Netwars

E Double U

I would like to hear from anyone that has participated in Netwars. I'm taking SEC504 next month and was told that there is no additional cost for Netwars since I will be in a six day course. What should I expect? What was your experience like?

docrice

Don't miss out on it. There's a scoreboard which lists who's ahead in the game, but ultimately this is about you learning, not just competing with others. NetWars is there to help augment your abilities by identifying your weaknesses and growing from it.

E Double U

Hopefully my wife lets me go (yes I need permission lol). Bad enough I'm using six of days of our trip to attend training all day so we'll see if I can stay out later for nerdwars.

JDMurray

After melting your brain all day in a SANS training class you might not have much gray matter left for an evening of intense hacking--especially if you are in beautiful downtown San Diego with all the nightlife just a short walk away on 5th Avenue. Just a warning.

E Double U

I'll be taking the course in Amsterdam so there will be a different type of nightlife available lol. It's available on lunch break too.

jamthat

Just curious, did you participate in NetWars? If so, how'd it go? I held out on it at my last conference because I didn't want to be 'that guy'...but what's it even like for people who have never participated in anything like that???

E Double U

I sure did participate. I wasn't the worst, but very far from the best lol. It was a bit intimidating, but I am glad I did it. Showed me how much I didn't know.

TechGromit

E Double U wrote: »

I'm taking SEC504 next month and was told that there is no additional cost for Netwars since I will be in a six day course.

Wow, missed the boat on this. Didn't know it was free, thought it was an additional fee. Completely missed this because I didn't sign myself up, I just told my company I wanted to take 504 and they took care of all the details. I am interested in pursuing Netwars continuous in the future.

iBrokeIT

It is typically free with the purchase of a 5 or 6 day class. If you didn't get it added to your order you can always go the registration both and get it added during the conference. If you stay until the end of the 2nd day they will typically do a raffle for a 3 month Netwars Continuous subscription.

When are you taking your GCIH?

JDMurray

NetWars Continuous Online Skill-Sharpening Range
https://www.sans.org/netwars/continuous

NetWars: DFIR Tournament
https://www.sans.org/netwars/dfir-tournament

NetWars FAQ
https://www.sans.org/netwars/faq

Hack Naked TV - SANS NetWars Review
https://www.youtube.com/watch?v=TMPiE-iaBo4

iBrokeIT

jamthat wrote: »

Just curious, did you participate in NetWars? If so, how'd it go? I held out on it at my last conference because I didn't want to be 'that guy'...but what's it even like for people who have never participated in anything like that???

Nobody cares if you are 'that guy' because we were all 'that guy' at one point in our careers so most will be happy to help get you setup and going.

Like the video that JD Murray posted mentions, they designed Netwars Tournaments to take the whole spectrum of skills into account. Levels 1 & 2 are very simple and are all done on the Linux VM and start with questions like "What is the host name of the VM?". It is also open internet so you can use your Google-Fu to get through those first two levels.

Sure, you likely won't win but you'll at least learn somethings, get a good assessment of where your InfoSec skills lie and best of all they serve free beer!

Cheers!

TechGromit

iBrokeIT wrote: »

When are you taking your GCIH?

Two months ago, this is why I say I missed the boat.

iBrokeIT

I figured you already took the class, I was actually referring to GCIH cert attempt.

TechGromit

iBrokeIT wrote: »

I figured you already took the class, I was actually referring to GCIH cert attempt.

Score 76% on my first practice test, planning on taking my 2nd practice test next week, and scheduling my exam right after that. I figure I'll be taking the exam around mid-june. Want to get this out of the way, I signed up for "Network Forensics: Continuous Monitoring and Instrumentation" at BlackHat and need to work on getting proficient with Wireshark and TCPdump for the course. It's kinda funny, my employer doesn't want to pay for another SANS course for me until 2018, but did blink an eye dropping $6,300 for BlackHat and training. There no Cert I can get, but I figure the knowledge would be useful for "SEC511: Continuous Monitoring and Security Operations" in the future.

