Cyber Range - CTF Getting Started Guide
Recommended Prerequisites
Participating in the Cyber Range Initiation is highly beneficial for anyone looking to strengthen their cybersecurity skills. This hands-on experience introduces you to real-world scenarios, where you can practice defensive and offensive techniques in a controlled environment. By engaging with the Cyber Range, you gain valuable insight into how to respond to cyber threats effectively, making it an excellent foundation for anyone pursuing a career in cybersecurity or looking to enhance their current skill set. Explore the Cyber Range Initiation and start your journey here.
Code of Conduct
By logging in to the WWT Cyber Range, players affirm their agreement with the WWT Capture the Flag Competition Official Rules.
Cooperation
No cooperation between teams. Sharing keys or providing revealing hints to other teams is cheating. Don't do it.
Attacking the scoreboard
Don't attack the scoreboard infrastructure. If vulns are found, please alert the range admins immediately.
Bruteforcing
No brute forcing of challenge flag/keys against the scoreboard infrastructure. Choose another way to flex your skills.
Denial of Service
DoSing the underlying platform is forbidden. Stay within the game space of 192.168.0.0/16 and 172.16.0.0/16.
Professionalism
Be professional and respectful. No offensive language or inappropriate behavior. Ensure a positive, safe, and fair experience for everyone.
Account Security
Keep login credentials private to ensure secure and fair gameplay, protecting the integrity of the game.
Attacking Other Players
Focus on the game, not attacking others. Respect fellow players to ensure a fair and collaborative environment.
Attacking Outside the gamespace
Keep all actions within the game space. Attacking outside the designated environment is prohibited to ensure fairness and security.
What Does a Flag Look Like?
In a Capture the Flag (CTF) event, a "flag" represents the solution to a challenge or problem. Flags can take various forms and are submitted to the scoreboard, which tracks the progress of both individuals and teams. The scoreboard is also where the grading for the competition takes place, determining each participant's standing in the event.
It might be a fully qualified domain name or FQDN like this:
webmail.acmecorp.info
It could be a string of text from an html script:
WWT{18090f4-0e24-6651-v65f-22sp3267aa}
It could be a user password combination that is found:
admin:acme123!
It could be clear text within a flag file that was found:
in the fileflag.txt, clear text inside is:
DrinkYourOvaltine
These are just a few examples of the types of flags you can expect in WWT Cyber Range CTF events. Additionally, the structure of the flags and any hints may be provided directly within the in-game scoreboard. Be sure to check the scoreboard for the correct flag formatting.
*Hint: If you see a strict structure like Xxxx xx X xxXx Then it's likely the response would match the structure. [ This is A flAg } would be a properly formatted answer.
Logging Into the Game
Click View Event Details from the event calendar invitation or the event registration notification that was sent.
Next, click the "Log In" link on the event page.
When prompted, enter your Email and then click Next.
Use the authentication code sent to the email entered in step 3.
Enter the authentication code.  Click Login
Click Launch Gamespace to begin the game and open the ATC Lab Gateway. The Launch Gamespace button is not available until the start time of the event. For additional details around the event page, please see the section below titled Event Page Details.
Event Page Details
1. Details Tab: Specifies the details of the event
2. Resources Tab: Provides resources to be utilized prior and during the Cyber Range event
3. Team Tab: Displays CTFd and Rocket Chat credentials, as well as team members. Only the team/teammates have access to this tab.
4. Event Overview: Provides details about the Cyber Range event
5. What to Expect / Goals and Objectives/ Agenda: Scroll to see additional information about the event.
6. Launch GameSpace: Clicking this button launches the lab in a new tab. This button is not clickable until the start of the event. Please see additional details under Gameplay – ATC Lab Gateway and Chat Platform section.
7. Date/Time: Day and start time of the Cyber Range event
8. Host: Host of the Cyber Range event
GameSpace: Chat Platform
Clicking Launch Gamespace opens the ATC Lab Gateway and chat in a new tab. Please see below for additional details. (note: your desktop may not appear exactly the same due to operating system differences, but all resources are still available)
1. Player Desktops: There are four desktops available for each team. Team members can view each desktop. Click the arrow within the tab of each player desktop to open the desktop in a new tab.
2. Live Chat: Provides a way to submit a technical support request. The Live Chat screen will open at the bottom right of the player desktop. Enter your name and email then select an option with the Cyber Range Support Agent and a support representative will be in contact.
3. Rocket Chat: Enter the Rocket Chat credentials provided on the event page team tab (see above). All game play videos, messages, and hints are deployed through Rocket Chat. Click the arrow within the tab of each player desktop to open the desktop in a new tab.
*Important: To prevent login errors, please refrain from attempting to access Rocket Chat before the official start time of the event. Logging in early may result in username or password errors. If you encounter such issues, close the Rocket Chat window and retry logging in through the game interface after the session has commenced.
4. gameInfo: Document with necessary credentials
5. Zenmap: Nmap tool
6. Putty: SSHTelnet client players can use to access systems
7. Chrome Shortcut: Click to access the CTFd tool and the Iron Guardian website. Within the CTFd tool, users can view challenges, view the scoreboard, and submit flags. Team credentials to access CTFd are provided on the event page team tab (see above). For additional CTFd details, please see the section titled Submitting Flags and Viewing Scoreboard - CTFd.
8. Wireshark: Opensource network protocol analyzer tool
9. Network Diagram: Ironguardian's network diagram
10. Statement of Work: Game rules for players
11. Team Specific Player Chat Channel: Each player has access to a team specific chat. Only team members and the Cyber Range Admin can see this chat. The team's name is located within the Event Page.
