Our Information Security Office has hosted a Cybersecurity Festival event yearly during Cybersecurity Awareness Month for several years. In 2020, I participated in a CTF event, which I covered here. In 2021, I was part of a team that created an infrastructure for the Red Team versus Blue Team event, which I mentioned here. Last year, I participated in creating a CTF challenge for the event. I also helped a colleague with the Offense for Defense event. To some extent, creating a CTF …
Information Security
Working with PCAPs
As a network or security professional, working with PCAPs comes with the territory. Some CTFs also include PCAP challenges, and while Wireshark is the software of choice for some people, learning other tools can help get the flag quickly. In this post, I will cover command-line utilities one can use when working with PCAPs. Misspelled user agent In one of the CTFs I participated in, the task was to find misspelled user agent string. You can do this with Wireshark, but Tshark and Linux …
Working with logs
In some CTFs, working with logs is part of the challenge. While you can certainly use your favorite text editor to find things, I believe it is better to use Linux command-line utilities to acquire the flags quickly. With that said, arming yourself with Linux skills is paramount to your success in CTFs and the real world. This post will cover a few Linux command-line utilities I use in CTFs, typically. Word count Some low-difficulty CTF questions would ask for the number of lines of a …
Passed GMON
Back in March, I passed the GMON (GIAC Continuous Monitoring) certification exam, and I wanted to share my experience. As a follower, you may remember that I passed the GCIA exam last year. With this certification exam, I scored a bit higher than my GCIA exam, but not quite like my GCIH exam results. Exam information The exam has the following format: SEC511 class The SEC511 was the second lengthiest SANS class I have ever taken - the first one was SEC503. If …
Turkey Express Mini CTF
Since I have taken Antisyphon training in the past, I am on their email list. I noticed that I received an email from them on November 21st about their Turkey Express Mini CTF. I know about their cyber range but never signed up for it, even though I was curious. Since they released this CTF, I will treat this as a sample for their cyber range. It may not be fair, but I do not have anything to go on. Challenges When I signed up for their CTF, I was delighted to see there were only six …