This year I took a serious stab at the National Cyber League competition for the Fall 2018 season. I figured it would be appropriate to really give it my all and do my best to really gauge where I stand with my peers after only one year of getting into the world of netsec / cyber. For those unaware of the structure of NCL, it’s very straight forward and intuitive and geared towards total beginners to seasoned students. For a mere $25 registration fee ($35 if you procrastinate), you get access to the gymnasium, pre-season, and regular season. The gymnasium is where you want to get your practice in and learn tricks, techniques, how things work, and what things are. For example, there is a huge emphasis on Cryptography. An example of a challenge one would be presented with is a Base64 string they would need to decode:
Which, when decoding results in the word: lighten.
The pre-season is where students will earn their placement in the competition. There are three levels of placement: Gold, Silver, Bronze. This year I got my spot in the Gold Bracket (top 15% of competitors), and placed overall 437 / 4728. Not too bad, but I definitely wanted to do better for the actual season. So I went back to the gymnasium to hone in on my knowledge and skills and see where I could improve.
Now it’s time for the regular season. Students are presented new challenges, and are not able to ask for any help at all from other students, coaches, etc. My method for going through the challenges was pretty simple, just go in order, do what I can right away, and as soon as I get stuck on anything, just move right on to the next challenge. I wanted to grab as many points as I can, as fast I could without taking down my accuracy (failed attempts at challenges result in hit on accuracy percentage).
After going through all the challenges that I could complete without any struggle, I packed up my laptop and went home thinking about how to overcome the challenges I was stuck on. As soon as I got home, I booted up my Kali machine on my homelab and started up dirbuster to bruteforce my way into directories for a specific challenge with flags hidden on a website. This challenge was listed as Medium or Hard, I don’t remember — but to me, was by far one of the easiest grab of points/flags for the whole competition. While I had that Kali machine running dirbuster, I went on to the password cracking portion of the competition and gratuitously utilized the rockyou wordlists found in Kali to uncover many of the passwords using hashcat.
All in all, I was able to grab 1910 points out of 3000 total possible points with a completion of 79.7%. My final ranking at the end of the competition was:
253 / 4729 Overall
183 / 471 Gold Bracket
I feel like I really accomplished something here. I have only had maybe a year of netsec / cyber experience and I was able to finish in what I believe is an impressive standing overall. Below is an image of the breakdown of my completion of challenges, needless to say I need to work on my log analysis (awk, grep, cut, etc. — I thought I was better at these!)
And just because I was able to snag a pic of me in first place in the first hour or so in the competition, I’m adding this 😉