Cyber Range - CTF Getting Started Guide

Getting Started: Table of Contents

Recommended Prerequisites

Participating in the Cyber Range Initiation is highly beneficial for anyone looking to strengthen their cybersecurity skills. This hands-on experience introduces you to real-world scenarios, where you can practice defensive and offensive techniques in a controlled environment. By engaging with the Cyber Range, you gain valuable insight into how to respond to cyber threats effectively, making it an excellent foundation for anyone pursuing a career in cybersecurity or looking to enhance their current skill set. Explore the Cyber Range Initiation and start your journey here.

Code of Conduct

By logging in to the WWT Cyber Range, players affirm their agreement with the WWT Capture the Flag Competition Official Rules.

Cooperation

No cooperation between teams. Sharing keys or providing revealing hints to other teams is cheating. Don't do it.

Attacking the scoreboard

Don't attack the scoreboard infrastructure. If vulns are found, please alert the range admins immediately.

Bruteforcing

No brute forcing of challenge flag/keys against the scoreboard infrastructure. Choose another way to flex your skills.

Denial of Service

DoSing the underlying platform is forbidden. Stay within the game space of 192.168.0.0/16 and 172.16.0.0/16.

Professionalism

Be professional and respectful. No offensive language or inappropriate behavior. Ensure a positive, safe, and fair experience for everyone.

Account Security

Keep login credentials private to ensure secure and fair gameplay, protecting the integrity of the game.

Attacking Other Players

Focus on the game, not attacking others. Respect fellow players to ensure a fair and collaborative environment.

Attacking Outside the gamespace

Keep all actions within the game space. Attacking outside the designated environment is prohibited to ensure fairness and security.

What Does a Flag Look Like?

In a Capture the Flag (CTF) event, a "flag" represents the solution to a challenge or problem. Flags can take various forms and are submitted to the scoreboard, which tracks the progress of both individuals and teams. The scoreboard is also where the grading for the competition takes place, determining each participant's standing in the event.

It might be a fully qualified domain name or FQDN like this:

webmail.acmecorp.info

It could be a string of text from an html script:
WWT{18090f4-0e24-6651-v65f-22sp3267aa}

It could be a user password combination that is found:
admin:acme123!

It could be clear text within a flag file that was found:
in the fileflag.txt, clear text inside is:
DrinkYourOvaltine

These are just a few examples of the types of flags you can expect in WWT Cyber Range CTF events. Additionally, the structure of the flags and any hints may be provided directly within the in-game scoreboard. Be sure to check the scoreboard for the correct flag formatting.

*Hint: If you see a strict structure like Xxxx xx X xxXx Then it's likely the response would match the structure. [ This is A flAg } would be a properly formatted answer.

Logging Into the Game

Step 1: View Event Details

Click View Event Details from the event calendar invitation or the event registration notification that was sent.

Step 2: Log in

Next, click the "Log In" link on the event page.

Step 3: Enter email

When prompted, enter your Email and then click Next.

Step 4: Verification code

Use the authentication code sent to the email entered in step 3.

Step 5: Authenticate your login

Enter the authentication code.  Click Login

Step 6: Launch the gamespace

Click Launch Gamespace to begin the game and open the ATC Lab Gateway. The Launch Gamespace button is not available until the start time of the event. For additional details around the event page, please see the section below titled Event Page Details.

Event Page Details

1. Details Tab: Specifies the details of the event

2. Resources Tab: Provides resources to be utilized prior and during the Cyber Range event

3. Team Tab: This tab provides access to Rocket Chat credentials, along with a list of team members. Only the assigned team members can view this section.

4. Event Overview: Provides details about the Cyber Range event

5. What to Expect / Goals and Objectives/ Agenda: Scroll to see additional information about the event.

6. Launch GameSpace: Clicking this button launches the lab in a new tab. This button is not clickable until the start of the event. Please see additional details under Gameplay – ATC Lab Gateway and Chat Platform section.

