). (Total Run Time is in the Introduction Tab content. Convert the hours to minutes by multiplying hours by 60 and adding any remaining minutes) Divide Total Vid Time By Number of Days= number of minutes that need to be watched/day. (Make sure to round up if you get something like 15.876 minutes/day...).
So, for example, say you have 92 days left, 690 pages, and you want 14 days left to review the material before your cert expires. So, to calculate number of pages you should do in a day, you take 92-14=78 to get the recalculated number of days. Then you would take 690 pages/78 days. That's approximately 8.84615385 pages a day. Or, easier still 9 pages a day. To calculate the video time. Say you have 20 hours and 23 minutes of video time. Take 20*60=1200 minutes, add the extra 23 minutes, giving 1,223 minutes, then divide by number of days, which was already calculated to be 78. 1223/78=~15.6794872 or 16 minutes per day. These are minimum. If you can get more done than this-do it. This will help if something unexpected happens, like a family emergency, while you're studying and you can't work on it for a few days.
So far this seems much less stressful. I'll see as I get closer to the exam time. Hope that this helps others in their exam studying efforts. Good luck everyone.
Update: This method was a lot less stressful. Be mindful that you may forget some of the material in that time frame if you aren't using it, though. Note: Do not take a practice exam a couple days before the exam. I did, and scored less well on the practice exam than I hoped that I would. So, I was really nervous going into the real exam. Fortunately, the practice exam did not indicate how well I did on the real exam. On the real exam, I did really well.
I'm refining my technique for indexing. I'm working on my index for the GCIH exam. I've spoken to others who simply write a topic and page number. I wouldn't feel prepared doing that. I still take notes, but I've taken the module section out, though. I find that I don't usually use it anyway. Now my index is just a topic, book, page, notes. I add the lab notes as well. I've found that some of the commands in the labs are on the test. (Which, makes sense, considering they say that ANYTHING in the books may be covered.) I started to implement a new technique: Note: You probably need to schedule your exam earlier than the expiration date. Make sure to consider that in your calculations. I should've have done this to begin with, but this time around, since I have multiple things going on, I calculated the number of pages in my books, and the number of days left until my cert attempt expires, then I subtract 14-20 days-to give me a couple of weeks to 20 days to review the material that I'm weak on. Then I take the number of pages/re-calculated number of days to get how many pages I should do each day, minimum. If I can do more than that, great, if not, I at least know that I will complete the index ~14-20 days before the cert expires. The same can be done with the OnDemand content to watch the videos in time. Calculate Total Vid Time (in minutes). (Total Run Time is in the Introduction Tab content. Convert the hours to minutes by multiplying hours by 60 and adding any remaining minutes) Divide Total Vid Time By Number of Days= number of minutes that need to be watched/day. (Make sure to round up if you get something like 15.876 minutes/day...).
So, for example, say you have 92 days left, 690 pages, and you want 14 days left to review the material before your cert expires. So, to calculate number of pages you should do in a day, you take 92-14=78 to get the recalculated number of days. Then you would take 690 pages/78 days. That's approximately 8.84615385 pages a day. Or, easier still 9 pages a day. To calculate the video time. Say you have 20 hours and 23 minutes of video time. Take 20*60=1200 minutes, add the extra 23 minutes, giving 1,223 minutes, then divide by number of days, which was already calculated to be 78. 1223/78=~15.6794872 or 16 minutes per day. These are minimum. If you can get more done than this-do it. This will help if something unexpected happens, like a family emergency, while you're studying and you can't work on it for a few days.
So far this seems much less stressful. I'll see as I get closer to the exam time. Hope that this helps others in their exam studying efforts. Good luck everyone.
Update: This method was a lot less stressful. Be mindful that you may forget some of the material in that time frame if you aren't using it, though. Note: Do not take a practice exam a couple days before the exam. I did, and scored less well on the practice exam than I hoped that I would. So, I was really nervous going into the real exam. Fortunately, the practice exam did not indicate how well I did on the real exam. On the real exam, I did really well.
Subscribe to:
Posts (Atom)