12. Announcements Player Chat Channel: Each player has access to view this channel. Game play videos, messages, and hints are deployed within this channel.
13. General Player Chat Channel: Each player has access to a general chat for all players. This channel is utilized to interact with proctors and other teams within the game. The name of the general chat channel is the event title.
GameSpace: Copy/Paste Settings
Copy/Paste from your host system to a system in the ATC through the ATC Lab Gateway is possible with several restrictions.
Browser Setup
- The ATC lab Gateway supports copy/paste in Google Chrome and Microsoft Edge.
- When users first access the ATC Lab Gateway, a prompt will display. To enable copy/paste select Allow. Please note the below snapshots are for Chrome.
If you accidentally blocked or closed the prompt, you can adjust these settings by:
To update the settings, click the pad-lock icon next to the site URL. Click Reset Permissions. Toggle the Clipboard to on/off.
Submitting Flags and Viewing Scoreboard – CTFd
The CTFd tool is accessed via the browser shortcut on your player desktop in the ATC Lab Gateway (insert hyperlink for above section). The CTFd tool is used for submitting flags and accessing the scoreboard. Challenge flags are submitted to CTFd under the Challenges tab, and the scoreboard is accessed via the Scoreboard tab within the CTFd tool.
- Scores are not tracked individually; instead, the team as a whole share an account which is evaluated with a single, collective score.
- The CTFd platform itself is not a target for attacks.
- You won't have access to all challenges upfront, as progression is tied to completing certain challenges within the game.
Scoring System
Scoring System:
- Bonus Points:
- First Blood (Awarded 10 bonus points)
- First to Finish (Awarded 10 bonus points)
- Note: Proctors may award bonus points in game
- Game Tie Breaker
- Least incorrect answers
- Scoring Report
- Will be provided post-game
Game-Specific CTF Guides
Below, you will find detailed player guides organized into two sections: Multi-team/Single player and Multi-team/Multi-player. Each section provides an overview of the games, along with key strategies and insights to help you navigate the challenges and achieve success in your CTF experience.
Multi-team/Single player
Here, you'll find guides for our solo-based CTF competitions. These games focus on individual skill, where you compete against other solo players, pushing your personal abilities to the limit. Discover key tactics for outsmarting your opponents and rising to the top in these high-stakes solo challenges.
Overview:
"Welcome to the League" is an advanced Red Team game designed to challenge a player's skills Active Directory enumeration, privilege escalation, and post-exploitation capabilities. Do you have what it takes to join The League?
Goals and objectives
Test your red-team skills in an Active Directory environment by spending range-time to hone your skills using a variety of toolsets such as:
- NMAP
- Mimikatz
- Hydra
- Metasploit
- Python
- Bloodhound
- Hashcat
- Netcat
- Gunzip
- Impacket
- Basic Linux CLI
- Basic Linux Text Editing
Tools & Resources:
Within the game, specific Red Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.
- Red Team Tools Learning Path
- Metasploit Player Guide
- Bloodhound Cheatsheet
- Kiwi Mimikatz Cheatsheet
- Meterpreter Post-Exploitation Cheatsheet
- NMAP Player Guide
- Tunneling & Pivoting
How to Begin (DAY OF EVENT):
- Watch the introduction video from Mal by clicking "Launch Event".
- Click "Launch Gamespace" to launch the game space and access your Player Desktop.
- Double-click the "README.txt" file on your Player Desktop for further instructions.
Multi-team/Multi-player
In this section, you'll find guides for our team-based CTF games, where collaboration and strategy are crucial to overcoming opposing teams. Learn how to coordinate with your team, maximize your contributions, and secure victory in competitive multiplayer environments.
Overview:
Participants will engage in a hands-on emulation where they navigate complex cyber threats in a controlled environment. Leveraging industry-leading tools and real-world scenarios, the game challenges participants to collaborate effectively and deploy their cybersecurity skills. The storyline immerses them in defending a global financial services firm against a coordinated cyber-attack, allowing participants to step into the role of defenders and respond to evolving threats.
Game Phase Info:
Phase 1: Reconnaissance and Discover
Phase 2: Mitigation and Remediation
Phase 3: Realtime Defending
Tools & Resources:
Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.
Overview:
Welcome to the SAVE Cyber Defense Initiative, where you will hone your skills as a defender in the world of cybersecurity. This Blue Team-focused Capture The Flag (CTF) is designed to immerse you in the world of incident response and threat hunting. Your mission is to protect the network of Zeta-Tactical from the relentless attacks of 'The League,' a notorious group of cyber criminals. Specifically, you will be tasked with identifying the Indicators of Compromise (IOCs) left behind by the hacker known as 'Leopold.' Your success in discovering these remaining footholds (aka needles) within the vast haystack of logs stored in our Security Information and Event Management (SIEM) system will determine the outcome of this event.
Tools & Resources:
Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.
Overview:
As a participant in this Red Team-style CTF, you are part of a team of up to four people. You are expected to work as a team in order to be successful in the game.
Here's the scenario: Thousands of organizations across the world are grappling with a new supply chain ransomware attack. A nefarious collective of hackers called The League has taken credit, but a consortium of affected organizations is turning to SAVE — a gray hat hacking organization — to turn the tables on The League by breaking into its own network to obtain a release code that would ultimately win back the stolen data for all organizations affected. SAVE is enlisting the help of you and your teammates to do the dirty work.
Tools & Resources:
Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.
Overview:
Threat intel indicates that the APT known as the SpiceWorm team is targeting record labels with advanced ransomware campaigns. As a member of SAVE, you have been brought in to help Caladan Records prepare/detect/contain/recover their environment from imminent attack using Rubrik Security Cloud and master cyber resiliency.
Tools & Resources:
Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.