Showing posts with label capture the flag. Show all posts
Showing posts with label capture the flag. Show all posts

Tuesday, 30 October 2018

SANS SEC487 OSINT Training and CTF

I had a great week attending the OSINT SEC487 training conducted by SANS here in Singapore. Initially i wanted to take the SANS Cyber Threat Intelligence FOR578 training as my current field of work is exactly that however, due to schedule and commitment, i couldn't sign up for it. But as I was going through the list of available training that could benefit and enhance my daily job, i stumbled into this OSINT course and thought this could definitely help for my everyday investigation. You see, part of my job is to analyse threat actors, their IOCs, researching about their TTPs and all those CTI stuffs using open source and tools to deliver the work. So when i saw the modules of this training, I knew this would be something that would definitely benefit my current scope of work.

Micah Hoffman (@webbreacher) the OSINT trainer

The wallpaper of the VM provided for the training

I thoroughly enjoyed the training and Micah was a great trainer, well spoken and easily understood. In spite of me doing OSINT and applying it during my work and personal research since 2013, I learned a handful of new things, new techniques and new features of every day things we rely on during the course of training. I would definitely recommend anyone who wants to have an understanding of OSINT especially if you are in the field where you have to rely on open source resources, fundamentals of the deep and dark net and a feel of finding information legally without hacking. One should consider having this training. I do hope SANS would consider exploring an advance version of this expanding its 'sock puppet' technique into a full cyber HUMINT for intelligence collection, gathering, analysis and reporting as a module.

While the training is all fun and good, I was greatly looking forward for the sixth day Capture the Flag event! That's when you get to apply the techniques you learned and apply them AND if you do well, the winning team will get the rare SANS coin. 

The SANS SEC487 CTF winner coin


The CTF on the sixth day was a tough one. It wasn't straight forward. You don't know if the answer you found was the right answer and the good thing was you can use whatever technique you learned to find them. The more you think out of the box, the more ways you are able to expand your findings. To win this CTF was not just by doing well but you need to present your findings to everyone and eventually be voted by everyone. In that manner, it was indeed a tough process to win. Imagine thinking you have done well but eventually not voted as the winner. So yeah, tough one!

So after a full five hours of 'find, research, analyse, recommend and report' I was happy that our team - all very passionate in their tasks were able to be voted the winner! 

The winning team posing with the trainer

This is my third SANs training and the third time winning their sixth day CTF challenge! The last time was way back in 2013!

SANs 560 (GPEN), 542 (GWAPT) and 487 (OSINT) CTF coins.

Blogposts on past SANs CTF experiences:
http://securityg33k.blogspot.com/2013/09/sans542-gwapt-ctf-won.html
http://securityg33k.blogspot.com/2013/11/sans-560-gpen-training-and-ctf-event.html
http://securityg33k.blogspot.com/2014/01/sans-holiday-hack-challenge-2013.html



Posted by at No comments:
Labels: , , , , , ,

Sunday, 3 November 2013

SANS 560 GPEN Training and CTF Event

Went for a GPEN course that was held in Singapore at the Grand Copthorne Waterfront Hotel last week and had a great time learning some of the network hacking stuffs that i am not aware of. Unlike the previous course i attended which was the GWAPT (Web Application Pen Test), the books for GPEN was much thicker. The trainer was an official GIAC trainer and was from Belgium and spoke good, clear and understandable English. He was fun and approachable and explain things confidently when we were unsure.

 At the last day of the course, like GWAPT in Bangkok, there was a Capture the Flag event, a mini hacking competition for all the participants and whoever wins it will get a special medal. This limited edition medal can only be given to those who successfully managed to capture all the flags and present to the participants how they win it. 

 The GPEN CTF was much harder than GWAPT. Only after the event was over that the trainer confessed that there were no vulnerable machines for us to exploit and we had to find another weakness in the system instead. So it was a disappointment when we found NOTHING after running tools like Nessus and NMAP vuln nse scripts. There were both Linux and Windows machines and we had to think out of the box on getting the flags! It wasn't as straight forward as i would have thought. Even the CTF organized by Symantec previously wasn't as tough as this. We needed to know how to use password cracking/guessing tools, had to know how to sniff and analyze traffic using Wireshark/TCPdump. We had to know how to crack the hashes and compile an exploit to try and exploit a Linux machine! And who would have guessed that one of the flags was stored in a VOIP traffic!!!??? It was a quite tough 3-4 hrs event.

 And eventually, despite all the toughness, our team won and was the only team to capture all the flags after the hour is over. 

 Here are some pictures: 

The Course

The Training Room

One of the Chapters

The Trainer

The Books

Posing beside the SANS banner

The Medals

Our team with the medals

Me with the GPEN Medal

The Medal Close Up


For more information about the GIAC GPEN course: 
http://www.giac.org/certification/penetration-tester-gpen







Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)