SANS NetWars Status

After a meeting in Washington DC about the US Cyber Challenge, there has been a lot of interest in the SANS NetWars project. Since there is little information on NetWars published, I wanted to summarize what I said during the panel discussion on Monday, July 28th, 2009:

We wanted a challenging environment for Netwars. We wanted to
identify information security talent and encourage positive use of that talent. Netwars is designed to run for a week per round.

Most of the environment is hosted at the SANS Institute, but each player downloads a bootable Linux CD Operating System. It contains a few small challenge stages and a tutorial that walks the player through identification and exploitation, ultimately finding the key to the rest of the game. Once in this hosted environment, players compete with other players for access to services and systems, planting flags and defending them to score points. Bonus challenges are also injected during the game and serve as hints and opportunities to get players “unstuck.” Netwars is different than other Red/Blue team or Capture the Flag games because of the combined offensive and defensive requirements but no prep. time required--it's more of a King of the Hill game.

Netwars Round 1 was held in late June, we had about 80 participants that included teenagers, all levels of formal education, and a few information security professionals. We had a handful of participants to extraordinarily well on the defensive side, so we adjusted the game to give the others a fighting chance. Initially, all players entered the game environment in random locations to give each player a realistic chance to accomplish a task before his processes or connections where destroyed by another player. This was not quite good enough, but now once a player's score hits a 500 points threshhold, they get a different set of random entry points. We had a totalof 13 people that made it onto the scoreboard in Round 1.

It was exciting to be there to watch the ingenuity of the players. One of the highlights from the first round was in the form of a bonus challenge. One player managed to break into the superuser account in exactly 20 keystrokes and one mouse-click, beating out all other players that did the same in 34 to 68keystrokes. The winning player from Round 1 managed to manipulate the scoring system to increase his scoring rate (since the scorebot existed in the scope of attack network, he kept the legal points). All players used the same connection pool, so an enterprising player created a fake password prompt that led other players to believe their account password was no longer valid.

Netwars Round 1.5 was held last weekend for three days, with 100 players. We changed this version of the game by providing a less foreign initial image and a safer entry point. Each player received their own personal image with just their key to play the rest the game. We only had six players score due to the short round. My favorite point in this round was where the second place player completely
firewalled off a Windows XP target from the game because he had to accomplish some real-life tasks. This firewall, only allowing the scorebot and his personal backdoor in. It took about 5 hours for the first and third place winners to join forces and broke into this player's backdoor and liberate the target so they could continue scoring on it.

We will announce the next full round on August 10th. You can register now at www.sans.org/netwars. The environment has been a great challenge to play and to operate, and we are adding new targets and internal networking to add more depth to the game.

I have a pile of things to do before heading out to DEFCON . . . I have a pile of things to post as well that have been put on hold while buiding the NetWars system, so check back in a couple weeks.