My Experience With SANS NetWars Tournament

I attended the SANS NetWars Tournament at the SANS Rocky Mountain Conference 2013 in Denver, while attending the SEC504: Hacker Techniques, Exploits & Incident Handling course taught by:

James Lyne – Global Head of Security Research at Sophos
Kevin Fiscus – Owner/Senior Consultant at Cyber Defense Advisors

Both James and Kevin were fantastic instructors with tons of energy and real world experience in the security research field that allows them to apply their knowledge to real problems. They explained things in a way that made it easy to consume, and kept you wanting to know more. I found myself thinking, well now that I know this, what about this – what about that!?!?

The NetWars Tournament was held mid-week after the normal classroom course and after hour lectures finished. This tournament was comprised of 40+ individuals from across the security industry, with various levels of knowledge and expertise. Some were in the SEC504 course with me, some in the SEC542 Web App Pentest and yet more in the SEC560 Network Pentest and Ethical Hacking courses.

Having not been at a SANS conference or a NetWars Tournament before, I was not sure what to expect. I figured since I had been a Linux admin that evolved into a perimeter security guy (firewall/proxy/network AV/DLP) that I would be able perform decent in the tournament. Right before the games began that nervous rush comes over you, as you are ready as possible, but have no idea what to expect. The scenarios were interesting and really made you read slowly and think about what was being asked, as some information was hidden in the context of the scenario, while other information was found entirely by trial and error (SQL injection and buffer overflow testing). I was able to make it a ways into Level 2 by the first night, but was stumped by a few things, and took the night to read up on things I thought might help me the following night. With the couple hours of studying I was able to finish Level 2 fairly early in the night, but was stumped by a few things in Level 3 that I just didn’t know (stenography and kernel mode root kit stuff). I kept at it and was reading thru the book looking for anything I could find, but time expired before I could get very far into Level 3. After all the dust settled, I had ended up 7th overall, which I was happy about because I wasn’t the only guy who got stuck. A quick chat with Kevin and James following the last night of NetWars revealed a few facepalm-worthy instances – they were able to shed some light on things that were stumping me, that were actually very simple had I just thought about it in a different way. Isn’t that always the case – perception… Don’t be afraid to dig in and get your hands dirty, but sometimes you need to take a step back, or you may miss the bigger picture (Forest thru the trees analogy.)

All in all, it was a fantastic experience for me, and I would definitely recommend attending a SANS course and NetWars Tournament if at all possible. If you are serious about network and information security, I urge you to look into attending a SANS course that appeals to you. You may also want to check out NetWars Tournament and see if there is one close to you.

Click here for a short SANS NetWars Video

Click Here For Ryan’s Scorecard

NetWars Final Scoreboard