SANS Global Community CTF: BootUp 2021

SANS Global Community CTF: BootUp 2021

0

After SnykCon 2021’s “Fetch the Flag” CTF event, I was ready for more practice! I signed up for the SANS “Global Community CTF: BootUp” which ran from 10/14/2021 @ 6pm to 10/16/2021 @ 6pm for a total of 48 hours. I wasn’t able to work on this one 24-7, but the long period of time available was plenty of time to try, and solve, many of the problems. The event specifically asked participants to not post writeups for this event without explicit permission since, sometimes, the challenges are reused. This post is not a writeup or walkthrough of any of the specific challenges, but a general post about the experience, what I got out of it, and some tips for next time. To summarize up front, I had a lot of fun, got a lot of hands-on experience with shorter CTF challenges, and I highly recommend this event to anyone else who is new to timed CTF events. I solved 56% of the challenges, and came in 139th place out of 889 players. Not too bad for a beginner! This event is specifically designed to allow newcomers to hit the ground running, but also has some more challenging problems for experienced CTF players.

The Structure of the Event

I didn’t know much about how the event would be organized before it started. It’s easy to learn as you go, but here are some quick points on how the event itself works.

Groups

The CTF splits roughly 40 challenges into a few “groups”. You can work on the “groups” in any order that you want to; but, within a group, you have to solve the challenges in order. Generally, the challenges get harder for higher group numbers. Of course, “difficulty” depends a lot on what you are good at! Each group consists of challenges from a different category. This forces you to get out of your comfort zone a bit. If the problems were grouped by category (like, web apps, binary challenges, etc.) than most players would probably stick to the categories that they are most comfortable with.

The Intro Group

As I said before, this event is meant to be welcoming to beginners. There is an entire “Intro” challenge group that guides you through how the CTF works. It explains how the challenges problems will be given to you, how the hint system works, and even some quick walkthroughs on some very easy challenges.

Challenge Names

This is a “jeopardy” style CTF where each challenge falls into a specific category, and difficulty level. The names of the challenges tell you both the category and the difficulty level. For this event, the names are short, for example, ne02. I had to work on a few challenges before I understood what the names meant. Each name begins with two characters with the first character giving the category (see below), and the second giving the difficulty, (e)asy, (m)edium, or (h)ard. There was also one with (x)treme difficulty. Since there are multiple challenges with the same category and difficulty, the last two characters of each name is a sequential number. It seemed like challenges with a higher number were slightly more difficult than challenges with a lower number. I’m not sure exactly what the official category names are, but from the problems that I saw, here are some reasonable names for the categories:

  • “n” = network – you may need to connect to some service with netcat, for example, and go from there
  • “c” = cryptography – for the easy level challenges, you may need to reverse a Caesar cipher, or some other simple cipher
  • “f” = files – these will test your knowledge of various file formats. The flag will be somewhere inside the file. Of course, it may not be in plain text!
  • “w” = Web application – there will be some type of vulnerable web application that you will need to exploit to find the flag.
  • “b” = binary – these seem to involve exploiting some binary executable, usually (but not always!) one that we are given direct access to. In at least one case, the binary was running as a service and we can’t directly peak at the binary file.

Scoring System

The number of points that you get from a challenge depends on the difficulty. In most challenges, you can buy a hint at the price of reducing the number of points that you get for that challenge if you solve it. So, you don’t loose any points that you already have. It looks like you loose 10% of the total possible points for the challenge per hint, which isn’t bad. Point-wise, it’s worth taking a hint if you are completely stuck on a problem. Loosing 10% of the possible points on a challenge is much better than missing out on 100% of the points. You also unlock a new challenge when you solve another, unless you are already at the end of a group, which is another opportunity for points.

The Challenges

Each challenge comes with a short “Briefing” explaining what the challenge is and how to access it. The challenges are quick once you figure out how to solve them. They are also designed to be do-able, especially if they are at the (e)asy difficulty level. If you feel like you are working too hard on a problem then you may have missed an easier way to solve it or an important detail in the briefing. Try walking away for a bit, or working on a different problem, then come back and see if you spot something different. These events last multiple days, so you may even consider sleeping on it.

What I Got Out of the Event

My goal for participating in this event was to get more exposure to CTF events. I wasn’t sure how many challenges I would solve, or even what kind of problems I would see. I ended up solving more than half of the problems, way more than I expected. By the end of the event, I had worked on so many challenges that It was hard to remember all of the challenges that I had seen. Thankfully, I kept good notes which I was able to review afterwards. Here are my main take-aways from the event.

Learn what you don’t know

You don’t know what you don’t know. Trying out new challenges helps you to expose what you know already, and what you don’t know yet. In an event like this, you get to try a lot of problems in a few different categories, so you start to get an idea of what you know and where there are knowledge, or experience gaps. This helps you to understand what you need more work on, and even where you might try to capitalize on what you are already good at! For example, I usually solved the (f)iles problems very quickly, and even got to one of the medium difficulty problems (although I didn’t technically solve it until after the event was finished). Its always helpful to know what you are good at.

It’s also important to emphasize the experience part. A lot of the challenges that I solved were based on things that I knew already, but didn’t have as much practice with. But, as the event went on, I was making fewer small mistakes (like forgetting important command switches, for example), and focusing more effort on the challenge itself. That is the benefit of practice.

Organization is Key

I took notes during the event to help me to be able to keep the many different challenges straight. It would have been very hard to go back and fourth between challenges without a good organization system. You can use whatever system you find useful, just be sure to use something! To stay organized, I made a base directory for the event, and a sub-directory for each challenge group each containing a ‘NOTES.md’ file where I recorded what I had done so far. Each ‘group’ sub-directory had additional subdirectories for each challenge where I kept all of the files used / generated for that challenge.

Keep things simple

All of the challenges that I saw could be solved using very simple tools, usually just common Linux tools which are installed in all standard distributions. If you want to practice with more complicated tools, that’s fine, but it will probably slow you down during the event. For example, I wrote a lot of my own Python scripts especially for the (c)ryptography challenges. I have been writting Python scripts as a part of my job for years, so this was usually pretty quick (maybe 15 minutes); but, I could have just used CyberChef and finished the same challenges in minutes. There was one challenge in particular where I was struggling to get my Python script working. I finally moved on to CyberChef and finished that challenge almost immediately. Here are the tools that I found to be useful for this specific event:

  • the file command in linux which tells you what kind of file you have (when all goes well 😉 )
  • the strings command, which prints all printable characters in a file, even executable files. Sometimes the Flag will simply be in the output (whatever works, works!)
  • Python is still very useful, just ask yourself if you are working too hard (common problems have common solutions)
  • CyberChef, this is especially useful for encoding/decoding challenges, and also for cryptography challenges for simple ciphers. It has a lot of features and can be useful for other challenges too! It has the added benefit of running in your browser.
  • Most challenges involved downloading a file and analyzing it. I used $ curl <file url> --output challenge_file.zip , to quickly download challenge files (usually inside a .zip archive) directly where I wanted them to be. You can always download them through your browser instead!

Final Comments

This was an extremely welcoming event for beginners both in the types/progression of the challenges, and the overall structure of the event. If you haven’t done a CTF event before, this is an excellent place to start. I plan on participating again in the future, and highly recommend this event to anyone else. Remember to stay organized, keep it simple, and have some fun! If you participated in this event, I’d love to hear about it. Connect with me on LinkedIn, and send me a message about it.

Recent Comments

No comments to show.

©  2025 7UR7L3Blog. Built using WordPress and the Highlight Theme