Cyber Range - CTF Getting Started Guide

 

Participating in the Cyber Range Initiation is highly beneficial for anyone looking to strengthen their cybersecurity skills. This hands-on experience introduces you to real-world scenarios, where you can practice defensive and offensive techniques in a controlled environment. By engaging with the Cyber Range, you gain valuable insight into how to respond to cyber threats effectively, making it an excellent foundation for anyone pursuing a career in cybersecurity or looking to enhance their current skill set. Explore the Cyber Range Initiation and start your journey here.


Code of Conduct

By logging in to the WWT Cyber Range, players affirm their agreement with the WWT Capture the Flag Competition Official Rules. 

Cooperation

No cooperation between teams. Sharing keys or providing revealing hints to other teams is cheating. Don't do it.  

Attacking the scoreboard

Don't attack the scoreboard infrastructure. If vulns are found, please alert the range admins immediately.  

Bruteforcing

No brute forcing of challenge flag/keys against the scoreboard infrastructure. Choose another way to flex your skills.  

Denial of Service

DoSing the underlying platform is forbidden. Stay within the game space of 192.168.0.0/16 and 172.16.0.0/16. 

Professionalism

Be professional and respectful. No offensive language or inappropriate behavior. Ensure a positive, safe, and fair experience for everyone.

Account Security

Keep login credentials private to ensure secure and fair gameplay, protecting the integrity of the game.

Attacking Other Players

Focus on the game, not attacking others. Respect fellow players to ensure a fair and collaborative environment.

Attacking Outside the gamespace

Keep all actions within the game space. Attacking outside the designated environment is prohibited to ensure fairness and security.

What Does a Flag Look Like?

In a Capture the Flag (CTF) event, a "flag" represents the solution to a challenge or problem. Flags can take various forms and are submitted to the scoreboard, which tracks the progress of both individuals and teams. The scoreboard is also where the grading for the competition takes place, determining each participant's standing in the event.
 
It might be a fully qualified domain name or FQDN like this: 

webmail.acmecorp.info 

It could be a string of text from an html script: 
WWT{18090f4-0e24-6651-v65f-22sp3267aa} 

It could be a user password combination that is found: 
admin:acme123! 

It could be clear text within a flag file that was found: 
in the fileflag.txt, clear text inside is: 
DrinkYourOvaltine 
 

These are just a few examples of the types of flags you can expect in WWT Cyber Range CTF events. Additionally, the structure of the flags and any hints may be provided directly within the in-game scoreboard. Be sure to check the scoreboard for the correct flag formatting.

*Hint:  If you see a strict structure like Xxxx xx X xxXx Then it's likely the response would match the structure.  [ This is A flAg } would be a properly formatted answer. 


 

Logging Into the Game

Click View Event Details from the event calendar invitation or the event registration notification that was sent. 

Next, click the "Log In" link on the event page. 

When prompted, enter your Email and then click Next

Use the authentication code sent to the email entered in step 3. 

Enter the authentication code.  Click Login

Click Launch Gamespace to begin the game and open the ATC Lab Gateway. The Launch Gamespace button is not available until the start time of the event. For additional details around the event page, please see the section below titled Event Page Details.       

Event Page Details

1. Details Tab: Specifies the details of the event.

 

2. Resources Tab (Available in Select games): Provides important tools and reference materials to support you before and during the event. Resources vary by event may include guides, instructions, and pre-work materials. 

 

3. Team Tab: Provides Rocket.Chat credentials and shows a list of your assigned teammates.

  • 🖥️ It also displays the player desktop you've been assigned to—this is the virtual machine you'll use during the event. Only players officially added to a team can access this tab.

 

4. Scoreboard: Tracks real-time progress of all participating teams. You can view point totals and rankings as the event unfolds.

 

5. Event Overview: Provides details about the Cyber Range event

 

6. What to Expect / Goals and Objectives/ Agenda:  This section provides more context about the event setup, the fictional threat environment, and the overall scenario. It also introduces the tools participants can expect to use. Additionally, it outlines the goals and objectives of the game, helping you understand what success looks like during the event. 

 

7. Registration Panel & Team Setup: This section allows you to: 

  • Sign up your team 
  • Add or edit your team's name 
  • Modify team members 

Once registered, look for the blue bar labeled "You're registered" to confirm your registration is complete. You can also use the "Share" button to invite others to view the event details or join. Make sure this section confirms your status before registration closes. 

