3 Days left to Save $400 on SANS DFIR Summit

NetWars: FAQ

NetWars:

General

I'm new to the industry. Will I be overwhelmed by NetWars?

We designed NetWars so that entry-level players can hone their skills.

The environment includes five levels that progressively increase in difficulty. No matter your skill level, anyone can jump right in and begin answering questions at Level 1.

I'm a seasoned InfoSec pro. Will this challenge me?

We designed NetWars so grand masters of InfoSec can quickly advance through earlier levels and find more complex scenarios and target infrastructures to analyze and attack. The in-depth challenges of Levels 3 and beyond will let you demonstrate your awesome abilities and possibly even challenge you to take your skills to the next level.

What if I get stumped? What if I crash and burn?

Getting stumped is no big deal. If NetWars was only about solving easy challenges, it wouldn't be very valuable. When you reach a problem you can't solve, NetWars becomes a learning environment for you to pick up new techniques and get exposed to new tools in an environment optimally set up for you to do so.

This is all offensive stuff, right? I'm a defender...

Not at all. NetWars consists of both offensive and defensive challenges in a wide variety of information security disciplines, including system hardening, packet analysis, digital forensics, malware analysis, vulnerability assessment, and penetration testing. Also, the best way to hone your skills as a defender is to understand the attacker, so everyone (both defense specialists and offensive-minded people) can benefit from NetWars.

Registration

When does my subscription begin? (NetWars Continuous Only)

Upon purchasing NetWars Continuous you will have a 90-day activation period during which you can activate your subscription. Once activated, your 4-month subscription begins and will end 4 months from the day it was activated.

What is the difference between NetWars Continuous and NetWars Tournament? Are they the same challenges?

NetWars Tournament runs at live, face-to-face conferences for one to three days. NetWars Continuous is played across the Internet at any time over a four-month span. Although the design of NetWars Tournament and Continuous are similar and the two use the same style of scoreboard, the actual challenges for them are very different. NetWars Continuous is larger, with more challenges and options, given that it covers a four-month span.

How do I get a trial? (NetWars Continuous Only)

NetWars Continuous trial accounts are granted on a case-by-case basis. The trial cost is $20 and will give access to a small subset of questions from the first three levels of NetWars for one week. If you are interested in a trial account please send us a request along with the following information: your name, company name, title, department, and phone number.

Which SANS courses would best help me prepare for NetWars?

NetWars covers a broad range of topics, so almost every class offered by SANS will help you succeed in NetWars. The classes that will best help you get started are as follows:

SANS SEC401: Security Essentials Bootcamp Style
SANS SEC504: Hacker Techniques, Exploits & Incident Handling
SANS SEC560: Network Penetration Testing and Ethical Hacking
SANS SEC542: Web App Penetration Testing and Ethical Hacking
SANS FOR408: Computer Forensics Investigations - Windows In-Depth
SANS FOR508: Advanced Computer Forensic Analysis and Incident Response

What are the system requirements for participating?

Although VMWare is heavily preferred, any virtualization software capable of booting from an ISO of a Linux LiveCD image will be sufficient. Any computer capable of running a virtual machine in said virtualization sofware will be sufficient.

Is there any certification or CMU/CPE credit available for participating in NetWars?

There is no certification for NetWars, however NetWars Tournament participants receive 6 CMU/CPEs and NetWars Continuous participants who reach Level Three receive 12 CMU/CPEs.

Are there any discounts available for NetWars?

Students who register and pay for any long course at a SANS event that includes a NetWars Tournament may participate in the tournament at that event free of charge. NetWars Continuous (accessed across the Internet over a four-month timeframe) is available to NetWars Tournament participants or those who purchase any SANS long course for $999 (a $2499 value). A discount code will be sent to NetWars Tournament participants after the event that can be used to register for NetWars Continuous at the discounted rate. If NetWars Continuous is being added to a registration with a long course it must be added within the following time frames consistent with the addition of other products. For Conference and Simulcast events- NetWars Continuous must be added to the registration before the end of the event. For OnDemand and SelfStudy orders- NetWars Continuous must be added within the first 30 days of access. For vLive, Community, and Mentor events- NetWars Continuous must be added to the registration by the last day of class.

