{"id":9095,"date":"2020-06-15T06:01:25","date_gmt":"2020-06-15T13:01:25","guid":{"rendered":"https:\/\/origin-www.parsons.com\/?p=9095"},"modified":"2023-07-25T17:00:53","modified_gmt":"2023-07-25T21:00:53","slug":"leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6","status":"publish","type":"post","link":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/","title":{"rendered":"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)"},"content":{"rendered":"\n
\"Cyber<\/figure>\n\n\n\n

Hosting a CTF: Part 6 \u2013 How To Create Solutions Slides Based Off Of Jeopardy-Style CTF Content<\/h2>\n\n\n\n

Now that we have read Part 1-5 let’s get to the final steps! First, we have to work through an example of creating solution slides based off Jeopardy-style CTF content using some of our questions from the last post. Using that same .pcap (or you can download our .pcap from <HERE><\/a> to work with), let\u2019s build a detailed solution for the second question: 2. What is the first newsgroup that was subscribed to\/accessed by the user in this .pcap?<\/em> <\/p>\n\n\n\n

I like my solutions to be rather complete, so a CTF newbie\ncould read the challenge question and my solution and be able to solve the\nchallenge without much trouble, so I tend to include both text and screenshots.<\/p>\n\n\n\n

I started my solution by describing how to go about the question: <\/p>\n\n\n\n

If you know what protocol newsgroups are run over, that makes this question easy. If not, you should Google \u201cwhat Internet protocol do newsgroups run over,\u201d and you\u2019ll discover it\u2019s NNTP (Network News Transport Protocol). So open up the .pcap in Wireshark, sort by protocol (by clicking the top of the \u201cProtocol\u201d column), and scroll down until you see a packet using NNTP. Right-click the first packet you see and click \u201cFollow, then TCP Stream.\u201d<\/em><\/p>\n\n\n\n

I like inserting screenshots when the instructions are more\nthan trivial, and I think this is a good place to add one.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Once you have the combined TCP\ntraffic visible, scroll down to a line highlighted in red, as that\u2019s a request\nthe client sent to the server, and look for the first \u201cGROUP X\u201d reference, as\nthat will show the user joining that group.<\/em><\/p>\n\n\n\n

As shown in the\nimage, I\u2019ll edit the screenshot and circle the part of it the user needs to\nknow to make it super clear.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

As shown in the attached picture, the user\u2019s client\nissues the \u201cGROUP grc.cookies\u201d command, thus the grc.cookies\ngroup was the first news group that was subscribed to\/accessed by the\nuser in this .pcap.<\/em><\/p>\n\n\n\n

I always state (and color code) the final solution to the\nchallenge.<\/p>\n\n\n\n

Now that we have the solution documented to that question,\nlet\u2019s add to it by answering the third question: 3. One of the messages read\nin the newsgroup talks about a popup alerting the user to a potential virus. What\nwas the full name of that potential virus?<\/em><\/p>\n\n\n\n

I recommend giving the solutions to participants afterward\nas a complete slide deck, so each question\u2019s solution can build upon the\nothers. For example, for this one you can start with:<\/p>\n\n\n\n

Following the steps from the solution slide to the second question, you should be looking at the complete TCP stream based off the first NTTP packet seen in the .pcap. Keep scrolling down and look for a complete newsgroup message. Once you find it, keep reading until you see something about a popup and a virus detect. You can use the \u201cFind\u201d box at the bottom of the screen, if needed to help pinpoint its location (you can search for \u201cpopup\u201d or \u201cVirus\u201d to help you look). You should see the text that says \u201cMicrosoft detected the Adware:Win32\/RelatedLinks virus on your computer,\u201d showing that Adware:Win32\/RelatedLinks is the answer!<\/em><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

With the included image highlighting exactly wherein the message the potential virus name is found, you\u2019ve given pretty clear instructions.<\/p>\n\n\n\n

Now, the only thing left is to stand up your own CTF server\nfor hosting the Jeopardy-style CTF! There are a plethora of options out there. We\nhave experience with two for our CTFs. We first used PTCoreSec (https:\/\/github.com\/PTCoreSec\/CTF-Scoreboard<\/a>),\nwhich we heavily modified, since the original is over seven years old now, and\nnow we use CTFd, which has an amazing tutorial at https:\/\/github.com\/CTFd\/CTFd\/wiki\/Getting-Started<\/a> to help you get started.<\/p>\n\n\n