7. Date/Time: Day and start time of the Cyber Range event

8. Host: Host of the Cyber Range event

GameSpace: Chat Platform

Clicking Launch Gamespace opens the ATC Lab Gateway and chat in a new tab. Please see below for additional details. (note: your desktop may not appear exactly the same due to operating system differences, but all resources are still available)

1. Player Desktops: There are four desktops available for each team. Team members can view each desktop. Click the arrow within the tab of each player desktop to open the desktop in a new tab.

2. Live Chat: Provides a way to submit a technical support request. The Live Chat screen will open at the bottom right of the player desktop. Enter your name and email then select an option with the Cyber Range Support Agent and a support representative will be in contact.

3. Rocket Chat: Enter the Rocket Chat credentials provided on the event page team tab (see above). All game play videos, messages, and hints are deployed through Rocket Chat. Click the arrow within the tab of each player desktop to open the desktop in a new tab.

*Important: To prevent login errors, please refrain from attempting to access Rocket Chat before the official start time of the event. Logging in early may result in username or password errors. If you encounter such issues, close the Rocket Chat window and retry logging in through the game interface after the session has commenced.

4. gameInfo: Document with necessary credentials

5. Zenmap: Nmap tool

6. Putty: SSHTelnet client players can use to access systems

7. Chrome Shortcut: Click to access the CTFd tool and the Iron Guardian website. Within the CTFd tool, users can view challenges, view the scoreboard, and submit flags. Team credentials to access CTFd are provided on the event page team tab (see above). For additional CTFd details, please see the section titled Submitting Flags and Viewing Scoreboard - CTFd.

8. Wireshark: Opensource network protocol analyzer tool

9. Network Diagram: Ironguardian's network diagram

10. Statement of Work: Game rules for players

11. Team Specific Player Chat Channel: Each player has access to a team specific chat. Only team members and the Cyber Range Admin can see this chat. The team's name is located within the Event Page.

12. Announcements Player Chat Channel: Each player has access to view this channel. Game play videos, messages, and hints are deployed within this channel.

13. General Player Chat Channel: Each player has access to a general chat for all players. This channel is utilized to interact with proctors and other teams within the game. The name of the general chat channel is the event title.

GameSpace: Copy/Paste Settings

Copy/Paste from your host system to a system in the ATC through the ATC Lab Gateway is possible with several restrictions.

Browser Setup

The ATC lab Gateway supports copy/paste in Google Chrome and Microsoft Edge.
When users first access the ATC Lab Gateway, a prompt will display. To enable copy/paste select Allow. Please note the below snapshots are for Chrome.

If you accidentally blocked or closed the prompt, you can adjust these settings by:

To update the settings, click the pad-lock icon next to the site URL. Click Reset Permissions. Toggle the Clipboard to on/off.

Scoring System

Scoring System:

Bonus Points:
- First Blood (Awarded 10 bonus points)
- First to Finish (Awarded 10 bonus points)
- Note: Proctors may award bonus points in game

Game Tie Breaker
- Least incorrect answers

Scoring Report
- Will be provided post-game

Game-Specific CTF Guides

Below, you will find detailed player guides organized into two sections: Multi-team/Single player and Multi-team/Multi-player. Each section provides an overview of the games, along with key strategies and insights to help you navigate the challenges and achieve success in your CTF experience.

Multi-team/Single player

Here, you'll find guides for our solo-based CTF competitions. These games focus on individual skill, where you compete against other solo players, pushing your personal abilities to the limit. Discover key tactics for outsmarting your opponents and rising to the top in these high-stakes solo challenges.

Welcome to the League

Overview:

"Welcome to the League" is an advanced Red Team game designed to test and enhance your skills in Active Directory enumeration, privilege escalation, and post-exploitation. Are you ready to prove yourself and join The League?

