Tuesday, March 01, 2011

Lessons learnt - CTF

After completing  Nullcon 2011 CTF , it made me realize the importance and usefulness of such exercises. The brainstorming, the thought provoking questions, alternative means/ways of finding solutions, faster resolution to a given problem are all part of any normal CTF and most of the scoring mechanisms these days are based on timelines. The faster we solve it, the better the scores J

All that being said it also made me think a lot of how best can we use those skills in our daily day-to-day operations. As a security professional, incident management/response,  malware analysis, identifying and containing an intrusion, hardening guidelines and updates to such procedures are all part and parcel of our life.

Back to the skills and knowledge gained by the use of completing CTF, we come across faster means of solving problems, new tools/technologies learnt  which can be put to best use inside organizations and enterprises for enhancing the security posture to higher levels.

Let me take some time to share my learning on this CTF. To name the technologies, starting from basic web injection to memory analysis, from googling to scripting , password hash extraction and cracking, log analysis, steganography & not to mention the new friends (Anant/Karn/Rahul/the_empty) and the network, it was a fascinating week at large.

I started off with Backtrack 4 R2 as my base station and listed below are few of the tools used/touched by me during the week of CTF:
strings
wireshark
Firefox addons(Tamperdata/WebDeveloper)
Volatility
Google (I'm sure you know how to reach this one ;)
Python
Ophcrack


Finally some gray matter to mix them all for this nice cocktail called CTF .Adding to all the tools it also clearly showed evidence that common utilities like strings/wireshark/python and their impact and usefulness in incident response/incident handling, gave me more ideas on how best we can polish our IR process.

Thanks again to the nullcon team for enlightening and refreshing our brain matter with their CTF.

Thinking about next post .... more tools  or CTF writeups... Keep watching....