 

8. Launch GameSpace:  This button launches the tab environment in a new browser tab once the event officially begins. 

  • 🔒 The button remains inactive until the event start time.
  • 🕒 Above the button, you'll see a countdown timer labeled "Game Starts In", showing the exact time remaining until the game begins.
  • 📌 Below the button, you'll find the registration deadline, which is the final cutoff for all players to confirm their participation.
  • ✅ Important: Every team member must confirm registration before the deadline to access the lab environment.
  • 📘Please see additional details under Gameplay – ATC Lab Gateway and Chat Platform section.

 

9. Date/Time/Host: The event: This section displays the official day and start time for the Cyber Range event, as well as the host of the event. The host is your main point of contact and can be reached out to with any questions or issues before or during the event. 

 

10. Webex Support: A live Webex support call is available only if needed at the beginning of the event. Use this option if you experience issues launching your lab or accessing your player desktop.

  • 🛠️ This is for troubleshooting purposes only and not required for standard participation.

 

Game Environment

Getting Started - First View After Launching GameSpace

After launching the GameSpace from the event page, your screen will display a Getting Started video on the left and the Rocket.Chat login screen on the right.

▶️ The Getting Started video will guide you step by step through the Cyber Range environment so you can begin playing confidently.

📌 As part of the walkthrough, the video will direct you to access your Rocket.Chat login credentials, which are required to log in on the right-hand side of the screen. These credentials can be found in your credentials.txt file or under the "Team" tab on the event page.

Make sure to watch the full video before diving in—it's the quickest way to get up to speed and make the most of your game experience.

 

 

1. Start Here: This will take you to the "Getting Started" video will guide you step by step through the Cyber Range environment so you can begin playing confidently.

 

2. Player Desktops: Located across the top of the screen, the Player 1, Player 2, Player 3, Player 4 tabs represent the individual desktops for team members. 

  • Players should use the desktop they were assigned, which is listed on the event page under the "Team" tab.
  • You may view other desktops for collaboration, but you must complete tasks on your own assigned machine.

 

3. Credentials.txt File: This file contains your Rocket.Chat login credentials as well as any other essential usernames, passwords, or access keys required for the event.

 

4. General Tools & Resources: The player desktop is preloaded with essential applications and files you'll use throughout the game.

Examples include: 

Chrome, Wireshark, Zenmap, PuTTY, and event-specific PDFs 

 

5. Bonus Challenge Folder: Contains additional resources and materials for optional challenges. 

 

6. Chat: Click the "Chat" tab at the top of the interface to access the Rocket.Chat workspace. Use the credentials found in your credentials.txt file or under the Team tab on the event page to log in.

Rocket.Chat is your main communication hub during the event. Use it for: 

  • Chat with your team members
  • Ask questions to the live proctor
  • Get guidance from our AI assistant, "Willa," for in-game help and support.

 

7. Challenges & Scoreboard: Click the "Scoreboard" tab at the top of the interface to access the event's challenge and scoring platform. 

Here, you can:

  • View all available challenges
  • Submit your answers to challenge questions
  • Monitor your team's progress and accumulated points
  • See how your team ranks compared to others in real time

Make sure all submissions are made through this platform to receive credit for completed tasks.

 


 

GameSpace: Copy/Paste Settings

Copy/Paste from your host system to a system in the ATC through the ATC Lab Gateway is possible with several restrictions. 

Browser Setup 

  • The ATC lab Gateway supports copy/paste in Google Chrome and Microsoft Edge.
  • When users first access the ATC Lab Gateway, a prompt will display.  To enable copy/paste select Allow.  Please note the below snapshots are for Chrome.

If you accidentally blocked or closed the prompt, you can adjust these settings by:

To update the settings, click the pad-lock icon next to the site URL.  Click Reset Permissions.  Toggle the Clipboard to on/off. 


Scoring System

Scoring System: 

  • Bonus Points:
    • First Blood (Awarded 10 bonus points)
    • First to Finish (Awarded 10 bonus points)
    • Note: Proctors may award bonus points in game 

 

  • Game Tie Breaker
    • Least incorrect answers

 

  • Scoring Report
    • Will be provided post-game

Game-Specific CTF Guides

Below, you will find detailed player guides organized into two sections: Multi-team/Single player and Multi-team/Multi-player. Each section provides an overview of the games, along with key strategies and insights to help you navigate the challenges and achieve success in your CTF experience.

