0845 450 6120

Cyber Defender Foundation (CTF)

The cyber defender foundation capture the flag (CTF) has been designed to test and teach those responsible for detecting and defending an organisation against a cyber-attack. The  cyber lab offers a safe environment for IT and security teams to develop their cyber defence skills and put to them to the test against the clock.

This is not for your elite 'hackathon# champions, this foundation CTF provides a learning platform for your multi-discipline technical teams to work together collaborating as they would do in a real cyber-attack. During the event challenges are released which requires the participants to navigate through systems, seeking vulnerabilities, exploiting, decrypting, whatever it takes to find the flag. Talented individuals working in isolation can't defend an organisation successfully. Learn the necessary cyber defence 'trade craft' skills, in our state of the art cyber lab, a fully immersive learning experience, harnessing the talent within your teams to solve the challenges together before you have to do it for real.

Reset

Learning Objectives

There are no explicit predefined prerequisites required for the challenge event as the instructor will lead the delegates through the event from the introductory modules to the more advanced tasks. However we recommend that delegates have experience of Windows and Linux operating systems in a networked environment. CLI skills, which include the navigation of file directories for both Windows and Linux. The ability to interrogate network systems for basic information such as IP address and MAC address. Knowledge of network fundamentals (IP addressing, subnets, routing). Familiarity with TCP/IP stack and the OSI Model and knowledge of common internet protocols.

Pre-Requisites

How to work as a team during complex technical tasking

  • Cyber defence 'tradecraft' problem solving activity

  • System, network and service enumeration

  • How to automate tasks using bash scripts and other types of scripting languages

  • Application enumeration and profiling

  • How data is encoded, decoded, encrypted and decrypted using various algorithms as a means of evading detection

  • How to audit and identify critical signs of compromise within systems

  • How to respond to an incident under time bound pressures

  • How to identify and remove malicious files and services

  • How to test systems and services for vulnerabilities (scanning and fingerprinting)

  • How to exploit vulnerabilities in both web and system applications (session hijacking, XSS, exploitation frameworks, SQLi)

Course Content

Day one will cover all the technical disciplines required to complete the CTF. The CTF will be broken up in to 4 rounds, each round covering the following topics:

  • Kali Linux Defensive skills: Delegates will be taught the foundation elements of the Kali Linux environment and will be taught a subset of the many tools available within the Kali Linux suite. Including the more advanced tools of Kali Linux distribution which will form the building blocks for later modules.
  • Encoding and decoding strings: Malware and other types of backdoors use encoding and encryption to hide what they do and to help avoid detection. Delegates will be taught how strings and data can be encoded and decoded using Base64, Hexadecimal and Binary and how this data can be decoded. Delegates will also be taught ways in which data can be encrypted and decrypted using various cryptographic algorithms and ciphers. This will teach each of the learners the foundation skills and knowledge needed to reverse engineer malware and backdoors which use these types of tricks to avoid detection.
  • Incident response: After a cyber-attack it is important to determine how a cyber breach occurred, what the attacker did and what information the attacker managed to access. Delegates will be taught some of the ways in which systems can be compromised and the purpose of log files and how to analyse those log files for signs of breach allowing them to build a picture of how the attack happened and what the attacker achieved during the compromise. Delegates will be shown how to find backdoors installed by attackers and how to safely remove these backdoors.
  • Penetration testing: Penetration tests allow system administrators and security professionals to identify vulnerabilities and weaknesses in their systems and platforms which could be exploited by an attacker. Delegates will be taught how to conduct a penetration test, testing for weak authentication, scanning remote services for vulnerabilities, exploitation of vulnerabilities and patching those vulnerabilities.

Day Two. Each team will be given a compromised system where they will be asked to find information relating to how the attacker compromised the system, what the attacker did on the system and the types of information accessed by the attacker. Each team will perform a vulnerability assessment on the compromised system and attempt to exploit and patch vulnerabilities ranging from weak authentication all the way to remote command execution.

  • Round one will cover the various aspects of Kali Linux where delegates will be asked to perform a number of tasks, in their team, all of which can be found using the expansive suite of tools with the Kali Linux environment. This round engages both novices and experts covering tasks with varied difficulty. Each task requires the submission of a flag, the goal being to submit maximum number of flags in the allocated time.
  • Round two will cover various types of encoding, decoding, encryption and decryption where delegates will be asked to encode/decode messages and solve a number of cryptographic puzzles which include alphabetical and numerical shift ciphers and transpositions. Delegates score flags for entering the correct encoded/decoded message in each of the tasks. This simulates the ability to detect and respond quickly to an insider attack and gain an understanding on an attacker's covert communication mind set.
  • Round three will ask each delegate to perform a number of tasks to clean up after a cyber breach. This requires delegates to find backdoors installed by an attacker and remove these backdoors, identify compromised systems and services and change user accounts preventing the attacker from regaining access to the server and determine how the system was compromised.
  • Round four explores the detail behind a penetration test of a compromised system where delegates will be asked to identify vulnerabilities and exploit those vulnerabilities ranging from weak authentication all the way to remote command execution in both web and system applications. Delegates will be able to test a wide range of skills from the more basic SQL injection to the more complex process of privilege escalation by exploiting buffer overflows.

CTF Scoring.

  • Each of the four CTF rounds will cover a number of tasks ranging in difficulty engaging both novices and the more able delegate, in various aspects of Linux, networking, cryptography, incident response, penetration testing and exploitation of various types of vulnerabilities. Flags are awarded for successfully completing each task in each round. Each task is worth one flag and the team at the end of the four rounds with the most flags wins. Time will be used as the tiebreaker.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Our Customers Include