If you're on the fence of what training to attend that will maximize your time and money, SANS SEC 660 at a large SANS event would be a great choice. While I'm not paid nor endorsed by SANS to continually promote the value and excellence of this class, it's a natural byproduct of the experience. With that said and as the title of the post implies, this post will cover the last day and both NetWars events.
The last day of the class is a capture the flag event/Jeopardy style event. There were four categories (one was Linux and another was Windows) that had four challenges with point values of 100, 200, 300 and 400. We broke off into self formed teams to start solving challenges which seemed to cover mostly the last two days of material. Many challenges had straight forward questions to solve that were explained, demo'ed or labs from the prior days.
It wouldn't be much fun to give away more of the questions, but the advice I can give is to do all of the bootcamp exercises and additional material if applicable. While it may not necessarily be the same techniques to solve the challenges, it'll help you out regardless in many ways. It also helped our team to divide and conquer based on what we felt we were strong at. At the start, one person focused on the Linux challenges, I focused on the Windows challenges and another focused on another category. But, it's also helpful (as we did) to switch it up and dig into another category. Most people in the room were tired from the long week and staring at a problem for a relatively long time can get you lost in the weeds.
We ended the CTF about 2:30p and then reviewed the various challenges. Of course, when you see the answers, it's all obvious what you should and shouldn't have done. It was still a great learning experience that helps reinforce that the more you do it (like many things in life), the better you get at it. Of course if you only did this, that and the other thing, you'd have solved that challenge in 5 minutes just like Stephen did to pick up a cool 400 points. As an aside, I pretty much can't go through this entire review series and not mention "Ram Bro". I never heard of it before this class, but I'm pretty much a better person for experiencing it. You should check it out.
It's good to see that the knowledge you gain from the class is expected to be applied to other situations at SANS. The classic example is through their NetWars challenges held at many SANS events. In our case, we had the opportunity to play for three nights for the Core NetWars challenge and one night for the CyberCity NetWars challenge. Prior to the event and from peers, I knew a little bit about the events, but had no real detail of what it was like. The first day of the SANS class, the instructors kept on promoting the events and told us that it was free to us since we had the 6 day course. There was nothing to lose and there would be free drinks and appetizers as well as a fun challenge to compete in. Many people signed up during the first break and I'm pretty glad I did.
The first night felt like being the new kid in class in the Core NetWars challenge room. They opened up two classrooms to make it a giant room for people to compete. Not only were there students from all of the classes, but people specifically came to this event to just play NetWars. There are five levels to progress through with varying categories of challenges. This is to help it to be accessible to all students in the SANS courses so it doesn't feel like an upper level classes only event. With it being accessible to all students, that also means it has challenges across all of the classes.
The first two levels were played with a supplied Linux image to solve the questions. Thankfully, you could attempt up to two tries for an answer. If you didn't answer the question right the second time, it was negative points. While they said that there would be cake... no, wait. While they said that there would be clues to help you, I didn't really find this on the Core challenges in levels 1 thru 3 (I only got up to level 3). There were clues in the CyberCity challenge that were available to help you and your team out. Being that the questions could be solved with a Linux VM, all of the questions in those challenges centered around a Linux environment. It certainly showed the versatility of the questions to help students from the various courses (e.g. Forensics, Pen Testing) use their new knowledge to solve the questions.
There were giant screens being projected with the current rankings of the first 35 people or so which made it more competitive. While I didn't offhand know the answers to all of the questions, I certainly learned as fast as I could to help figure it out! If you go through this class material and the prep material I list in the previous posts, it'd help you answer a fair set of questions for the first few levels. I didn't get to the last two levels, but from what people said and what the SANS instructors hint at, it'd be a lot of fun! There's always the option to do the continuos NetWars challenge to get months of access and that could return a lot of value to you as well. It would be fun to go back through the challenge and see what I could do with more time. While it was a competitive event, it was a relaxed atmosphere that promoted learning and having fun with other people in the room. The free drinks and appetizers may have also been a factor and it was certainly a nice addition.
There was definitely a different feel for the Core NetWars versus the CyberCity NetWars. It was a nice break to have a night off from the Core NetWars to throw in the CyberCity challenge. The basic premise of CyberCity is that you're trying to control various "sections" of a fictitious city. For instance, there's a residential area, a water treatment area, airport/military district and others. We used the same big room as with the Core NetWars, but we were then sectioned off into various starting areas. Our section was the water treatment section which had us start with a specific selection of questions. Once our general area was sectioned off, it was about every two rows of tables were then set up to be a team. That made it an interesting twist to work with people you may not necessarily know and try to work together as a team. Our team did pretty good and we were able to solve all of our first area challenges to then move onto the rest of the area challenges. Overall we did good and placed either second or third as a team. It was fun and further helped me learn more about various topics I had read about and/or only had a little bit of hands-on exposure.
The bonus sessions offered by SANS are worth attending and can provide you value in many ways. While it was nice to attend various SANS bonus sessions offered by teachers on specialized subjects, participating in the NetWars challenges was a lot of fun. You can certainly do whatever you want after the class is over and it can be hard to do more learning/challenges at night. Some sessions may or may not be applicable and/or interesting to you. I would recommend that if NetWars is available, you should try it out for a night, especially since it could be free. It may not click for you, but at least you tried it and gave it a shot. But, it could open your eyes to a whole new set of interests and experiences you may not have had the time to explore.
No comments:
Post a Comment