Multi-team/Single player

Here, you'll find guides for our solo-based CTF competitions. These games focus on individual skill, where you compete against other solo players, pushing your personal abilities to the limit. Discover key tactics for outsmarting your opponents and rising to the top in these high-stakes solo challenges.

Overview: 

"Welcome to the League" is an advanced Red Team game designed to test and enhance your skills in Active Directory enumeration, privilege escalation, and post-exploitation. Are you ready to prove yourself and join The League?
 

Goals and objectives

Hone your Red Team skills in an Active Directory environment by utilizing a variety of powerful toolsets, including:

  • NMAP
  • Mimikatz
  • Hydra
  • Metasploit
  • Python
  • Bloodhound
  • Hashcat
  • Netcat
  • Gunzip
  • Impacket
  • Basic Linux CLI
  • Basic Linux Text Editing

 

Tools & Resources:

Within the game, specific Red Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.

 



How to Begin (DAY OF EVENT):

The game is about to start! Follow these steps to ensure a smooth launch:

  1. Watch the Introduction Video – Click "Launch Event" to view the briefing from Mal.
  2. Launch the Game – Click "Launch Gamespace" to enter the CTF and access your Player Desktop.
  3. Read the Instructions – Open the "README.txt" file on your Player Desktop for further guidance.

Before launching:

  • Ensure you are logged into the WWT.com platform using the email you registered with.
  • Check the Team Tab on the event page for your RocketChat login details.
  • Your RocketChat username matches your assigned desktop (e.g., byte-me-player1 will use Desktop 1).
  • Once inside the game, locate the "credentials.txt" file, which contains your RocketChat login and other essential credentials for quick access.

Multi-team/Multi-player

In this section, you'll find guides for our team-based CTF games, where collaboration and strategy are crucial to overcoming opposing teams. Learn how to coordinate with your team, maximize your contributions, and secure victory in competitive multiplayer environments.

Overview: 

Participants will engage in a hands-on emulation where they navigate complex cyber threats in a controlled environment. Leveraging industry-leading tools and real-world scenarios, the game challenges participants to collaborate effectively and deploy their cybersecurity skills. The storyline immerses them in defending a global financial services firm against a coordinated cyber-attack, allowing participants to step into the role of defenders and respond to evolving threats.

 

Game Phase Info: 

Phase 1: Reconnaissance and Discover 

Phase 2: Mitigation and Remediation

Phase 3: Realtime Defending 

 

 

Tools & Resources:

Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.

 

Overview: 

Welcome to the SAVE Cyber Defense Initiative, where you will hone your skills as a defender in the world of cybersecurity. This Blue Team-focused Capture The Flag (CTF) is designed to immerse you in the world of incident response and threat hunting. Your mission is to protect the network of Zeta-Tactical from the relentless attacks of 'The League,' a notorious group of cyber criminals. Specifically, you will be tasked with identifying the Indicators of Compromise (IOCs) left behind by the hacker known as 'Leopold.' Your success in discovering these remaining footholds (aka needles) within the vast haystack of logs stored in our Security Information and Event Management (SIEM) system will determine the outcome of this event.

 

Tools & Resources:

Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.

 

Overview: 

As a participant in this Red Team-style CTF, you are part of a team of up to four people. You are expected to work as a team in order to be successful in the game. 

Here's the scenario: Thousands of organizations across the world are grappling with a new supply chain ransomware attack. A nefarious collective of hackers called The League has taken credit, but a consortium of affected organizations is turning to SAVE — a gray hat hacking organization — to turn the tables on The League by breaking into its own network to obtain a release code that would ultimately win back the stolen data for all organizations affected. SAVE is enlisting the help of you and your teammates to do the dirty work.

Tools & Resources:

Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.

 

Overview: 

Threat intel indicates that the APT known as the SpiceWorm team is targeting record labels with advanced ransomware campaigns. As a member of SAVE, you have been brought in to help Caladan Records prepare/detect/contain/recover their environment from imminent attack using Rubrik Security Cloud and master cyber resiliency.

 

Tools & Resources:

Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.

 

 

Before launching:

  • Ensure you are logged into the WWT.com platform using the email you registered with.
  • Check the Team Tab on the event page for your RocketChat login details.
  • Your RocketChat username matches your assigned desktop (e.g., byte-me-player1 will use Desktop 1).
  • Once inside the game, locate the "credentials.txt" file, which contains your RocketChat login and other essential credentials for quick access.