Cyber Defender Foundation (CTF)
LSA Training is an institution providing professional education to individuals pursuing career growth in an increasingly sophisticated and competitive world. We aim to promote excellence in education and training in both the academic and corporate world.
The cyber defender foundation capture the flag (CTF) has been designed to test and teach those responsible for detecting and defending an organisation against a cyber-attack. The cyber lab offers a safe environment for IT and security teams to develop their cyber defence skills and put to them to the test against the clock.
This is not for your elite ‘hackathon# champions, this foundation CTF provides a learning platform for your multi-discipline technical teams to work together collaborating as they would do in a real cyber-attack. During the event challenges are released which requires the participants to navigate through systems, seeking vulnerabilities, exploiting, decrypting, whatever it takes to find the flag. Talented individuals working in isolation can’t defend an organisation successfully. Learn the necessary cyber defence ‘trade craft’ skills, in our state of the art cyber lab, a fully immersive learning experience, harnessing the talent within your teams to solve the challenges together before you have to do it for real.
There are no explicit predefined prerequisites required for the challenge event as the instructor will lead the delegates through the event from the introductory modules to the more advanced tasks. However we recommend that delegates have experience of Windows and Linux operating systems in a networked environment. CLI skills, which include the navigation of file directories for both Windows and Linux. The ability to interrogate network systems for basic information such as IP address and MAC address. Knowledge of network fundamentals (IP addressing, subnets, routing). Familiarity with TCP/IP stack and the OSI Model and knowledge of common internet protocols.
How to work as a team during complex technical tasking
- Cyber defence ‘tradecraft’ problem solving activity
- System, network and service enumeration
- How to automate tasks using bash scripts and other types of scripting languages
- Application enumeration and profiling
- How data is encoded, decoded, encrypted and decrypted using various algorithms as a means of evading detection
- How to audit and identify critical signs of compromise within systems
- How to respond to an incident under time bound pressures
- How to identify and remove malicious files and services
- How to test systems and services for vulnerabilities (scanning and fingerprinting)
- How to exploit vulnerabilities in both web and system applications (session hijacking, XSS, exploitation frameworks, SQLi)
- Kali Linux Defensive skills: Delegates will be taught the foundation elements of the Kali Linux environment and will be taught a subset of the many tools available within the Kali Linux suite. Including the more advanced tools of Kali Linux distribution which will form the building blocks for later modules.
- Encoding and decoding strings: Malware and other types of backdoors use encoding and encryption to hide what they do and to help avoid detection. Delegates will be taught how strings and data can be encoded and decoded using Base64, Hexadecimal and Binary and how this data can be decoded. Delegates will also be taught ways in which data can be encrypted and decrypted using various cryptographic algorithms and ciphers. This will teach each of the learners the foundation skills and knowledge needed to reverse engineer malware and backdoors which use these types of tricks to avoid detection.
- Incident response: After a cyber-attack it is important to determine how a cyber breach occurred, what the attacker did and what information the attacker managed to access. Delegates will be taught some of the ways in which systems can be compromised and the purpose of log files and how to analyse those log files for signs of breach allowing them to build a picture of how the attack happened and what the attacker achieved during the compromise. Delegates will be shown how to find backdoors installed by attackers and how to safely remove these backdoors.
- Penetration testing: Penetration tests allow system administrators and security professionals to identify vulnerabilities and weaknesses in their systems and platforms which could be exploited by an attacker. Delegates will be taught how to conduct a penetration test, testing for weak authentication, scanning remote services for vulnerabilities, exploitation of vulnerabilities and patching those vulnerabilities.
Day 2 : Each team will be given a compromised system where they will be asked to find information relating to how the attacker compromised the system, what the attacker did on the system and the types of information accessed by the attacker. Each team will perform a vulnerability assessment on the compromised system and attempt to exploit and patch vulnerabilities ranging from weak authentication all the way to remote command execution.
- Round one will cover the various aspects of Kali Linux where delegates will be asked to perform a number of tasks, in their team, all of which can be found using the expansive suite of tools with the Kali Linux environment. This round engages both novices and experts covering tasks with varied difficulty. Each task requires the submission of a flag, the goal being to submit maximum number of flags in the allocated time.
- Round two will cover various types of encoding, decoding, encryption and decryption where delegates will be asked to encode/decode messages and solve a number of cryptographic puzzles which include alphabetical and numerical shift ciphers and transpositions. Delegates score flags for entering the correct encoded/decoded message in each of the tasks. This simulates the ability to detect and respond quickly to an insider attack and gain an understanding on an attacker’s covert communication mind set.
- Round three will ask each delegate to perform a number of tasks to clean up after a cyber breach. This requires delegates to find backdoors installed by an attacker and remove these backdoors, identify compromised systems and services and change user accounts preventing the attacker from regaining access to the server and determine how the system was compromised.
- Round four explores the detail behind a penetration test of a compromised system where delegates will be asked to identify vulnerabilities and exploit those vulnerabilities ranging from weak authentication all the way to remote command execution in both web and system applications. Delegates will be able to test a wide range of skills from the more basic SQL injection to the more complex process of privilege escalation by exploiting buffer overflows.
- Each of the four CTF rounds will cover a number of tasks ranging in difficulty engaging both novices and the more able delegate, in various aspects of Linux, networking, cryptography, incident response, penetration testing and exploitation of various types of vulnerabilities. Flags are awarded for successfully completing each task in each round. Each task is worth one flag and the team at the end of the four rounds with the most flags wins. Time will be used as the tiebreaker.
- Previous Educational Background in IT or experience in support of networking.
Also on this course we offer the following
- Hands on Experience
- Real Time project work
- Interview based Training
- Instructor Led – Face2Face / class room training
- More interaction with student to faculty and student to student.
- Detailed presentations. Soft copy of Material to refer any time.
- Practical oriented / Job oriented Training. Practice on Software Tools & Real Time project scenarios.
- Mock interviews / group discussions / interview related questions.
- Test Lab is in Cloud Technology – to practice on software tools if needed.
- We discuss about the real time project domains.
- The teaching methods / tools / topics we chosen are based on the current competitive job market.
Expected Salary/ Pay Package
- Expected Salaries are as follows:
- For Contractors £400 to £500 per day
- Permanent Positions £50 to £110k per annum all depends on experience and skills set