Can an extension be purchased for NetWars Continuous?

Returning NetWars Continuous customers can purchase up to two NetWars Continuous 4-month renewals for the discounted price of $799 each. The renewal must be purchased prior to the expiration of the current purchase.

Is NetWars US only?

No. NetWars Continuous is available globally across the internet. NetWars Tournament competitions take place live at every National SANS Event as well as select conferences around the world.

Getting Started

Where do I get the VM?

For NetWars Continuous, a zip file containing the LiveCD ISO image and a VMX file for opening in VMWare can be downloaded from the Game Details page on the CHC Portal (www.counterhackchallenges.com) by clicking the link for the game under "My Games". For NetWars Tournament, a CD containing these two files will be handed out at the event.

Can I submit one answer at a time, or do I have to answer all the questions before submitting?

You can submit as few or as many answers at a time as you wish. Any question left blank will be ignored and you will not lose points *or lose your mulligan* on that question.

Can I use Google or other outsider resources to help me answer the questions?

Yes! The use of outside resources is encouraged to help you learn any material necessary to solve the challenges. NetWars was created to encourage self-guided learning.

How do I log into the scoring server? When I enter my username and password it says they are incorrect.

The scoring server password is randomly generated and different from the password you chose for your Counter Hack Challenges Portal account. To log into the scoring server, first log into the CHC Portal (www.counterhackchallenges.com) using the credentials you chose upon registering. Go to "My Games" and click on the game details link in the list for the game you are currently participating in. On the game details page, click on "Log In to Scoring Server" which will automatically log you in.

Levels 1 and 2

Can I install VMWare Tools on the VM?

No. The version of Linux used in NetWars is not compatible with VMWare tools and will not allow it to install correctly. For copying, pasting, and resizing the screen, please refer to the next set of FAQ questions.

How do I change the resolution of the VM?

The README file on the desktop of the VM and in your home folder contains the complete command syntax for changing your resolution. To do so, first run:

$ xrandr

This gives you a list of valid resolutions which can then be changed to using:

$ xrandr -s [width]x[height]

How do I copy/paste?

Inside of the VM, different programs have different key combinations for copy/paste. When inside the terminal, Ctrl+Shift+C/V are used to copy/paste. Anywhere else Ctrl+C/V works. In both cases you can use right-click -> copy/paste. *** Copying between your host and the VM will not work because VMWare Tools is not installed. Instead, open Firefox inside of the VM and log into the scoring server there to copy/paste your answers. ***

Will my files still be there if I shut down or reboot the VM?

No. The VM is a LiveCD image and therefore does not store any files created or edits made to existing files. All changes are lost when you reboot or shut down the VM. If you accidentally delete an artifact or other system file necessary to complete a challenge, a reboot will restore the system to its original state.

Levels 3+

How do I access the SSH gateway?

If you are playing NetWars Continuous, the README file on the desktop of the VM and in your home folder contains complete command syntax for SSH to connect to the SSH gateway. If you are playing NetWars Tournament, a similar guide is available in Appendix B at the end of the provided handout. The basic command to connect is:

Tournament:

$ ssh -i [path_to_private_key] -p [sshd_listening_port] [lowercase_username]@netwars-ng.counterhackchallenges.com

Continuous:

$ ssh -i [path_to_private_key] -p [sshd_listening_port] [lowercase_username]@netwars-ngc.counterhackchallenges.com

How do I browse the websites on the target boxes only available through the SSH gateway?

Using Firefox to browse the websites on the target boxes requires you to first set up a SOCKS5 Proxy connection through the SSH gateway. The command for doing this can be found in the same section referred to by the previous question "How do I access the SSH gateway?". Once your SOCKS5 proxy is configured, simply change the Firefox proxy settings to "Manual". They have already been filled in for you and do not need to be changed after being set to manual. It is not necessary to fill anything into the HTTP or HTTPS Proxy settings in Firefox.

What tools are on the SSH gateway?

A README file can be found in your home folder on the SSH gateway with a list of provided tools.

Still have questions? Drop us a note at netwars@sans.org