SANS NetWars at RSAC 2015

SANS Institute brought its NetWars competition to RSA Conference 2015 in San Francisco. A hands-on, interactive learning environment, SANS NetWars lets information security professionals develop and master skills they need in their jobs.

The program focuses on developing skills in vulnerability assessment, system hardening, malware analysis, digital forensics, incident response, packet analysis, and penetration testing. Participants earn points as they complete each task (proving they have mastered that skill). Think of it as a video game with different levels you have to complete. A scoreboard displays everyone’s levels and scores throughout the competition. The winners of the RSA Conference tournament were, from left to right: Ben Church (3rd place), Nick Marriott (5th place), Jeff McJunkin (event host), Howard Sheen (4th place), Stefan Winkel (1st place), Jim Lehman (2nd place).

SANS NetWars at RSAC 2015

“It was really wonderful seeing RSA Conference attendees dig in deep to the real-world infosec challenges my team and I have made,” said Ed Skoudis, the SANS Faculty Fellow who ran NetWars at RSA Conference. “Because the folks at RSA Conference bring such a wide variety of different skills to the challenges, we got to watch them solving problems in cool and new ways,” Skoudis said.  

NetWars was straightforward to set up and play—Stefan Winkel, who came in first place, described the format and setup as “sublime.” One person even wanted to play with a smartphone. The answer was no, since the initial levels require working within a virtual machine.

Considering how a simple cross-site scripting, SQL injection, or path traversal flaw could give an attacker a foothold into the system, the exercises were relevant for today’s security environments, Winkel said. “The environment is very realistic and mimics how an attacker might go along gaining little pieces of information and combining and applying that to gain deeper access into an organization and/or target,” Winkel said.

For Jim Lehman, taking part was serendipity. He showed up just to observe, but was able to participate since there were seats available and he happened to have his laptop with him. “I had never done a competitive hacking session and thought it was time to take a stab at it,” says Lehman, who currently holds GWAPT GPEN GCNA and GCIH certifications from SANS and currently works in a “defensive infosec role.”

“For me, pivoting inside the DMZ is fun and an area I need to practice to keep the skills honed,” Lehman said.

Participants should be familiar with networking, operating systems (especially the Linux file system and where things are stored).  Participants are allowed to search online for answers and look up information as they work through the levels. NetWars is “a test of current knowledge and the ability to learn quickly,” Lehman said.

One good thing to remember is KISS—keep it simple, stupid. Overthinking is a danger—some of the questions just require players to think differently. “I missed the simple solution on level 1. Probably would have won it if I looked for the win rather than the elegant/elite solution,” Lehman said.

Taking part—and winning—NetWars gives participants bragging rights within the infosec community.

“My employer is proud. I am happy to have done so well, although I will not lose by one point next year,” Lehman said.

“This is definitely something I am proud of,” Winkel said, who made it to level 3. “I had fun playing, the competition was great and it was a close race to the first place. I am definitely looking forward to play it again to further sharpen my skills on both the offensive and defensive side,” he said. 

The SANS Institute runs NetWars at SANS conferences several times a year as an intense two- or three-day tournament. Other entities also host NetWars throughout the year—such as the United States Air Force and the Army. This was the first time NetWars came to RSA Conference, and hopefully not the last.

“We had a FANTASTIC time running NetWars at RSAC this year. I can’t wait to do it even bigger and better at next years’ RSA conference!” Skoudis said.

← View more Blogs

This document was retrieved from on Mon, 24 Oct 2016 04:51:59 -0400.
© 2016 EMC Corporation. All rights reserved.