Check out our previous Cyber blogs: A Guide To Capture The Flag (Part 1) \u00a0<\/a>| A Guide To Capture The Flag (Part 2)<\/a> | A Guide To Capture The Flag (Part 3)<\/a> | A Guide To Capture The Flag (Part 4)<\/a> | A Guide To Capture The Flag (Part 5)<\/a><\/p>\n\n\n

<\/span>
About The Author<\/h5>

Nicholas J. has more than 15 years of experience supporting cybersecurity operations, engineering, development, and all sorts of crazy fun things for the U.S. Department of Defense \u2013 12 of those with Parsons!  Nicholas currently serves as Cyber Thaumaturgy Director of the Collection & Analytics Portfolio, working hard to bring more fun and technical awesomeness to both our amazing Parsons team and the community at large via tech talks, large-scale interactive training sessions, Capture the Flag events, and other mentorship opportunities.   <\/p><\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"

Hosting a CTF: Part 6 \u2013 How To Create Solutions Slides Based Off Of Jeopardy-Style CTF Content Now that we have read Part 1-5 let’s get to the final steps! […]<\/p>\n","protected":false},"author":29,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"9336,9029,9071,9078,9019,8540","_relevanssi_noindex_reason":"","footnotes":""},"categories":[7663],"tags":[],"class_list":["post-9095","post","type-post","status-publish","format-standard","hentry","category-cyber"],"yoast_head":"\nLeveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)<\/title>\n<meta name=\"description\" content=\"Hosting a CTF: Part 6 \u2013 How To Create Solutions Slides Based Off Of Jeopardy-Style CTF Content Now that we have read Part 1-5 let's get to the final\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)\" \/>\n<meta property=\"og:description\" content=\"Hosting a CTF: Part 6 \u2013 How To Create Solutions Slides Based Off Of Jeopardy-Style CTF Content Now that we have read Part 1-5 let's get to the final\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/\" \/>\n<meta property=\"og:site_name\" content=\"Parsons Corporation\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/parsonscorporation\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-15T13:01:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-25T21:00:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.parsons.com\/wp-content\/uploads\/2020\/02\/parsons-logo-for-social.png\" \/>\n\t<meta property=\"og:image:width\" content=\"684\" \/>\n\t<meta property=\"og:image:height\" content=\"353\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Theresa Wederman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@parsonscorp\" \/>\n<meta name=\"twitter:site\" content=\"@parsonscorp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Theresa Wederman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/\"},\"author\":{\"name\":\"Theresa Wederman\",\"@id\":\"https:\/\/www.parsons.com\/#\/schema\/person\/ffd34de8b6b2440a671ee6cbf6676c5f\"},\"headline\":\"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)\",\"datePublished\":\"2020-06-15T13:01:25+00:00\",\"dateModified\":\"2023-07-25T21:00:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/\"},\"wordCount\":797,\"publisher\":{\"@id\":\"https:\/\/www.parsons.com\/#organization\"},\"articleSection\":[\"Cyber\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/\",\"url\":\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/\",\"name\":\"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)\",\"isPartOf\":{\"@id\":\"https:\/\/www.parsons.com\/#website\"},\"datePublished\":\"2020-06-15T13:01:25+00:00\",\"dateModified\":\"2023-07-25T21:00:53+00:00\",\"description\":\"Hosting a CTF: Part 6 \u2013 How To Create Solutions Slides Based Off Of Jeopardy-Style CTF Content Now that we have read Part 1-5 let's get to the final\",\"breadcrumb\":{\"@id\":\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.parsons.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.parsons.com\/#website\",\"url\":\"https:\/\/www.parsons.com\/\",\"name\":\"Parsons Corporation\",\"description\":\"Infrastructure, Defense, Security, and Construction\",\"publisher\":{\"@id\":\"https:\/\/www.parsons.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.parsons.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.parsons.com\/#organization\",\"name\":\"Parsons Corporation\",\"url\":\"https:\/\/www.parsons.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.parsons.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.parsons.com\/wp-content\/uploads\/2020\/02\/parsons-logo-for-social.png\",\"contentUrl\":\"https:\/\/www.parsons.com\/wp-content\/uploads\/2020\/02\/parsons-logo-for-social.png\",\"width\":684,\"height\":353,\"caption\":\"Parsons Corporation\"},\"image\":{\"@id\":\"https:\/\/www.parsons.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/parsonscorporation\",\"https:\/\/x.com\/parsonscorp\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.parsons.com\/#\/schema\/person\/ffd34de8b6b2440a671ee6cbf6676c5f\",\"name\":\"Theresa Wederman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.parsons.