Reference Materials |
---|
NSA open Source |
CIA Hacking Tools |
Google Search Operators: The Complete List |
Director of National Intelligence Open Source Center |
PacketLife Cheat Sheet Library |
Red Team / Blue Team |
---|
Clint Bodungen's ThreatGen Red vs Blue |
SANS Blue Team Wiki |
Red Team Cheat Sheets |
ITEN Wired Cybersecurity Competition (NWFL Only)
ITEN Wired in collaboration with University of West Florida's Center for Cybersecurity host the ITEN Wired Cybersecurity Competition every October during the ITEN Wired Summit. The first cybersecurity competition was held in 2016. Each year The UWF Center for Cybersecurity host's the competition in it's own Cyber Center. In previous competitions each team was dropped into a poorly secured network where they act as incident responders. Teams would experience, document, and respond to various network attacks, testing their ability to detect, defend, and prevent various threats without prior preparations.
An Attack-Defend Capture the Flag, also known as a Combative Capture the Flag (CCTF) or Red Team/Blue Team event is a cybersecurity competition where each team attacks the other team's network resources while simultaneously defending their own. There are flags hidden throughout various network resources which attacking teams attempt to obtain while compromising various systems such as routers, servers, and host machines. Attacking teams are able to utilize various resources in order to compromise defending machines within the rules of the competition.
A Jeopardy-Style Capture the Flag event is a knowledge based cybersecurity competition in which teams compete against one another in a question-answer format. Teams are given various categories to choose from containing cybersecurity related questions. Each question is assigned a point value according to the relative difficulty. Some categories include: cryptography, steganography, physical security, and network scanning.
The National Cyber League is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual, and Team Games. NCL challenges are based on the CompTIA Security+ and EC-Council Certified Ethical Hacker (CEH) performance-based exam objectives and include the following content: Open Source Intelligence, Scanning, Enumeration and Exploitation, Password Cracking, Traffic Analysis, Log Analysis, Wireless Security, Cryptography, and Web Application Security.
Game | Description |
---|---|
Preseason | Individual competition that allows the NCL to evaluate participants to determine their current skill level. After the preseason, players are awarded a digital medal. This allows students to compete in Regular Season with other similarly skilled participants. |
Individual | Another individual competition that pits players against each other in their assigned medal groups. This is where player’s scores matter. Participants will be ranked overall and within their group. |
Team | Where Regular Season players form teams with 2 to 5 members to compete (no flag sharing with other teams). Various levels of experience and expertise are brought to the table in this situation. Many consider the Postseason game the highlight of their NCL experience. Each team’s group is determined by the average Regular Season score of the team’s members. |
Players/teams participate in a type of computer security game called a Capture-the-Flag (CTF). In CTF games, players/teams race to answer security-related challenges, often searching for digital “flags" hidden on servers, in encrypted text, or in applications. Challenges within the CTF are open-ended and require expertise and skills in a wide range of security-related topics. When a player/teams submits a flag, they receive points for solving the challenge. The player/team with the highest cumulative score at the end of the game wins. Players/teams are scored on their ability to successfully complete the challenges and obtain the flags therein. Most challenges in the Spring Season contain more than one flag. To accumulate points, players/teams receive a pre-assigned point value for successfully submitting a flag. The point value for some flags is determined by the NCL difficulty rating system. The total score for a player/team is the sum of points for all successfully submitted flags.
While game challenges are available to all players/teams, there are increasingly difficult challenges included to test players/teams with more advanced skills.
The existing NCL bracketing is removed as of Fall 2021 and there will no longer be bracket-specific leaderboards.
NCL made this change because they do not believe bracketing is currently serving its intended purpose. Bracketing was supposed to make NCL more approachable to beginners by creating a fairer comparison so that beginners could be compared to beginners while advanced players would be compared to other advanced players. However, getting into a bracket no longer seems to be a matter of simple classification, but a goal in itself. We have seen players disappointed that they did not get placed into the Gold bracket, particularly for the Team Game. Gold bracket currently carries a level of prestige which it should not because getting into Gold bracket is a classification that occurs before the actual competition even starts.
Digital medals are being added and will highlight performance during the Individual and Team Games. Even though NCL removed bracketing, the terms "Gold", "Silver", and "Bronze" will not go away. Instead, they will be used to describe new medals.
5 divisions of digital medals will exist, and within each of these divisions will be 4 numeric tiers with tier 4 being the lowest and tier 1 being the highest.
Digital Medals |
---|
Bronze |
Silver |
Gold |
Platinum |
Diamond |
Each division will represent a range of 20 percentile scores with each tier representing a specific range of 5 percentile scores within their corresponding tier. More details about medals will be published soon.
The NCL Gymnasium provides practice challenges to help prepare players for the Individual and Team Games. While practicing in the NCL Gym, players can access a solutions guide that includes step-by-step instructions to help them understand the more difficult challenges.
A goal of the NCL is to provide beginners with an entry point into cybersecurity games through preparatory exercises, while also challenging and engaging players who have already mastered similar content. As part of the Preseason, participant knowledge and skills will be assessed through a mandatory Preseason game.
The Individual Game is the portion of the NCL where individuals compete on their own, without the assistance of others, to solve game challenges. The game challenges are aligned with preparatory exercises and allow participants to validate the knowledge and skills they are developing in the NCL Gymnasium. Flag-sharing is not allowed.
Real-world cybersecurity work is often done in teams. The NCL Team Game provides a safe and challenging environment for players from the Individual Game to apply their knowledge and skills in a team setting. The team game requires players to work together to solve real problems, with real deadlines, under time (and in some cases) technical and resource constraints. No flag-sharing with other teams allowed.