SaSkiller

When it comes to in course netwars, be prepared for challenges outside of your realm. The content in my netwars had content from the forensics courses as well as the 504.

kiki162

I've done netwars, and yes be prepared to step outside your knowledge base. If you can get a team together, that would probably be your best bet. It was nice to change gears for a bit from my class. I just got into Level 3 and just called it a day...had enough after that point. Normally they recommend to do netwars on your own if you can afford it, or do it with a group.

Over all you'll need time to decompress after a week of "scrambled brains"...but it's good stuff, and makes you want more afterwards.

kiki162

@Techgromit Lucky you that you get to go to Blackhat this year. I've done the GMON class back in March, good stuff! BTW, I'm right across the "pond" over in DE. What kind of awesome company are you working for out there near Atlantic City.

TechGromit

kiki162 wrote: »

What kind of awesome company are you working for out there near Atlantic City.

Exelon, it's an energy company, I work on the power generation side of things, but they own distribution as well (PECO, Atlantic City Electric, BGE to name a few). Getting a job here was kinda like winning the lottery.

kiki162 wrote: »

I've done netwars, and yes be prepared to step outside your knowledge base. If you can get a team together, that would probably be your best bet.

Is Netwars the same every time? Or do they update the challenges very so often to make it new each time you do it.

blackedout

Hey, I've done Netwars twice at SANS events as well as the Netwars continuous offering, its fantastic and you should 100% take advantage of the opportunity. Every netwars is different, they do not ask the same questions and are always challenging. My background when I first did netwars was routing and switching so I had little to 0 experience in pen testing and using tools like metasploit. You are given a readme file that lists everything installed on the VM provided so I just googled the names of the tools and could then deduce what type of question I would use it for. For example if a question said "There is a flag hidden in this JPG file" I would look through the tools and see if anything was related to stenography, sure enough I could then use that tool to find the flag.

Unlocking levels requires points, so say each question is 1 point and there are 10 questions, unlocking level 2 requires 6-7 points, then level 3 requires 15-16 points etc etc. Most people who are in IT can google their way to level 2, and with some more indepth knowledge unlock level 3. Level 3 is compromising live machines, it could ask you to get into a webserver email server, android device, anything really. You won't complete level 3 without having some serious pen testing skills. I've been able to get to level 3 each time and have even been able to pop some machines but I have never personally made it to level 4, I'll be taking the GPEN here soon and hopefully that'll give me the skills to get to the next level.

blackedout

Just to clarify, I am talking about Netwars and Netwars Continuous, I have not participated in Netwars DFIR. My guess is its the same format however heavy on memory analysis, recovery, etc etc.

iBrokeIT

blackedout wrote: »

Every netwars is different, they do not ask the same questions...

No, that's definitely not true. They are on "Netwars Tournament (CORE 4.0)" aka version 4. I took the same version at SANS Network Security 2015 in Las Vegas and at SANS Security West 2016 - the questions were 100% the same. That's why you'll notice some of the veterans blow through the first three levels on night 1, they saved/remembered their answers from last time.

They do separate scoreboards for veterans and new players with prizes awarded to the top five from each board.

blackedout

iBrokeIT wrote: »

No, that's definitely not true. They are on "Netwars Tournament (CORE 4.0)" aka version 4. I took the same version at SANS Network Security 2015 in Las Vegas and at SANS Security West 2016 - the questions were 100% the same. That's why you'll notice some of the veterans blow through the first three levels on night 1, they saved/remembered their answers from last time.

They do separate scoreboards for veterans and new players with prizes awarded to the top five from each board.

Interesting, there was about a year long gap between the two netwars I participated in so I might have had the previous version? I can however 100% with certainty say the Netwars Continuous was not the same Netwars questions at the SANS event. I still have my notes and answer files for it.