My Time at NetWars Tournament of Champions

Illustration of the world map netwars typed across

Share

EPISODE ONE: THE CTF AWAKENS

Each and every December, some of the best and brightest hackers from around the world travel to Washington D.C. for the NetWars Tournament of Champions. Champion golfers may have their prestigious green jackets, but NetWars champions receive the coveted black hoodie.

Bishop Fox's Kelly Albrik competed at NetWars Tournament of Champions in 2017
Some golfer in his green jacket, me in my hoodie

Who am I?

Let’s start with the basics: I am a Security Analyst at Bishop Fox. Here, I specialize in network penetration testing and social engineering. Last year, I was lucky enough to be one of the 24 women chosen to participate in the SANS Women’s Immersion Academy 2017, which gave me the chance to compete at SANS Rocky Mountain NetWars. While I’m relatively new to infosec (and self-taught at that), the Women’s Academy allowed me to formalize my knowledge through their top-notch training programs.

I could not be prouder to be a part of this group of impressive and talented women. After winning my challenge coin at Rocky Mountain NetWars, I started planning for the Tournament of Champions.

Wait, What is NetWars?

NetWars is a capture the flag (CTF) tournament organized by SANS that takes place at SANS conferences around the world. Players compete over two nights in five levels of infosec challenges in categories like forensics, malware analysis, webapp, and network hacking, hoping to earn a place in the fifth level where players attack and defend digital targets. The top champions of NetWars regional tournaments are awarded the NetWars challenge coin and invited to the Tournament of Champions in Washington, D.C. each December.

Bishop Fox's Kelly Alibrink competed in the NetWars Tournament of Champions in 2017.

Insert Training Montage

Before heading to the tournament, I asked my fellow Foxes for their best CTF tips. I was touched and overwhelmed with the support I received from the team. Loaded up with tools and techniques from some of the brilliant minds at Bishop Fox, I was ready to play at the Tournament of Champions. Here are some of the things they shared with me:

Bring your answers from the qualifying tournament. You may (by some twist of fate) be presented with some of the same challenges (and answers) that you encountered in the regional tournament.

Read up on previous CTF walkthroughs. SANS 2016 Holiday Hack had some great write-ups, and the challenges are from the same creators of the NetWars Core CTF.

Check out pwntools, the python CTF framework for rapid exploit prototyping. (Documentation: http://docs.pwntools.com/en/stable/index.html / GitHub: https://github.com/Gallopsled/pwntools)

Stalk the Twitter accounts of SANS instructors and NetWars creators (like @edskoudis and @jeffmcjunkin) for posts on recent vulnerabilities. Then, research how you can exploit them. SANS loves to include the latest and greatest vulns in their challenges.

Finally, get your hands on the latest SANS pen testing poster! It will provide some scripts and tips that will come in handy.

Game Time

This year, 300 competitors packed into the conference room at the D.C. Hilton to play in Core NetWars 5. While I’ve played in lots of online CTF tournaments, nothing can come close to the energy and excitement of playing in person at a NetWars tournament. People rushed to stake out their favorite seats, assemble giant plates of nachos, and socially engineer extra drink tickets for their teams. The amount of raw talent in the room can be intimidating, but I was lucky to join a five-person veteran team with fellow Women’s Academy graduate, Kat Sweet from Duo Security. This year’s tournament was “Star Wars” themed, so our team name was “HanShotFirst.” Competitors played as members of the Rebel Alliance working hard to infiltrate the Empire’s network and blow up the Death Star.

After a brief welcome from tournament organizers Ed Skoudis and Jeff McJunkin, the music started, the scoreboard loaded, and the competition was on! For veterans (players who played in Core NetWars 5 for their qualifying tournament and not Core NetWars 4), the early part of the game is a race to see who can enter their previous answers the fastest. Teams that can reach Level 5 first can set up their defenses and gain a competitive advantage in the attack/defend round. While furiously copying and pasting flags into the scoreboard system, our team quickly realized some other teams had scripted this part for an extra competitive advantage.

With the answers that our team had saved from the qualifying tournament, we quickly gained access to Level 3 where the real competition would begin. I found myself registering for training as a lowly Storm Trooper on the Death Star’s internal network. Web application challenges tested our ability to exploit common vulnerabilities such as cross-site scripting (XSS), SQL injection, and broken session management. Players could also answer “Star Wars” trivia questions, like “Which species stole the plans to the Death Star?” to unlock hints for challenges.

For two straight nights, everyone furiously clacked away at their keyboards, furrowing their brows when challenges had them stumped and high-fiving when new flags were found. On the tail end of the second night, Jeff McJunkin asked for everyone to stop hacking and take a moment to witness history being made.

“Ladies and gentlemen, we have a first tonight. One team has managed to do what no NetWars Core 5 team has ever done before. Please direct your attention to the front.”

Across the room, 300 faces looked up from their screens to see the Death Star projected on the scoreboards.

Someone from the crowd yelled, “That’s no moon!” to a roar of laughter.

Then, the magic happened. With a blast that was clearly rigged with backyard special effects and probably some illegal fireworks, the Death Star* exploded to thunderous applause.

All Good Things Must Come to an End

The NetWars tournament always ends the same way. For the final 30 minutes, NetWars organizers turn off the scoreboard so there’s some mystery as to who will end up on top. Last-minute flags can be all that stands between victory and defeat. For the closing five minutes of gameplay, the traditional song “The Final Countdown” by Europe (yes) is played.


While my team didn’t win the tournament, I had a great time meeting other infosec professionals and swapping techniques. I learned so many new things to take back to work with me and developed some lasting friendships. I am incredibly grateful for the support of everyone at Bishop Fox and the SANS Women’s Academy during this experience.

Hopefully, I’ll be back to compete next year … with some new tricks up my sleeve.

*To learn how network segmentation COULD have saved the Death Star, please read this blog post from Fran Brown.

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.


Kelly albrink

About the author, Kelly Albrink

Application Security Practice Director

Kelly Albrink is the Application Security Practice Director at Bishop Fox where she focuses on leading a diverse practice that includes traditional application security, mobile applications, and product security (including embedded, industrial, and IoT devices).

As the Application Security Practice Director at Bishop Fox, she has helped facilitate the expansion of the practice to focus on security during the design phase. This includes the development of offerings such as architecture security assessments, source code review, and threat modeling. She has also created a consulting mentorship program and led the revamp of an internal knowledge-sharing series of technical talks.

As a consultant, Kelly frequently performed hardware and wireless testing, becoming a subject matter expert in this area. She is responsible for identifying a high-risk CVE that impacted an Eaton power management appliance.

Kelly is an active member of the security community. At the first ever DerpCon, she presented on Software Defined Radio (SDR), a topic she later wrote about for the Bishop Fox blog in "Ham Hacks: Breaking into Software-Defined Radio."

More by Kelly

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.