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e75b9003608a0a78196a3423011a34c5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e75b9003608a0a78196a3423011a34c5?s=96&d=mm&r=g\",\"caption\":\"Theresa Wederman\"},\"url\":\"https:\/\/www.parsons.com\/author\/theresa-wederman\/\"}]}<\/script>\n","yoast_head_json":{"title":"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)","description":"Hosting a CTF: Part 6 \u2013 How To Create Solutions Slides Based Off Of Jeopardy-Style CTF Content Now that we have read Part 1-5 let's get to the final","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/","og_locale":"en_US","og_type":"article","og_title":"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)","og_description":"Hosting a CTF: Part 6 \u2013 How To Create Solutions Slides Based Off Of Jeopardy-Style CTF Content Now that we have read Part 1-5 let's get to the final","og_url":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/","og_site_name":"Parsons Corporation","article_publisher":"https:\/\/www.facebook.com\/parsonscorporation","article_published_time":"2020-06-15T13:01:25+00:00","article_modified_time":"2023-07-25T21:00:53+00:00","og_image":[{"width":684,"height":353,"url":"https:\/\/www.parsons.com\/wp-content\/uploads\/2020\/02\/parsons-logo-for-social.png","type":"image\/png"}],"author":"Theresa Wederman","twitter_card":"summary_large_image","twitter_creator":"@parsonscorp","twitter_site":"@parsonscorp","twitter_misc":{"Written by":"Theresa Wederman","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/#article","isPartOf":{"@id":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/"},"author":{"name":"Theresa Wederman","@id":"https:\/\/www.parsons.com\/#\/schema\/person\/ffd34de8b6b2440a671ee6cbf6676c5f"},"headline":"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)","datePublished":"2020-06-15T13:01:25+00:00","dateModified":"2023-07-25T21:00:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/"},"wordCount":797,"publisher":{"@id":"https:\/\/www.parsons.com\/#organization"},"articleSection":["Cyber"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/","url":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/","name":"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)","isPartOf":{"@id":"https:\/\/www.parsons.com\/#website"},"datePublished":"2020-06-15T13:01:25+00:00","dateModified":"2023-07-25T21:00:53+00:00","description":"Hosting a CTF: Part 6 \u2013 How To Create Solutions Slides Based Off Of Jeopardy-Style CTF Content Now that we have read Part 1-5 let's get to the final","breadcrumb":{"@id":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.parsons.com\/2020\/06\/leveling-up-your-cyber-skills-a-guide-to-capture-the-flag-part-6\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.parsons.com\/"},{"@type":"ListItem","position":2,"name":"Leveling Up Your Cyber Skills \u2013 A Guide To Capture The Flag (Part 6)"}]},{"@type":"WebSite","@id":"https:\/\/www.parsons.com\/#website","url":"https:\/\/www.parsons.com\/","name":"Parsons Corporation","description":"Infrastructure, Defense, Security, and Construction","publisher":{"@id":"https:\/\/www.parsons.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.parsons.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.parsons.com\/#organization","name":"Parsons Corporation","url":"https:\/\/www.parsons.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.parsons.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.parsons.com\/wp-content\/uploads\/2020\/02\/parsons-logo-for-social.png","contentUrl":"https:\/\/www.parsons.com\/wp-content\/uploads\/2020\/02\/parsons-logo-for-social.png","width":684,"height":353,"caption":"Parsons Corporation"},"image":{"@id":"https:\/\/www.parsons.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/parsonscorporation","https:\/\/x.com\/parsonscorp"]},{"@type":"Person","@id":"https:\/\/www.parsons.com\/#\/schema\/person\/ffd34de8b6b2440a671ee6cbf6676c5f","name":"Theresa Wederman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.parsons.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e75b9003608a0a78196a3423011a34c5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e75b9003608a0a78196a3423011a34c5?s=96&d=mm&r=g","caption":"Theresa Wederman"},"url":"https:\/\/www.parsons.com\/author\/theresa-wederman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/posts\/9095"}],"collection":[{"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/comments?post=9095"}],"version-history":[{"count":0,"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/posts\/9095\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/media?parent=9095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/categories?post=9095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.parsons.com\/wp-json\/wp\/v2\/tags?post=9095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}