Goals and objectives

Hone your Red Team skills in an Active Directory environment by utilizing a variety of powerful toolsets, including:

NMAP
Mimikatz
Hydra
Metasploit
Python
Bloodhound
Hashcat
Netcat
Gunzip
Impacket
Basic Linux CLI
Basic Linux Text Editing

Tools & Resources:

Within the game, specific Red Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.

How to Begin (DAY OF EVENT):

The game is about to start! Follow these steps to ensure a smooth launch:

Watch the Introduction Video – Click "Launch Event" to view the briefing from Mal.
Launch the Game – Click "Launch Gamespace" to enter the CTF and access your Player Desktop.
Read the Instructions – Open the "README.txt" file on your Player Desktop for further guidance.

Before launching:

Ensure you are logged into the WWT.com platform using the email you registered with.
Check the Team Tab on the event page for your RocketChat login details.
Your RocketChat username matches your assigned desktop (e.g., byte-me-player1 will use Desktop 1).
Once inside the game, locate the "credentials.txt" file, which contains your RocketChat login and other essential credentials for quick access.

Multi-team/Multi-player

In this section, you'll find guides for our team-based CTF games, where collaboration and strategy are crucial to overcoming opposing teams. Learn how to coordinate with your team, maximize your contributions, and secure victory in competitive multiplayer environments.

Falcon

Overview:

Participants will engage in a hands-on emulation where they navigate complex cyber threats in a controlled environment. Leveraging industry-leading tools and real-world scenarios, the game challenges participants to collaborate effectively and deploy their cybersecurity skills. The storyline immerses them in defending a global financial services firm against a coordinated cyber-attack, allowing participants to step into the role of defenders and respond to evolving threats.

Game Phase Info:

Phase 1: Reconnaissance and Discover

Phase 2: Mitigation and Remediation

Phase 3: Realtime Defending

Tools & Resources:

Within the game, specific Blue Team tools have been provided to help you successfully diagnose any malicious activity and vulnerabilities you may encounter. Below, you'll find a list of these tools, along with links to learning materials. If you are unfamiliar with these tools, these resources will help you get up to speed.

Haystack

Overview:

Welcome to the SAVE Cyber Defense Initiative, where you will hone your skills as a defender in the world of cybersecurity. This Blue Team-focused Capture The Flag (CTF) is designed to immerse you in the world of incident response and threat hunting. Your mission is to protect the network of Zeta-Tactical from the relentless attacks of 'The League,' a notorious group of cyber criminals. Specifically, you will be tasked with identifying the Indicators of Compromise (IOCs) left behind by the hacker known as 'Leopold.' Your success in discovering these remaining footholds (aka needles) within the vast haystack of logs stored in our Security Information and Event Management (SIEM) system will determine the outcome of this event.

Tools & Resources:

Disarm Me

Overview:

As a participant in this Red Team-style CTF, you are part of a team of up to four people. You are expected to work as a team in order to be successful in the game.

Here's the scenario: Thousands of organizations across the world are grappling with a new supply chain ransomware attack. A nefarious collective of hackers called The League has taken credit, but a consortium of affected organizations is turning to SAVE — a gray hat hacking organization — to turn the tables on The League by breaking into its own network to obtain a release code that would ultimately win back the stolen data for all organizations affected. SAVE is enlisting the help of you and your teammates to do the dirty work.

Tools & Resources:

MicDrop 🎤

Overview:

Threat intel indicates that the APT known as the SpiceWorm team is targeting record labels with advanced ransomware campaigns. As a member of SAVE, you have been brought in to help Caladan Records prepare/detect/contain/recover their environment from imminent attack using Rubrik Security Cloud and master cyber resiliency.

Tools & Resources:

Before launching:

Ensure you are logged into the WWT.com platform using the email you registered with.
Check the Team Tab on the event page for your RocketChat login details.
Your RocketChat username matches your assigned desktop (e.g., byte-me-player1 will use Desktop 1).
Once inside the game, locate the "credentials.txt" file, which contains your RocketChat login and other essential credentials for quick access.